techlessDad
-
Posts
7 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by techlessDad
-
-
OK, Java re-installed.
I'll read the 32 vs 64 bit links articles.
Thanks again.
-
Sorry for the delay, didn't realize how long ESET was going to take. Tried to run before work but had to quit after 1.5 hrs. on that partial run it did find some hits, mostly what appeared to be remnants of tdsskiller's quarantine. When I did a full run this morning, log below, nothing was found. I can not find the log from yesterday's partial run.
On a side note, throughout this process I believe I've seen that I have some 32 bit programs and some 64 bit pograms. Should all be 64 to match the system or are some only available as 32? Does it matter?
Thanks again.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=da8a240fff7e4b4c85f99bfa3ac0c6d1
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-06 11:40:30
# local_time=2012-07-06 07:40:30 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3588 16777214 85 67 1732400 9357795 0 0
# compatibility_mode=5893 16776574 66 85 31391424 93112329 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=171536
# found=23
# cleaned=23
# scan_time=5951
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll.vir Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll.vir a variant of Win32/Toolbar.MyWebSearch.Q application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll.vir Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\04.07.2012_14.25.52\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\04.07.2012_14.25.52\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\04.07.2012_14.25.52\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\04.07.2012_14.25.52\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\04.07.2012_14.25.52\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\04.07.2012_14.25.52\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\04.07.2012_14.25.52\mbr0000\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\04.07.2012_14.35.58\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\04.07.2012_14.35.58\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\04.07.2012_14.35.58\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\04.07.2012_14.35.58\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\04.07.2012_14.35.58\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\04.07.2012_14.35.58\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\04.07.2012_14.35.58\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Glenn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\2e1f51db-29c2fae3 Java/Exploit.CVE-2011-3544.AV trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Glenn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\fb33cdc-6cdd1626 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Glenn\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\655c97e4-1fe09c6a a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Ian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\5e74d856-2f2e189c multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Ian\Downloads\minecraft setup.exe Win32/Soft32Downloader application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DG7RH8WW\agood[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=da8a240fff7e4b4c85f99bfa3ac0c6d1
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-07 11:26:55
# local_time=2012-07-07 07:26:55 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3588 16777214 85 67 1816495 9441890 0 0
# compatibility_mode=5893 16776574 66 85 31475519 93196424 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=242625
# found=0
# cleaned=0
# scan_time=7442
-
Combofix log...
ComboFix 12-07-05.02 - Glenn 07/05/2012 5:31.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2322 [GMT -4:00]
Running from: c:\users\Glenn\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CouponAlert_2pEI
c:\program files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll
c:\program files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll
c:\program files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll
c:\users\Ian\Documents\~WRL0005.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-05 to 2012-07-05 )))))))))))))))))))))))))))))))
.
.
2012-07-05 09:43 . 2012-07-05 09:43 -------- d-----w- c:\users\JoAnn\AppData\Local\temp
2012-07-05 09:43 . 2012-07-05 09:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-05 09:43 . 2012-07-05 09:43 -------- d-----w- c:\users\Ian\AppData\Local\temp
2012-07-04 18:28 . 2012-07-04 18:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-01 01:05 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-01 01:05 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-01 01:05 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-01 01:05 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-01 01:04 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-01 01:04 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-01 01:04 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-01 01:04 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-01 01:04 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-30 05:52 . 2012-06-30 05:52 -------- d-----w- c:\users\JoAnn\AppData\Roaming\RealNetworks
2012-06-27 10:33 . 2012-07-01 10:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-27 03:49 . 2012-06-27 03:49 -------- d-----w- c:\programdata\PC Optimizer Pro
2012-06-27 03:30 . 2012-06-27 03:30 -------- d-----w- c:\users\JoAnn\AppData\Local\visi_coupon
2012-06-27 03:29 . 2012-06-27 03:29 -------- d-----w- c:\users\JoAnn\AppData\Local\SavingsApp
2012-06-27 03:28 . 2012-06-27 03:28 -------- d-----w- c:\users\JoAnn\AppData\Roaming\Yahoo!
2012-06-14 21:24 . 2012-07-01 01:27 -------- d-----w- c:\program files (x86)\VitalSource Bookshelf
2012-06-14 16:19 . 2012-06-14 16:19 -------- d-----w- c:\program files\iTunes
2012-06-14 16:19 . 2012-06-14 16:19 -------- d-----w- c:\program files (x86)\iTunes
2012-06-14 16:19 . 2012-06-14 16:19 -------- d-----w- c:\program files\iPod
2012-06-14 16:16 . 2012-06-14 16:16 -------- d-----w- c:\program files\Bonjour
2012-06-14 16:16 . 2012-06-14 16:16 -------- d-----w- c:\program files (x86)\Bonjour
2012-06-13 21:16 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 10:21 . 2003-03-19 04:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-06-04 10:21 . 2003-02-21 12:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-27 12:06 . 2012-05-27 12:06 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-05 02:24 . 2012-04-01 21:21 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 02:24 . 2011-06-07 00:30 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 02:24 . 2012-04-14 04:14 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-07-23 111640]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-05-16 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-04 296056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
.
c:\users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Kuma_Tray.lnk - c:\users\Glenn\Documents\Kuma Games\kgsystray\Kuma_tray.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2119488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 136176]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-12-08 329832]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-17 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-07-26 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001_e4b\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120704.001\IDSvia64.sys [2012-06-29 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-23 2320920]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-11 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-12-08 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-12-08 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-29 565352]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 22:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 02:24]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 18:30]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 18:30]
.
2012-07-01 c:\windows\Tasks\HPCeeScheduleFor2011-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-06-06 c:\windows\Tasks\HPCeeScheduleForIan.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-06-06 c:\windows\Tasks\HPCeeScheduleForJoAnn.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-29 167704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-11-29 1424896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 24.229.54.212 216.144.187.199 24.229.54.220
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://cabinetliquidators.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{BA00B7B1-0351-477A-B948-23E3EE5A73D4}"=hex:51,66,7a,6c,4c,1d,38,12,df,b4,13,
be,63,4d,14,02,c6,5e,60,a3,eb,04,37,c0
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{3EF64538-8B54-4573-B48F-4D34B0238AB2}"=hex:51,66,7a,6c,4c,1d,38,12,56,46,e5,
3a,66,c5,1d,00,cb,99,0e,74,b5,7d,ce,a6
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:5f,bd,bb,a0,76,57,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-05 06:00:54
ComboFix-quarantined-files.txt 2012-07-05 10:00
.
Pre-Run: 413,243,056,128 bytes free
Post-Run: 418,050,936,832 bytes free
.
- - End Of File - - A5A9B7AB549569AC41CAF9902F551C36
Thanks.
-
14:35:58.0302 4264 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
14:35:58.0817 4264 ============================================================
14:35:58.0817 4264 Current date / time: 2012/07/04 14:35:58.0817
14:35:58.0817 4264 SystemInfo:
14:35:58.0817 4264
14:35:58.0817 4264 OS Version: 6.1.7601 ServicePack: 1.0
14:35:58.0817 4264 Product type: Workstation
14:35:58.0817 4264 ComputerName: 2011-HP
14:35:58.0817 4264 UserName: Glenn
14:35:58.0817 4264 Windows directory: C:\Windows
14:35:58.0817 4264 System windows directory: C:\Windows
14:35:58.0817 4264 Running under WOW64
14:35:58.0817 4264 Processor architecture: Intel x64
14:35:58.0817 4264 Number of processors: 4
14:35:58.0817 4264 Page size: 0x1000
14:35:58.0817 4264 Boot type: Normal boot
14:35:58.0817 4264 ============================================================
14:35:59.0441 4264 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:35:59.0441 4264 ============================================================
14:35:59.0441 4264 \Device\Harddisk0\DR0:
14:35:59.0441 4264 MBR partitions:
14:35:59.0441 4264 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
14:35:59.0441 4264 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x385CF000
14:35:59.0441 4264 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38633000, BlocksNum 0x1D1F000
14:35:59.0441 4264 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
14:35:59.0441 4264 ============================================================
14:35:59.0472 4264 C: <-> \Device\Harddisk0\DR0\Partition1
14:35:59.0519 4264 D: <-> \Device\Harddisk0\DR0\Partition2
14:35:59.0519 4264 ============================================================
14:35:59.0519 4264 Initialize success
14:35:59.0519 4264 ============================================================
14:36:56.0974 4208 ============================================================
14:36:56.0974 4208 Scan started
14:36:56.0974 4208 Mode: Manual; SigCheck; TDLFS;
14:36:56.0974 4208 ============================================================
14:36:57.0535 4208 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:36:57.0676 4208 1394ohci - ok
14:36:57.0785 4208 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:36:57.0832 4208 ACPI - ok
14:36:57.0863 4208 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:36:58.0003 4208 AcpiPmi - ok
14:36:58.0237 4208 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:36:58.0269 4208 AdobeARMservice - ok
14:36:58.0440 4208 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:36:58.0487 4208 AdobeFlashPlayerUpdateSvc - ok
14:36:58.0581 4208 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:36:58.0627 4208 adp94xx - ok
14:36:58.0690 4208 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:36:58.0721 4208 adpahci - ok
14:36:58.0799 4208 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:36:58.0815 4208 adpu320 - ok
14:36:58.0861 4208 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:36:59.0095 4208 AeLookupSvc - ok
14:36:59.0189 4208 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:36:59.0283 4208 AFD - ok
14:36:59.0329 4208 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:36:59.0361 4208 agp440 - ok
14:36:59.0407 4208 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:36:59.0501 4208 ALG - ok
14:36:59.0563 4208 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:36:59.0610 4208 aliide - ok
14:36:59.0657 4208 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:36:59.0704 4208 amdide - ok
14:36:59.0751 4208 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:36:59.0813 4208 AmdK8 - ok
14:36:59.0844 4208 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:36:59.0922 4208 AmdPPM - ok
14:36:59.0969 4208 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:37:00.0016 4208 amdsata - ok
14:37:00.0063 4208 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:37:00.0078 4208 amdsbs - ok
14:37:00.0125 4208 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:37:00.0172 4208 amdxata - ok
14:37:00.0219 4208 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:37:00.0437 4208 AppID - ok
14:37:00.0468 4208 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:37:00.0562 4208 AppIDSvc - ok
14:37:00.0765 4208 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:37:00.0843 4208 Appinfo - ok
14:37:01.0030 4208 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:37:01.0061 4208 Apple Mobile Device - ok
14:37:01.0279 4208 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:37:01.0295 4208 arc - ok
14:37:01.0373 4208 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:37:01.0389 4208 arcsas - ok
14:37:01.0435 4208 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:37:01.0529 4208 AsyncMac - ok
14:37:01.0591 4208 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:37:01.0623 4208 atapi - ok
14:37:01.0716 4208 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:37:01.0825 4208 AudioEndpointBuilder - ok
14:37:01.0825 4208 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:37:01.0872 4208 AudioSrv - ok
14:37:01.0919 4208 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:37:02.0044 4208 AxInstSV - ok
14:37:02.0106 4208 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:37:02.0153 4208 b06bdrv - ok
14:37:02.0231 4208 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:37:02.0262 4208 b57nd60a - ok
14:37:02.0371 4208 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
14:37:02.0403 4208 BBSvc - ok
14:37:02.0855 4208 BCM43XX (461e574d7967e895640109a371a912a5) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:37:02.0949 4208 BCM43XX - ok
14:37:03.0120 4208 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:37:03.0183 4208 BDESVC - ok
14:37:03.0245 4208 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:37:03.0323 4208 Beep - ok
14:37:03.0417 4208 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:37:03.0495 4208 BFE - ok
14:37:04.0041 4208 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001_e4b\BHDrvx64.sys
14:37:04.0087 4208 BHDrvx64 - ok
14:37:04.0275 4208 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:37:04.0368 4208 BITS - ok
14:37:04.0415 4208 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:37:04.0462 4208 blbdrive - ok
14:37:04.0618 4208 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:37:04.0633 4208 Bonjour Service - ok
14:37:04.0743 4208 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:37:04.0821 4208 bowser - ok
14:37:04.0867 4208 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:37:04.0945 4208 BrFiltLo - ok
14:37:04.0961 4208 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:37:05.0023 4208 BrFiltUp - ok
14:37:05.0070 4208 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:37:05.0148 4208 Browser - ok
14:37:05.0211 4208 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:37:05.0273 4208 Brserid - ok
14:37:05.0523 4208 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:37:05.0569 4208 BrSerWdm - ok
14:37:05.0601 4208 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:37:05.0647 4208 BrUsbMdm - ok
14:37:05.0694 4208 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:37:05.0725 4208 BrUsbSer - ok
14:37:05.0772 4208 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:37:05.0866 4208 BthEnum - ok
14:37:05.0897 4208 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:37:05.0928 4208 BTHMODEM - ok
14:37:05.0959 4208 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:37:06.0006 4208 BthPan - ok
14:37:06.0069 4208 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
14:37:06.0131 4208 BTHPORT - ok
14:37:06.0256 4208 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:37:06.0365 4208 bthserv - ok
14:37:06.0396 4208 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
14:37:06.0427 4208 BTHUSB - ok
14:37:06.0490 4208 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys
14:37:06.0552 4208 btwampfl - ok
14:37:06.0599 4208 btwaudio (a75bf6802a967f5aacecc3c67febdf55) C:\Windows\system32\drivers\btwaudio.sys
14:37:06.0615 4208 btwaudio - ok
14:37:06.0646 4208 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\drivers\btwavdt.sys
14:37:06.0661 4208 btwavdt - ok
14:37:06.0911 4208 btwdins (692f8648d7686d91e34a65ac698019d8) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
14:37:06.0958 4208 btwdins - ok
14:37:07.0005 4208 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
14:37:07.0036 4208 btwl2cap - ok
14:37:07.0067 4208 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\DRIVERS\btwrchid.sys
14:37:07.0098 4208 btwrchid - ok
14:37:07.0239 4208 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys
14:37:07.0270 4208 ccSet_NIS - ok
14:37:07.0317 4208 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:37:07.0395 4208 cdfs - ok
14:37:07.0457 4208 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:37:07.0504 4208 cdrom - ok
14:37:07.0551 4208 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:37:07.0644 4208 CertPropSvc - ok
14:37:07.0691 4208 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:37:07.0753 4208 circlass - ok
14:37:07.0863 4208 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:37:07.0909 4208 CLFS - ok
14:37:08.0299 4208 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:37:08.0315 4208 clr_optimization_v2.0.50727_32 - ok
14:37:08.0409 4208 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:37:08.0440 4208 clr_optimization_v2.0.50727_64 - ok
14:37:08.0549 4208 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:37:08.0674 4208 clr_optimization_v4.0.30319_32 - ok
14:37:08.0736 4208 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:37:08.0767 4208 clr_optimization_v4.0.30319_64 - ok
14:37:08.0814 4208 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
14:37:08.0845 4208 clwvd - ok
14:37:08.0892 4208 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:37:08.0923 4208 CmBatt - ok
14:37:08.0955 4208 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:37:08.0955 4208 cmdide - ok
14:37:09.0017 4208 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:37:09.0079 4208 CNG - ok
14:37:09.0126 4208 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:37:09.0157 4208 Compbatt - ok
14:37:09.0173 4208 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:37:09.0251 4208 CompositeBus - ok
14:37:09.0267 4208 COMSysApp - ok
14:37:09.0298 4208 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:37:09.0345 4208 crcdisk - ok
14:37:09.0423 4208 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:37:09.0485 4208 CryptSvc - ok
14:37:09.0547 4208 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:37:09.0641 4208 DcomLaunch - ok
14:37:09.0672 4208 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:37:09.0735 4208 defragsvc - ok
14:37:09.0781 4208 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:37:09.0859 4208 DfsC - ok
14:37:09.0922 4208 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:37:10.0000 4208 Dhcp - ok
14:37:10.0062 4208 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:37:10.0140 4208 discache - ok
14:37:10.0203 4208 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:37:10.0218 4208 Disk - ok
14:37:10.0265 4208 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:37:10.0327 4208 Dnscache - ok
14:37:10.0390 4208 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:37:10.0468 4208 dot3svc - ok
14:37:10.0499 4208 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:37:10.0546 4208 DPS - ok
14:37:10.0624 4208 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:37:10.0686 4208 drmkaud - ok
14:37:10.0780 4208 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:37:10.0811 4208 DXGKrnl - ok
14:37:10.0889 4208 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:37:10.0983 4208 EapHost - ok
14:37:11.0575 4208 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:37:11.0825 4208 ebdrv - ok
14:37:11.0950 4208 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:37:12.0012 4208 eeCtrl - ok
14:37:12.0121 4208 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:37:12.0199 4208 EFS - ok
14:37:12.0418 4208 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:37:12.0511 4208 ehRecvr - ok
14:37:12.0558 4208 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:37:12.0621 4208 ehSched - ok
14:37:12.0855 4208 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:37:12.0917 4208 elxstor - ok
14:37:13.0011 4208 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:37:13.0042 4208 EraserUtilRebootDrv - ok
14:37:13.0057 4208 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:37:13.0104 4208 ErrDev - ok
14:37:13.0182 4208 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:37:13.0245 4208 EventSystem - ok
14:37:13.0276 4208 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:37:13.0338 4208 exfat - ok
14:37:13.0369 4208 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:37:13.0510 4208 fastfat - ok
14:37:13.0603 4208 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:37:13.0697 4208 Fax - ok
14:37:13.0713 4208 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:37:13.0759 4208 fdc - ok
14:37:13.0806 4208 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:37:13.0853 4208 fdPHost - ok
14:37:13.0869 4208 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:37:13.0931 4208 FDResPub - ok
14:37:13.0962 4208 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:37:13.0978 4208 FileInfo - ok
14:37:13.0978 4208 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:37:14.0056 4208 Filetrace - ok
14:37:14.0087 4208 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:37:14.0103 4208 flpydisk - ok
14:37:14.0149 4208 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:37:14.0196 4208 FltMgr - ok
14:37:14.0508 4208 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:37:14.0571 4208 FontCache - ok
14:37:14.0695 4208 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:37:14.0711 4208 FontCache3.0.0.0 - ok
14:37:14.0742 4208 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:37:14.0773 4208 FsDepends - ok
14:37:14.0836 4208 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
14:37:14.0867 4208 fssfltr - ok
14:37:15.0070 4208 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:37:15.0163 4208 fsssvc - ok
14:37:15.0304 4208 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:37:15.0335 4208 Fs_Rec - ok
14:37:15.0413 4208 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:37:15.0429 4208 fvevol - ok
14:37:15.0475 4208 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:37:15.0507 4208 gagp30kx - ok
14:37:15.0616 4208 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
14:37:15.0647 4208 GameConsoleService - ok
14:37:15.0678 4208 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:37:15.0725 4208 GEARAspiWDM - ok
14:37:15.0834 4208 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:37:15.0943 4208 gpsvc - ok
14:37:16.0068 4208 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:37:16.0099 4208 gupdate - ok
14:37:16.0115 4208 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:37:16.0131 4208 gupdatem - ok
14:37:16.0209 4208 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:37:16.0240 4208 gusvc - ok
14:37:16.0255 4208 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:37:16.0318 4208 hcw85cir - ok
14:37:16.0396 4208 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:37:16.0458 4208 HdAudAddService - ok
14:37:16.0505 4208 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:37:16.0552 4208 HDAudBus - ok
14:37:16.0583 4208 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:37:16.0614 4208 HECIx64 - ok
14:37:16.0645 4208 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:37:16.0692 4208 HidBatt - ok
14:37:16.0708 4208 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:37:16.0739 4208 HidBth - ok
14:37:16.0770 4208 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:37:16.0817 4208 HidIr - ok
14:37:16.0848 4208 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:37:16.0926 4208 hidserv - ok
14:37:16.0989 4208 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:37:17.0020 4208 HidUsb - ok
14:37:17.0082 4208 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:37:17.0176 4208 hkmsvc - ok
14:37:17.0238 4208 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:37:17.0347 4208 HomeGroupListener - ok
14:37:17.0503 4208 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:37:17.0535 4208 HomeGroupProvider - ok
14:37:17.0815 4208 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
14:37:17.0831 4208 HP Support Assistant Service - ok
14:37:17.0956 4208 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
14:37:17.0987 4208 HP Wireless Assistant Service - ok
14:37:18.0049 4208 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
14:37:18.0112 4208 HPClientSvc - ok
14:37:18.0346 4208 hpqwmiex (e7c7829ba0395e48f8c8fe16b8832344) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
14:37:18.0361 4208 hpqwmiex - ok
14:37:18.0533 4208 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:37:18.0564 4208 HpSAMD - ok
14:37:18.0673 4208 HPWMISVC (2bec76bdcd1bc080210325e7b5094834) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
14:37:18.0689 4208 HPWMISVC - ok
14:37:18.0798 4208 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:37:18.0892 4208 HTTP - ok
14:37:18.0939 4208 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:37:18.0954 4208 hwpolicy - ok
14:37:19.0017 4208 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:37:19.0048 4208 i8042prt - ok
14:37:19.0126 4208 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys
14:37:19.0173 4208 iaStor - ok
14:37:19.0391 4208 IAStorDataMgrSvc (e79a8e33bd136d14bae1fa20eb2ef124) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:37:19.0407 4208 IAStorDataMgrSvc - ok
14:37:19.0469 4208 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:37:19.0500 4208 iaStorV - ok
14:37:19.0656 4208 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:37:19.0750 4208 idsvc - ok
14:37:20.0046 4208 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120703.002\IDSvia64.sys
14:37:20.0077 4208 IDSVia64 - ok
14:37:21.0591 4208 igfx (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:37:22.0059 4208 igfx - ok
14:37:22.0277 4208 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:37:22.0308 4208 iirsp - ok
14:37:22.0433 4208 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:37:22.0527 4208 IKEEXT - ok
14:37:22.0589 4208 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
14:37:22.0651 4208 Impcd - ok
14:37:22.0714 4208 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
14:37:22.0792 4208 IntcDAud - ok
14:37:22.0839 4208 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:37:22.0870 4208 intelide - ok
14:37:22.0917 4208 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:37:22.0963 4208 intelppm - ok
14:37:23.0010 4208 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:37:23.0104 4208 IPBusEnum - ok
14:37:23.0135 4208 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:37:23.0197 4208 IpFilterDriver - ok
14:37:23.0244 4208 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:37:23.0322 4208 iphlpsvc - ok
14:37:23.0353 4208 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:37:23.0369 4208 IPMIDRV - ok
14:37:23.0400 4208 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:37:23.0478 4208 IPNAT - ok
14:37:23.0650 4208 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
14:37:23.0712 4208 iPod Service - ok
14:37:23.0915 4208 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:37:23.0946 4208 IRENUM - ok
14:37:23.0977 4208 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:37:23.0993 4208 isapnp - ok
14:37:24.0040 4208 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:37:24.0055 4208 iScsiPrt - ok
14:37:24.0118 4208 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:37:24.0149 4208 kbdclass - ok
14:37:24.0196 4208 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:37:24.0243 4208 kbdhid - ok
14:37:24.0289 4208 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:37:24.0305 4208 KeyIso - ok
14:37:24.0336 4208 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:37:24.0383 4208 KSecDD - ok
14:37:24.0445 4208 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:37:24.0508 4208 KSecPkg - ok
14:37:24.0570 4208 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:37:24.0648 4208 ksthunk - ok
14:37:24.0695 4208 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:37:24.0789 4208 KtmRm - ok
14:37:24.0867 4208 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:37:24.0945 4208 LanmanServer - ok
14:37:25.0007 4208 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:37:25.0101 4208 LanmanWorkstation - ok
14:37:25.0179 4208 LightScribeService (fa4a45c179ab0e0f1a31b9751d4b18d7) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:37:25.0179 4208 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
14:37:25.0179 4208 LightScribeService - detected UnsignedFile.Multi.Generic (1)
14:37:25.0225 4208 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:37:25.0288 4208 lltdio - ok
14:37:25.0350 4208 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:37:25.0444 4208 lltdsvc - ok
14:37:25.0584 4208 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:37:25.0647 4208 lmhosts - ok
14:37:25.0771 4208 LMS (0405f4bcd1c7a7b309f620fe0b5de5e6) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:37:25.0834 4208 LMS - ok
14:37:25.0865 4208 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:37:25.0896 4208 LSI_FC - ok
14:37:25.0927 4208 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:37:25.0943 4208 LSI_SAS - ok
14:37:25.0974 4208 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:37:26.0021 4208 LSI_SAS2 - ok
14:37:26.0037 4208 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:37:26.0068 4208 LSI_SCSI - ok
14:37:26.0115 4208 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:37:26.0193 4208 luafv - ok
14:37:26.0302 4208 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
14:37:26.0317 4208 MBAMProtector - ok
14:37:26.0458 4208 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:37:26.0489 4208 MBAMService - ok
14:37:26.0536 4208 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:37:26.0567 4208 Mcx2Svc - ok
14:37:26.0598 4208 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:37:26.0629 4208 megasas - ok
14:37:26.0661 4208 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:37:26.0692 4208 MegaSR - ok
14:37:26.0754 4208 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:37:26.0832 4208 MMCSS - ok
14:37:26.0863 4208 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:37:26.0941 4208 Modem - ok
14:37:26.0973 4208 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:37:27.0004 4208 monitor - ok
14:37:27.0051 4208 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:37:27.0066 4208 mouclass - ok
14:37:27.0129 4208 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:37:27.0175 4208 mouhid - ok
14:37:27.0207 4208 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:37:27.0222 4208 mountmgr - ok
14:37:27.0253 4208 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:37:27.0285 4208 mpio - ok
14:37:27.0316 4208 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:37:27.0363 4208 mpsdrv - ok
14:37:27.0441 4208 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:37:27.0519 4208 MpsSvc - ok
14:37:27.0550 4208 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:37:27.0612 4208 MRxDAV - ok
14:37:27.0643 4208 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:37:27.0737 4208 mrxsmb - ok
14:37:27.0768 4208 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:37:27.0831 4208 mrxsmb10 - ok
14:37:27.0862 4208 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:37:27.0877 4208 mrxsmb20 - ok
14:37:27.0909 4208 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:37:27.0924 4208 msahci - ok
14:37:27.0955 4208 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:37:28.0002 4208 msdsm - ok
14:37:28.0033 4208 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:37:28.0080 4208 MSDTC - ok
14:37:28.0127 4208 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:37:28.0205 4208 Msfs - ok
14:37:28.0221 4208 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:37:28.0283 4208 mshidkmdf - ok
14:37:28.0299 4208 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:37:28.0330 4208 msisadrv - ok
14:37:28.0392 4208 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:37:28.0455 4208 MSiSCSI - ok
14:37:28.0470 4208 msiserver - ok
14:37:28.0501 4208 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:37:28.0548 4208 MSKSSRV - ok
14:37:28.0564 4208 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:37:28.0611 4208 MSPCLOCK - ok
14:37:28.0642 4208 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:37:28.0689 4208 MSPQM - ok
14:37:28.0767 4208 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:37:28.0798 4208 MsRPC - ok
14:37:28.0829 4208 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:37:28.0845 4208 mssmbios - ok
14:37:28.0876 4208 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:37:28.0969 4208 MSTEE - ok
14:37:29.0032 4208 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:37:29.0047 4208 MTConfig - ok
14:37:29.0079 4208 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:37:29.0094 4208 Mup - ok
14:37:29.0235 4208 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:37:29.0328 4208 napagent - ok
14:37:29.0406 4208 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:37:29.0469 4208 NativeWifiP - ok
14:37:29.0703 4208 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120703.024\ENG64.SYS
14:37:29.0718 4208 NAVENG - ok
14:37:29.0874 4208 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120703.024\EX64.SYS
14:37:29.0937 4208 NAVEX15 - ok
14:37:30.0171 4208 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:37:30.0249 4208 NDIS - ok
14:37:30.0295 4208 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:37:30.0342 4208 NdisCap - ok
14:37:30.0373 4208 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:37:30.0405 4208 NdisTapi - ok
14:37:30.0483 4208 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:37:30.0561 4208 Ndisuio - ok
14:37:30.0639 4208 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:37:30.0732 4208 NdisWan - ok
14:37:31.0013 4208 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:37:31.0060 4208 NDProxy - ok
14:37:31.0107 4208 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:37:31.0169 4208 NetBIOS - ok
14:37:31.0216 4208 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:37:31.0263 4208 NetBT - ok
14:37:31.0294 4208 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:37:31.0309 4208 Netlogon - ok
14:37:31.0356 4208 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:37:31.0450 4208 Netman - ok
14:37:31.0512 4208 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:37:31.0606 4208 netprofm - ok
14:37:31.0684 4208 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:37:31.0715 4208 NetTcpPortSharing - ok
14:37:32.0557 4208 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
14:37:32.0854 4208 netw5v64 - ok
14:37:33.0010 4208 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:37:33.0025 4208 nfrd960 - ok
14:37:33.0244 4208 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
14:37:33.0259 4208 NIS - ok
14:37:33.0306 4208 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:37:33.0400 4208 NlaSvc - ok
14:37:33.0431 4208 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:37:33.0462 4208 Npfs - ok
14:37:33.0493 4208 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:37:33.0587 4208 nsi - ok
14:37:33.0618 4208 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:37:33.0665 4208 nsiproxy - ok
14:37:33.0821 4208 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:37:33.0915 4208 Ntfs - ok
14:37:34.0024 4208 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:37:34.0133 4208 Null - ok
14:37:34.0289 4208 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:37:34.0305 4208 nvraid - ok
14:37:34.0352 4208 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:37:34.0414 4208 nvstor - ok
14:37:34.0461 4208 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:37:34.0492 4208 nv_agp - ok
14:37:34.0523 4208 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:37:34.0586 4208 ohci1394 - ok
14:37:34.0710 4208 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:37:34.0742 4208 ose - ok
14:37:35.0740 4208 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:37:35.0849 4208 osppsvc - ok
14:37:35.0974 4208 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:37:36.0036 4208 p2pimsvc - ok
14:37:36.0068 4208 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:37:36.0099 4208 p2psvc - ok
14:37:36.0146 4208 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:37:36.0208 4208 Parport - ok
14:37:36.0224 4208 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:37:36.0255 4208 partmgr - ok
14:37:36.0317 4208 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:37:36.0380 4208 PcaSvc - ok
14:37:36.0426 4208 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:37:36.0458 4208 pci - ok
14:37:36.0489 4208 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:37:36.0504 4208 pciide - ok
14:37:36.0536 4208 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:37:36.0582 4208 pcmcia - ok
14:37:36.0614 4208 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:37:36.0645 4208 pcw - ok
14:37:36.0692 4208 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:37:36.0770 4208 PEAUTH - ok
14:37:36.0848 4208 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:37:36.0894 4208 PerfHost - ok
14:37:37.0019 4208 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:37:37.0160 4208 pla - ok
14:37:37.0206 4208 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:37:37.0284 4208 PlugPlay - ok
14:37:37.0300 4208 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:37:37.0347 4208 PNRPAutoReg - ok
14:37:37.0378 4208 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:37:37.0425 4208 PNRPsvc - ok
14:37:37.0550 4208 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:37:37.0612 4208 PolicyAgent - ok
14:37:37.0643 4208 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:37:37.0706 4208 Power - ok
14:37:37.0799 4208 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:37:37.0877 4208 PptpMiniport - ok
14:37:37.0908 4208 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:37:37.0940 4208 Processor - ok
14:37:37.0971 4208 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:37:38.0033 4208 ProfSvc - ok
14:37:38.0064 4208 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:37:38.0080 4208 ProtectedStorage - ok
14:37:38.0127 4208 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:37:38.0189 4208 Psched - ok
14:37:38.0454 4208 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:37:38.0595 4208 ql2300 - ok
14:37:39.0016 4208 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:37:39.0047 4208 ql40xx - ok
14:37:39.0094 4208 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:37:39.0156 4208 QWAVE - ok
14:37:39.0250 4208 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:37:39.0281 4208 QWAVEdrv - ok
14:37:39.0297 4208 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:37:39.0375 4208 RasAcd - ok
14:37:39.0422 4208 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:37:39.0500 4208 RasAgileVpn - ok
14:37:39.0531 4208 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:37:39.0624 4208 RasAuto - ok
14:37:39.0671 4208 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:37:39.0796 4208 Rasl2tp - ok
14:37:39.0843 4208 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:37:39.0936 4208 RasMan - ok
14:37:39.0983 4208 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:37:40.0061 4208 RasPppoe - ok
14:37:40.0092 4208 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:37:40.0155 4208 RasSstp - ok
14:37:40.0217 4208 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:37:40.0295 4208 rdbss - ok
14:37:40.0342 4208 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:37:40.0389 4208 rdpbus - ok
14:37:40.0420 4208 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:37:40.0482 4208 RDPCDD - ok
14:37:40.0529 4208 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:37:40.0592 4208 RDPENCDD - ok
14:37:40.0623 4208 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:37:40.0654 4208 RDPREFMP - ok
14:37:40.0794 4208 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:37:40.0904 4208 RDPWD - ok
14:37:40.0966 4208 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:37:40.0997 4208 rdyboost - ok
14:37:41.0044 4208 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:37:41.0138 4208 RemoteAccess - ok
14:37:41.0169 4208 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:37:41.0231 4208 RemoteRegistry - ok
14:37:41.0247 4208 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:37:41.0278 4208 RFCOMM - ok
14:37:41.0372 4208 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
14:37:41.0403 4208 RoxioNow Service - ok
14:37:41.0434 4208 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:37:41.0512 4208 RpcEptMapper - ok
14:37:41.0559 4208 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:37:41.0606 4208 RpcLocator - ok
14:37:41.0715 4208 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:37:41.0777 4208 RpcSs - ok
14:37:41.0871 4208 RSPCIESTOR (ca327a84085f68200452e6761f943298) C:\Windows\system32\DRIVERS\RtsPStor.sys
14:37:41.0902 4208 RSPCIESTOR - ok
14:37:41.0949 4208 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:37:42.0027 4208 rspndr - ok
14:37:42.0105 4208 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:37:42.0152 4208 RTL8167 - ok
14:37:42.0183 4208 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:37:42.0198 4208 SamSs - ok
14:37:42.0245 4208 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:37:42.0276 4208 sbp2port - ok
14:37:42.0292 4208 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:37:42.0354 4208 SCardSvr - ok
14:37:42.0386 4208 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:37:42.0479 4208 scfilter - ok
14:37:42.0651 4208 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:37:42.0776 4208 Schedule - ok
14:37:42.0854 4208 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:37:42.0932 4208 SCPolicySvc - ok
14:37:42.0978 4208 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
14:37:43.0041 4208 sdbus - ok
14:37:43.0088 4208 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:37:43.0150 4208 SDRSVC - ok
14:37:43.0290 4208 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
14:37:43.0322 4208 SeaPort - ok
14:37:43.0368 4208 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:37:43.0415 4208 secdrv - ok
14:37:43.0462 4208 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:37:43.0540 4208 seclogon - ok
14:37:43.0587 4208 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:37:43.0665 4208 SENS - ok
14:37:43.0727 4208 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:37:43.0743 4208 SensrSvc - ok
14:37:43.0774 4208 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:37:43.0821 4208 Serenum - ok
14:37:43.0852 4208 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:37:43.0899 4208 Serial - ok
14:37:43.0946 4208 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:37:43.0992 4208 sermouse - ok
14:37:44.0039 4208 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:37:44.0102 4208 SessionEnv - ok
14:37:44.0133 4208 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:37:44.0164 4208 sffdisk - ok
14:37:44.0180 4208 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:37:44.0258 4208 sffp_mmc - ok
14:37:44.0304 4208 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:37:44.0367 4208 sffp_sd - ok
14:37:44.0414 4208 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:37:44.0460 4208 sfloppy - ok
14:37:44.0507 4208 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:37:44.0570 4208 SharedAccess - ok
14:37:44.0663 4208 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:37:44.0741 4208 ShellHWDetection - ok
14:37:44.0788 4208 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:37:44.0804 4208 SiSRaid2 - ok
14:37:44.0850 4208 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:37:44.0882 4208 SiSRaid4 - ok
14:37:44.0928 4208 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:37:44.0991 4208 Smb - ok
14:37:45.0038 4208 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:37:45.0069 4208 SNMPTRAP - ok
14:37:45.0100 4208 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:37:45.0131 4208 spldr - ok
14:37:45.0225 4208 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:37:45.0334 4208 Spooler - ok
14:37:45.0755 4208 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:37:45.0974 4208 sppsvc - ok
14:37:46.0161 4208 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:37:46.0254 4208 sppuinotify - ok
14:37:46.0473 4208 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS
14:37:46.0535 4208 SRTSP - ok
14:37:46.0598 4208 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS
14:37:46.0629 4208 SRTSPX - ok
14:37:46.0707 4208 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:37:46.0800 4208 srv - ok
14:37:46.0878 4208 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:37:46.0941 4208 srv2 - ok
14:37:46.0988 4208 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:37:47.0034 4208 SrvHsfHDA - ok
14:37:47.0144 4208 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:37:47.0253 4208 SrvHsfV92 - ok
14:37:47.0643 4208 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:37:47.0705 4208 SrvHsfWinac - ok
14:37:47.0752 4208 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:37:47.0783 4208 srvnet - ok
14:37:47.0846 4208 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:37:47.0924 4208 SSDPSRV - ok
14:37:47.0955 4208 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:37:48.0002 4208 SstpSvc - ok
14:37:48.0111 4208 STacSV (7bf818b11c1fedc3e76d233124470a30) C:\Program Files\IDT\WDM\STacSV64.exe
14:37:48.0189 4208 STacSV - ok
14:37:48.0251 4208 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:37:48.0267 4208 stexstor - ok
14:37:48.0392 4208 STHDA (ebc1a5e076a9be314d3d9e8ed19abb0a) C:\Windows\system32\DRIVERS\stwrt64.sys
14:37:48.0454 4208 STHDA - ok
14:37:48.0548 4208 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:37:48.0610 4208 stisvc - ok
14:37:48.0657 4208 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:37:48.0672 4208 swenum - ok
14:37:48.0828 4208 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:37:48.0938 4208 swprv - ok
14:37:49.0078 4208 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS
14:37:49.0140 4208 SymDS - ok
14:37:49.0250 4208 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS
14:37:49.0328 4208 SymEFA - ok
14:37:49.0390 4208 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:37:49.0421 4208 SymEvent - ok
14:37:49.0499 4208 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS
14:37:49.0515 4208 SymIRON - ok
14:37:49.0593 4208 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS
14:37:49.0640 4208 SymNetS - ok
14:37:49.0764 4208 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys
14:37:49.0858 4208 SynTP - ok
14:37:50.0092 4208 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:37:50.0186 4208 SysMain - ok
14:37:50.0357 4208 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:37:50.0420 4208 TabletInputService - ok
14:37:50.0466 4208 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:37:50.0513 4208 TapiSrv - ok
14:37:50.0544 4208 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:37:50.0576 4208 TBS - ok
14:37:50.0966 4208 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:37:51.0090 4208 Tcpip - ok
14:37:51.0480 4208 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:37:51.0543 4208 TCPIP6 - ok
14:37:51.0714 4208 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:37:51.0792 4208 tcpipreg - ok
14:37:51.0824 4208 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:37:51.0886 4208 TDPIPE - ok
14:37:51.0917 4208 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:37:51.0964 4208 TDTCP - ok
14:37:52.0042 4208 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:37:52.0120 4208 tdx - ok
14:37:52.0136 4208 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:37:52.0198 4208 TermDD - ok
14:37:52.0307 4208 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:37:52.0401 4208 TermService - ok
14:37:52.0432 4208 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:37:52.0463 4208 Themes - ok
14:37:52.0510 4208 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:37:52.0572 4208 THREADORDER - ok
14:37:52.0619 4208 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:37:52.0697 4208 TrkWks - ok
14:37:52.0791 4208 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:37:52.0869 4208 TrustedInstaller - ok
14:37:52.0947 4208 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:37:53.0025 4208 tssecsrv - ok
14:37:53.0056 4208 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:37:53.0103 4208 TsUsbFlt - ok
14:37:53.0165 4208 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:37:53.0243 4208 tunnel - ok
14:37:53.0274 4208 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:37:53.0290 4208 uagp35 - ok
14:37:53.0368 4208 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:37:53.0493 4208 udfs - ok
14:37:53.0524 4208 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:37:53.0571 4208 UI0Detect - ok
14:37:53.0633 4208 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:37:53.0664 4208 uliagpkx - ok
14:37:53.0696 4208 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:37:53.0727 4208 umbus - ok
14:37:53.0774 4208 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:37:53.0836 4208 UmPass - ok
14:37:54.0351 4208 UNS (6f895ca96552069b3d3ef5b4f6e90d3e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:37:54.0476 4208 UNS - ok
14:37:54.0616 4208 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:37:54.0710 4208 upnphost - ok
14:37:54.0819 4208 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:37:54.0866 4208 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
14:37:54.0866 4208 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
14:37:54.0897 4208 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:37:54.0959 4208 usbccgp - ok
14:37:54.0990 4208 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:37:55.0022 4208 usbcir - ok
14:37:55.0084 4208 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:37:55.0178 4208 usbehci - ok
14:37:55.0224 4208 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:37:55.0271 4208 usbhub - ok
14:37:55.0287 4208 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:37:55.0318 4208 usbohci - ok
14:37:55.0349 4208 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:37:55.0380 4208 usbprint - ok
14:37:55.0443 4208 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:37:55.0536 4208 USBSTOR - ok
14:37:55.0568 4208 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:37:55.0599 4208 usbuhci - ok
14:37:55.0661 4208 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
14:37:55.0692 4208 usbvideo - ok
14:37:55.0739 4208 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:37:55.0802 4208 UxSms - ok
14:37:55.0833 4208 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:37:55.0848 4208 VaultSvc - ok
14:37:55.0895 4208 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:37:55.0911 4208 vdrvroot - ok
14:37:55.0989 4208 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:37:56.0051 4208 vds - ok
14:37:56.0098 4208 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:37:56.0114 4208 vga - ok
14:37:56.0129 4208 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:37:56.0207 4208 VgaSave - ok
14:37:56.0254 4208 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:37:56.0285 4208 vhdmp - ok
14:37:56.0332 4208 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:37:56.0348 4208 viaide - ok
14:37:56.0379 4208 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:37:56.0394 4208 volmgr - ok
14:37:56.0441 4208 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:37:56.0472 4208 volmgrx - ok
14:37:56.0535 4208 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:37:56.0566 4208 volsnap - ok
14:37:56.0628 4208 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:37:56.0660 4208 vsmraid - ok
14:37:56.0769 4208 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:37:56.0862 4208 VSS - ok
14:37:56.0972 4208 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:37:57.0018 4208 vwifibus - ok
14:37:57.0050 4208 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:37:57.0081 4208 vwififlt - ok
14:37:57.0128 4208 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:37:57.0206 4208 W32Time - ok
14:37:57.0237 4208 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:37:57.0252 4208 WacomPen - ok
14:37:57.0299 4208 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:37:57.0393 4208 WANARP - ok
14:37:57.0408 4208 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:37:57.0440 4208 Wanarpv6 - ok
14:37:57.0564 4208 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:37:57.0642 4208 WatAdminSvc - ok
14:37:57.0752 4208 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:37:57.0876 4208 wbengine - ok
14:37:58.0017 4208 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:37:58.0048 4208 WbioSrvc - ok
14:37:58.0095 4208 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:37:58.0126 4208 wcncsvc - ok
14:37:58.0142 4208 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:37:58.0188 4208 WcsPlugInService - ok
14:37:58.0235 4208 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:37:58.0266 4208 Wd - ok
14:37:58.0298 4208 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
14:37:58.0360 4208 WDC_SAM - ok
14:37:58.0438 4208 WDDMService (334e5ed94d3faff3c44f4d36b1fe1c90) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
14:37:58.0454 4208 WDDMService ( UnsignedFile.Multi.Generic ) - warning
14:37:58.0454 4208 WDDMService - detected UnsignedFile.Multi.Generic (1)
14:37:58.0500 4208 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:37:58.0547 4208 Wdf01000 - ok
14:37:58.0578 4208 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:37:58.0656 4208 WdiServiceHost - ok
14:37:58.0656 4208 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:37:58.0672 4208 WdiSystemHost - ok
14:37:58.0750 4208 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
14:37:58.0766 4208 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning
14:37:58.0766 4208 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)
14:37:58.0797 4208 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:37:58.0828 4208 WebClient - ok
14:37:58.0875 4208 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:37:58.0922 4208 Wecsvc - ok
14:37:58.0968 4208 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:37:59.0031 4208 wercplsupport - ok
14:37:59.0078 4208 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:37:59.0156 4208 WerSvc - ok
14:37:59.0249 4208 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:37:59.0327 4208 WfpLwf - ok
14:37:59.0374 4208 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:37:59.0405 4208 WIMMount - ok
14:37:59.0421 4208 WinDefend - ok
14:37:59.0421 4208 WinHttpAutoProxySvc - ok
14:37:59.0514 4208 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:37:59.0592 4208 Winmgmt - ok
14:38:00.0294 4208 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:38:00.0466 4208 WinRM - ok
14:38:00.0653 4208 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:38:00.0716 4208 WinUsb - ok
14:38:00.0794 4208 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:38:00.0856 4208 Wlansvc - ok
14:38:00.0934 4208 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:38:00.0965 4208 wlcrasvc - ok
14:38:01.0605 4208 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:38:01.0745 4208 wlidsvc - ok
14:38:01.0870 4208 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:38:01.0901 4208 WmiAcpi - ok
14:38:01.0979 4208 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:38:02.0026 4208 wmiApSrv - ok
14:38:02.0088 4208 WMPNetworkSvc - ok
14:38:02.0120 4208 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:38:02.0182 4208 WPCSvc - ok
14:38:02.0213 4208 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:38:02.0260 4208 WPDBusEnum - ok
14:38:02.0276 4208 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:38:02.0338 4208 ws2ifsl - ok
14:38:02.0385 4208 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:38:02.0416 4208 wscsvc - ok
14:38:02.0416 4208 WSearch - ok
14:38:03.0134 4208 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:38:03.0274 4208 wuauserv - ok
14:38:03.0602 4208 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:38:03.0680 4208 WudfPf - ok
14:38:03.0773 4208 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:38:03.0851 4208 WUDFRd - ok
14:38:03.0882 4208 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:38:03.0929 4208 wudfsvc - ok
14:38:03.0960 4208 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:38:04.0023 4208 WwanSvc - ok
14:38:04.0070 4208 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
14:38:04.0101 4208 yukonw7 - ok
14:38:04.0132 4208 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:38:05.0130 4208 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:38:05.0130 4208 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:38:05.0162 4208 Boot (0x1200) (9d477996087f350a629395635a6f689b) \Device\Harddisk0\DR0\Partition0
14:38:05.0162 4208 \Device\Harddisk0\DR0\Partition0 - ok
14:38:05.0208 4208 Boot (0x1200) (4baec38957c0939dcd1020ab92a4ad5c) \Device\Harddisk0\DR0\Partition1
14:38:05.0208 4208 \Device\Harddisk0\DR0\Partition1 - ok
14:38:05.0255 4208 Boot (0x1200) (dbe727ee447bc974e3803601ef60ff64) \Device\Harddisk0\DR0\Partition2
14:38:05.0255 4208 \Device\Harddisk0\DR0\Partition2 - ok
14:38:05.0302 4208 Boot (0x1200) (d76ab93ec2723fa1179ff3a5d47a5d10) \Device\Harddisk0\DR0\Partition3
14:38:05.0302 4208 \Device\Harddisk0\DR0\Partition3 - ok
14:38:05.0302 4208 ============================================================
14:38:05.0302 4208 Scan finished
14:38:05.0302 4208 ============================================================
14:38:05.0318 4260 Detected object count: 5
14:38:05.0318 4260 Actual detected object count: 5
14:44:11.0341 4260 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:11.0341 4260 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:11.0341 4260 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:11.0341 4260 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:11.0357 4260 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:11.0357 4260 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:11.0357 4260 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user
14:44:11.0357 4260 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:44:11.0731 4260 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:44:11.0731 4260 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:44:11.0731 4260 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:44:11.0747 4260 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:44:11.0762 4260 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:44:11.0778 4260 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:44:11.0778 4260 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:44:11.0778 4260 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:44:11.0793 4260 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:44:11.0793 4260 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:44:11.0793 4260 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:44:11.0793 4260 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:44:11.0793 4260 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:44:11.0809 4260 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
14:44:11.0809 4260 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:44:11.0809 4260 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
14:44:33.0654 3176 Deinitialize success
***************************************************************************************
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.07.04.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Glenn :: 2011-HP [administrator]
Protection: Enabled
7/4/2012 2:50:59 PM
mbam-log-2012-07-04 (14-50-59).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM
Scan options disabled: Heuristics/Shuriken | P2P
Objects scanned: 261119
Time elapsed: 6 minute(s), 10 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Thanks Maniac!!
Here are two logs from tdss as I didn't expand the options on the first run. The MBAM log was run afterwards.
The symptoms are gone and it appears clear. Having read your links I understand I am still vulnerable. Frankly a full reformat scares me and I don't have the appropriate disks so I fear it means repurchasing software I already have. The computer came from Staples so i guess I'll check on their policies to see if they can help.
14:25:51.0624 4332 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
14:25:52.0380 4332 ============================================================
14:25:52.0380 4332 Current date / time: 2012/07/04 14:25:52.0380
14:25:52.0380 4332 SystemInfo:
14:25:52.0380 4332
14:25:52.0380 4332 OS Version: 6.1.7601 ServicePack: 1.0
14:25:52.0380 4332 Product type: Workstation
14:25:52.0380 4332 ComputerName: 2011-HP
14:25:52.0380 4332 UserName: Glenn
14:25:52.0380 4332 Windows directory: C:\Windows
14:25:52.0380 4332 System windows directory: C:\Windows
14:25:52.0380 4332 Running under WOW64
14:25:52.0380 4332 Processor architecture: Intel x64
14:25:52.0380 4332 Number of processors: 4
14:25:52.0380 4332 Page size: 0x1000
14:25:52.0380 4332 Boot type: Normal boot
14:25:52.0380 4332 ============================================================
14:25:53.0374 4332 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:25:53.0380 4332 ============================================================
14:25:53.0380 4332 \Device\Harddisk0\DR0:
14:25:53.0380 4332 MBR partitions:
14:25:53.0380 4332 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
14:25:53.0380 4332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x385CF000
14:25:53.0380 4332 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38633000, BlocksNum 0x1D1F000
14:25:53.0380 4332 ============================================================
14:25:53.0406 4332 C: <-> \Device\Harddisk0\DR0\Partition1
14:25:53.0549 4332 D: <-> \Device\Harddisk0\DR0\Partition2
14:25:53.0549 4332 ============================================================
14:25:53.0549 4332 Initialize success
14:25:53.0549 4332 ============================================================
14:26:11.0646 4948 ============================================================
14:26:11.0646 4948 Scan started
14:26:11.0646 4948 Mode: Manual;
14:26:11.0646 4948 ============================================================
14:26:14.0229 4948 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:26:14.0242 4948 1394ohci - ok
14:26:14.0334 4948 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:26:14.0358 4948 ACPI - ok
14:26:14.0422 4948 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:26:14.0450 4948 AcpiPmi - ok
14:26:14.0654 4948 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:26:14.0656 4948 AdobeARMservice - ok
14:26:14.0886 4948 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:26:14.0948 4948 AdobeFlashPlayerUpdateSvc - ok
14:26:15.0106 4948 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:26:15.0502 4948 adp94xx - ok
14:26:15.0552 4948 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:26:15.0573 4948 adpahci - ok
14:26:15.0639 4948 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:26:15.0642 4948 adpu320 - ok
14:26:15.0681 4948 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:26:15.0683 4948 AeLookupSvc - ok
14:26:15.0749 4948 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:26:15.0754 4948 AFD - ok
14:26:15.0797 4948 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:26:15.0799 4948 agp440 - ok
14:26:15.0839 4948 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:26:15.0841 4948 ALG - ok
14:26:15.0891 4948 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:26:15.0904 4948 aliide - ok
14:26:15.0933 4948 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:26:15.0934 4948 amdide - ok
14:26:15.0986 4948 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:26:16.0005 4948 AmdK8 - ok
14:26:16.0019 4948 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:26:16.0048 4948 AmdPPM - ok
14:26:16.0084 4948 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:26:16.0097 4948 amdsata - ok
14:26:16.0143 4948 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:26:16.0146 4948 amdsbs - ok
14:26:16.0165 4948 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:26:16.0181 4948 amdxata - ok
14:26:16.0220 4948 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:26:16.0233 4948 AppID - ok
14:26:16.0264 4948 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:26:16.0265 4948 AppIDSvc - ok
14:26:16.0334 4948 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:26:16.0350 4948 Appinfo - ok
14:26:16.0514 4948 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:26:16.0515 4948 Apple Mobile Device - ok
14:26:16.0577 4948 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:26:16.0580 4948 arc - ok
14:26:16.0621 4948 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:26:16.0623 4948 arcsas - ok
14:26:16.0663 4948 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:26:16.0678 4948 AsyncMac - ok
14:26:16.0734 4948 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:26:16.0736 4948 atapi - ok
14:26:16.0843 4948 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:26:16.0854 4948 AudioEndpointBuilder - ok
14:26:16.0863 4948 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:26:16.0867 4948 AudioSrv - ok
14:26:16.0935 4948 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:26:16.0938 4948 AxInstSV - ok
14:26:17.0016 4948 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:26:17.0022 4948 b06bdrv - ok
14:26:17.0203 4948 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:26:17.0227 4948 b57nd60a - ok
14:26:17.0365 4948 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
14:26:17.0383 4948 BBSvc - ok
14:26:17.0989 4948 BCM43XX (461e574d7967e895640109a371a912a5) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:26:18.0103 4948 BCM43XX - ok
14:26:18.0272 4948 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:26:18.0275 4948 BDESVC - ok
14:26:18.0368 4948 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:26:18.0370 4948 Beep - ok
14:26:18.0452 4948 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:26:18.0467 4948 BFE - ok
14:26:19.0114 4948 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001_e4b\BHDrvx64.sys
14:26:19.0223 4948 BHDrvx64 - ok
14:26:19.0418 4948 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:26:19.0446 4948 BITS - ok
14:26:19.0599 4948 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:26:19.0601 4948 blbdrive - ok
14:26:19.0740 4948 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:26:20.0007 4948 Bonjour Service - ok
14:26:20.0185 4948 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:26:20.0199 4948 bowser - ok
14:26:20.0264 4948 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:26:20.0291 4948 BrFiltLo - ok
14:26:20.0309 4948 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:26:20.0318 4948 BrFiltUp - ok
14:26:20.0343 4948 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:26:20.0345 4948 Browser - ok
14:26:20.0382 4948 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:26:20.0386 4948 Brserid - ok
14:26:20.0409 4948 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:26:20.0411 4948 BrSerWdm - ok
14:26:20.0433 4948 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:26:20.0435 4948 BrUsbMdm - ok
14:26:20.0447 4948 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:26:20.0449 4948 BrUsbSer - ok
14:26:20.0528 4948 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:26:20.0560 4948 BthEnum - ok
14:26:20.0702 4948 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:26:20.0704 4948 BTHMODEM - ok
14:26:20.0743 4948 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:26:20.0766 4948 BthPan - ok
14:26:20.0849 4948 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
14:26:20.0869 4948 BTHPORT - ok
14:26:20.0923 4948 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:26:20.0938 4948 bthserv - ok
14:26:20.0995 4948 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
14:26:20.0997 4948 BTHUSB - ok
14:26:21.0076 4948 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys
14:26:21.0094 4948 btwampfl - ok
14:26:21.0116 4948 btwaudio (a75bf6802a967f5aacecc3c67febdf55) C:\Windows\system32\drivers\btwaudio.sys
14:26:21.0126 4948 btwaudio - ok
14:26:21.0173 4948 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\drivers\btwavdt.sys
14:26:21.0183 4948 btwavdt - ok
14:26:21.0325 4948 btwdins (692f8648d7686d91e34a65ac698019d8) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
14:26:21.0364 4948 btwdins - ok
14:26:21.0411 4948 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
14:26:21.0425 4948 btwl2cap - ok
14:26:21.0454 4948 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\DRIVERS\btwrchid.sys
14:26:21.0468 4948 btwrchid - ok
14:26:21.0630 4948 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys
14:26:21.0694 4948 ccSet_NIS - ok
14:26:21.0745 4948 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:26:21.0747 4948 cdfs - ok
14:26:21.0804 4948 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:26:21.0817 4948 cdrom - ok
14:26:21.0900 4948 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:26:21.0910 4948 CertPropSvc - ok
14:26:21.0947 4948 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:26:21.0965 4948 circlass - ok
14:26:22.0025 4948 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:26:22.0042 4948 CLFS - ok
14:26:22.0124 4948 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:26:22.0126 4948 clr_optimization_v2.0.50727_32 - ok
14:26:22.0188 4948 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:26:22.0191 4948 clr_optimization_v2.0.50727_64 - ok
14:26:22.0298 4948 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:26:22.0396 4948 clr_optimization_v4.0.30319_32 - ok
14:26:22.0451 4948 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:26:22.0454 4948 clr_optimization_v4.0.30319_64 - ok
14:26:22.0499 4948 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
14:26:22.0512 4948 clwvd - ok
14:26:22.0569 4948 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:26:22.0590 4948 CmBatt - ok
14:26:22.0638 4948 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:26:22.0640 4948 cmdide - ok
14:26:22.0706 4948 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:26:22.0760 4948 CNG - ok
14:26:22.0820 4948 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:26:22.0822 4948 Compbatt - ok
14:26:22.0881 4948 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:26:22.0910 4948 CompositeBus - ok
14:26:22.0953 4948 COMSysApp - ok
14:26:23.0008 4948 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:26:23.0038 4948 crcdisk - ok
14:26:23.0187 4948 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:26:23.0189 4948 CryptSvc - ok
14:26:23.0266 4948 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:26:23.0272 4948 DcomLaunch - ok
14:26:23.0347 4948 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:26:23.0352 4948 defragsvc - ok
14:26:23.0408 4948 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:26:23.0409 4948 DfsC - ok
14:26:23.0528 4948 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:26:23.0532 4948 Dhcp - ok
14:26:23.0563 4948 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:26:23.0566 4948 discache - ok
14:26:23.0721 4948 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:26:23.0739 4948 Disk - ok
14:26:23.0788 4948 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:26:23.0790 4948 Dnscache - ok
14:26:23.0848 4948 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:26:23.0851 4948 dot3svc - ok
14:26:23.0890 4948 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:26:23.0892 4948 DPS - ok
14:26:23.0949 4948 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:26:23.0951 4948 drmkaud - ok
14:26:24.0095 4948 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:26:24.0124 4948 DXGKrnl - ok
14:26:24.0547 4948 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:26:24.0549 4948 EapHost - ok
14:26:25.0053 4948 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:26:25.0200 4948 ebdrv - ok
14:26:25.0379 4948 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:26:25.0427 4948 eeCtrl - ok
14:26:25.0556 4948 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:26:25.0558 4948 EFS - ok
14:26:25.0679 4948 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:26:25.0687 4948 ehRecvr - ok
14:26:25.0731 4948 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:26:25.0742 4948 ehSched - ok
14:26:25.0864 4948 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:26:25.0871 4948 elxstor - ok
14:26:26.0102 4948 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:26:26.0105 4948 EraserUtilRebootDrv - ok
14:26:26.0152 4948 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:26:26.0160 4948 ErrDev - ok
14:26:26.0257 4948 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:26:26.0260 4948 EventSystem - ok
14:26:26.0295 4948 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:26:26.0297 4948 exfat - ok
14:26:26.0327 4948 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:26:26.0332 4948 fastfat - ok
14:26:26.0415 4948 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:26:26.0422 4948 Fax - ok
14:26:26.0440 4948 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:26:26.0442 4948 fdc - ok
14:26:26.0477 4948 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:26:26.0477 4948 fdPHost - ok
14:26:26.0535 4948 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:26:26.0537 4948 FDResPub - ok
14:26:26.0582 4948 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:26:26.0585 4948 FileInfo - ok
14:26:26.0662 4948 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:26:26.0675 4948 Filetrace - ok
14:26:26.0737 4948 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:26:26.0737 4948 flpydisk - ok
14:26:26.0817 4948 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:26:26.0822 4948 FltMgr - ok
14:26:27.0028 4948 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:26:27.0071 4948 FontCache - ok
14:26:27.0246 4948 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:26:27.0248 4948 FontCache3.0.0.0 - ok
14:26:27.0314 4948 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:26:27.0329 4948 FsDepends - ok
14:26:27.0420 4948 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
14:26:27.0435 4948 fssfltr - ok
14:26:27.0685 4948 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:26:27.0755 4948 fsssvc - ok
14:26:27.0908 4948 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:26:27.0910 4948 Fs_Rec - ok
14:26:27.0966 4948 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:26:27.0968 4948 fvevol - ok
14:26:28.0016 4948 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:26:28.0018 4948 gagp30kx - ok
14:26:28.0153 4948 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
14:26:28.0175 4948 GameConsoleService - ok
14:26:28.0204 4948 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:26:28.0218 4948 GEARAspiWDM - ok
14:26:28.0397 4948 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:26:28.0424 4948 gpsvc - ok
14:26:28.0525 4948 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:26:28.0527 4948 gupdate - ok
14:26:28.0575 4948 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:26:28.0577 4948 gupdatem - ok
14:26:28.0743 4948 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:26:28.0746 4948 gusvc - ok
14:26:28.0768 4948 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:26:28.0785 4948 hcw85cir - ok
14:26:28.0845 4948 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:26:28.0861 4948 HdAudAddService - ok
14:26:28.0904 4948 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:26:28.0905 4948 HDAudBus - ok
14:26:28.0951 4948 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:26:28.0969 4948 HECIx64 - ok
14:26:29.0004 4948 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:26:29.0005 4948 HidBatt - ok
14:26:29.0032 4948 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:26:29.0034 4948 HidBth - ok
14:26:29.0063 4948 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:26:29.0065 4948 HidIr - ok
14:26:29.0091 4948 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:26:29.0092 4948 hidserv - ok
14:26:29.0160 4948 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:26:29.0181 4948 HidUsb - ok
14:26:29.0210 4948 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:26:29.0212 4948 hkmsvc - ok
14:26:29.0253 4948 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:26:29.0255 4948 HomeGroupListener - ok
14:26:29.0303 4948 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:26:29.0305 4948 HomeGroupProvider - ok
14:26:29.0463 4948 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
14:26:29.0464 4948 HP Support Assistant Service - ok
14:26:29.0628 4948 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
14:26:29.0630 4948 HP Wireless Assistant Service - ok
14:26:29.0737 4948 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
14:26:29.0740 4948 HPClientSvc - ok
14:26:29.0932 4948 hpqwmiex (e7c7829ba0395e48f8c8fe16b8832344) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
14:26:29.0975 4948 hpqwmiex - ok
14:26:30.0139 4948 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:26:30.0157 4948 HpSAMD - ok
14:26:30.0275 4948 HPWMISVC (2bec76bdcd1bc080210325e7b5094834) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
14:26:30.0277 4948 HPWMISVC - ok
14:26:30.0381 4948 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:26:30.0416 4948 HTTP - ok
14:26:30.0468 4948 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:26:30.0469 4948 hwpolicy - ok
14:26:30.0543 4948 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:26:30.0738 4948 i8042prt - ok
14:26:30.0841 4948 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys
14:26:30.0844 4948 iaStor - ok
14:26:31.0003 4948 IAStorDataMgrSvc (e79a8e33bd136d14bae1fa20eb2ef124) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:26:31.0004 4948 IAStorDataMgrSvc - ok
14:26:31.0068 4948 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:26:31.0076 4948 iaStorV - ok
14:26:31.0328 4948 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:26:31.0403 4948 idsvc - ok
14:26:31.0858 4948 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120703.002\IDSvia64.sys
14:26:31.0864 4948 IDSVia64 - ok
14:26:33.0297 4948 igfx (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:26:33.0617 4948 igfx - ok
14:26:33.0760 4948 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:26:33.0762 4948 iirsp - ok
14:26:33.0822 4948 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:26:33.0829 4948 IKEEXT - ok
14:26:33.0900 4948 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
14:26:33.0903 4948 Impcd - ok
14:26:33.0971 4948 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
14:26:33.0993 4948 IntcDAud - ok
14:26:34.0015 4948 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:26:34.0017 4948 intelide - ok
14:26:34.0044 4948 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:26:34.0046 4948 intelppm - ok
14:26:34.0080 4948 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:26:34.0093 4948 IPBusEnum - ok
14:26:34.0136 4948 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:26:34.0138 4948 IpFilterDriver - ok
14:26:34.0184 4948 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:26:34.0190 4948 iphlpsvc - ok
14:26:34.0219 4948 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:26:34.0221 4948 IPMIDRV - ok
14:26:34.0260 4948 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:26:34.0280 4948 IPNAT - ok
14:26:34.0405 4948 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
14:26:34.0414 4948 iPod Service - ok
14:26:34.0454 4948 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:26:34.0455 4948 IRENUM - ok
14:26:34.0509 4948 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:26:34.0510 4948 isapnp - ok
14:26:34.0581 4948 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:26:34.0614 4948 iScsiPrt - ok
14:26:34.0672 4948 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:26:34.0673 4948 kbdclass - ok
14:26:34.0777 4948 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:26:34.0791 4948 kbdhid - ok
14:26:34.0847 4948 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:26:34.0849 4948 KeyIso - ok
14:26:34.0876 4948 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:26:34.0893 4948 KSecDD - ok
14:26:34.0919 4948 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:26:34.0948 4948 KSecPkg - ok
14:26:34.0997 4948 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:26:35.0002 4948 ksthunk - ok
14:26:35.0070 4948 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:26:35.0075 4948 KtmRm - ok
14:26:35.0263 4948 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:26:35.0266 4948 LanmanServer - ok
14:26:35.0354 4948 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:26:35.0356 4948 LanmanWorkstation - ok
14:26:35.0483 4948 LightScribeService (fa4a45c179ab0e0f1a31b9751d4b18d7) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:26:35.0485 4948 LightScribeService - ok
14:26:35.0544 4948 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:26:35.0546 4948 lltdio - ok
14:26:35.0601 4948 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:26:35.0621 4948 lltdsvc - ok
14:26:35.0637 4948 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:26:35.0638 4948 lmhosts - ok
14:26:35.0774 4948 LMS (0405f4bcd1c7a7b309f620fe0b5de5e6) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:26:35.0791 4948 LMS - ok
14:26:35.0919 4948 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:26:35.0922 4948 LSI_FC - ok
14:26:36.0109 4948 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:26:36.0142 4948 LSI_SAS - ok
14:26:36.0177 4948 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:26:36.0179 4948 LSI_SAS2 - ok
14:26:36.0273 4948 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:26:36.0338 4948 LSI_SCSI - ok
14:26:36.0399 4948 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:26:36.0401 4948 luafv - ok
14:26:36.0530 4948 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
14:26:36.0531 4948 MBAMProtector - ok
14:26:36.0786 4948 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:26:36.0829 4948 MBAMService - ok
14:26:36.0869 4948 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:26:36.0878 4948 Mcx2Svc - ok
14:26:36.0914 4948 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:26:36.0916 4948 megasas - ok
14:26:36.0963 4948 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:26:36.0967 4948 MegaSR - ok
14:26:37.0029 4948 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:26:37.0030 4948 MMCSS - ok
14:26:37.0070 4948 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:26:37.0072 4948 Modem - ok
14:26:37.0108 4948 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:26:37.0109 4948 monitor - ok
14:26:37.0158 4948 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:26:37.0159 4948 mouclass - ok
14:26:37.0199 4948 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:26:37.0217 4948 mouhid - ok
14:26:37.0255 4948 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:26:37.0257 4948 mountmgr - ok
14:26:37.0323 4948 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:26:37.0326 4948 mpio - ok
14:26:37.0350 4948 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:26:37.0352 4948 mpsdrv - ok
14:26:37.0446 4948 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:26:37.0471 4948 MpsSvc - ok
14:26:37.0516 4948 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:26:37.0540 4948 MRxDAV - ok
14:26:37.0866 4948 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:26:37.0902 4948 mrxsmb - ok
14:26:37.0935 4948 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:26:37.0966 4948 mrxsmb10 - ok
14:26:38.0002 4948 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:26:38.0004 4948 mrxsmb20 - ok
14:26:38.0037 4948 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:26:38.0039 4948 msahci - ok
14:26:38.0077 4948 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:26:38.0094 4948 msdsm - ok
14:26:38.0133 4948 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:26:38.0148 4948 MSDTC - ok
14:26:38.0199 4948 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:26:38.0218 4948 Msfs - ok
14:26:38.0234 4948 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:26:38.0235 4948 mshidkmdf - ok
14:26:38.0259 4948 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:26:38.0274 4948 msisadrv - ok
14:26:38.0310 4948 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:26:38.0325 4948 MSiSCSI - ok
14:26:38.0335 4948 msiserver - ok
14:26:38.0388 4948 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:26:38.0389 4948 MSKSSRV - ok
14:26:38.0410 4948 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:26:38.0411 4948 MSPCLOCK - ok
14:26:38.0447 4948 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:26:38.0448 4948 MSPQM - ok
14:26:38.0500 4948 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:26:38.0505 4948 MsRPC - ok
14:26:38.0555 4948 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:26:38.0555 4948 mssmbios - ok
14:26:38.0616 4948 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:26:38.0628 4948 MSTEE - ok
14:26:38.0647 4948 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:26:38.0657 4948 MTConfig - ok
14:26:38.0701 4948 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:26:38.0723 4948 Mup - ok
14:26:38.0814 4948 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:26:38.0833 4948 napagent - ok
14:26:38.0896 4948 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:26:38.0901 4948 NativeWifiP - ok
14:26:39.0154 4948 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120703.024\ENG64.SYS
14:26:39.0156 4948 NAVENG - ok
14:26:39.0410 4948 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120703.024\EX64.SYS
14:26:39.0480 4948 NAVEX15 - ok
14:26:39.0776 4948 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:26:39.0858 4948 NDIS - ok
14:26:39.0912 4948 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:26:39.0914 4948 NdisCap - ok
14:26:39.0953 4948 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:26:39.0954 4948 NdisTapi - ok
14:26:40.0036 4948 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:26:40.0038 4948 Ndisuio - ok
14:26:40.0112 4948 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:26:40.0116 4948 NdisWan - ok
14:26:40.0149 4948 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:26:40.0151 4948 NDProxy - ok
14:26:40.0196 4948 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:26:40.0198 4948 NetBIOS - ok
14:26:40.0249 4948 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:26:40.0252 4948 NetBT - ok
14:26:40.0280 4948 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:26:40.0282 4948 Netlogon - ok
14:26:40.0354 4948 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:26:40.0358 4948 Netman - ok
14:26:40.0395 4948 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:26:40.0411 4948 netprofm - ok
14:26:40.0485 4948 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:26:40.0500 4948 NetTcpPortSharing - ok
14:26:41.0289 4948 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
14:26:41.0451 4948 netw5v64 - ok
14:26:41.0724 4948 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:26:41.0726 4948 nfrd960 - ok
14:26:41.0872 4948 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
14:26:41.0874 4948 NIS - ok
14:26:41.0951 4948 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:26:41.0955 4948 NlaSvc - ok
14:26:41.0984 4948 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:26:41.0986 4948 Npfs - ok
14:26:42.0034 4948 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:26:42.0035 4948 nsi - ok
14:26:42.0105 4948 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:26:42.0106 4948 nsiproxy - ok
14:26:42.0270 4948 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:26:42.0345 4948 Ntfs - ok
14:26:42.0515 4948 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:26:42.0526 4948 Null - ok
14:26:42.0563 4948 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:26:42.0573 4948 nvraid - ok
14:26:42.0641 4948 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:26:42.0682 4948 nvstor - ok
14:26:42.0755 4948 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:26:42.0776 4948 nv_agp - ok
14:26:42.0805 4948 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:26:42.0821 4948 ohci1394 - ok
14:26:42.0903 4948 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:26:42.0927 4948 ose - ok
14:26:43.0549 4948 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:26:43.0705 4948 osppsvc - ok
14:26:43.0888 4948 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:26:43.0891 4948 p2pimsvc - ok
14:26:43.0957 4948 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:26:43.0962 4948 p2psvc - ok
14:26:44.0015 4948 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:26:44.0038 4948 Parport - ok
14:26:44.0083 4948 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:26:44.0101 4948 partmgr - ok
14:26:44.0138 4948 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:26:44.0141 4948 PcaSvc - ok
14:26:44.0195 4948 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:26:44.0198 4948 pci - ok
14:26:44.0228 4948 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:26:44.0230 4948 pciide - ok
14:26:44.0361 4948 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:26:44.0424 4948 pcmcia - ok
14:26:44.0465 4948 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:26:44.0482 4948 pcw - ok
14:26:44.0852 4948 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:26:44.0867 4948 PEAUTH - ok
14:26:44.0988 4948 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:26:44.0990 4948 PerfHost - ok
14:26:45.0140 4948 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:26:45.0187 4948 pla - ok
14:26:45.0243 4948 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:26:45.0247 4948 PlugPlay - ok
14:26:45.0284 4948 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:26:45.0287 4948 PNRPAutoReg - ok
14:26:45.0342 4948 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:26:45.0345 4948 PNRPsvc - ok
14:26:45.0412 4948 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:26:45.0417 4948 PolicyAgent - ok
14:26:45.0469 4948 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:26:45.0472 4948 Power - ok
14:26:45.0547 4948 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:26:45.0549 4948 PptpMiniport - ok
14:26:45.0603 4948 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:26:45.0604 4948 Processor - ok
14:26:45.0666 4948 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:26:45.0668 4948 ProfSvc - ok
14:26:45.0714 4948 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:26:45.0715 4948 ProtectedStorage - ok
14:26:45.0762 4948 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:26:45.0767 4948 Psched - ok
14:26:45.0954 4948 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:26:46.0005 4948 ql2300 - ok
14:26:46.0173 4948 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:26:46.0176 4948 ql40xx - ok
14:26:46.0207 4948 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:26:46.0226 4948 QWAVE - ok
14:26:46.0266 4948 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:26:46.0268 4948 QWAVEdrv - ok
14:26:46.0282 4948 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:26:46.0284 4948 RasAcd - ok
14:26:46.0325 4948 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:26:46.0343 4948 RasAgileVpn - ok
14:26:46.0389 4948 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:26:46.0392 4948 RasAuto - ok
14:26:46.0459 4948 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:26:46.0461 4948 Rasl2tp - ok
14:26:46.0509 4948 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:26:46.0514 4948 RasMan - ok
14:26:46.0799 4948 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:26:46.0802 4948 RasPppoe - ok
14:26:46.0838 4948 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:26:46.0840 4948 RasSstp - ok
14:26:46.0879 4948 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:26:46.0883 4948 rdbss - ok
14:26:46.0916 4948 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:26:46.0917 4948 rdpbus - ok
14:26:46.0936 4948 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:26:46.0936 4948 RDPCDD - ok
14:26:46.0966 4948 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:26:46.0967 4948 RDPENCDD - ok
14:26:46.0995 4948 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:26:46.0995 4948 RDPREFMP - ok
14:26:47.0058 4948 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:26:47.0087 4948 RDPWD - ok
14:26:47.0152 4948 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:26:47.0155 4948 rdyboost - ok
14:26:47.0183 4948 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:26:47.0202 4948 RemoteAccess - ok
14:26:47.0233 4948 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:26:47.0250 4948 RemoteRegistry - ok
14:26:47.0308 4948 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:26:47.0310 4948 RFCOMM - ok
14:26:47.0486 4948 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
14:26:47.0498 4948 RoxioNow Service - ok
14:26:47.0550 4948 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:26:47.0552 4948 RpcEptMapper - ok
14:26:47.0590 4948 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:26:47.0592 4948 RpcLocator - ok
14:26:47.0667 4948 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:26:47.0671 4948 RpcSs - ok
14:26:47.0768 4948 RSPCIESTOR (ca327a84085f68200452e6761f943298) C:\Windows\system32\DRIVERS\RtsPStor.sys
14:26:47.0789 4948 RSPCIESTOR - ok
14:26:47.0831 4948 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:26:47.0833 4948 rspndr - ok
14:26:47.0906 4948 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:26:47.0928 4948 RTL8167 - ok
14:26:47.0958 4948 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:26:47.0959 4948 SamSs - ok
14:26:48.0007 4948 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:26:48.0009 4948 sbp2port - ok
14:26:48.0041 4948 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:26:48.0044 4948 SCardSvr - ok
14:26:48.0085 4948 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:26:48.0134 4948 scfilter - ok
14:26:48.0254 4948 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:26:48.0265 4948 Schedule - ok
14:26:48.0301 4948 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:26:48.0302 4948 SCPolicySvc - ok
14:26:48.0360 4948 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
14:26:48.0374 4948 sdbus - ok
14:26:48.0404 4948 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:26:48.0408 4948 SDRSVC - ok
14:26:48.0541 4948 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
14:26:48.0544 4948 SeaPort - ok
14:26:48.0574 4948 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:26:48.0575 4948 secdrv - ok
14:26:48.0602 4948 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:26:48.0642 4948 seclogon - ok
14:26:48.0696 4948 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:26:48.0698 4948 SENS - ok
14:26:48.0742 4948 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:26:48.0745 4948 SensrSvc - ok
14:26:48.0779 4948 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:26:48.0781 4948 Serenum - ok
14:26:48.0816 4948 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:26:48.0819 4948 Serial - ok
14:26:48.0867 4948 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:26:48.0877 4948 sermouse - ok
14:26:48.0936 4948 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:26:48.0938 4948 SessionEnv - ok
14:26:48.0976 4948 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:26:48.0978 4948 sffdisk - ok
14:26:49.0001 4948 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:26:49.0017 4948 sffp_mmc - ok
14:26:49.0032 4948 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:26:49.0058 4948 sffp_sd - ok
14:26:49.0092 4948 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:26:49.0093 4948 sfloppy - ok
14:26:49.0208 4948 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:26:49.0226 4948 SharedAccess - ok
14:26:49.0296 4948 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:26:49.0300 4948 ShellHWDetection - ok
14:26:49.0359 4948 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:26:49.0360 4948 SiSRaid2 - ok
14:26:49.0404 4948 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:26:49.0407 4948 SiSRaid4 - ok
14:26:49.0432 4948 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:26:49.0434 4948 Smb - ok
14:26:49.0471 4948 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:26:49.0474 4948 SNMPTRAP - ok
14:26:49.0496 4948 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:26:49.0497 4948 spldr - ok
14:26:49.0592 4948 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:26:49.0619 4948 Spooler - ok
14:26:50.0053 4948 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:26:50.0139 4948 sppsvc - ok
14:26:50.0318 4948 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:26:50.0320 4948 sppuinotify - ok
14:26:50.0490 4948 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS
14:26:50.0510 4948 SRTSP - ok
14:26:50.0561 4948 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS
14:26:50.0571 4948 SRTSPX - ok
14:26:50.0641 4948 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:26:50.0660 4948 srv - ok
14:26:50.0706 4948 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:26:50.0710 4948 srv2 - ok
14:26:50.0771 4948 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:26:50.0803 4948 SrvHsfHDA - ok
14:26:51.0021 4948 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:26:51.0086 4948 SrvHsfV92 - ok
14:26:51.0276 4948 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:26:51.0283 4948 SrvHsfWinac - ok
14:26:51.0378 4948 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:26:51.0380 4948 srvnet - ok
14:26:51.0445 4948 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:26:51.0448 4948 SSDPSRV - ok
14:26:51.0462 4948 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:26:51.0464 4948 SstpSvc - ok
14:26:51.0744 4948 STacSV (7bf818b11c1fedc3e76d233124470a30) C:\Program Files\IDT\WDM\STacSV64.exe
14:26:51.0747 4948 STacSV - ok
14:26:51.0771 4948 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:26:51.0773 4948 stexstor - ok
14:26:51.0910 4948 STHDA (ebc1a5e076a9be314d3d9e8ed19abb0a) C:\Windows\system32\DRIVERS\stwrt64.sys
14:26:51.0931 4948 STHDA - ok
14:26:51.0990 4948 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:26:51.0997 4948 stisvc - ok
14:26:52.0033 4948 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:26:52.0034 4948 swenum - ok
14:26:52.0103 4948 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:26:52.0118 4948 swprv - ok
14:26:52.0289 4948 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS
14:26:52.0322 4948 SymDS - ok
14:26:52.0616 4948 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS
14:26:52.0660 4948 SymEFA - ok
14:26:53.0024 4948 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:26:53.0065 4948 SymEvent - ok
14:26:53.0160 4948 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS
14:26:53.0175 4948 SymIRON - ok
14:26:53.0488 4948 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS
14:26:53.0543 4948 SymNetS - ok
14:26:54.0032 4948 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys
14:26:54.0116 4948 SynTP - ok
14:26:54.0366 4948 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:26:54.0383 4948 SysMain - ok
14:26:54.0770 4948 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:26:54.0772 4948 TabletInputService - ok
14:26:54.0958 4948 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:26:54.0963 4948 TapiSrv - ok
14:26:55.0017 4948 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:26:55.0041 4948 TBS - ok
14:26:55.0607 4948 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:26:55.0697 4948 Tcpip - ok
14:26:56.0084 4948 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:26:56.0094 4948 TCPIP6 - ok
14:26:56.0207 4948 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:26:56.0220 4948 tcpipreg - ok
14:26:56.0281 4948 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:26:56.0301 4948 TDPIPE - ok
14:26:56.0328 4948 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:26:56.0353 4948 TDTCP - ok
14:26:56.0402 4948 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:26:56.0404 4948 tdx - ok
14:26:56.0432 4948 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:26:56.0452 4948 TermDD - ok
14:26:56.0580 4948 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:26:56.0636 4948 TermService - ok
14:26:56.0683 4948 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:26:56.0685 4948 Themes - ok
14:26:56.0717 4948 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:26:56.0719 4948 THREADORDER - ok
14:26:56.0776 4948 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:26:56.0778 4948 TrkWks - ok
14:26:56.0878 4948 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:26:56.0880 4948 TrustedInstaller - ok
14:26:56.0925 4948 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:26:56.0927 4948 tssecsrv - ok
14:26:56.0980 4948 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:26:56.0998 4948 TsUsbFlt - ok
14:26:57.0064 4948 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:26:57.0066 4948 tunnel - ok
14:26:57.0097 4948 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:26:57.0101 4948 uagp35 - ok
14:26:57.0275 4948 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:26:57.0303 4948 udfs - ok
14:26:57.0341 4948 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:26:57.0360 4948 UI0Detect - ok
14:26:57.0420 4948 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:26:57.0422 4948 uliagpkx - ok
14:26:57.0488 4948 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:26:57.0490 4948 umbus - ok
14:26:57.0522 4948 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:26:57.0541 4948 UmPass - ok
14:26:57.0930 4948 UNS (6f895ca96552069b3d3ef5b4f6e90d3e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:26:57.0988 4948 UNS - ok
14:26:58.0112 4948 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:26:58.0118 4948 upnphost - ok
14:26:58.0212 4948 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:26:58.0215 4948 USBAAPL64 - ok
14:26:58.0260 4948 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:26:58.0262 4948 usbccgp - ok
14:26:58.0318 4948 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:26:58.0344 4948 usbcir - ok
14:26:58.0391 4948 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:26:58.0403 4948 usbehci - ok
14:26:58.0458 4948 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:26:58.0462 4948 usbhub - ok
14:26:58.0512 4948 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:26:58.0513 4948 usbohci - ok
14:26:58.0537 4948 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:26:58.0538 4948 usbprint - ok
14:26:58.0588 4948 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:26:58.0883 4948 USBSTOR - ok
14:26:58.0929 4948 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:26:58.0930 4948 usbuhci - ok
14:26:59.0002 4948 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
14:26:59.0005 4948 usbvideo - ok
14:26:59.0032 4948 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:26:59.0034 4948 UxSms - ok
14:26:59.0081 4948 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:26:59.0082 4948 VaultSvc - ok
14:26:59.0133 4948 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:26:59.0135 4948 vdrvroot - ok
14:26:59.0254 4948 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:26:59.0261 4948 vds - ok
14:26:59.0314 4948 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:26:59.0315 4948 vga - ok
14:26:59.0340 4948 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:26:59.0341 4948 VgaSave - ok
14:26:59.0383 4948 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:26:59.0394 4948 vhdmp - ok
14:26:59.0447 4948 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:26:59.0448 4948 viaide - ok
14:26:59.0476 4948 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:26:59.0478 4948 volmgr - ok
14:26:59.0520 4948 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:26:59.0524 4948 volmgrx - ok
14:26:59.0723 4948 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:26:59.0727 4948 volsnap - ok
14:26:59.0803 4948 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:26:59.0806 4948 vsmraid - ok
14:26:59.0964 4948 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:27:00.0001 4948 VSS - ok
14:27:00.0136 4948 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:27:00.0137 4948 vwifibus - ok
14:27:00.0201 4948 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:27:00.0203 4948 vwififlt - ok
14:27:00.0257 4948 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:27:00.0261 4948 W32Time - ok
14:27:00.0305 4948 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:27:00.0307 4948 WacomPen - ok
14:27:00.0362 4948 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:27:00.0378 4948 WANARP - ok
14:27:00.0395 4948 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:27:00.0396 4948 Wanarpv6 - ok
14:27:00.0528 4948 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:27:00.0570 4948 WatAdminSvc - ok
14:27:00.0780 4948 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:27:00.0824 4948 wbengine - ok
14:27:00.0982 4948 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:27:00.0990 4948 WbioSrvc - ok
14:27:01.0089 4948 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:27:01.0098 4948 wcncsvc - ok
14:27:01.0123 4948 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:27:01.0125 4948 WcsPlugInService - ok
14:27:01.0176 4948 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:27:01.0178 4948 Wd - ok
14:27:01.0235 4948 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
14:27:01.0236 4948 WDC_SAM - ok
14:27:01.0344 4948 WDDMService (334e5ed94d3faff3c44f4d36b1fe1c90) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
14:27:01.0346 4948 WDDMService - ok
14:27:01.0541 4948 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:27:01.0574 4948 Wdf01000 - ok
14:27:01.0608 4948 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:27:01.0610 4948 WdiServiceHost - ok
14:27:01.0618 4948 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:27:01.0619 4948 WdiSystemHost - ok
14:27:01.0723 4948 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
14:27:01.0724 4948 WDSmartWareBackgroundService - ok
14:27:01.0780 4948 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:27:01.0785 4948 WebClient - ok
14:27:01.0828 4948 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:27:01.0832 4948 Wecsvc - ok
14:27:01.0861 4948 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:27:01.0862 4948 wercplsupport - ok
14:27:01.0886 4948 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:27:01.0889 4948 WerSvc - ok
14:27:01.0961 4948 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:27:01.0962 4948 WfpLwf - ok
14:27:01.0983 4948 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:27:01.0985 4948 WIMMount - ok
14:27:02.0017 4948 WinDefend - ok
14:27:02.0027 4948 WinHttpAutoProxySvc - ok
14:27:02.0123 4948 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:27:02.0126 4948 Winmgmt - ok
14:27:02.0351 4948 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:27:02.0438 4948 WinRM - ok
14:27:02.0642 4948 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:27:02.0644 4948 WinUsb - ok
14:27:02.0722 4948 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:27:02.0731 4948 Wlansvc - ok
14:27:02.0865 4948 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:27:02.0887 4948 wlcrasvc - ok
14:27:03.0268 4948 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:27:03.0340 4948 wlidsvc - ok
14:27:03.0487 4948 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:27:03.0488 4948 WmiAcpi - ok
14:27:03.0592 4948 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:27:03.0596 4948 wmiApSrv - ok
14:27:03.0664 4948 WMPNetworkSvc - ok
14:27:03.0708 4948 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:27:03.0710 4948 WPCSvc - ok
14:27:03.0746 4948 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:27:03.0749 4948 WPDBusEnum - ok
14:27:03.0779 4948 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:27:03.0780 4948 ws2ifsl - ok
14:27:03.0811 4948 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:27:03.0813 4948 wscsvc - ok
14:27:03.0820 4948 WSearch - ok
14:27:04.0043 4948 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:27:04.0099 4948 wuauserv - ok
14:27:04.0221 4948 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:27:04.0223 4948 WudfPf - ok
14:27:04.0375 4948 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:27:04.0378 4948 WUDFRd - ok
14:27:04.0416 4948 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:27:04.0418 4948 wudfsvc - ok
14:27:04.0458 4948 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:27:04.0509 4948 WwanSvc - ok
14:27:04.0688 4948 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
14:27:04.0693 4948 yukonw7 - ok
14:27:04.0725 4948 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:27:04.0760 4948 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:27:04.0760 4948 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
14:27:04.0807 4948 Boot (0x1200) (9d477996087f350a629395635a6f689b) \Device\Harddisk0\DR0\Partition0
14:27:04.0808 4948 \Device\Harddisk0\DR0\Partition0 - ok
14:27:04.0824 4948 Boot (0x1200) (4baec38957c0939dcd1020ab92a4ad5c) \Device\Harddisk0\DR0\Partition1
14:27:04.0826 4948 \Device\Harddisk0\DR0\Partition1 - ok
14:27:04.0860 4948 Boot (0x1200) (dbe727ee447bc974e3803601ef60ff64) \Device\Harddisk0\DR0\Partition2
14:27:04.0861 4948 \Device\Harddisk0\DR0\Partition2 - ok
14:27:04.0864 4948 ============================================================
14:27:04.0864 4948 Scan finished
14:27:04.0864 4948 ============================================================
14:27:04.0876 4688 Detected object count: 1
14:27:04.0876 4688 Actual detected object count: 1
14:28:32.0281 4688 \Device\Harddisk0\DR0\# - copied to quarantine
14:28:32.0281 4688 \Device\Harddisk0\DR0 - copied to quarantine
14:28:32.0618 4688 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:28:32.0620 4688 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:28:32.0790 4688 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:28:32.0929 4688 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:28:32.0939 4688 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:28:33.0021 4688 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:28:33.0024 4688 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:28:33.0026 4688 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:28:33.0029 4688 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:28:33.0077 4688 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:28:33.0080 4688 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:28:33.0083 4688 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:28:33.0085 4688 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:28:33.0087 4688 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
14:28:33.0097 4688 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:28:33.0134 4688 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
14:28:33.0170 4688 \Device\Harddisk0\DR0 - ok
14:28:34.0214 4688 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
14:29:02.0525 4388 Deinitialize success
Second scan to follow.
-
MB is successfully blocking outgoing actions to either IP; 78.41.203.119 or 206.161.121.3 by svchost.exe
When I run the qickscan it appears to find the infected file to be deleted upon restart. However I restart, run quick scan again and it is still there.
Here are relevant logs per sim posts; many thanks for your assistance.
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.07.04.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Glenn :: 2011-HP [administrator]
Protection: Enabled
7/4/2012 10:53:30 AM
mbam-log-2012-07-04 (11-01-18).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM
Scan options disabled: Heuristics/Shuriken | P2P
Objects scanned: 260512
Time elapsed: 7 minute(s), 17 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4276 -> No action taken.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.
(end)
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Glenn at 10:25:03 on 2012-07-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1717 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxp://cabinetliquidators.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 24.229.54.212 216.144.187.199 24.229.54.220
TCP: Interfaces\{2420E24E-DE2A-4B25-B6FE-81F24CE4E131}\4786562696E6E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2420E24E-DE2A-4B25-B6FE-81F24CE4E131}\E46474D2642756560275946494 : DhcpNameServer = 156.154.119.11 156.154.129.11
TCP: Interfaces\{DA7C49CF-E2D2-42BC-8AE1-4952A3BD8033} : DhcpNameServer = 24.229.54.212 216.144.187.199 24.229.54.220
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001_e4b\BHDrvx64.sys [2012-6-19 1161376]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120703.002\IDSviA64.sys [2012-7-4 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-25 13592]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-1 654408]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [2012-5-17 138232]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-25 2320920]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-31 138912]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 257696]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-19 136176]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-01 12:46:47 20480 ------w- C:\Windows\svchost.exe
2012-07-01 01:05:07 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-07-01 01:04:52 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-07-01 01:04:41 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-07-01 01:04:41 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-28 10:35:11 -------- d-----w- C:\ComboFix
2012-06-27 10:33:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-27 03:49:36 -------- d-----w- C:\ProgramData\PC Optimizer Pro
2012-06-14 21:24:47 -------- d-----w- C:\Program Files (x86)\VitalSource Bookshelf
2012-06-14 16:19:17 -------- d-----w- C:\Program Files\iTunes
2012-06-14 16:19:17 -------- d-----w- C:\Program Files\iPod
2012-06-14 16:19:17 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-14 16:16:49 -------- d-----w- C:\Program Files\Bonjour
2012-06-14 16:16:49 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-06-13 21:16:31 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
==================== Find3M ====================
.
2012-06-04 10:21:41 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-06-04 10:21:41 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-05 02:24:29 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 02:24:29 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 02:24:12 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
.
============= FINISH: 10:27:19.65 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/15/2011 3:46:46 AM
System Uptime: 7/4/2012 10:12:19 AM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 166A
Processor: Intel® Core i3 CPU M 380 @ 2.53GHz | CPU | 911/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 387.169 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.819 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP134: 6/30/2012 7:25:18 PM - Installed Microsoft Fix it 50195
RP135: 6/30/2012 8:13:55 PM - Installed VitalSource Bookshelf.
RP136: 6/30/2012 8:35:06 PM - Restore Operation
RP137: 6/30/2012 9:04:05 PM - Windows Update
RP138: 6/30/2012 9:19:33 PM - Installed VitalSource Bookshelf.
RP139: 6/30/2012 9:27:23 PM - Installed VitalSource Bookshelf.
RP140: 7/3/2012 12:21:02 PM - HPSF Applying updates
RP141: 7/3/2012 12:23:16 PM - Removed HP Power Manager
RP142: 7/3/2012 12:23:52 PM - Installed HP Power Manager
RP143: 7/3/2012 12:26:52 PM - Removed HP Quick Launch
RP144: 7/3/2012 12:27:30 PM - Installed HP Quick Launch
RP146: 7/4/2012 9:38:08 AM - Removed service pack backup files
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
Apple Application Support
Apple Software Update
Bejeweled 2 Deluxe
Bing Bar
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
CDA Copper in Architecture Design Handbook
Chuzzle Deluxe
CyberLink DVD Suite
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Farm Frenzy
FATE
Final Drive Nitro
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
IDT Audio
Image Plugin
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java 6 Update 29
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Norton Internet Security
Penguins!
PERRLA
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
RealUpgrade 1.1
Recovery Manager
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
SMPlayer 0.6.9
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Virtual Families
Virtual Villagers 4 - The Tree of Life
VitalSource Bookshelf
VLC media player 1.1.11
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
7/4/2012 10:09:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
7/3/2012 12:27:43 PM, Error: Service Control Manager [7030] - The HPWMISVC service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/3/2012 10:44:43 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
7/1/2012 8:34:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
7/1/2012 6:06:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
7/1/2012 11:55:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800031d66ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070112-41309-01.
6/30/2012 9:09:11 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
6/30/2012 9:00:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64
6/30/2012 8:59:41 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
6/30/2012 6:50:11 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800031be6ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 063012-31168-01.
6/30/2012 6:46:23 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
6/30/2012 6:44:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
6/28/2012 6:43:19 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000317c6ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062812-30716-01.
6/28/2012 6:38:04 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/28/2012 6:13:30 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800031c26ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 062812-25396-01.
.
==== End Of File ===========================
Blocked outgoing svchost.exe
in Resolved Malware Removal Logs
Posted
Maniac,
Everything appears to be very good; thanks to your assistance.
Having read your initial links on hacking I understand that misc back-doors may have been installed. Having said that, are there additional standard patches that i should install to at least cover initial vulnerabilities?
Thanks again.
Glenn