Jump to content

Maywarebytes removes Trojan.Agent and it comes back on reboot


VCS
 Share

Recommended Posts

We cannot seem to completely remove trojan.agent C:\Windows\svchost.exe using Malwarebytes. It reappears on reboot. Also, a "winrscmde stopped working and was closed" window keeps popping up.

We've seen other posts on these two topics, and the solutions appear tailored to those individuals. So rather than try those fixes and risk making things worse, we're hoping someone can help us clean this PC. (Windows Vista Home Premium, Service Pack 2, 64-bit OS.)

Link to post
Share on other sites

  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I need to get some reports to get a base to start from so I need you to run these programs first.

-DeFogger-

  • Please download
DeFogger to your desktop.
Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.

-Security Check-

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:
    dds_scr.gif
    Download DDS and save it to your desktop
Link1
Link2
Link3
  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt

    [*]A window will open instructing you save & post the logs

    [*]Save the logs to a convenient place such as your desktop

    [*]Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following
  1. both reports from DDS
  2. report from security check
  3. let me know of any problems you may have had

Gringo

Link to post
Share on other sites

Instructions are printed and we'll run the programs now and get the reports.

Note: We do not see a Watch Topic button among the options above this post. (Hovered over all of them) Thre is a "Follow this topic" check box. Might that be it? (FireFox browser.)

Link to post
Share on other sites

DeFogger log fyi (just found it on the desktop while looking for DDS reports)

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 13:05 on 17/11/2012 (Vince)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Link to post
Share on other sites

Gringo: I don't know how long it typically takes DDS to prepare its reports, but it's been 20 minutes and nothing yet. Task Manager indicates dds.scr *32 isn't using any CPU resources (which might be normal). Your instructions indicated the reports would appear "shortly," so just wanted to make sure this behavior is typical.

Link to post
Share on other sites

  • Staff

Hello

Restart the computer and then run these programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

# AdwCleaner v2.007 - Logfile created 11/17/2012 at 14:05:46

# Updated 06/11/2012 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (64 bits)

# User : Vince - VINCE-PC

# Boot Mode : Normal

# Running from : C:\Users\Vince\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Ask.com

Deleted on reboot : C:\ProgramData\Ask

Deleted on reboot : C:\Users\Gina\AppData\LocalLow\AskToolbar

Deleted on reboot : C:\Users\Vince\AppData\LocalLow\AskToolbar

Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [Registry] *****

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

Key Deleted : HKLM\Software\APN

Key Deleted : HKLM\Software\AskToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19328

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\Vince\AppData\Roaming\Mozilla\Firefox\Profiles\q2dnqsfh.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Deleted : user_pref("browser.search.defaultenginename", "Ask.com");

Deleted : user_pref("browser.search.order.1", "Ask.com");

Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");

Profile name : default

File : C:\Users\Gina\AppData\Roaming\Mozilla\Firefox\Profiles\8woer8b1.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Deleted : user_pref("browser.search.defaultenginename", "Ask.com");

Deleted : user_pref("browser.search.order.1", "Ask.com");

Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Vince\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Gina\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [4483 octets] - [17/11/2012 14:05:46]

########## EOF - C:\AdwCleaner[s1].txt - [4543 octets] ##########

Link to post
Share on other sites

RogueKiller V8.3.0 [Nov 17 2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User : Vince [Admin rights]

Mode : Remove -- Date : 11/17/2012 14:18:47

¤¤¤ Bad processes : 4 ¤¤¤

[sUSP PATH] RAVCpl64.exe -- C:\Windows\RAVCpl64.exe -> KILLED [TermProc]

[sUSP PATH] GoogleCrashHandler.exe -- C:\Users\Vince\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe -> KILLED [TermProc]

[sUSP PATH] GoogleCrashHandler64.exe -- C:\Users\Vince\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe -> KILLED [TermProc]

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermThr]

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

-> D:\windows\system32\config\SOFTWARE

-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-75A7B0 ATA Device +++++

--- User ---

[MBR] f6d056e782c2b823983a84ee88fa9f63

[bSP] 9ca88377777070f4140b4b7266a7a7e9 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 595439 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] da088a57642c2de403e38999ea1b980e

[bSP] 9ca88377777070f4140b4b7266a7a7e9 : Windows Vista MBR Code

Partition table:

1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

3 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 595439 Mo

Finished : << RKreport[2]_D_11172012_02d1418.txt >>

RKreport[1]_S_11172012_02d1418.txt ; RKreport[2]_D_11172012_02d1418.txt

Link to post
Share on other sites

  • Staff

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

FYI we signed onto another computer while ComboFix does its work to give you a status update. We've had one blue screen of death, but recovered from that, and ComboFix said it was detecting Norton 360's background scan even though we put everything in a delay mode (max allowed). The Norton help site said you cannot turn off scanning in 360, only extend the time of the delay. We let ComboFix proceed and it said it would. But we haven't heard from it in a while. Does this typically take a long time?

Standing by for ComboFix to finish.

Link to post
Share on other sites

The Combofix program rebooted on its own and did not reopen an admin window when Windows restarted. We're guessing the program is working in the background. ??? After that we did get a popup that one of the Norton processes had stopped working, but that issue apparently has resolved as the popup is gone. Nonetheless, the CPU seems mostly idle. The "winrscmde stopped working and was closed" window continues to open everytime you close it.

Recommendations?

Link to post
Share on other sites

  • Staff

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

Sorry we're on Page 2. Here's the first report:

16:55:52.0979 2824 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

16:55:53.0525 2824 ============================================================

16:55:53.0525 2824 Current date / time: 2012/11/17 16:55:53.0525

16:55:53.0525 2824 SystemInfo:

16:55:53.0525 2824

16:55:53.0525 2824 OS Version: 6.0.6002 ServicePack: 2.0

16:55:53.0525 2824 Product type: Workstation

16:55:53.0525 2824 ComputerName: VINCE-PC

16:55:53.0525 2824 UserName: Vince

16:55:53.0525 2824 Windows directory: C:\Windows

16:55:53.0525 2824 System windows directory: C:\Windows

16:55:53.0525 2824 Running under WOW64

16:55:53.0525 2824 Processor architecture: Intel x64

16:55:53.0525 2824 Number of processors: 4

16:55:53.0525 2824 Page size: 0x1000

16:55:53.0525 2824 Boot type: Normal boot

16:55:53.0525 2824 ============================================================

16:55:55.0678 2824 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:55:55.0678 2824 ============================================================

16:55:55.0678 2824 \Device\Harddisk0\DR0:

16:55:55.0678 2824 MBR partitions:

16:55:55.0678 2824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

16:55:55.0678 2824 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x48AF7AB0

16:55:55.0678 2824 ============================================================

16:55:55.0709 2824 C: <-> \Device\Harddisk0\DR0\Partition2

16:55:55.0740 2824 D: <-> \Device\Harddisk0\DR0\Partition1

16:55:55.0740 2824 ============================================================

16:55:55.0740 2824 Initialize success

16:55:55.0740 2824 ============================================================

16:56:00.0062 4356 ============================================================

16:56:00.0062 4356 Scan started

16:56:00.0062 4356 Mode: Manual;

16:56:00.0062 4356 ============================================================

16:56:01.0044 4356 ================ Scan system memory ========================

16:56:01.0044 4356 System memory - ok

16:56:01.0044 4356 ================ Scan services =============================

16:56:01.0169 4356 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys

16:56:01.0169 4356 ACPI - ok

16:56:01.0263 4356 [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

16:56:01.0278 4356 AdobeActiveFileMonitor7.0 - ok

16:56:01.0341 4356 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

16:56:01.0341 4356 AdobeFlashPlayerUpdateSvc - ok

16:56:01.0372 4356 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

16:56:01.0388 4356 adp94xx - ok

16:56:01.0403 4356 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys

16:56:01.0403 4356 adpahci - ok

16:56:01.0403 4356 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

16:56:01.0403 4356 adpu160m - ok

16:56:01.0419 4356 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

16:56:01.0419 4356 adpu320 - ok

16:56:01.0450 4356 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

16:56:01.0466 4356 AeLookupSvc - ok

16:56:01.0481 4356 [ 0D7A11395C0A33D9E7587CDB9866EFAD ] AERTFilters C:\Windows\system32\AERTSr64.exe

16:56:01.0481 4356 AERTFilters - ok

16:56:01.0512 4356 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys

16:56:01.0512 4356 AFD - ok

16:56:01.0544 4356 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys

16:56:01.0544 4356 agp440 - ok

16:56:01.0559 4356 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys

16:56:01.0559 4356 aic78xx - ok

16:56:01.0700 4356 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll

16:56:01.0700 4356 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66

16:56:01.0715 4356 Akamai ( HiddenFile.Multi.Generic ) - warning

16:56:01.0715 4356 Akamai - detected HiddenFile.Multi.Generic (1)

16:56:01.0762 4356 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe

16:56:01.0762 4356 ALG - ok

16:56:01.0778 4356 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys

16:56:01.0778 4356 aliide - ok

16:56:01.0778 4356 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys

16:56:01.0778 4356 amdide - ok

16:56:01.0793 4356 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

16:56:01.0793 4356 AmdK8 - ok

16:56:01.0809 4356 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll

16:56:01.0809 4356 Appinfo - ok

16:56:01.0840 4356 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys

16:56:01.0840 4356 arc - ok

16:56:01.0856 4356 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys

16:56:01.0856 4356 arcsas - ok

16:56:01.0871 4356 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

16:56:01.0871 4356 AsyncMac - ok

16:56:01.0902 4356 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys

16:56:01.0902 4356 atapi - ok

16:56:01.0918 4356 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

16:56:01.0934 4356 AudioEndpointBuilder - ok

16:56:01.0980 4356 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll

16:56:01.0980 4356 AudioSrv - ok

16:56:02.0012 4356 [ 721409129AB3503B6C96404FE8D8CDF0 ] Automatic LiveUpdate Scheduler C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe

16:56:02.0027 4356 Automatic LiveUpdate Scheduler - ok

16:56:02.0058 4356 [ A2160C5D70F3517FC7356B689ABD6FCD ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl664.sys

16:56:02.0058 4356 BCM43XV - ok

16:56:02.0090 4356 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll

16:56:02.0105 4356 BFE - ok

16:56:02.0261 4356 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20121106.001\BHDrvx64.sys

16:56:02.0277 4356 BHDrvx64 - ok

16:56:02.0324 4356 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll

16:56:02.0355 4356 BITS - ok

16:56:02.0370 4356 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

16:56:02.0370 4356 blbdrive - ok

16:56:02.0402 4356 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

16:56:02.0402 4356 bowser - ok

16:56:02.0433 4356 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

16:56:02.0433 4356 BrFiltLo - ok

16:56:02.0433 4356 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

16:56:02.0433 4356 BrFiltUp - ok

16:56:02.0464 4356 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll

16:56:02.0464 4356 Browser - ok

16:56:02.0480 4356 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys

16:56:02.0480 4356 Brserid - ok

16:56:02.0495 4356 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

16:56:02.0495 4356 BrSerWdm - ok

16:56:02.0495 4356 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

16:56:02.0495 4356 BrUsbMdm - ok

16:56:02.0511 4356 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

16:56:02.0511 4356 BrUsbSer - ok

16:56:02.0526 4356 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

16:56:02.0526 4356 BTHMODEM - ok

16:56:02.0573 4356 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys

16:56:02.0573 4356 ccSet_N360 - ok

16:56:02.0589 4356 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

16:56:02.0589 4356 cdfs - ok

16:56:02.0620 4356 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

16:56:02.0620 4356 cdrom - ok

16:56:02.0651 4356 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll

16:56:02.0651 4356 CertPropSvc - ok

16:56:02.0667 4356 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys

16:56:02.0667 4356 circlass - ok

16:56:02.0698 4356 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys

16:56:02.0698 4356 CLFS - ok

16:56:02.0760 4356 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:56:02.0760 4356 clr_optimization_v2.0.50727_32 - ok

16:56:02.0792 4356 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

16:56:02.0792 4356 clr_optimization_v2.0.50727_64 - ok

16:56:02.0854 4356 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:56:02.0854 4356 clr_optimization_v4.0.30319_32 - ok

16:56:02.0901 4356 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

16:56:02.0901 4356 clr_optimization_v4.0.30319_64 - ok

16:56:02.0916 4356 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys

16:56:02.0916 4356 cmdide - ok

16:56:02.0916 4356 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

16:56:02.0916 4356 Compbatt - ok

16:56:02.0916 4356 COMSysApp - ok

16:56:02.0963 4356 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

16:56:02.0963 4356 crcdisk - ok

16:56:03.0010 4356 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll

16:56:03.0010 4356 CryptSvc - ok

16:56:03.0057 4356 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll

16:56:03.0072 4356 DcomLaunch - ok

16:56:03.0104 4356 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

16:56:03.0104 4356 DfsC - ok

16:56:03.0182 4356 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe

16:56:03.0275 4356 DFSR - ok

16:56:03.0322 4356 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll

16:56:03.0322 4356 Dhcp - ok

16:56:03.0353 4356 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys

16:56:03.0353 4356 disk - ok

16:56:03.0384 4356 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll

16:56:03.0384 4356 Dnscache - ok

16:56:03.0400 4356 [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe

16:56:03.0400 4356 DockLoginService - ok

16:56:03.0431 4356 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll

16:56:03.0447 4356 dot3svc - ok

16:56:03.0478 4356 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

16:56:03.0478 4356 Dot4 - ok

16:56:03.0494 4356 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys

16:56:03.0494 4356 Dot4Print - ok

16:56:03.0509 4356 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

16:56:03.0509 4356 dot4usb - ok

16:56:03.0540 4356 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll

16:56:03.0540 4356 DPS - ok

16:56:03.0572 4356 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

16:56:03.0572 4356 drmkaud - ok

16:56:03.0603 4356 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

16:56:03.0618 4356 DXGKrnl - ok

16:56:03.0650 4356 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys

16:56:03.0650 4356 e1express - ok

16:56:03.0665 4356 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys

16:56:03.0665 4356 E1G60 - ok

16:56:03.0696 4356 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll

16:56:03.0696 4356 EapHost - ok

16:56:03.0728 4356 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys

16:56:03.0728 4356 Ecache - ok

16:56:03.0790 4356 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

16:56:03.0790 4356 eeCtrl - ok

16:56:03.0821 4356 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe

16:56:03.0821 4356 ehRecvr - ok

16:56:03.0837 4356 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe

16:56:03.0837 4356 ehSched - ok

16:56:03.0868 4356 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll

16:56:03.0868 4356 ehstart - ok

16:56:03.0884 4356 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys

16:56:03.0899 4356 elxstor - ok

16:56:03.0946 4356 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll

16:56:03.0962 4356 EMDMgmt - ok

16:56:03.0977 4356 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

16:56:03.0977 4356 EraserUtilRebootDrv - ok

16:56:03.0993 4356 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys

16:56:03.0993 4356 ErrDev - ok

16:56:04.0024 4356 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll

16:56:04.0024 4356 EventSystem - ok

16:56:04.0055 4356 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys

16:56:04.0055 4356 exfat - ok

16:56:04.0086 4356 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys

16:56:04.0086 4356 fastfat - ok

16:56:04.0102 4356 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

16:56:04.0102 4356 fdc - ok

16:56:04.0118 4356 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll

16:56:04.0118 4356 fdPHost - ok

16:56:04.0133 4356 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll

16:56:04.0133 4356 FDResPub - ok

16:56:04.0149 4356 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

16:56:04.0149 4356 FileInfo - ok

16:56:04.0149 4356 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys

16:56:04.0149 4356 Filetrace - ok

16:56:04.0211 4356 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

16:56:04.0211 4356 FLEXnet Licensing Service - ok

16:56:04.0227 4356 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

16:56:04.0227 4356 flpydisk - ok

16:56:04.0258 4356 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

16:56:04.0258 4356 FltMgr - ok

16:56:04.0320 4356 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll

16:56:04.0336 4356 FontCache - ok

16:56:04.0383 4356 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

16:56:04.0383 4356 FontCache3.0.0.0 - ok

16:56:04.0398 4356 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

16:56:04.0398 4356 Fs_Rec - ok

16:56:04.0414 4356 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

16:56:04.0414 4356 gagp30kx - ok

16:56:04.0476 4356 [ 311ACFCDD2C9A99481E91FA4CB028D70 ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe

16:56:04.0476 4356 GameConsoleService - ok

16:56:04.0523 4356 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll

16:56:04.0523 4356 gpsvc - ok

16:56:04.0632 4356 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:56:04.0632 4356 gupdate - ok

16:56:04.0648 4356 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:56:04.0648 4356 gupdatem - ok

16:56:04.0679 4356 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

16:56:04.0679 4356 gusvc - ok

16:56:04.0726 4356 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

16:56:04.0726 4356 HDAudBus - ok

16:56:04.0742 4356 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys

16:56:04.0742 4356 HidBth - ok

16:56:04.0742 4356 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys

16:56:04.0742 4356 HidIr - ok

16:56:04.0773 4356 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll

16:56:04.0773 4356 hidserv - ok

16:56:04.0804 4356 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

16:56:04.0804 4356 HidUsb - ok

16:56:04.0820 4356 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll

16:56:04.0820 4356 hkmsvc - ok

16:56:04.0851 4356 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

16:56:04.0851 4356 HpCISSs - ok

16:56:04.0913 4356 [ B14328CFEEB6B736BE44C2C9DB3B162C ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

16:56:04.0929 4356 hpqcxs08 - ok

16:56:04.0944 4356 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

16:56:04.0944 4356 hpqddsvc - ok

16:56:04.0976 4356 [ 969F2F6571B915BADA4FA68228C2CBBC ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

16:56:04.0991 4356 HPSLPSVC - ok

16:56:05.0022 4356 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys

16:56:05.0038 4356 HTTP - ok

16:56:05.0038 4356 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys

16:56:05.0038 4356 i2omp - ok

16:56:05.0069 4356 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

16:56:05.0069 4356 i8042prt - ok

16:56:05.0100 4356 [ CEB53BB804B41C52AB0782505C8E2994 ] iaStor C:\Windows\system32\drivers\iastor.sys

16:56:05.0100 4356 iaStor - ok

16:56:05.0116 4356 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

16:56:05.0116 4356 iaStorV - ok

16:56:05.0163 4356 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

16:56:05.0163 4356 idsvc - ok

16:56:05.0241 4356 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20121116.001\IDSvia64.sys

16:56:05.0256 4356 IDSVia64 - ok

16:56:05.0428 4356 [ 2161876969E428A494F8D7C38FA6F513 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

16:56:05.0522 4356 igfx - ok

16:56:05.0537 4356 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys

16:56:05.0537 4356 iirsp - ok

16:56:05.0568 4356 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll

16:56:05.0568 4356 IKEEXT - ok

16:56:05.0615 4356 [ 0DD17D4B59D0EC40E3C86A505BB0B6DD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

16:56:05.0615 4356 IntcAzAudAddService - ok

16:56:05.0631 4356 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys

16:56:05.0631 4356 intelide - ok

16:56:05.0646 4356 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

16:56:05.0646 4356 intelppm - ok

16:56:05.0724 4356 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

16:56:05.0724 4356 IntuitUpdateService - ok

16:56:05.0787 4356 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

16:56:05.0787 4356 IntuitUpdateServiceV4 - ok

16:56:05.0818 4356 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

16:56:05.0818 4356 IPBusEnum - ok

16:56:05.0849 4356 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:56:05.0849 4356 IpFilterDriver - ok

16:56:05.0880 4356 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

16:56:05.0880 4356 iphlpsvc - ok

16:56:05.0880 4356 IpInIp - ok

16:56:05.0927 4356 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

16:56:05.0927 4356 IPMIDRV - ok

16:56:05.0943 4356 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

16:56:05.0943 4356 IPNAT - ok

16:56:05.0958 4356 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys

16:56:05.0958 4356 IRENUM - ok

16:56:05.0974 4356 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys

16:56:05.0974 4356 isapnp - ok

16:56:06.0005 4356 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

16:56:06.0005 4356 iScsiPrt - ok

16:56:06.0021 4356 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

16:56:06.0021 4356 iteatapi - ok

16:56:06.0021 4356 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys

16:56:06.0036 4356 iteraid - ok

16:56:06.0052 4356 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

16:56:06.0052 4356 kbdclass - ok

16:56:06.0068 4356 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

16:56:06.0068 4356 kbdhid - ok

16:56:06.0099 4356 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe

16:56:06.0099 4356 KeyIso - ok

16:56:06.0130 4356 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

16:56:06.0130 4356 KSecDD - ok

16:56:06.0177 4356 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

16:56:06.0177 4356 ksthunk - ok

16:56:06.0208 4356 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll

16:56:06.0224 4356 KtmRm - ok

16:56:06.0239 4356 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll

16:56:06.0239 4356 LanmanServer - ok

16:56:06.0270 4356 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

16:56:06.0270 4356 LanmanWorkstation - ok

16:56:06.0270 4356 Lbd - ok

16:56:06.0380 4356 [ 36375738DC0B3CD1F764268008E74FDF ] LiveUpdate C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE

16:56:06.0395 4356 LiveUpdate - ok

16:56:06.0411 4356 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

16:56:06.0411 4356 lltdio - ok

16:56:06.0458 4356 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll

16:56:06.0458 4356 lltdsvc - ok

16:56:06.0489 4356 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll

16:56:06.0489 4356 lmhosts - ok

16:56:06.0504 4356 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

16:56:06.0504 4356 LSI_FC - ok

16:56:06.0504 4356 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

16:56:06.0504 4356 LSI_SAS - ok

16:56:06.0520 4356 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

16:56:06.0520 4356 LSI_SCSI - ok

16:56:06.0536 4356 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys

16:56:06.0536 4356 luafv - ok

16:56:06.0551 4356 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

16:56:06.0567 4356 Mcx2Svc - ok

16:56:06.0582 4356 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys

16:56:06.0582 4356 megasas - ok

16:56:06.0614 4356 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys

16:56:06.0614 4356 MegaSR - ok

16:56:06.0614 4356 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll

16:56:06.0614 4356 MMCSS - ok

16:56:06.0629 4356 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys

16:56:06.0629 4356 Modem - ok

16:56:06.0645 4356 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

16:56:06.0645 4356 monitor - ok

16:56:06.0660 4356 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

16:56:06.0660 4356 mouclass - ok

16:56:06.0676 4356 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

16:56:06.0676 4356 mouhid - ok

16:56:06.0676 4356 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

16:56:06.0676 4356 MountMgr - ok

16:56:06.0738 4356 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

16:56:06.0738 4356 MozillaMaintenance - ok

16:56:06.0738 4356 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys

16:56:06.0738 4356 mpio - ok

16:56:06.0754 4356 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

16:56:06.0754 4356 mpsdrv - ok

16:56:06.0785 4356 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll

16:56:06.0785 4356 MpsSvc - ok

16:56:06.0785 4356 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

16:56:06.0801 4356 Mraid35x - ok

16:56:06.0816 4356 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

16:56:06.0816 4356 MRxDAV - ok

16:56:06.0848 4356 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

16:56:06.0848 4356 mrxsmb - ok

16:56:06.0879 4356 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:56:06.0879 4356 mrxsmb10 - ok

16:56:06.0894 4356 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:56:06.0894 4356 mrxsmb20 - ok

16:56:06.0926 4356 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys

16:56:06.0926 4356 msahci - ok

16:56:06.0926 4356 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys

16:56:06.0941 4356 msdsm - ok

16:56:06.0957 4356 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe

16:56:06.0972 4356 MSDTC - ok

16:56:06.0988 4356 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys

16:56:07.0004 4356 Msfs - ok

16:56:07.0004 4356 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

16:56:07.0004 4356 msisadrv - ok

16:56:07.0035 4356 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

16:56:07.0035 4356 MSiSCSI - ok

16:56:07.0035 4356 msiserver - ok

16:56:07.0050 4356 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

16:56:07.0050 4356 MSKSSRV - ok

16:56:07.0066 4356 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

16:56:07.0066 4356 MSPCLOCK - ok

16:56:07.0082 4356 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

16:56:07.0082 4356 MSPQM - ok

16:56:07.0113 4356 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

16:56:07.0113 4356 MsRPC - ok

16:56:07.0128 4356 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

16:56:07.0128 4356 mssmbios - ok

16:56:07.0128 4356 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

16:56:07.0128 4356 MSTEE - ok

16:56:07.0128 4356 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys

16:56:07.0128 4356 Mup - ok

16:56:07.0191 4356 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe

16:56:07.0191 4356 N360 - ok

16:56:07.0206 4356 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll

16:56:07.0222 4356 napagent - ok

16:56:07.0238 4356 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

16:56:07.0238 4356 NativeWifiP - ok

16:56:07.0300 4356 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20121117.005\ENG64.SYS

16:56:07.0316 4356 NAVENG - ok

16:56:07.0409 4356 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20121117.005\EX64.SYS

16:56:07.0409 4356 NAVEX15 - ok

16:56:07.0472 4356 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys

16:56:07.0472 4356 NDIS - ok

16:56:07.0487 4356 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

16:56:07.0487 4356 NdisTapi - ok

16:56:07.0503 4356 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

16:56:07.0503 4356 Ndisuio - ok

16:56:07.0518 4356 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

16:56:07.0518 4356 NdisWan - ok

16:56:07.0534 4356 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

16:56:07.0534 4356 NDProxy - ok

16:56:07.0550 4356 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

16:56:07.0550 4356 Net Driver HPZ12 - ok

16:56:07.0565 4356 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

16:56:07.0565 4356 NetBIOS - ok

16:56:07.0581 4356 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

16:56:07.0596 4356 netbt - ok

16:56:07.0674 4356 [ EA833758BE56A68AABECD50E1DDCF4A3 ] NETGEARGenieDaemon C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe

16:56:07.0690 4356 NETGEARGenieDaemon - ok

16:56:07.0706 4356 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe

16:56:07.0706 4356 Netlogon - ok

16:56:07.0721 4356 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll

16:56:07.0721 4356 Netman - ok

16:56:07.0752 4356 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll

16:56:07.0752 4356 netprofm - ok

16:56:07.0768 4356 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:56:07.0784 4356 NetTcpPortSharing - ok

16:56:07.0799 4356 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

16:56:07.0799 4356 nfrd960 - ok

16:56:07.0799 4356 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll

16:56:07.0815 4356 NlaSvc - ok

16:56:07.0830 4356 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys

16:56:07.0830 4356 NPF - ok

16:56:07.0846 4356 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys

16:56:07.0846 4356 Npfs - ok

16:56:07.0893 4356 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll

16:56:07.0908 4356 nsi - ok

16:56:07.0908 4356 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

16:56:07.0908 4356 nsiproxy - ok

16:56:07.0955 4356 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

16:56:07.0971 4356 Ntfs - ok

16:56:07.0986 4356 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys

16:56:07.0986 4356 Null - ok

16:56:07.0986 4356 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys

16:56:07.0986 4356 nvraid - ok

16:56:08.0002 4356 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys

16:56:08.0002 4356 nvstor - ok

16:56:08.0018 4356 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

16:56:08.0018 4356 nv_agp - ok

16:56:08.0018 4356 NwlnkFlt - ok

16:56:08.0033 4356 NwlnkFwd - ok

16:56:08.0080 4356 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

16:56:08.0080 4356 odserv - ok

16:56:08.0142 4356 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

16:56:08.0142 4356 ohci1394 - ok

16:56:08.0174 4356 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:56:08.0174 4356 ose - ok

16:56:08.0236 4356 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll

16:56:08.0252 4356 p2pimsvc - ok

16:56:08.0314 4356 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll

16:56:08.0314 4356 p2psvc - ok

16:56:08.0314 4356 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys

16:56:08.0314 4356 Parport - ok

16:56:08.0345 4356 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys

16:56:08.0345 4356 partmgr - ok

16:56:08.0345 4356 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll

16:56:08.0361 4356 PcaSvc - ok

16:56:08.0392 4356 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys

16:56:08.0392 4356 pci - ok

16:56:08.0423 4356 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys

16:56:08.0423 4356 pciide - ok

16:56:08.0439 4356 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

16:56:08.0439 4356 pcmcia - ok

16:56:08.0454 4356 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys

16:56:08.0470 4356 PEAUTH - ok

16:56:08.0517 4356 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe

16:56:08.0517 4356 PerfHost - ok

16:56:08.0579 4356 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll

16:56:08.0595 4356 pla - ok

16:56:08.0626 4356 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

16:56:08.0626 4356 PlugPlay - ok

16:56:08.0642 4356 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

16:56:08.0642 4356 Pml Driver HPZ12 - ok

16:56:08.0657 4356 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

16:56:08.0673 4356 PNRPAutoReg - ok

16:56:08.0688 4356 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll

16:56:08.0688 4356 PNRPsvc - ok

16:56:08.0704 4356 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

16:56:08.0720 4356 PolicyAgent - ok

16:56:08.0829 4356 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

16:56:08.0829 4356 PptpMiniport - ok

16:56:08.0907 4356 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys

16:56:08.0907 4356 Processor - ok

16:56:09.0063 4356 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll

16:56:09.0063 4356 ProfSvc - ok

16:56:09.0110 4356 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe

16:56:09.0110 4356 ProtectedStorage - ok

16:56:09.0312 4356 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys

16:56:09.0312 4356 PSched - ok

16:56:09.0546 4356 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

16:56:09.0546 4356 PxHlpa64 - ok

16:56:09.0609 4356 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys

16:56:09.0624 4356 ql2300 - ok

16:56:09.0656 4356 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

16:56:09.0656 4356 ql40xx - ok

16:56:09.0671 4356 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll

16:56:09.0671 4356 QWAVE - ok

16:56:09.0687 4356 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

16:56:09.0687 4356 QWAVEdrv - ok

16:56:09.0749 4356 [ 2A09A6B271D1F50ADF5E33B37D460DE6 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys

16:56:09.0765 4356 R300 - ok

16:56:09.0780 4356 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

16:56:09.0780 4356 RasAcd - ok

16:56:09.0780 4356 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll

16:56:09.0796 4356 RasAuto - ok

16:56:09.0812 4356 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

16:56:09.0812 4356 Rasl2tp - ok

16:56:09.0843 4356 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll

16:56:09.0843 4356 RasMan - ok

16:56:09.0858 4356 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

16:56:09.0858 4356 RasPppoe - ok

16:56:09.0890 4356 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

16:56:09.0890 4356 RasSstp - ok

16:56:09.0952 4356 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

16:56:09.0952 4356 rdbss - ok

16:56:09.0968 4356 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

16:56:09.0968 4356 RDPCDD - ok

16:56:09.0983 4356 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

16:56:09.0983 4356 rdpdr - ok

16:56:09.0999 4356 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

16:56:09.0999 4356 RDPENCDD - ok

16:56:10.0030 4356 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

16:56:10.0030 4356 RDPWD - ok

16:56:10.0046 4356 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll

16:56:10.0061 4356 RemoteAccess - ok

16:56:10.0077 4356 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll

16:56:10.0077 4356 RemoteRegistry - ok

16:56:10.0092 4356 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe

16:56:10.0092 4356 RpcLocator - ok

16:56:10.0124 4356 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll

16:56:10.0139 4356 RpcSs - ok

16:56:10.0155 4356 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

16:56:10.0155 4356 rspndr - ok

16:56:10.0170 4356 [ C4DD02A9D97C5531E145F9E4420636F8 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys

16:56:10.0186 4356 RTL8169 - ok

16:56:10.0186 4356 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe

16:56:10.0186 4356 SamSs - ok

16:56:10.0202 4356 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

16:56:10.0202 4356 sbp2port - ok

16:56:10.0233 4356 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll

16:56:10.0233 4356 SCardSvr - ok

16:56:10.0264 4356 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll

16:56:10.0280 4356 Schedule - ok

16:56:10.0311 4356 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll

16:56:10.0311 4356 SCPolicySvc - ok

16:56:10.0326 4356 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll

16:56:10.0326 4356 SDRSVC - ok

16:56:10.0326 4356 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

16:56:10.0326 4356 secdrv - ok

16:56:10.0389 4356 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll

16:56:10.0404 4356 seclogon - ok

16:56:10.0404 4356 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll

16:56:10.0404 4356 SENS - ok

16:56:10.0420 4356 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys

16:56:10.0420 4356 Serenum - ok

16:56:10.0436 4356 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys

16:56:10.0436 4356 Serial - ok

16:56:10.0451 4356 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys

16:56:10.0451 4356 sermouse - ok

16:56:10.0498 4356 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll

16:56:10.0498 4356 SessionEnv - ok

16:56:10.0529 4356 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

16:56:10.0529 4356 sffdisk - ok

16:56:10.0545 4356 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

16:56:10.0545 4356 sffp_mmc - ok

16:56:10.0545 4356 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

16:56:10.0545 4356 sffp_sd - ok

16:56:10.0545 4356 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

16:56:10.0545 4356 sfloppy - ok

16:56:10.0607 4356 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll

16:56:10.0607 4356 SharedAccess - ok

16:56:10.0638 4356 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

16:56:10.0638 4356 ShellHWDetection - ok

16:56:10.0654 4356 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

16:56:10.0654 4356 SiSRaid2 - ok

16:56:10.0670 4356 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

16:56:10.0670 4356 SiSRaid4 - ok

16:56:10.0701 4356 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

16:56:10.0701 4356 SkypeUpdate - ok

16:56:10.0748 4356 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe

16:56:10.0810 4356 slsvc - ok

16:56:10.0841 4356 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll

16:56:10.0841 4356 SLUINotify - ok

16:56:10.0872 4356 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys

16:56:10.0872 4356 Smb - ok

16:56:10.0872 4356 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe

16:56:10.0872 4356 SNMPTRAP - ok

16:56:10.0904 4356 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys

16:56:10.0904 4356 spldr - ok

16:56:10.0935 4356 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe

16:56:10.0935 4356 Spooler - ok

16:56:10.0997 4356 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS

16:56:11.0013 4356 SRTSP - ok

16:56:11.0013 4356 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS

16:56:11.0013 4356 SRTSPX - ok

16:56:11.0060 4356 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys

16:56:11.0075 4356 srv - ok

16:56:11.0091 4356 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

16:56:11.0091 4356 srv2 - ok

16:56:11.0122 4356 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

16:56:11.0122 4356 srvnet - ok

16:56:11.0138 4356 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

16:56:11.0138 4356 SSDPSRV - ok

16:56:11.0153 4356 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll

16:56:11.0169 4356 SstpSvc - ok

16:56:11.0184 4356 [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

16:56:11.0184 4356 StillCam - ok

16:56:11.0216 4356 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll

16:56:11.0231 4356 stisvc - ok

16:56:11.0262 4356 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

16:56:11.0262 4356 stllssvr - ok

16:56:11.0294 4356 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys

16:56:11.0294 4356 swenum - ok

16:56:11.0325 4356 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll

16:56:11.0340 4356 swprv - ok

16:56:11.0403 4356 [ 267C914667C94E5F47D342311C1C577F ] Symantec RemoteAssist C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe

16:56:11.0403 4356 Symantec RemoteAssist - ok

16:56:11.0450 4356 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

16:56:11.0450 4356 Symc8xx - ok

16:56:11.0465 4356 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS

16:56:11.0481 4356 SymDS - ok

16:56:11.0512 4356 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS

16:56:11.0543 4356 SymEFA - ok

16:56:11.0574 4356 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

16:56:11.0574 4356 SymEvent - ok

16:56:11.0590 4356 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS

16:56:11.0590 4356 SymIRON - ok

16:56:11.0621 4356 [ A25FEE245C78804601D83431386A0BEE ] SYMTDIv C:\Windows\System32\Drivers\N360x64\0604000.009\SYMTDIV.SYS

16:56:11.0621 4356 SYMTDIv - ok

16:56:11.0637 4356 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

16:56:11.0637 4356 Sym_hi - ok

16:56:11.0637 4356 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

16:56:11.0637 4356 Sym_u3 - ok

16:56:11.0684 4356 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll

16:56:11.0684 4356 SysMain - ok

16:56:11.0715 4356 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll

16:56:11.0715 4356 TabletInputService - ok

16:56:11.0746 4356 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll

16:56:11.0746 4356 TapiSrv - ok

16:56:11.0762 4356 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll

16:56:11.0762 4356 TBS - ok

16:56:11.0808 4356 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys

16:56:11.0808 4356 Tcpip - ok

16:56:11.0840 4356 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

16:56:11.0855 4356 Tcpip6 - ok

16:56:11.0871 4356 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

16:56:11.0871 4356 tcpipreg - ok

16:56:11.0886 4356 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

16:56:11.0886 4356 TDPIPE - ok

16:56:11.0902 4356 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

16:56:11.0902 4356 TDTCP - ok

16:56:11.0933 4356 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

16:56:11.0933 4356 tdx - ok

16:56:11.0949 4356 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

16:56:11.0949 4356 TermDD - ok

16:56:11.0996 4356 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll

16:56:11.0996 4356 TermService - ok

16:56:12.0011 4356 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll

16:56:12.0011 4356 Themes - ok

16:56:12.0027 4356 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll

16:56:12.0027 4356 THREADORDER - ok

16:56:12.0042 4356 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll

16:56:12.0042 4356 TrkWks - ok

16:56:12.0058 4356 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

16:56:12.0058 4356 TrustedInstaller - ok

16:56:12.0074 4356 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

16:56:12.0074 4356 tssecsrv - ok

16:56:12.0105 4356 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

16:56:12.0105 4356 tunmp - ok

16:56:12.0120 4356 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

16:56:12.0120 4356 tunnel - ok

16:56:12.0136 4356 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

16:56:12.0136 4356 uagp35 - ok

16:56:12.0167 4356 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

16:56:12.0167 4356 udfs - ok

16:56:12.0183 4356 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe

16:56:12.0183 4356 UI0Detect - ok

16:56:12.0198 4356 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

16:56:12.0198 4356 uliagpkx - ok

16:56:12.0198 4356 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys

16:56:12.0198 4356 uliahci - ok

16:56:12.0214 4356 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys

16:56:12.0214 4356 UlSata - ok

16:56:12.0230 4356 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

16:56:12.0230 4356 ulsata2 - ok

16:56:12.0245 4356 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

16:56:12.0245 4356 umbus - ok

16:56:12.0261 4356 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll

16:56:12.0261 4356 upnphost - ok

16:56:12.0292 4356 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

16:56:12.0292 4356 usbccgp - ok

16:56:12.0308 4356 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys

16:56:12.0308 4356 usbcir - ok

16:56:12.0323 4356 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

16:56:12.0323 4356 usbehci - ok

16:56:12.0339 4356 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

16:56:12.0339 4356 usbhub - ok

16:56:12.0354 4356 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys

16:56:12.0354 4356 usbohci - ok

16:56:12.0370 4356 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

16:56:12.0370 4356 usbprint - ok

16:56:12.0401 4356 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

16:56:12.0401 4356 usbscan - ok

16:56:12.0417 4356 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:56:12.0417 4356 USBSTOR - ok

16:56:12.0448 4356 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

16:56:12.0448 4356 usbuhci - ok

16:56:12.0464 4356 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll

16:56:12.0464 4356 UxSms - ok

16:56:12.0495 4356 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe

16:56:12.0510 4356 vds - ok

16:56:12.0557 4356 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

16:56:12.0557 4356 vga - ok

16:56:12.0573 4356 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys

16:56:12.0573 4356 VgaSave - ok

16:56:12.0588 4356 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys

16:56:12.0588 4356 viaide - ok

16:56:12.0588 4356 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys

16:56:12.0588 4356 volmgr - ok

16:56:12.0620 4356 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

16:56:12.0620 4356 volmgrx - ok

16:56:12.0651 4356 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys

16:56:12.0651 4356 volsnap - ok

16:56:12.0666 4356 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

16:56:12.0666 4356 vsmraid - ok

16:56:12.0713 4356 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe

16:56:12.0744 4356 VSS - ok

16:56:12.0776 4356 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll

16:56:12.0776 4356 W32Time - ok

16:56:12.0791 4356 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

16:56:12.0791 4356 WacomPen - ok

16:56:12.0822 4356 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

16:56:12.0822 4356 Wanarp - ok

16:56:12.0869 4356 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

16:56:12.0885 4356 Wanarpv6 - ok

16:56:13.0056 4356 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll

16:56:13.0181 4356 wcncsvc - ok

16:56:13.0212 4356 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

16:56:13.0212 4356 WcsPlugInService - ok

16:56:13.0228 4356 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys

16:56:13.0228 4356 Wd - ok

16:56:13.0244 4356 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

16:56:13.0259 4356 Wdf01000 - ok

16:56:13.0306 4356 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll

16:56:13.0306 4356 WdiServiceHost - ok

16:56:13.0306 4356 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll

16:56:13.0306 4356 WdiSystemHost - ok

16:56:13.0368 4356 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll

16:56:13.0368 4356 WebClient - ok

16:56:13.0400 4356 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll

16:56:13.0400 4356 Wecsvc - ok

16:56:13.0415 4356 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll

16:56:13.0415 4356 wercplsupport - ok

16:56:13.0431 4356 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll

16:56:13.0431 4356 WerSvc - ok

16:56:13.0446 4356 WinDefend - ok

16:56:13.0446 4356 WinHttpAutoProxySvc - ok

16:56:13.0493 4356 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

16:56:13.0493 4356 Winmgmt - ok

16:56:13.0540 4356 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll

16:56:13.0587 4356 WinRM - ok

16:56:13.0618 4356 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll

16:56:13.0634 4356 Wlansvc - ok

16:56:13.0727 4356 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

16:56:13.0758 4356 wlidsvc - ok

16:56:13.0774 4356 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

16:56:13.0774 4356 WmiAcpi - ok

16:56:13.0805 4356 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

16:56:13.0805 4356 wmiApSrv - ok

16:56:13.0805 4356 WMPNetworkSvc - ok

16:56:13.0836 4356 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll

16:56:13.0836 4356 WPCSvc - ok

16:56:13.0852 4356 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

16:56:13.0868 4356 WPDBusEnum - ok

16:56:13.0883 4356 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

16:56:13.0883 4356 WpdUsb - ok

16:56:14.0133 4356 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

16:56:14.0148 4356 WPFFontCache_v0400 - ok

16:56:14.0164 4356 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

16:56:14.0164 4356 ws2ifsl - ok

16:56:14.0180 4356 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll

16:56:14.0195 4356 wscsvc - ok

16:56:14.0195 4356 WSearch - ok

16:56:14.0258 4356 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

16:56:14.0289 4356 wuauserv - ok

16:56:14.0304 4356 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

16:56:14.0304 4356 WUDFRd - ok

16:56:14.0320 4356 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll

16:56:14.0320 4356 wudfsvc - ok

16:56:14.0336 4356 ================ Scan global ===============================

16:56:14.0351 4356 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll

16:56:14.0382 4356 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll

16:56:14.0398 4356 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll

16:56:14.0429 4356 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe

16:56:14.0429 4356 [Global] - ok

16:56:14.0429 4356 ================ Scan MBR ==================================

16:56:14.0445 4356 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0

16:56:14.0445 4356 Suspicious mbr (Forged): \Device\Harddisk0\DR0

16:56:14.0507 4356 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

16:56:14.0507 4356 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

16:56:14.0507 4356 ================ Scan VBR ==================================

16:56:14.0523 4356 [ 3DFBA14AF92E5FFB4121740B84C67E09 ] \Device\Harddisk0\DR0\Partition1

16:56:14.0523 4356 \Device\Harddisk0\DR0\Partition1 - ok

16:56:14.0523 4356 [ 40566CFED7FD1B1FB1A4694BA94D16C6 ] \Device\Harddisk0\DR0\Partition2

16:56:14.0523 4356 \Device\Harddisk0\DR0\Partition2 - ok

16:56:14.0523 4356 ============================================================

16:56:14.0523 4356 Scan finished

16:56:14.0523 4356 ============================================================

16:56:14.0538 1808 Detected object count: 2

16:56:14.0538 1808 Actual detected object count: 2

16:57:14.0224 1808 Akamai ( HiddenFile.Multi.Generic ) - skipped by user

16:57:14.0224 1808 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

16:57:15.0846 1808 \Device\Harddisk0\DR0\# - copied to quarantine

16:57:15.0846 1808 \Device\Harddisk0\DR0 - copied to quarantine

16:57:15.0878 1808 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

16:57:15.0893 1808 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

16:57:16.0283 1808 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

16:57:16.0408 1808 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

16:57:16.0408 1808 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

16:57:16.0424 1808 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

16:57:16.0455 1808 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

16:57:16.0470 1808 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

16:57:16.0548 1808 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

16:57:16.0580 1808 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

16:57:16.0611 1808 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

16:57:16.0658 1808 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

16:57:16.0658 1808 \Device\Harddisk0\DR0 - ok

16:57:16.0658 1808 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

16:57:23.0038 4328 Deinitialize success

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.