D2014W
-
Posts
4 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by D2014W
-
-
Ok, so far, so good. I ran TDSSKiller and the log is below. The computer has rebooted, and so far no 'noise'. Ready for next steps.
16:58:51.0031 3360 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
16:58:52.0264 3360 ============================================================
16:58:52.0264 3360 Current date / time: 2012/07/04 16:58:52.0264
16:58:52.0264 3360 SystemInfo:
16:58:52.0264 3360
16:58:52.0264 3360 OS Version: 6.1.7601 ServicePack: 1.0
16:58:52.0264 3360 Product type: Workstation
16:58:52.0264 3360 ComputerName: DEREK-PC
16:58:52.0264 3360 UserName: Derek
16:58:52.0264 3360 Windows directory: C:\windows
16:58:52.0264 3360 System windows directory: C:\windows
16:58:52.0264 3360 Running under WOW64
16:58:52.0264 3360 Processor architecture: Intel x64
16:58:52.0264 3360 Number of processors: 2
16:58:52.0264 3360 Page size: 0x1000
16:58:52.0264 3360 Boot type: Normal boot
16:58:52.0264 3360 ============================================================
16:58:54.0526 3360 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:58:54.0526 3360 ============================================================
16:58:54.0526 3360 \Device\Harddisk0\DR0:
16:58:54.0526 3360 MBR partitions:
16:58:54.0526 3360 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x238CE000
16:58:54.0526 3360 ============================================================
16:58:54.0557 3360 C: <-> \Device\Harddisk0\DR0\Partition0
16:58:54.0557 3360 ============================================================
16:58:54.0557 3360 Initialize success
16:58:54.0557 3360 ============================================================
16:59:16.0016 5924 ============================================================
16:59:16.0016 5924 Scan started
16:59:16.0016 5924 Mode: Manual; SigCheck; TDLFS;
16:59:16.0016 5924 ============================================================
16:59:17.0483 5924 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
16:59:17.0670 5924 1394ohci - ok
16:59:17.0763 5924 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
16:59:17.0810 5924 ACPI - ok
16:59:17.0841 5924 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
16:59:17.0904 5924 AcpiPmi - ok
16:59:18.0013 5924 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:59:18.0044 5924 AdobeARMservice - ok
16:59:18.0200 5924 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:59:18.0247 5924 AdobeFlashPlayerUpdateSvc - ok
16:59:18.0372 5924 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
16:59:18.0419 5924 adp94xx - ok
16:59:18.0497 5924 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
16:59:18.0559 5924 adpahci - ok
16:59:18.0668 5924 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
16:59:18.0762 5924 adpu320 - ok
16:59:18.0793 5924 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
16:59:18.0902 5924 AeLookupSvc - ok
16:59:18.0996 5924 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
16:59:19.0058 5924 AFD - ok
16:59:19.0105 5924 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
16:59:19.0136 5924 agp440 - ok
16:59:19.0183 5924 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
16:59:19.0245 5924 ALG - ok
16:59:19.0292 5924 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
16:59:19.0323 5924 aliide - ok
16:59:19.0386 5924 AMD External Events Utility (2f2e91fd092811353c3bc968bec274d8) C:\windows\system32\atiesrxx.exe
16:59:19.0448 5924 AMD External Events Utility - ok
16:59:19.0464 5924 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
16:59:19.0495 5924 amdide - ok
16:59:19.0542 5924 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
16:59:19.0604 5924 AmdK8 - ok
16:59:20.0415 5924 amdkmdag (194d76d2083318a2e7071a988e02ecf4) C:\windows\system32\DRIVERS\atikmdag.sys
16:59:20.0899 5924 amdkmdag - ok
16:59:21.0117 5924 amdkmdap (1eeffce9a3a65a56a28793eaa3f57026) C:\windows\system32\DRIVERS\atikmpag.sys
16:59:21.0180 5924 amdkmdap - ok
16:59:21.0227 5924 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
16:59:21.0273 5924 AmdPPM - ok
16:59:21.0320 5924 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
16:59:21.0351 5924 amdsata - ok
16:59:21.0383 5924 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
16:59:21.0445 5924 amdsbs - ok
16:59:21.0476 5924 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
16:59:21.0507 5924 amdxata - ok
16:59:21.0539 5924 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\windows\system32\DRIVERS\amd_sata.sys
16:59:21.0585 5924 amd_sata - ok
16:59:21.0695 5924 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\windows\system32\DRIVERS\amd_xata.sys
16:59:21.0741 5924 amd_xata - ok
16:59:21.0773 5924 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
16:59:21.0897 5924 AppID - ok
16:59:21.0929 5924 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
16:59:22.0022 5924 AppIDSvc - ok
16:59:22.0100 5924 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
16:59:22.0194 5924 Appinfo - ok
16:59:22.0272 5924 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
16:59:22.0319 5924 arc - ok
16:59:22.0334 5924 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
16:59:22.0365 5924 arcsas - ok
16:59:22.0397 5924 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
16:59:22.0490 5924 AsyncMac - ok
16:59:22.0537 5924 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
16:59:22.0568 5924 atapi - ok
16:59:22.0709 5924 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
16:59:22.0849 5924 AudioEndpointBuilder - ok
16:59:22.0849 5924 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
16:59:22.0958 5924 AudioSrv - ok
16:59:23.0005 5924 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
16:59:23.0068 5924 AxInstSV - ok
16:59:23.0146 5924 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
16:59:23.0208 5924 b06bdrv - ok
16:59:23.0270 5924 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
16:59:23.0348 5924 b57nd60a - ok
16:59:23.0629 5924 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
16:59:23.0692 5924 BDESVC - ok
16:59:23.0723 5924 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
16:59:23.0832 5924 Beep - ok
16:59:23.0988 5924 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
16:59:24.0097 5924 BFE - ok
16:59:24.0362 5924 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys
16:59:24.0425 5924 BHDrvx64 - ok
16:59:24.0690 5924 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
16:59:24.0815 5924 BITS - ok
16:59:24.0877 5924 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
16:59:24.0940 5924 blbdrive - ok
16:59:24.0986 5924 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
16:59:25.0033 5924 bowser - ok
16:59:25.0064 5924 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
16:59:25.0127 5924 BrFiltLo - ok
16:59:25.0142 5924 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
16:59:25.0189 5924 BrFiltUp - ok
16:59:25.0236 5924 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
16:59:25.0361 5924 BridgeMP - ok
16:59:25.0376 5924 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
16:59:25.0486 5924 Browser - ok
16:59:25.0532 5924 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
16:59:25.0595 5924 Brserid - ok
16:59:25.0626 5924 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
16:59:25.0688 5924 BrSerWdm - ok
16:59:25.0720 5924 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
16:59:25.0766 5924 BrUsbMdm - ok
16:59:25.0782 5924 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
16:59:25.0813 5924 BrUsbSer - ok
16:59:25.0876 5924 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
16:59:25.0922 5924 BTHMODEM - ok
16:59:25.0985 5924 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
16:59:26.0094 5924 bthserv - ok
16:59:26.0125 5924 catchme - ok
16:59:26.0203 5924 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys
16:59:26.0234 5924 ccSet_NIS - ok
16:59:26.0281 5924 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
16:59:26.0375 5924 cdfs - ok
16:59:26.0437 5924 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
16:59:26.0484 5924 cdrom - ok
16:59:26.0546 5924 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
16:59:26.0640 5924 CertPropSvc - ok
16:59:26.0687 5924 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
16:59:26.0749 5924 circlass - ok
16:59:26.0812 5924 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
16:59:26.0874 5924 CLFS - ok
16:59:26.0952 5924 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:59:26.0999 5924 clr_optimization_v2.0.50727_32 - ok
16:59:27.0061 5924 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:59:27.0092 5924 clr_optimization_v2.0.50727_64 - ok
16:59:27.0170 5924 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:59:27.0202 5924 clr_optimization_v4.0.30319_32 - ok
16:59:27.0248 5924 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:59:27.0280 5924 clr_optimization_v4.0.30319_64 - ok
16:59:27.0311 5924 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
16:59:27.0373 5924 CmBatt - ok
16:59:27.0389 5924 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
16:59:27.0420 5924 cmdide - ok
16:59:27.0482 5924 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
16:59:27.0560 5924 CNG - ok
16:59:27.0763 5924 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys
16:59:27.0872 5924 CnxtHdAudService - ok
16:59:28.0044 5924 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
16:59:28.0075 5924 Compbatt - ok
16:59:28.0106 5924 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
16:59:28.0169 5924 CompositeBus - ok
16:59:28.0184 5924 COMSysApp - ok
16:59:28.0200 5924 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
16:59:28.0231 5924 crcdisk - ok
16:59:28.0294 5924 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
16:59:28.0340 5924 CryptSvc - ok
16:59:28.0418 5924 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
16:59:28.0543 5924 DcomLaunch - ok
16:59:28.0621 5924 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
16:59:28.0762 5924 defragsvc - ok
16:59:28.0824 5924 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
16:59:28.0918 5924 DfsC - ok
16:59:28.0980 5924 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
16:59:29.0105 5924 Dhcp - ok
16:59:29.0120 5924 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
16:59:29.0214 5924 discache - ok
16:59:29.0276 5924 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
16:59:29.0308 5924 Disk - ok
16:59:29.0479 5924 DiskDoctorService (7c85cc5570bf718d2b9ad9f53b1b5b55) C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
16:59:29.0542 5924 DiskDoctorService - ok
16:59:29.0604 5924 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
16:59:29.0651 5924 Dnscache - ok
16:59:29.0698 5924 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
16:59:29.0807 5924 dot3svc - ok
16:59:29.0838 5924 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
16:59:29.0947 5924 DPS - ok
16:59:30.0010 5924 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
16:59:30.0072 5924 drmkaud - ok
16:59:30.0259 5924 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
16:59:30.0322 5924 DXGKrnl - ok
16:59:30.0368 5924 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
16:59:30.0478 5924 EapHost - ok
16:59:30.0805 5924 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
16:59:30.0946 5924 ebdrv - ok
16:59:31.0117 5924 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:59:31.0180 5924 eeCtrl - ok
16:59:31.0336 5924 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
16:59:31.0367 5924 EFS - ok
16:59:31.0492 5924 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
16:59:31.0554 5924 ehRecvr - ok
16:59:31.0601 5924 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
16:59:31.0648 5924 ehSched - ok
16:59:31.0772 5924 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
16:59:31.0819 5924 elxstor - ok
16:59:32.0006 5924 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
16:59:32.0038 5924 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
16:59:32.0038 5924 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
16:59:32.0178 5924 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:59:32.0225 5924 EraserUtilRebootDrv - ok
16:59:32.0240 5924 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
16:59:32.0287 5924 ErrDev - ok
16:59:32.0365 5924 ETD (5d82d501d2fee413b1f45f0302b5802c) C:\windows\system32\DRIVERS\ETD.sys
16:59:32.0412 5924 ETD - ok
16:59:32.0474 5924 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
16:59:32.0584 5924 EventSystem - ok
16:59:32.0677 5924 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
16:59:32.0833 5924 exfat - ok
16:59:32.0896 5924 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
16:59:33.0020 5924 fastfat - ok
16:59:33.0145 5924 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
16:59:33.0223 5924 Fax - ok
16:59:33.0239 5924 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
16:59:33.0286 5924 fdc - ok
16:59:33.0332 5924 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
16:59:33.0442 5924 fdPHost - ok
16:59:33.0457 5924 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
16:59:33.0566 5924 FDResPub - ok
16:59:33.0644 5924 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
16:59:33.0676 5924 FileInfo - ok
16:59:33.0816 5924 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
16:59:34.0003 5924 Filetrace - ok
16:59:34.0034 5924 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
16:59:34.0081 5924 flpydisk - ok
16:59:34.0175 5924 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
16:59:34.0222 5924 FltMgr - ok
16:59:34.0362 5924 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
16:59:34.0440 5924 FontCache - ok
16:59:34.0502 5924 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:59:34.0534 5924 FontCache3.0.0.0 - ok
16:59:34.0627 5924 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
16:59:34.0674 5924 FsDepends - ok
16:59:34.0705 5924 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
16:59:34.0736 5924 Fs_Rec - ok
16:59:34.0799 5924 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
16:59:34.0846 5924 fvevol - ok
16:59:34.0877 5924 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
16:59:34.0939 5924 FwLnk - ok
16:59:34.0986 5924 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
16:59:35.0017 5924 gagp30kx - ok
16:59:35.0095 5924 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
16:59:35.0126 5924 GamesAppService - ok
16:59:35.0236 5924 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
16:59:35.0360 5924 gpsvc - ok
16:59:35.0407 5924 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:59:35.0438 5924 gupdate - ok
16:59:35.0438 5924 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:59:35.0470 5924 gupdatem - ok
16:59:35.0516 5924 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:59:35.0548 5924 gusvc - ok
16:59:35.0610 5924 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
16:59:35.0657 5924 hcw85cir - ok
16:59:35.0750 5924 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
16:59:35.0797 5924 HdAudAddService - ok
16:59:35.0844 5924 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
16:59:35.0891 5924 HDAudBus - ok
16:59:35.0922 5924 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
16:59:35.0984 5924 HidBatt - ok
16:59:36.0031 5924 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
16:59:36.0078 5924 HidBth - ok
16:59:36.0109 5924 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
16:59:36.0156 5924 HidIr - ok
16:59:36.0203 5924 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
16:59:36.0296 5924 hidserv - ok
16:59:36.0343 5924 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
16:59:36.0374 5924 HidUsb - ok
16:59:36.0421 5924 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
16:59:36.0530 5924 hkmsvc - ok
16:59:36.0562 5924 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
16:59:36.0624 5924 HomeGroupListener - ok
16:59:36.0655 5924 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
16:59:36.0702 5924 HomeGroupProvider - ok
16:59:36.0733 5924 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
16:59:36.0764 5924 HpSAMD - ok
16:59:36.0842 5924 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
16:59:36.0952 5924 HTTP - ok
16:59:36.0983 5924 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
16:59:37.0014 5924 hwpolicy - ok
16:59:37.0045 5924 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
16:59:37.0092 5924 i8042prt - ok
16:59:37.0154 5924 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
16:59:37.0201 5924 iaStorV - ok
16:59:37.0342 5924 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:59:37.0388 5924 idsvc - ok
16:59:37.0716 5924 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120703.002\IDSvia64.sys
16:59:37.0763 5924 IDSVia64 - ok
16:59:37.0888 5924 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
16:59:37.0919 5924 iirsp - ok
16:59:38.0028 5924 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
16:59:38.0153 5924 IKEEXT - ok
16:59:38.0231 5924 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
16:59:38.0262 5924 intelide - ok
16:59:38.0278 5924 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
16:59:38.0340 5924 intelppm - ok
16:59:38.0387 5924 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
16:59:38.0480 5924 IPBusEnum - ok
16:59:38.0527 5924 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
16:59:38.0621 5924 IpFilterDriver - ok
16:59:38.0699 5924 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
16:59:38.0808 5924 iphlpsvc - ok
16:59:38.0839 5924 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
16:59:38.0902 5924 IPMIDRV - ok
16:59:38.0948 5924 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
16:59:39.0058 5924 IPNAT - ok
16:59:39.0104 5924 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
16:59:39.0167 5924 IRENUM - ok
16:59:39.0182 5924 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
16:59:39.0214 5924 isapnp - ok
16:59:39.0276 5924 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
16:59:39.0323 5924 iScsiPrt - ok
16:59:39.0354 5924 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
16:59:39.0385 5924 kbdclass - ok
16:59:39.0416 5924 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
16:59:39.0463 5924 kbdhid - ok
16:59:39.0510 5924 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:59:39.0541 5924 KeyIso - ok
16:59:39.0572 5924 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
16:59:39.0604 5924 KSecDD - ok
16:59:39.0635 5924 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
16:59:39.0666 5924 KSecPkg - ok
16:59:39.0697 5924 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
16:59:39.0806 5924 ksthunk - ok
16:59:39.0869 5924 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
16:59:39.0978 5924 KtmRm - ok
16:59:40.0072 5924 L1C (655a5d8e80869781cce23760ada7e695) C:\windows\system32\DRIVERS\L1C62x64.sys
16:59:40.0118 5924 L1C - ok
16:59:40.0165 5924 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
16:59:40.0274 5924 LanmanServer - ok
16:59:40.0321 5924 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
16:59:40.0415 5924 LanmanWorkstation - ok
16:59:40.0462 5924 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
16:59:40.0555 5924 lltdio - ok
16:59:40.0618 5924 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
16:59:40.0711 5924 lltdsvc - ok
16:59:40.0758 5924 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
16:59:40.0836 5924 lmhosts - ok
16:59:40.0883 5924 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
16:59:40.0930 5924 LSI_FC - ok
16:59:40.0976 5924 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
16:59:41.0008 5924 LSI_SAS - ok
16:59:41.0039 5924 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
16:59:41.0086 5924 LSI_SAS2 - ok
16:59:41.0117 5924 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
16:59:41.0164 5924 LSI_SCSI - ok
16:59:41.0179 5924 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
16:59:41.0273 5924 luafv - ok
16:59:41.0335 5924 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
16:59:41.0382 5924 MBAMProtector - ok
16:59:41.0507 5924 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:59:41.0554 5924 MBAMService - ok
16:59:41.0600 5924 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
16:59:41.0632 5924 Mcx2Svc - ok
16:59:41.0663 5924 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
16:59:41.0710 5924 megasas - ok
16:59:41.0756 5924 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
16:59:41.0803 5924 MegaSR - ok
16:59:41.0850 5924 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
16:59:41.0944 5924 MMCSS - ok
16:59:41.0975 5924 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
16:59:42.0100 5924 Modem - ok
16:59:42.0131 5924 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
16:59:42.0193 5924 monitor - ok
16:59:42.0287 5924 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
16:59:42.0334 5924 mouclass - ok
16:59:42.0349 5924 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
16:59:42.0412 5924 mouhid - ok
16:59:42.0458 5924 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
16:59:42.0490 5924 mountmgr - ok
16:59:42.0536 5924 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
16:59:42.0568 5924 mpio - ok
16:59:42.0583 5924 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
16:59:42.0677 5924 mpsdrv - ok
16:59:42.0770 5924 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
16:59:42.0895 5924 MpsSvc - ok
16:59:42.0926 5924 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
16:59:42.0989 5924 MRxDAV - ok
16:59:43.0036 5924 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
16:59:43.0098 5924 mrxsmb - ok
16:59:43.0160 5924 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
16:59:43.0223 5924 mrxsmb10 - ok
16:59:43.0270 5924 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
16:59:43.0316 5924 mrxsmb20 - ok
16:59:43.0363 5924 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
16:59:43.0394 5924 msahci - ok
16:59:43.0457 5924 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
16:59:43.0504 5924 msdsm - ok
16:59:43.0535 5924 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
16:59:43.0597 5924 MSDTC - ok
16:59:43.0644 5924 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
16:59:43.0722 5924 Msfs - ok
16:59:43.0738 5924 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
16:59:43.0831 5924 mshidkmdf - ok
16:59:43.0847 5924 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
16:59:43.0878 5924 msisadrv - ok
16:59:44.0159 5924 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
16:59:44.0268 5924 MSiSCSI - ok
16:59:44.0284 5924 msiserver - ok
16:59:44.0315 5924 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
16:59:44.0440 5924 MSKSSRV - ok
16:59:44.0455 5924 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
16:59:44.0564 5924 MSPCLOCK - ok
16:59:44.0580 5924 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
16:59:44.0689 5924 MSPQM - ok
16:59:44.0736 5924 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
16:59:44.0783 5924 MsRPC - ok
16:59:44.0814 5924 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
16:59:44.0845 5924 mssmbios - ok
16:59:44.0861 5924 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
16:59:44.0954 5924 MSTEE - ok
16:59:44.0970 5924 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
16:59:45.0017 5924 MTConfig - ok
16:59:45.0048 5924 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
16:59:45.0095 5924 Mup - ok
16:59:45.0157 5924 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
16:59:45.0266 5924 napagent - ok
16:59:45.0360 5924 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
16:59:45.0438 5924 NativeWifiP - ok
16:59:45.0594 5924 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120704.002\ENG64.SYS
16:59:45.0641 5924 NAVENG - ok
16:59:45.0812 5924 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120704.002\EX64.SYS
16:59:45.0906 5924 NAVEX15 - ok
16:59:46.0171 5924 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
16:59:46.0234 5924 NDIS - ok
16:59:46.0265 5924 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
16:59:46.0374 5924 NdisCap - ok
16:59:46.0405 5924 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
16:59:46.0499 5924 NdisTapi - ok
16:59:46.0546 5924 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
16:59:46.0639 5924 Ndisuio - ok
16:59:46.0686 5924 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
16:59:46.0780 5924 NdisWan - ok
16:59:46.0826 5924 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
16:59:46.0904 5924 NDProxy - ok
16:59:46.0936 5924 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
16:59:47.0045 5924 NetBIOS - ok
16:59:47.0092 5924 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
16:59:47.0201 5924 NetBT - ok
16:59:47.0248 5924 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:59:47.0279 5924 Netlogon - ok
16:59:47.0341 5924 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
16:59:47.0466 5924 Netman - ok
16:59:47.0528 5924 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
16:59:47.0638 5924 netprofm - ok
16:59:47.0716 5924 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:59:47.0747 5924 NetTcpPortSharing - ok
16:59:47.0794 5924 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
16:59:47.0825 5924 nfrd960 - ok
16:59:47.0965 5924 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
16:59:47.0996 5924 NIS - ok
16:59:48.0059 5924 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
16:59:48.0152 5924 NlaSvc - ok
16:59:48.0215 5924 Norton PC Checkup Application Launcher - ok
16:59:48.0246 5924 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
16:59:48.0324 5924 Npfs - ok
16:59:48.0371 5924 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
16:59:48.0480 5924 nsi - ok
16:59:48.0511 5924 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
16:59:48.0605 5924 nsiproxy - ok
16:59:48.0761 5924 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
16:59:48.0854 5924 Ntfs - ok
16:59:48.0995 5924 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
16:59:49.0104 5924 Null - ok
16:59:49.0135 5924 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
16:59:49.0166 5924 nvraid - ok
16:59:49.0229 5924 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
16:59:49.0276 5924 nvstor - ok
16:59:49.0291 5924 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
16:59:49.0322 5924 nv_agp - ok
16:59:49.0369 5924 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
16:59:49.0400 5924 ohci1394 - ok
16:59:49.0510 5924 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:59:49.0541 5924 ose - ok
16:59:50.0040 5924 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:59:50.0243 5924 osppsvc - ok
16:59:50.0524 5924 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
16:59:50.0586 5924 p2pimsvc - ok
16:59:50.0648 5924 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
16:59:50.0695 5924 p2psvc - ok
16:59:50.0758 5924 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
16:59:50.0804 5924 Parport - ok
16:59:50.0836 5924 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
16:59:50.0867 5924 partmgr - ok
16:59:50.0914 5924 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
16:59:50.0976 5924 PcaSvc - ok
16:59:51.0070 5924 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
16:59:51.0101 5924 PCCUJobMgr - ok
16:59:51.0194 5924 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
16:59:51.0241 5924 pci - ok
16:59:51.0272 5924 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
16:59:51.0304 5924 pciide - ok
16:59:51.0350 5924 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
16:59:51.0397 5924 pcmcia - ok
16:59:51.0444 5924 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
16:59:51.0475 5924 pcw - ok
16:59:51.0538 5924 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
16:59:51.0662 5924 PEAUTH - ok
16:59:51.0772 5924 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
16:59:51.0818 5924 PerfHost - ok
16:59:51.0959 5924 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
16:59:51.0990 5924 PGEffect - ok
16:59:52.0115 5924 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
16:59:52.0240 5924 pla - ok
16:59:52.0302 5924 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
16:59:52.0364 5924 PlugPlay - ok
16:59:52.0396 5924 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
16:59:52.0505 5924 PNRPAutoReg - ok
16:59:52.0567 5924 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
16:59:52.0614 5924 PNRPsvc - ok
16:59:52.0692 5924 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
16:59:52.0786 5924 PolicyAgent - ok
16:59:52.0848 5924 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
16:59:52.0957 5924 Power - ok
16:59:53.0035 5924 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
16:59:53.0144 5924 PptpMiniport - ok
16:59:53.0160 5924 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
16:59:53.0222 5924 Processor - ok
16:59:53.0269 5924 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
16:59:53.0316 5924 ProfSvc - ok
16:59:53.0347 5924 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:59:53.0378 5924 ProtectedStorage - ok
16:59:53.0425 5924 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
16:59:53.0519 5924 Psched - ok
16:59:53.0644 5924 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
16:59:53.0753 5924 ql2300 - ok
16:59:53.0940 5924 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
16:59:53.0971 5924 ql40xx - ok
16:59:54.0034 5924 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
16:59:54.0096 5924 QWAVE - ok
16:59:54.0112 5924 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
16:59:54.0174 5924 QWAVEdrv - ok
16:59:54.0314 5924 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
16:59:54.0455 5924 RasAcd - ok
16:59:54.0564 5924 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
16:59:54.0658 5924 RasAgileVpn - ok
16:59:54.0689 5924 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
16:59:54.0782 5924 RasAuto - ok
16:59:54.0829 5924 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
16:59:54.0938 5924 Rasl2tp - ok
16:59:54.0985 5924 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
16:59:55.0079 5924 RasMan - ok
16:59:55.0141 5924 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
16:59:55.0235 5924 RasPppoe - ok
16:59:55.0266 5924 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
16:59:55.0375 5924 RasSstp - ok
16:59:55.0422 5924 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
16:59:55.0500 5924 rdbss - ok
16:59:55.0516 5924 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
16:59:55.0578 5924 rdpbus - ok
16:59:55.0594 5924 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
16:59:55.0687 5924 RDPCDD - ok
16:59:55.0703 5924 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
16:59:55.0812 5924 RDPENCDD - ok
16:59:55.0812 5924 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
16:59:55.0921 5924 RDPREFMP - ok
16:59:55.0968 5924 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
16:59:56.0030 5924 RDPWD - ok
16:59:56.0062 5924 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
16:59:56.0093 5924 rdyboost - ok
16:59:56.0140 5924 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
16:59:56.0233 5924 RemoteAccess - ok
16:59:56.0296 5924 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
16:59:56.0405 5924 RemoteRegistry - ok
16:59:56.0436 5924 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
16:59:56.0530 5924 RpcEptMapper - ok
16:59:56.0561 5924 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
16:59:56.0639 5924 RpcLocator - ok
16:59:56.0701 5924 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
16:59:56.0795 5924 RpcSs - ok
16:59:56.0857 5924 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
16:59:56.0951 5924 rspndr - ok
16:59:57.0013 5924 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
16:59:57.0060 5924 RSUSBSTOR - ok
16:59:57.0185 5924 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
16:59:57.0263 5924 RTL8192Ce - ok
16:59:57.0310 5924 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:59:57.0341 5924 SamSs - ok
16:59:57.0372 5924 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
16:59:57.0419 5924 sbp2port - ok
16:59:57.0481 5924 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
16:59:57.0575 5924 SCardSvr - ok
16:59:57.0606 5924 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
16:59:57.0700 5924 scfilter - ok
16:59:57.0793 5924 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
16:59:57.0918 5924 Schedule - ok
16:59:57.0965 5924 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
16:59:58.0043 5924 SCPolicySvc - ok
16:59:58.0105 5924 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
16:59:58.0152 5924 SDRSVC - ok
16:59:58.0230 5924 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
16:59:58.0370 5924 secdrv - ok
16:59:58.0402 5924 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
16:59:58.0542 5924 seclogon - ok
16:59:58.0776 5924 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
16:59:58.0948 5924 SENS - ok
16:59:59.0119 5924 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
16:59:59.0213 5924 SensrSvc - ok
16:59:59.0291 5924 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
16:59:59.0353 5924 Serenum - ok
16:59:59.0384 5924 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
16:59:59.0431 5924 Serial - ok
16:59:59.0447 5924 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
16:59:59.0494 5924 sermouse - ok
16:59:59.0540 5924 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
16:59:59.0634 5924 SessionEnv - ok
16:59:59.0696 5924 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
16:59:59.0806 5924 sffdisk - ok
16:59:59.0837 5924 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
16:59:59.0884 5924 sffp_mmc - ok
16:59:59.0899 5924 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
16:59:59.0946 5924 sffp_sd - ok
16:59:59.0977 5924 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
17:00:00.0024 5924 sfloppy - ok
17:00:00.0086 5924 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
17:00:00.0196 5924 SharedAccess - ok
17:00:00.0258 5924 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
17:00:00.0367 5924 ShellHWDetection - ok
17:00:00.0398 5924 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
17:00:00.0430 5924 SiSRaid2 - ok
17:00:00.0476 5924 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
17:00:00.0523 5924 SiSRaid4 - ok
17:00:00.0554 5924 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
17:00:00.0664 5924 Smb - ok
17:00:00.0726 5924 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
17:00:00.0773 5924 SNMPTRAP - ok
17:00:00.0976 5924 SpeedDiskService (a8493e43f9d4b22bbed2d424d03ed273) C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
17:00:01.0022 5924 SpeedDiskService - ok
17:00:01.0069 5924 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
17:00:01.0085 5924 spldr - ok
17:00:01.0163 5924 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
17:00:01.0272 5924 Spooler - ok
17:00:01.0553 5924 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
17:00:01.0724 5924 sppsvc - ok
17:00:01.0865 5924 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
17:00:01.0974 5924 sppuinotify - ok
17:00:02.0130 5924 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS
17:00:02.0192 5924 SRTSP - ok
17:00:02.0239 5924 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS
17:00:02.0270 5924 SRTSPX - ok
17:00:02.0395 5924 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
17:00:02.0458 5924 srv - ok
17:00:02.0504 5924 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
17:00:02.0567 5924 srv2 - ok
17:00:02.0598 5924 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
17:00:02.0645 5924 srvnet - ok
17:00:03.0066 5924 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
17:00:03.0191 5924 SSDPSRV - ok
17:00:03.0238 5924 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
17:00:03.0331 5924 SstpSvc - ok
17:00:03.0362 5924 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
17:00:03.0394 5924 stexstor - ok
17:00:03.0472 5924 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
17:00:03.0550 5924 stisvc - ok
17:00:03.0565 5924 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
17:00:03.0596 5924 swenum - ok
17:00:03.0674 5924 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
17:00:03.0768 5924 swprv - ok
17:00:03.0893 5924 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS
17:00:03.0940 5924 SymDS - ok
17:00:04.0002 5924 SymDSMon (e7b1bcb70355a84d6dfee12702b588d0) C:\windows\system32\drivers\SymDSMon.sys
17:00:04.0064 5924 SymDSMon - ok
17:00:04.0189 5924 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS
17:00:04.0267 5924 SymEFA - ok
17:00:04.0330 5924 SymEvent (894579207e39c465737e850a252ce4f2) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
17:00:04.0392 5924 SymEvent - ok
17:00:04.0454 5924 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS
17:00:04.0501 5924 SymIRON - ok
17:00:04.0564 5924 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS
17:00:04.0626 5924 SymNetS - ok
17:00:04.0688 5924 SYMSpeedDisk (f0268941519d73658199ecb1bb712be1) C:\windows\system32\drivers\SymSpeedDisk.sys
17:00:04.0735 5924 SYMSpeedDisk - ok
17:00:05.0032 5924 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
17:00:05.0125 5924 SysMain - ok
17:00:05.0266 5924 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
17:00:05.0328 5924 TabletInputService - ok
17:00:05.0390 5924 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
17:00:05.0484 5924 TapiSrv - ok
17:00:05.0515 5924 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
17:00:05.0609 5924 TBS - ok
17:00:05.0952 5924 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
17:00:06.0108 5924 Tcpip - ok
17:00:06.0529 5924 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
17:00:06.0623 5924 TCPIP6 - ok
17:00:06.0794 5924 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
17:00:06.0888 5924 tcpipreg - ok
17:00:06.0935 5924 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
17:00:06.0982 5924 tdcmdpst - ok
17:00:07.0013 5924 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
17:00:07.0044 5924 TDPIPE - ok
17:00:07.0091 5924 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
17:00:07.0122 5924 TDTCP - ok
17:00:07.0153 5924 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
17:00:07.0262 5924 tdx - ok
17:00:07.0278 5924 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
17:00:07.0309 5924 TermDD - ok
17:00:07.0403 5924 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
17:00:07.0512 5924 TermService - ok
17:00:07.0528 5924 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
17:00:07.0574 5924 Themes - ok
17:00:07.0606 5924 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
17:00:07.0699 5924 THREADORDER - ok
17:00:07.0808 5924 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
17:00:07.0840 5924 TMachInfo - ok
17:00:07.0886 5924 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
17:00:07.0918 5924 TODDSrv - ok
17:00:08.0058 5924 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
17:00:08.0105 5924 TosCoSrv - ok
17:00:08.0167 5924 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
17:00:08.0214 5924 TOSHIBA HDD SSD Alert Service - ok
17:00:08.0261 5924 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
17:00:08.0354 5924 TrkWks - ok
17:00:08.0417 5924 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
17:00:08.0510 5924 TrustedInstaller - ok
17:00:08.0573 5924 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
17:00:08.0651 5924 tssecsrv - ok
17:00:08.0698 5924 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
17:00:08.0744 5924 TsUsbFlt - ok
17:00:08.0776 5924 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
17:00:08.0822 5924 TsUsbGD - ok
17:00:08.0869 5924 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
17:00:08.0963 5924 tunnel - ok
17:00:09.0010 5924 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
17:00:09.0025 5924 TVALZ - ok
17:00:09.0041 5924 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
17:00:09.0088 5924 uagp35 - ok
17:00:09.0150 5924 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
17:00:09.0259 5924 udfs - ok
17:00:09.0306 5924 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
17:00:09.0353 5924 UI0Detect - ok
17:00:09.0384 5924 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
17:00:09.0431 5924 uliagpkx - ok
17:00:09.0478 5924 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
17:00:09.0509 5924 umbus - ok
17:00:09.0524 5924 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
17:00:09.0571 5924 UmPass - ok
17:00:09.0634 5924 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
17:00:09.0743 5924 upnphost - ok
17:00:09.0790 5924 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
17:00:09.0821 5924 usbccgp - ok
17:00:10.0055 5924 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
17:00:10.0117 5924 usbcir - ok
17:00:10.0148 5924 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
17:00:10.0195 5924 usbehci - ok
17:00:10.0273 5924 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
17:00:10.0336 5924 usbhub - ok
17:00:10.0398 5924 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
17:00:10.0445 5924 usbohci - ok
17:00:10.0460 5924 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
17:00:10.0507 5924 usbprint - ok
17:00:10.0554 5924 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
17:00:10.0679 5924 usbscan - ok
17:00:10.0726 5924 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
17:00:10.0757 5924 USBSTOR - ok
17:00:10.0788 5924 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
17:00:10.0835 5924 usbuhci - ok
17:00:10.0882 5924 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
17:00:10.0928 5924 usbvideo - ok
17:00:10.0960 5924 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
17:00:11.0053 5924 UxSms - ok
17:00:11.0116 5924 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
17:00:11.0147 5924 VaultSvc - ok
17:00:11.0162 5924 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
17:00:11.0194 5924 vdrvroot - ok
17:00:11.0287 5924 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
17:00:11.0396 5924 vds - ok
17:00:11.0459 5924 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
17:00:11.0506 5924 vga - ok
17:00:11.0506 5924 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
17:00:11.0615 5924 VgaSave - ok
17:00:11.0662 5924 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
17:00:11.0693 5924 vhdmp - ok
17:00:11.0724 5924 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
17:00:11.0755 5924 viaide - ok
17:00:11.0771 5924 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
17:00:11.0802 5924 volmgr - ok
17:00:11.0864 5924 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
17:00:11.0911 5924 volmgrx - ok
17:00:11.0974 5924 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
17:00:12.0020 5924 volsnap - ok
17:00:12.0067 5924 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
17:00:12.0130 5924 vsmraid - ok
17:00:12.0270 5924 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
17:00:12.0410 5924 VSS - ok
17:00:12.0582 5924 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
17:00:12.0629 5924 vwifibus - ok
17:00:12.0660 5924 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
17:00:12.0722 5924 vwififlt - ok
17:00:12.0769 5924 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
17:00:12.0878 5924 W32Time - ok
17:00:12.0925 5924 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
17:00:12.0988 5924 WacomPen - ok
17:00:13.0034 5924 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
17:00:13.0128 5924 WANARP - ok
17:00:13.0128 5924 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
17:00:13.0222 5924 Wanarpv6 - ok
17:00:13.0783 5924 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
17:00:13.0877 5924 WatAdminSvc - ok
17:00:14.0064 5924 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
17:00:14.0142 5924 wbengine - ok
17:00:14.0314 5924 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
17:00:14.0360 5924 WbioSrvc - ok
17:00:14.0407 5924 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
17:00:14.0470 5924 wcncsvc - ok
17:00:14.0501 5924 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
17:00:14.0548 5924 WcsPlugInService - ok
17:00:14.0657 5924 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
17:00:14.0704 5924 Wd - ok
17:00:14.0766 5924 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
17:00:14.0813 5924 Wdf01000 - ok
17:00:14.0860 5924 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
17:00:14.0922 5924 WdiServiceHost - ok
17:00:14.0938 5924 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
17:00:14.0984 5924 WdiSystemHost - ok
17:00:15.0031 5924 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
17:00:15.0094 5924 WebClient - ok
17:00:15.0125 5924 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
17:00:15.0234 5924 Wecsvc - ok
17:00:15.0281 5924 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
17:00:15.0390 5924 wercplsupport - ok
17:00:15.0421 5924 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
17:00:15.0546 5924 WerSvc - ok
17:00:15.0593 5924 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
17:00:15.0686 5924 WfpLwf - ok
17:00:15.0702 5924 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
17:00:15.0733 5924 WIMMount - ok
17:00:15.0764 5924 WinDefend - ok
17:00:15.0780 5924 WinHttpAutoProxySvc - ok
17:00:15.0858 5924 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
17:00:15.0952 5924 Winmgmt - ok
17:00:16.0170 5924 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
17:00:16.0310 5924 WinRM - ok
17:00:16.0544 5924 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
17:00:16.0607 5924 WinUsb - ok
17:00:16.0700 5924 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
17:00:16.0794 5924 Wlansvc - ok
17:00:16.0888 5924 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:00:16.0903 5924 wlcrasvc - ok
17:00:17.0184 5924 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:00:17.0293 5924 wlidsvc - ok
17:00:17.0434 5924 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
17:00:17.0465 5924 WmiAcpi - ok
17:00:17.0543 5924 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
17:00:17.0590 5924 wmiApSrv - ok
17:00:17.0652 5924 WMPNetworkSvc - ok
17:00:17.0683 5924 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
17:00:17.0714 5924 WPCSvc - ok
17:00:17.0746 5924 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
17:00:17.0792 5924 WPDBusEnum - ok
17:00:17.0824 5924 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
17:00:17.0917 5924 ws2ifsl - ok
17:00:17.0948 5924 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
17:00:18.0011 5924 wscsvc - ok
17:00:18.0026 5924 WSearch - ok
17:00:18.0276 5924 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
17:00:18.0401 5924 wuauserv - ok
17:00:18.0588 5924 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
17:00:18.0682 5924 WudfPf - ok
17:00:18.0728 5924 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
17:00:18.0822 5924 WUDFRd - ok
17:00:18.0853 5924 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
17:00:18.0947 5924 wudfsvc - ok
17:00:18.0978 5924 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
17:00:19.0056 5924 WwanSvc - ok
17:00:19.0103 5924 MBR (0x1B8) (849e52748aab5959bc8000cb4974bc13) \Device\Harddisk0\DR0
17:00:19.0150 5924 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
17:00:19.0150 5924 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
17:00:20.0366 5924 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:00:20.0366 5924 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:00:20.0398 5924 Boot (0x1200) (de8590baa713dfec22a1b646ac041426) \Device\Harddisk0\DR0\Partition0
17:00:20.0398 5924 \Device\Harddisk0\DR0\Partition0 - ok
17:00:20.0398 5924 ============================================================
17:00:20.0398 5924 Scan finished
17:00:20.0398 5924 ============================================================
17:00:20.0444 4248 Detected object count: 3
17:00:20.0444 4248 Actual detected object count: 3
17:03:14.0946 4248 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
17:03:14.0946 4248 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:03:16.0896 4248 \Device\Harddisk0\DR0\# - copied to quarantine
17:03:16.0896 4248 \Device\Harddisk0\DR0 - copied to quarantine
17:03:16.0990 4248 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:03:17.0021 4248 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
17:03:17.0037 4248 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:03:17.0037 4248 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:03:17.0068 4248 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
17:03:17.0084 4248 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
17:03:17.0084 4248 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
17:03:17.0099 4248 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
17:03:17.0099 4248 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
17:03:17.0115 4248 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
17:03:17.0115 4248 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
17:03:17.0130 4248 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
17:03:17.0162 4248 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
17:03:17.0177 4248 \Device\Harddisk0\DR0 - ok
17:03:17.0661 4248 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
17:03:17.0988 4248 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:03:17.0988 4248 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
17:03:18.0004 4248 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:03:18.0020 4248 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:03:18.0051 4248 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
17:03:18.0082 4248 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
17:03:18.0082 4248 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
17:03:18.0098 4248 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
17:03:18.0098 4248 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
17:03:18.0113 4248 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
17:03:18.0113 4248 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
17:03:18.0129 4248 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
17:03:18.0129 4248 \Device\Harddisk0\DR0\TDLFS - deleted
17:03:18.0129 4248 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
17:04:34.0117 5500 Deinitialize success
-
RogueKiller crashed about 3/4 way through the scan. It did leave behind a debug file. It was too long to cut and paste, so attached.
-
Similar to other posts I've seen, I have an attack going on that is directly related to svchost.exe (I can stop it and the music/radio stops, but eventually it will come back) I've loaded Malware Anti-Malware and it finds the Trojan and I eliminate it, but it comes back again. There two similar posts going now that gringo_pr has been addressing. Following the initial steps of those, I have run the Security Check and Combofix. The logs are listed below. After running these and rebooting, the 'sounds' have continued. What should my next steps be? Thank you in advance for your help!
Security Check:
Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java 6 Update 25
Java version out of Date!
Adobe Reader X (10.1.3)
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````
Combofix:
ComboFix 12-07-04.03 - Derek 07/04/2012 11:17:29.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7783.6226 [GMT -5:00]
Running from: c:\users\Derek\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 02:51 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-04 02:51 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-04 00:28 . 2012-07-04 00:28 -------- d-----w- c:\users\Derek\AppData\Roaming\Malwarebytes
2012-07-04 00:28 . 2012-07-04 00:28 -------- d-----w- c:\programdata\Malwarebytes
2012-07-04 00:28 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-04 00:28 . 2012-07-04 00:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-29 00:08 . 2012-06-29 00:42 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 18:28 . 2012-06-23 18:28 -------- d-----w- c:\users\Derek\AppData\Roaming\PCCUStubInstaller
2012-06-23 17:49 . 1999-11-10 17:05 86016 ----a-w- c:\windows\unvise32qt.exe
2012-06-23 17:49 . 2012-06-23 17:49 106496 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-23 17:49 . 2012-06-23 17:49 106496 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-23 17:49 . 2012-06-23 17:49 106496 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-23 17:49 . 2012-06-23 17:49 106496 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-23 17:49 . 2012-06-23 17:49 106496 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-23 17:49 . 2012-06-23 17:49 106496 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-23 17:49 . 2012-06-23 17:49 106496 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-23 17:47 . 2012-06-23 19:05 -------- d-----w- c:\windows\SysWow64\QuickTime
2012-06-23 17:47 . 2012-06-23 19:05 -------- d-----w- c:\program files (x86)\QuickTime
2012-06-23 17:47 . 2012-06-23 17:47 -------- d-----w- c:\programdata\QuickTime
2012-06-22 16:29 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 16:29 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 16:29 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 16:29 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 16:28 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 16:28 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 16:28 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 16:28 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 16:28 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 00:41 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 00:41 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 00:41 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 00:41 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 00:41 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 00:41 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 00:41 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 00:41 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 00:40 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 00:40 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 00:40 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 00:40 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 00:40 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 00:40 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 00:42 . 2011-07-22 01:55 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-04-09 22:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-14 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-04-09 1557160]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2012-06-23 98304]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-14 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 250056]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-14 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]
R3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [2010-11-30 191232]
R3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2010-11-30 163384]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-07-26 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120703.002\IDSvia64.sys [2012-06-14 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-08 204288]
S2 DiskDoctorService;Norton Disk Doctor Service;c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [2010-11-30 1029480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-06-13 135608]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 SpeedDiskService;Norton SpeedDisk Service;c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [2010-11-30 1037672]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-08 9360896]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-08 309760]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-14 138912]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 00:42]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-14 14:39]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-14 14:39]
.
2012-07-04 c:\windows\Tasks\NUSchedule.job
- c:\program files (x86)\Norton Utilities 15\nu.exe [2012-03-24 14:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-07-04 11:57:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-04 16:57
.
Pre-Run: 246,972,682,240 bytes free
Post-Run: 247,409,676,288 bytes free
.
- - End Of File - - 9035A44A2D6CEB714707A0B20E111743
Random music/radio connected to svchost.exe - similar to others
in Resolved Malware Removal Logs
Posted
Ok, that went smooth. Based on this log is there anything left to do?
ComboFix.txt