TechSpot

Constant Google redirects/popups and freezing

By Nordox3432
Jun 8, 2012
  1. Recently my antivirus software (BitDefender) picked up on two infected files. They are removed at startup when I am asked to reboot, however they soon reappear:

    C:\Windows\Assembly\GAC_32\Desktop.ini - Trojan.Generic.6936374
    C:\Windows\Assembly\GAC_64\Desktop.ini - Backdoor.Generic.699532

    Bitdefender also keeps blocking C:\windows\SysWoW64\ping.exe.
    Maleware-bytes couldn't find anything, and another website said to use TDSS killer, which also found nothing, and the hosts file was not corrupted. My system is really bogged down on normal, but it runs fine on safe mode (I still get redirects, though.)

    I followed the 5-step instructions and will post the logs.
     
  2. Nordox3432

    Nordox3432 TS Rookie Topic Starter Posts: 22

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.06.05

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Bethany :: BETHANY-PC [administrator]

    Protection: Enabled

    6/8/2012 1:54:10 AM
    mbam-log-2012-06-08 (01-54-10).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 207536
    Time elapsed: 37 minute(s), 14 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    It appears that you may also asking for help here> http://forums.malwarebytes.org/index.php?showtopic=110835
    You werer advised to reformat/reinstall because of the Backdoor malware. Is that your thread, posted yesterday?

    Please decide which forum you want to stay with and advise the other forum that you are getting help elsewhere so the thread can be closed.
     
  4. Nordox3432

    Nordox3432 TS Rookie Topic Starter Posts: 22

    No...That is not my post. This is the first forum I have posted my issue on. Do you advise that I reformat?
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I do not have enough information to determine if you should go directly to a reformat/reinstall. Mbam is clean and I have no idea what the original extent of the infection was.

    If you would like us to check the system for malware, please follow these steps: Preliminary Virus and Malware Removal.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
     
  6. Nordox3432

    Nordox3432 TS Rookie Topic Starter Posts: 22

    Alright. Sorry for the delay. I have one question. Will these programs give you the same information in safe mode?
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    No, some processes don't run in Safe Mode. Please tell me why you are asking this question.

    Can you get into Normal Mode?
    Can you get into Safe Mode with Networking?

    If it's "no" for either question, tell me what happens when you dp try that mode.
    Understand that there are times when we intentionally do run scans in Safe Mode, but not these preliminary scans if Normal Mode can be accessed
     
  8. Nordox3432

    Nordox3432 TS Rookie Topic Starter Posts: 22

    Yes I can get into both, however normal mode is difficult to use, as it is very slow. I have been using safe mode with networking just fine, but I can try normal mode again.
     
  9. Nordox3432

    Nordox3432 TS Rookie Topic Starter Posts: 22

    Also... I cant seem to get DDS to run in normal mode, but I can in safe mode with networking. I can post those logs.
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay to leave the logs from DDS.

    Note: Safe Mode with Networking has it's uses- but using it for general surfing isn't safe. The secuity programs don't run in that mode so the system will be completely vulnerable.
     
  11. Nordox3432

    Nordox3432 TS Rookie Topic Starter Posts: 22

    This is all GMER gave me:
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-06-08 04:57:55
    Windows 6.1.7600
    Running: s3wyginf.exe


    ---- Files - GMER 1.0.15 ----

    File C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I need all of the logs.
     
  13. Nordox3432

    Nordox3432 TS Rookie Topic Starter Posts: 22

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
    Run by Bethany at 21:45:45 on 2012-06-11
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2663.1591 [GMT -5:00]
    .
    AV: Bitdefender Antivirus *Disabled/Outdated* {50909708-FF80-02AF-F814-B28405891E92}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Bitdefender Antispyware *Disabled/Outdated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
    FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\svchost.exe -k secsvcs
    C:\windows\Explorer.EXE
    C:\windows\system32\ctfmon.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    mStart Page = about:blank
    uInternet Settings,ProxyOverride = <local>
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB: {90b49673-5506-483e-b92b-ca0265bd9ca8} - No File
    TB: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\Users\Bethany\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31}
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{FC5A3903-3199-4DC7-BFA3-1CD6F1AAE87D} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{FC5A3903-3199-4DC7-BFA3-1CD6F1AAE87D}\2427564747025465F4 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{FC5A3903-3199-4DC7-BFA3-1CD6F1AAE87D}\4575955433 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{FC5A3903-3199-4DC7-BFA3-1CD6F1AAE87D}\C45696768637025465F4 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{FC5A3903-3199-4DC7-BFA3-1CD6F1AAE87D}\E4544574541425 : DhcpNameServer = 10.0.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB-X64: {90b49673-5506-483e-b92b-ca0265bd9ca8} - No File
    TB-X64: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Bethany\AppData\Roaming\Mozilla\Firefox\Profiles\g18bkup8.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1307415405&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1&ctid=CT1060933&SearchSource=2&q=
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Bethany\AppData\Roaming\Mozilla\Firefox\Profiles\g18bkup8.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\np-mswmp.dll
    FF - plugin: C:\Users\Bethany\AppData\Roaming\Mozilla\Firefox\Profiles\g18bkup8.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\plugins\np-mswmp.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\windows\SysWOW64\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R3 avchv;avchv Function Driver;C:\windows\system32\DRIVERS\avchv.sys --> C:\windows\system32\DRIVERS\avchv.sys [?]
    R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
    R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
    S0 avc3;avc3;C:\windows\system32\DRIVERS\avc3.sys --> C:\windows\system32\DRIVERS\avc3.sys [?]
    S1 BDVEDISK;BDVEDISK;C:\windows\system32\DRIVERS\bdvedisk.sys --> C:\windows\system32\DRIVERS\bdvedisk.sys [?]
    S2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-22 136176]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-4 654408]
    S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [2011-1-17 115056]
    S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [2011-1-17 126392]
    S2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-6-1 66096]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-31 257696]
    S3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
    S3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
    S3 avckf;avckf;C:\windows\system32\DRIVERS\avckf.sys --> C:\windows\system32\DRIVERS\avckf.sys [?]
    S3 bdsandbox;bdsandbox;\??\C:\windows\system32\drivers\bdsandbox.sys --> C:\windows\system32\drivers\bdsandbox.sys [?]
    S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-22 136176]
    S3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-29 129976]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
    S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-1-17 51576]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
    S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-06-12 02:31:02 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5CA3C14C-D645-4F8E-8662-D632BCF325D2}\offreg.dll
    2012-06-09 07:55:05 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-08 03:48:19 -------- d-----w- C:\windows\pss
    2012-06-05 06:31:23 -------- d-s---w- C:\ComboFix
    2012-06-04 16:40:35 -------- d-----w- C:\Users\Bethany\AppData\Roaming\Malwarebytes
    2012-06-04 16:39:18 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-06-04 16:39:15 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
    2012-06-04 16:39:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-01 06:35:49 -------- d-----w- C:\ProgramData\BDLogging
    2012-06-01 06:12:00 79952 ----a-w- C:\windows\System32\drivers\bdsandbox.sys
    2012-06-01 06:11:18 545064 ----a-w- C:\windows\System32\drivers\avckf.sys
    2012-06-01 06:10:54 691896 ----a-w- C:\windows\System32\drivers\avc3.sys
    2012-06-01 04:13:33 -------- d-----we C:\windows\system64
    2012-05-31 16:30:18 8769696 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-31 16:14:10 476960 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
    2012-05-31 16:07:50 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-30 07:26:17 -------- d-----w- C:\Users\Bethany\AppData\Roaming\Musicnotes
    2012-05-30 07:26:12 -------- d-----w- C:\ProgramData\Musicnotes
    2012-05-30 05:22:29 -------- d-----w- C:\Program Files (x86)\EASEUS
    2012-05-30 04:58:14 -------- d-----w- C:\ProgramData\ParetoLogic
    2012-05-30 04:55:49 -------- d-----w- C:\ProgramData\Cached Installations
    2012-05-29 18:41:57 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
    2012-05-29 18:41:51 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-05-29 18:41:51 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-05-14 03:32:07 1541120 ----a-w- C:\windows\System32\DWrite.dll
    2012-05-14 03:32:06 902656 ----a-w- C:\windows\System32\d2d1.dll
    2012-05-14 03:32:06 320512 ----a-w- C:\windows\System32\d3d10_1core.dll
    2012-05-14 03:32:06 218624 ----a-w- C:\windows\SysWow64\d3d10_1core.dll
    2012-05-14 03:32:06 1837568 ----a-w- C:\windows\System32\d3d10warp.dll
    2012-05-14 03:32:06 1170944 ----a-w- C:\windows\SysWow64\d3d10warp.dll
    2012-05-14 03:32:06 1074176 ----a-w- C:\windows\SysWow64\DWrite.dll
    2012-05-14 03:32:05 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
    2012-05-14 03:32:05 197120 ----a-w- C:\windows\System32\d3d10_1.dll
    2012-05-14 03:32:05 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
    2012-05-14 03:31:00 5504880 ----a-w- C:\windows\System32\ntoskrnl.exe
    2012-05-14 03:30:51 3143680 ----a-w- C:\windows\System32\win32k.sys
    2012-05-14 03:30:49 3902320 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    2012-05-14 03:30:48 3958128 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2012-05-14 03:30:45 75632 ----a-w- C:\windows\System32\drivers\partmgr.sys
    2012-05-14 03:30:32 1895280 ----a-w- C:\windows\System32\drivers\tcpip.sys
    2012-05-14 03:30:27 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2012-05-14 03:30:26 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-14 03:30:26 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2012-05-14 03:30:26 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-14 03:30:25 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    .
    ==================== Find3M ====================
    .
    2012-06-01 04:13:58 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-31 16:13:47 472864 ----a-w- C:\windows\SysWow64\deployJava1.dll
    .
    ============= FINISH: 21:49:31.94 ===============
     
  14. Nordox3432

    Nordox3432 TS Rookie Topic Starter Posts: 22

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/16/2011 4:49:04 PM
    System Uptime: 6/11/2012 9:44:08 PM (0 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: AMD E-240 Processor | Socket FT1 | 1496/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 221 GiB total, 114.85 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    ==== System Restore Points ===================
    .
    RP160: 6/11/2012 4:55:15 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    3dsmax ancillary install
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 9.3.4
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Amazon Links
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Backburner
    Bejeweled 2 Deluxe
    BitTorrent
    Camersoft Webcam Capture 2.2.32
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    Chuzzle Deluxe
    Coby Media Manager
    DivX Setup
    EASEUS Data Recovery Wizard Professional 5.5.1
    EASEUS Deleted File Recovery 3.0.1
    FATE - The Traitor Soul
    FBX Plugin 2006.08 for Max 9.0
    Freecorder 5
    Freecorder Toolbar
    GIMP 2.6.11
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Governor of Poker 2 Premium Edition
    Halo Combat Evolved
    IMVU Inc Toolbar
    Java Auto Updater
    Java(TM) 6 Update 32
    Jewel Quest - Heritage
    Junk Mail filter update
    Label@Once 1.0
    Magic ISO Maker v5.5 (build 0272)
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft Choice Guard
    Microsoft Office 2010
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    PDF Settings
    PlayReady PC Runtime x86
    Polar Bowler
    RarZilla Free Unrar
    Realtek USB 2.0 Card Reader
    Realtek WLAN Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Skype Launcher
    Skype™ 5.5
    Slingo Supreme
    Toshiba App Place
    TOSHIBA Application Installer
    TOSHIBA Assist
    Toshiba Book Place
    TOSHIBA Bulletin Board
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    Toshiba Laptop Checkup
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    Toshiba Online Backup
    TOSHIBA Quality Application
    TOSHIBA ReelTime
    TOSHIBA Service Station
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    ToshibaRegistration
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VC80CRTRedist - 8.0.50727.6195
    WildTangent Games
    WildTangent ORB Game Console
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/9/2012 2:02:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    6/9/2012 2:02:50 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/9/2012 2:02:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
    6/9/2012 1:59:14 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{FC5A3903-3199-4DC7-BFA3-1CD6F1AAE87D} because another computer on the network has the same name. The server could not start.
    6/8/2012 12:31:51 AM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 1 time(s).
    6/8/2012 12:23:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Common Client Job Manager Service service to connect.
    6/8/2012 12:23:37 AM, Error: Service Control Manager [7000] - The Common Client Job Manager Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/8/2012 12:21:00 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    6/8/2012 12:20:05 AM, Error: Service Control Manager [7031] - The Common Client Job Manager Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/8/2012 12:16:09 AM, Error: Service Control Manager [7022] - The Common Client Job Manager Service service hung on starting.
    6/7/2012 11:47:23 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    6/7/2012 11:43:07 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 2 time(s).
    6/7/2012 11:02:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wbengine service.
    6/7/2012 10:58:14 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    6/7/2012 10:57:05 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error: An instance of the service is already running.
    6/7/2012 10:57:05 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
    6/7/2012 10:56:05 PM, Error: Service Control Manager [7034] - The Problem Reports and Solutions Control Panel Support service terminated unexpectedly. It has done this 1 time(s).
    6/7/2012 10:56:05 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    6/7/2012 10:56:05 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/7/2012 10:56:05 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/7/2012 10:56:05 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/7/2012 10:56:05 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/7/2012 10:56:05 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/7/2012 10:56:05 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/7/2012 10:56:05 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/7/2012 10:56:05 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/7/2012 10:56:05 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/7/2012 10:56:05 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/7/2012 10:56:05 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/7/2012 10:56:05 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/7/2012 10:56:05 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/7/2012 10:56:05 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/7/2012 10:56:05 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/7/2012 10:55:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
    6/7/2012 10:55:16 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/7/2012 10:55:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    6/7/2012 10:53:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    6/7/2012 10:45:52 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
    6/7/2012 10:45:23 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    6/7/2012 10:43:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
    6/7/2012 10:43:01 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/7/2012 10:41:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
    6/7/2012 10:41:56 PM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/7/2012 10:32:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Software Updater service to connect.
    6/7/2012 10:32:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
    6/6/2012 9:32:18 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 3 time(s).
    6/6/2012 8:43:02 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 3 time(s).
    6/6/2012 8:31:35 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 2 time(s).
    6/6/2012 7:08:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PNRPsvc service.
    6/6/2012 7:08:45 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    6/6/2012 7:08:45 PM, Error: Service Control Manager [7000] - The Peer Name Resolution Protocol service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/6/2012 3:57:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
    6/6/2012 10:43:21 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 4 time(s).
    6/6/2012 10:31:33 PM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 4 time(s).
    6/6/2012 1:01:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
    6/5/2012 9:43:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    6/5/2012 9:43:12 AM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 6 time(s).
    6/5/2012 9:43:07 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    6/5/2012 9:33:17 AM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 5 time(s).
    6/5/2012 9:32:57 AM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 5 time(s).
    6/5/2012 10:42:54 AM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 7 time(s).
    6/5/2012 10:36:56 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    6/5/2012 10:31:24 AM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 6 time(s).
    6/4/2012 9:57:19 PM, Error: Service Control Manager [7034] - The Common Client Job Manager Service service terminated unexpectedly. It has done this 3 time(s).
    6/4/2012 9:51:00 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
    6/4/2012 9:47:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service.
    6/4/2012 10:02:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.
    6/4/2012 10:02:08 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    6/4/2012 10:02:08 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    6/4/2012 10:02:08 PM, Error: Service Control Manager [7000] - The Peer Networking Identity Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/11/2012 9:45:13 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    6/11/2012 9:45:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/11/2012 9:45:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/11/2012 9:44:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/11/2012 9:44:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/11/2012 9:44:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avc3 bdfsfltr BDVEDISK discache spldr trufos Wanarpv6
    6/11/2012 9:44:40 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    6/11/2012 9:44:40 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
    6/11/2012 9:44:40 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    6/11/2012 9:44:37 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    6/11/2012 9:37:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
    6/11/2012 9:37:18 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/11/2012 9:34:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    6/11/2012 9:34:52 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/11/2012 9:32:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
    6/11/2012 9:32:59 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/11/2012 9:31:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    6/11/2012 9:30:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: trufos
    6/11/2012 9:30:10 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    6/11/2012 7:12:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TMachInfo service to connect.
    6/11/2012 7:12:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TOSHIBA HDD SSD Alert Service service to connect.
    6/11/2012 7:12:08 PM, Error: Service Control Manager [7000] - The TOSHIBA HDD SSD Alert Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/11/2012 7:12:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TOSHIBA HDD SSD Alert Service with arguments "" in order to run the server: {A1CC28EB-258A-4B67-BBC2-4DD5D8AF4C8F}
    6/11/2012 5:18:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.
    6/11/2012 5:17:36 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    6/11/2012 4:54:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
    6/11/2012 4:54:26 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/11/2012 4:54:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
    6/11/2012 12:55:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
    6/11/2012 12:55:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
    6/11/2012 12:55:19 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    6/11/2012 12:54:07 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    6/11/2012 12:54:07 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    6/11/2012 12:54:06 PM, Error: Service Control Manager [7022] - The Peer Networking Identity Manager service hung on starting.
    6/11/2012 12:52:05 PM, Error: Service Control Manager [7031] - The Common Client Job Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/11/2012 12:49:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    .
    ==== End Of File ===========================
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Today is 6/17, but the logs above are from 6/11. It appears you have run the following:
    2012-06-09 07:55:05 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-05 06:31:23 -------- d-s---w- C:\ComboFix

    Where and why did you run them? If you have the log from TDSSKiller, please paste it into next reply.

    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions:
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------

    • Download Combofix from HERE or HERE and save to the desktop
      • Double click combofix.exe & follow the prompts.
      • If prompted for Recovery Console, please allow.
      • Once installed, you should see a blue screen prompt that says:
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.
      • Note: No query will be made if the Recovery Console is already on the system.
    • Close any open browsers.
    • Before you run the Combofix scan, please disable any security software you have running.
      (If you need help with this, please see HERE)
    • Click on Yes, to continue scanning for malware
    • If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.
    ===================================================
    P2P or 'file sharing' Warning:
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall BitTorrent, Freecorder Toolbar
    Magic ISO Maker v5.5 for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.
    Please read the information on P2P Warning to help you better understand these dangers.
    ===============================================================
    Please run the following after Combofix:

    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    ==============================================================
    Download Security Check by screen317 and save to the desktop
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt please
    • Post the contents of that document.
     
  16. Nordox3432

    Nordox3432 TS Rookie Topic Starter Posts: 22

    The logs were a bit delayed because I could only get the programs to run before I had to do something, and I shut down my computer each time. It takes awhile to completely load my desktop and open my browser and I didn't always have time to wait for it. As for the two I ran TDSSkiller before I posted here, but it wouldn't work. The second time around it worked. The same for combofix, but it didn't do anything for me the second time, so I uninstalled it. Here is the TDSSkiller log.

    02:52:30.0116 1164 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
    02:52:30.0672 1164 ============================================================
    02:52:30.0672 1164 Current date / time: 2012/06/09 02:52:30.0672
    02:52:30.0672 1164 SystemInfo:
    02:52:30.0672 1164
    02:52:30.0672 1164 OS Version: 6.1.7600 ServicePack: 0.0
    02:52:30.0672 1164 Product type: Workstation
    02:52:30.0673 1164 ComputerName: BETHANY-PC
    02:52:30.0674 1164 UserName: Bethany
    02:52:30.0674 1164 Windows directory: C:\windows
    02:52:30.0674 1164 System windows directory: C:\windows
    02:52:30.0674 1164 Running under WOW64
    02:52:30.0674 1164 Processor architecture: Intel x64
    02:52:30.0674 1164 Number of processors: 1
    02:52:30.0674 1164 Page size: 0x1000
    02:52:30.0674 1164 Boot type: Safe boot with network
    02:52:30.0674 1164 ============================================================
    02:52:32.0340 1164 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    02:52:32.0346 1164 ============================================================
    02:52:32.0346 1164 \Device\Harddisk0\DR0:
    02:52:32.0346 1164 MBR partitions:
    02:52:32.0346 1164 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1B9CE000
    02:52:32.0346 1164 ============================================================
    02:52:32.0396 1164 C: <-> \Device\Harddisk0\DR0\Partition0
    02:52:32.0396 1164 ============================================================
    02:52:32.0396 1164 Initialize success
    02:52:32.0396 1164 ============================================================
    02:52:34.0745 1932 ============================================================
    02:52:34.0745 1932 Scan started
    02:52:34.0745 1932 Mode: Manual;
    02:52:34.0746 1932 ============================================================
    02:52:36.0296 1932 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\windows\system32\DRIVERS\1394ohci.sys
    02:52:36.0301 1932 1394ohci - ok
    02:52:36.0395 1932 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
    02:52:36.0401 1932 ACPI - ok
    02:52:36.0470 1932 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
    02:52:36.0472 1932 AcpiPmi - ok
    02:52:36.0664 1932 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    02:52:36.0669 1932 AdobeFlashPlayerUpdateSvc - ok
    02:52:36.0779 1932 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
    02:52:36.0794 1932 adp94xx - ok
    02:52:36.0851 1932 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
    02:52:36.0857 1932 adpahci - ok
    02:52:36.0913 1932 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
    02:52:36.0917 1932 adpu320 - ok
    02:52:36.0969 1932 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
    02:52:36.0982 1932 AeLookupSvc - ok
    02:52:37.0082 1932 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys
    02:52:37.0090 1932 AFD - ok
    02:52:37.0165 1932 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
    02:52:37.0196 1932 agp440 - ok
    02:52:37.0402 1932 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
    02:52:37.0404 1932 ALG - ok
    02:52:37.0450 1932 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
    02:52:37.0452 1932 aliide - ok
    02:52:37.0536 1932 AMD External Events Utility (cf4d1ebe8fec994a0df69149ed27e417) C:\windows\system32\atiesrxx.exe
    02:52:37.0541 1932 AMD External Events Utility - ok
    02:52:37.0593 1932 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
    02:52:37.0596 1932 amdide - ok
    02:52:37.0655 1932 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
    02:52:37.0659 1932 AmdK8 - ok
    02:52:38.0232 1932 amdkmdag (375ac85e1130eaa1eaeb62ddd22b0efb) C:\windows\system32\DRIVERS\atikmdag.sys
    02:52:38.0483 1932 amdkmdag - ok
    02:52:38.0702 1932 amdkmdap (daeb3f2bb2095b95b98be6cec99d02e7) C:\windows\system32\DRIVERS\atikmpag.sys
    02:52:38.0707 1932 amdkmdap - ok
    02:52:38.0779 1932 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
    02:52:38.0781 1932 AmdPPM - ok
    02:52:38.0855 1932 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
    02:52:38.0861 1932 amdsata - ok
    02:52:38.0946 1932 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
    02:52:38.0950 1932 amdsbs - ok
    02:52:39.0001 1932 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
    02:52:39.0003 1932 amdxata - ok
    02:52:39.0082 1932 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
    02:52:39.0084 1932 AppID - ok
    02:52:39.0130 1932 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
    02:52:39.0132 1932 AppIDSvc - ok
    02:52:39.0208 1932 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
    02:52:39.0211 1932 Appinfo - ok
    02:52:39.0293 1932 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
    02:52:39.0296 1932 arc - ok
    02:52:39.0347 1932 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
    02:52:39.0350 1932 arcsas - ok
    02:52:39.0409 1932 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
    02:52:39.0411 1932 AsyncMac - ok
    02:52:39.0461 1932 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
    02:52:39.0461 1932 atapi - ok
    02:52:39.0654 1932 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\windows\system32\DRIVERS\athrx.sys
    02:52:39.0676 1932 athr - ok
    02:52:39.0917 1932 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
    02:52:39.0940 1932 AudioEndpointBuilder - ok
    02:52:39.0960 1932 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
    02:52:39.0967 1932 AudioSrv - ok
    02:52:40.0215 1932 avc3 (f57de310bf3bd9df0f7d301c1d7f5432) C:\windows\system32\DRIVERS\avc3.sys
    02:52:40.0227 1932 avc3 - ok
    02:52:40.0313 1932 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\windows\system32\DRIVERS\avchv.sys
    02:52:40.0316 1932 avchv - ok
    02:52:40.0425 1932 avckf (6dc4cca415bbf2fc629beb532aa0e6cd) C:\windows\system32\DRIVERS\avckf.sys
    02:52:40.0451 1932 avckf - ok
    02:52:40.0523 1932 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
    02:52:40.0526 1932 AxInstSV - ok
    02:52:40.0602 1932 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
    02:52:40.0611 1932 b06bdrv - ok
    02:52:40.0714 1932 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
    02:52:40.0719 1932 b57nd60a - ok
    02:52:40.0795 1932 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
    02:52:40.0798 1932 BDESVC - ok
    02:52:40.0905 1932 bdfsfltr (ea195950fa5dd4a8f7bc00822213a363) C:\windows\system32\DRIVERS\bdfsfltr.sys
    02:52:40.0919 1932 bdfsfltr - ok
    02:52:41.0124 1932 bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
    02:52:41.0125 1932 bdfwfpf - ok
    02:52:41.0201 1932 bdsandbox (31571d77c6186ad228f52ee4ebdf8ee9) C:\windows\system32\drivers\bdsandbox.sys
    02:52:41.0204 1932 bdsandbox - ok
    02:52:41.0272 1932 BDVEDISK (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\windows\system32\DRIVERS\bdvedisk.sys
    02:52:41.0274 1932 BDVEDISK - ok
    02:52:41.0343 1932 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
    02:52:41.0346 1932 Beep - ok
    02:52:41.0461 1932 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\system32\qmgr.dll
    02:52:41.0627 1932 BITS - ok
    02:52:41.0723 1932 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
    02:52:41.0728 1932 blbdrive - ok
    02:52:41.0880 1932 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    02:52:41.0886 1932 Bonjour Service - ok
    02:52:41.0972 1932 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
    02:52:41.0975 1932 bowser - ok
    02:52:42.0016 1932 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
    02:52:42.0017 1932 BrFiltLo - ok
    02:52:42.0048 1932 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
    02:52:42.0060 1932 BrFiltUp - ok
    02:52:42.0161 1932 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
    02:52:42.0164 1932 BridgeMP - ok
    02:52:42.0226 1932 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
    02:52:42.0231 1932 Browser - ok
    02:52:42.0289 1932 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
    02:52:42.0297 1932 Brserid - ok
    02:52:42.0341 1932 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
    02:52:42.0343 1932 BrSerWdm - ok
    02:52:42.0434 1932 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
    02:52:42.0452 1932 BrUsbMdm - ok
    02:52:42.0478 1932 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
    02:52:42.0480 1932 BrUsbSer - ok
    02:52:42.0523 1932 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
    02:52:42.0527 1932 BTHMODEM - ok
    02:52:42.0587 1932 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
    02:52:42.0591 1932 bthserv - ok
    02:52:42.0818 1932 catchme - ok
    02:52:42.0899 1932 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
    02:52:42.0902 1932 cdfs - ok
    02:52:42.0976 1932 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
    02:52:42.0979 1932 cdrom - ok
    02:52:43.0042 1932 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
    02:52:43.0045 1932 CertPropSvc - ok
    02:52:43.0123 1932 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
    02:52:43.0125 1932 circlass - ok
    02:52:43.0192 1932 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
    02:52:43.0199 1932 CLFS - ok
    02:52:43.0311 1932 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    02:52:43.0363 1932 clr_optimization_v2.0.50727_32 - ok
    02:52:43.0414 1932 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    02:52:43.0450 1932 clr_optimization_v2.0.50727_64 - ok
    02:52:43.0568 1932 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    02:52:43.0611 1932 clr_optimization_v4.0.30319_32 - ok
    02:52:43.0665 1932 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    02:52:43.0672 1932 clr_optimization_v4.0.30319_64 - ok
    02:52:43.0760 1932 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
    02:52:43.0762 1932 CmBatt - ok
    02:52:43.0793 1932 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
    02:52:43.0795 1932 cmdide - ok
    02:52:43.0888 1932 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
    02:52:43.0896 1932 CNG - ok
    02:52:44.0080 1932 CnxtHdAudService (2816874cb991d6b7f6e434b8c29bb0d1) C:\windows\system32\drivers\CHDRT64.sys
    02:52:44.0121 1932 CnxtHdAudService - ok
    02:52:44.0183 1932 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
    02:52:44.0185 1932 Compbatt - ok
    02:52:44.0248 1932 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
    02:52:44.0249 1932 CompositeBus - ok
    02:52:44.0286 1932 COMSysApp - ok
    02:52:44.0324 1932 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
    02:52:44.0328 1932 crcdisk - ok
    02:52:44.0408 1932 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\windows\system32\cryptsvc.dll
    02:52:44.0412 1932 CryptSvc - ok
    02:52:44.0534 1932 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
    02:52:44.0544 1932 DcomLaunch - ok
    02:52:44.0632 1932 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
    02:52:44.0638 1932 defragsvc - ok
    02:52:44.0710 1932 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
    02:52:44.0712 1932 DfsC - ok
    02:52:44.0819 1932 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
    02:52:44.0826 1932 Dhcp - ok
    02:52:44.0872 1932 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
    02:52:44.0874 1932 discache - ok
    02:52:44.0933 1932 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
    02:52:44.0936 1932 Disk - ok
    02:52:45.0017 1932 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
    02:52:45.0022 1932 Dnscache - ok
    02:52:45.0088 1932 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
    02:52:45.0093 1932 dot3svc - ok
    02:52:45.0143 1932 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
    02:52:45.0147 1932 DPS - ok
    02:52:45.0212 1932 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
    02:52:45.0214 1932 drmkaud - ok
    02:52:45.0331 1932 DXGKrnl (601e731bf8e3f22906ce7d4d724b0439) C:\windows\System32\drivers\dxgkrnl.sys
    02:52:45.0346 1932 DXGKrnl - ok
    02:52:45.0431 1932 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
    02:52:45.0435 1932 EapHost - ok
    02:52:45.0764 1932 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
    02:52:45.0878 1932 ebdrv - ok
    02:52:46.0019 1932 EFS (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe
    02:52:46.0022 1932 EFS - ok
    02:52:46.0146 1932 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe
    02:52:46.0162 1932 ehRecvr - ok
    02:52:46.0216 1932 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
    02:52:46.0220 1932 ehSched - ok
    02:52:46.0390 1932 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
    02:52:46.0401 1932 elxstor - ok
    02:52:46.0438 1932 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
    02:52:46.0440 1932 ErrDev - ok
    02:52:46.0532 1932 ETD (5d82d501d2fee413b1f45f0302b5802c) C:\windows\system32\DRIVERS\ETD.sys
    02:52:46.0534 1932 ETD - ok
    02:52:46.0603 1932 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
    02:52:46.0620 1932 EventSystem - ok
    02:52:46.0664 1932 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
    02:52:46.0678 1932 exfat - ok
    02:52:46.0741 1932 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
    02:52:46.0746 1932 fastfat - ok
     
  17. Nordox3432

    Nordox3432 TS Rookie Topic Starter Posts: 22

    02:52:46.0864 1932 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
    02:52:46.0876 1932 Fax - ok
    02:52:46.0910 1932 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
    02:52:46.0912 1932 fdc - ok
    02:52:46.0974 1932 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
    02:52:46.0977 1932 fdPHost - ok
    02:52:47.0012 1932 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
    02:52:47.0015 1932 FDResPub - ok
    02:52:47.0053 1932 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
    02:52:47.0055 1932 FileInfo - ok
    02:52:47.0087 1932 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
    02:52:47.0089 1932 Filetrace - ok
    02:52:47.0277 1932 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    02:52:47.0288 1932 FLEXnet Licensing Service - ok
    02:52:47.0334 1932 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
    02:52:47.0336 1932 flpydisk - ok
    02:52:47.0396 1932 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
    02:52:47.0401 1932 FltMgr - ok
    02:52:47.0540 1932 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\windows\system32\FntCache.dll
    02:52:47.0561 1932 FontCache - ok
    02:52:47.0639 1932 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    02:52:47.0643 1932 FontCache3.0.0.0 - ok
    02:52:47.0752 1932 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
    02:52:47.0754 1932 FsDepends - ok
    02:52:47.0845 1932 fssfltr (2bf3b36b96d015af666b6aa63ae2e38f) C:\windows\system32\DRIVERS\fssfltr.sys
    02:52:47.0848 1932 fssfltr - ok
    02:52:48.0020 1932 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    02:52:48.0031 1932 fsssvc - ok
    02:52:48.0084 1932 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\windows\system32\drivers\Fs_Rec.sys
    02:52:48.0087 1932 Fs_Rec - ok
    02:52:48.0154 1932 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
    02:52:48.0158 1932 fvevol - ok
    02:52:48.0241 1932 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
    02:52:48.0242 1932 FwLnk - ok
    02:52:48.0328 1932 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
    02:52:48.0331 1932 gagp30kx - ok
    02:52:48.0432 1932 GameConsoleService (1fda0df739234c4023851a282dd28704) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    02:52:48.0439 1932 GameConsoleService - ok
    02:52:48.0538 1932 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
    02:52:48.0561 1932 gpsvc - ok
    02:52:48.0682 1932 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    02:52:48.0685 1932 gupdate - ok
    02:52:48.0749 1932 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    02:52:48.0751 1932 gupdatem - ok
    02:52:48.0842 1932 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    02:52:48.0847 1932 gusvc - ok
    02:52:48.0954 1932 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\windows\system32\DRIVERS\hamachi.sys
    02:52:48.0956 1932 hamachi - ok
    02:52:49.0006 1932 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
    02:52:49.0008 1932 hcw85cir - ok
    02:52:49.0098 1932 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
    02:52:49.0115 1932 HdAudAddService - ok
    02:52:49.0176 1932 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
    02:52:49.0179 1932 HDAudBus - ok
    02:52:49.0210 1932 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
    02:52:49.0213 1932 HidBatt - ok
    02:52:49.0249 1932 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
    02:52:49.0252 1932 HidBth - ok
    02:52:49.0283 1932 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
    02:52:49.0286 1932 HidIr - ok
    02:52:49.0334 1932 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
    02:52:49.0337 1932 hidserv - ok
    02:52:49.0426 1932 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
    02:52:49.0429 1932 HidUsb - ok
    02:52:49.0488 1932 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll
    02:52:49.0493 1932 hkmsvc - ok
    02:52:49.0556 1932 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll
    02:52:49.0562 1932 HomeGroupListener - ok
    02:52:49.0619 1932 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll
    02:52:49.0624 1932 HomeGroupProvider - ok
    02:52:49.0682 1932 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
    02:52:49.0685 1932 HpSAMD - ok
    02:52:49.0779 1932 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
    02:52:49.0791 1932 HTTP - ok
    02:52:49.0821 1932 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
    02:52:49.0823 1932 hwpolicy - ok
    02:52:49.0889 1932 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
    02:52:49.0894 1932 i8042prt - ok
    02:52:50.0000 1932 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
    02:52:50.0008 1932 iaStorV - ok
    02:52:50.0159 1932 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    02:52:50.0175 1932 idsvc - ok
    02:52:50.0253 1932 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
    02:52:50.0255 1932 iirsp - ok
    02:52:50.0357 1932 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll
    02:52:50.0371 1932 IKEEXT - ok
    02:52:50.0405 1932 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
    02:52:50.0407 1932 intelide - ok
    02:52:50.0503 1932 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
    02:52:50.0506 1932 intelppm - ok
    02:52:50.0568 1932 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
    02:52:50.0571 1932 IPBusEnum - ok
    02:52:50.0613 1932 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
    02:52:50.0615 1932 IpFilterDriver - ok
    02:52:50.0763 1932 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll
    02:52:50.0773 1932 iphlpsvc - ok
    02:52:50.0812 1932 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
    02:52:50.0815 1932 IPMIDRV - ok
    02:52:50.0894 1932 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
    02:52:50.0897 1932 IPNAT - ok
    02:52:50.0959 1932 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
    02:52:50.0961 1932 IRENUM - ok
    02:52:51.0004 1932 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
    02:52:51.0006 1932 isapnp - ok
    02:52:51.0058 1932 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
    02:52:51.0082 1932 iScsiPrt - ok
    02:52:51.0134 1932 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
    02:52:51.0135 1932 kbdclass - ok
    02:52:51.0210 1932 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
    02:52:51.0212 1932 kbdhid - ok
    02:52:51.0263 1932 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
    02:52:51.0266 1932 KeyIso - ok
    02:52:51.0302 1932 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
    02:52:51.0305 1932 KSecDD - ok
    02:52:51.0366 1932 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
    02:52:51.0370 1932 KSecPkg - ok
    02:52:51.0440 1932 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
    02:52:51.0442 1932 ksthunk - ok
    02:52:51.0546 1932 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
    02:52:51.0556 1932 KtmRm - ok
    02:52:51.0630 1932 L1C (0e154da6ca9105354a07d0c576804037) C:\windows\system32\DRIVERS\L1C62x64.sys
    02:52:51.0631 1932 L1C - ok
    02:52:51.0719 1932 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\System32\srvsvc.dll
    02:52:51.0736 1932 LanmanServer - ok
    02:52:51.0799 1932 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll
    02:52:51.0828 1932 LanmanWorkstation - ok
    02:52:51.0894 1932 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
    02:52:51.0903 1932 lltdio - ok
    02:52:51.0991 1932 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
    02:52:51.0998 1932 lltdsvc - ok
    02:52:52.0030 1932 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
    02:52:52.0043 1932 lmhosts - ok
    02:52:52.0112 1932 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
    02:52:52.0115 1932 LSI_FC - ok
    02:52:52.0145 1932 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
    02:52:52.0148 1932 LSI_SAS - ok
    02:52:52.0185 1932 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
    02:52:52.0187 1932 LSI_SAS2 - ok
    02:52:52.0209 1932 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
    02:52:52.0212 1932 LSI_SCSI - ok
    02:52:52.0255 1932 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
    02:52:52.0258 1932 luafv - ok
    02:52:52.0357 1932 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
    02:52:52.0360 1932 MBAMProtector - ok
    02:52:52.0519 1932 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    02:52:52.0528 1932 MBAMService - ok
    02:52:52.0615 1932 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\windows\system32\DRIVERS\mcdbus.sys
    02:52:52.0618 1932 mcdbus - ok
    02:52:52.0671 1932 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll
    02:52:52.0675 1932 Mcx2Svc - ok
    02:52:52.0731 1932 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
    02:52:52.0734 1932 megasas - ok
    02:52:52.0801 1932 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
    02:52:52.0807 1932 MegaSR - ok
    02:52:52.0856 1932 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    02:52:52.0861 1932 MMCSS - ok
    02:52:52.0896 1932 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
    02:52:52.0898 1932 Modem - ok
    02:52:52.0954 1932 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
    02:52:52.0959 1932 monitor - ok
    02:52:53.0012 1932 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
    02:52:53.0013 1932 mouclass - ok
    02:52:53.0078 1932 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
    02:52:53.0080 1932 mouhid - ok
    02:52:53.0119 1932 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
    02:52:53.0122 1932 mountmgr - ok
    02:52:53.0263 1932 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    02:52:53.0266 1932 MozillaMaintenance - ok
    02:52:53.0321 1932 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
    02:52:53.0327 1932 mpio - ok
    02:52:53.0366 1932 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
    02:52:53.0370 1932 mpsdrv - ok
    02:52:53.0404 1932 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
    02:52:53.0417 1932 MRxDAV - ok
    02:52:53.0488 1932 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
    02:52:53.0492 1932 mrxsmb - ok
    02:52:53.0575 1932 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
    02:52:53.0580 1932 mrxsmb10 - ok
    02:52:53.0637 1932 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
    02:52:53.0640 1932 mrxsmb20 - ok
    02:52:53.0681 1932 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\windows\system32\DRIVERS\msahci.sys
    02:52:53.0682 1932 msahci - ok
    02:52:53.0736 1932 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
    02:52:53.0739 1932 msdsm - ok
    02:52:53.0778 1932 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
    02:52:53.0793 1932 MSDTC - ok
    02:52:53.0854 1932 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
    02:52:53.0856 1932 Msfs - ok
    02:52:53.0916 1932 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
    02:52:53.0918 1932 mshidkmdf - ok
    02:52:53.0946 1932 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
    02:52:53.0948 1932 msisadrv - ok
    02:52:54.0019 1932 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
    02:52:54.0024 1932 MSiSCSI - ok
    02:52:54.0051 1932 msiserver - ok
    02:52:54.0117 1932 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
    02:52:54.0120 1932 MSKSSRV - ok
    02:52:54.0150 1932 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
    02:52:54.0152 1932 MSPCLOCK - ok
    02:52:54.0236 1932 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
    02:52:54.0246 1932 MSPQM - ok
    02:52:54.0296 1932 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
    02:52:54.0303 1932 MsRPC - ok
    02:52:54.0356 1932 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
    02:52:54.0357 1932 mssmbios - ok
    02:52:54.0438 1932 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
    02:52:54.0440 1932 MSTEE - ok
    02:52:54.0504 1932 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
    02:52:54.0506 1932 MTConfig - ok
    02:52:54.0544 1932 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
    02:52:54.0548 1932 Mup - ok
    02:52:54.0620 1932 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll
    02:52:54.0631 1932 napagent - ok
    02:52:54.0730 1932 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
    02:52:54.0735 1932 NativeWifiP - ok
    02:52:54.0850 1932 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
    02:52:54.0864 1932 NDIS - ok
    02:52:54.0918 1932 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
    02:52:54.0920 1932 NdisCap - ok
    02:52:54.0997 1932 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
    02:52:54.0999 1932 NdisTapi - ok
    02:52:55.0045 1932 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
    02:52:55.0047 1932 Ndisuio - ok
    02:52:55.0084 1932 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
    02:52:55.0087 1932 NdisWan - ok
    02:52:55.0135 1932 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
    02:52:55.0137 1932 NDProxy - ok
    02:52:55.0195 1932 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
    02:52:55.0197 1932 NetBIOS - ok
    02:52:55.0255 1932 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
    02:52:55.0261 1932 NetBT - ok
    02:52:55.0319 1932 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
    02:52:55.0322 1932 Netlogon - ok
    02:52:55.0401 1932 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
    02:52:55.0418 1932 Netman - ok
    02:52:55.0462 1932 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
    02:52:55.0481 1932 netprofm - ok
    02:52:55.0630 1932 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    02:52:55.0633 1932 NetTcpPortSharing - ok
    02:52:55.0714 1932 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
    02:52:55.0726 1932 nfrd960 - ok
    02:52:55.0813 1932 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll
    02:52:55.0819 1932 NlaSvc - ok
    02:52:55.0910 1932 Norton PC Checkup Application Launcher - ok
    02:52:55.0933 1932 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
    02:52:55.0935 1932 Npfs - ok
    02:52:55.0986 1932 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
    02:52:55.0992 1932 nsi - ok
    02:52:56.0039 1932 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
    02:52:56.0040 1932 nsiproxy - ok
    02:52:56.0193 1932 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
    02:52:56.0217 1932 Ntfs - ok
    02:52:56.0387 1932 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
    02:52:56.0388 1932 Null - ok
    02:52:56.0453 1932 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
    02:52:56.0457 1932 nvraid - ok
    02:52:56.0511 1932 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
    02:52:56.0540 1932 nvstor - ok
    02:52:56.0609 1932 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
    02:52:56.0612 1932 nv_agp - ok
    02:52:56.0641 1932 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
    02:52:56.0644 1932 ohci1394 - ok
    02:52:56.0743 1932 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    02:52:56.0747 1932 ose64 - ok
    02:52:57.0204 1932 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    02:52:57.0384 1932 osppsvc - ok
    02:52:57.0569 1932 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    02:52:57.0577 1932 p2pimsvc - ok
    02:52:57.0661 1932 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
    02:52:57.0671 1932 p2psvc - ok
    02:52:57.0767 1932 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
    02:52:57.0770 1932 Parport - ok
    02:52:57.0911 1932 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\windows\system32\drivers\partmgr.sys
    02:52:57.0915 1932 partmgr - ok
    02:52:57.0980 1932 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
    02:52:57.0986 1932 PcaSvc - ok
    02:52:58.0086 1932 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
    02:52:58.0102 1932 PCCUJobMgr - ok
    02:52:58.0165 1932 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
    02:52:58.0171 1932 pci - ok
    02:52:58.0222 1932 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
    02:52:58.0235 1932 pciide - ok
    02:52:58.0285 1932 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
    02:52:58.0290 1932 pcmcia - ok
    02:52:58.0321 1932 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
    02:52:58.0323 1932 pcw - ok
    02:52:58.0385 1932 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
    02:52:58.0395 1932 PEAUTH - ok
    02:52:58.0543 1932 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
    02:52:58.0546 1932 PerfHost - ok
    02:52:58.0722 1932 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
    02:52:58.0724 1932 PGEffect - ok
    02:52:58.0848 1932 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll
    02:52:58.0872 1932 pla - ok
    02:52:58.0972 1932 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll
    02:52:58.0981 1932 PlugPlay - ok
    02:52:59.0021 1932 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
    02:52:59.0035 1932 PNRPAutoReg - ok
    02:52:59.0081 1932 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    02:52:59.0096 1932 PNRPsvc - ok
    02:52:59.0164 1932 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll
    02:52:59.0174 1932 PolicyAgent - ok
    02:52:59.0240 1932 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
    02:52:59.0245 1932 Power - ok
    02:52:59.0359 1932 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
    02:52:59.0361 1932 PptpMiniport - ok
    02:52:59.0392 1932 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
    02:52:59.0395 1932 Processor - ok
    02:52:59.0476 1932 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\windows\system32\profsvc.dll
    02:52:59.0482 1932 ProfSvc - ok
    02:52:59.0554 1932 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
    02:52:59.0556 1932 ProtectedStorage - ok
    02:52:59.0631 1932 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
    02:52:59.0634 1932 Psched - ok
    02:52:59.0788 1932 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
    02:52:59.0838 1932 ql2300 - ok
    02:53:00.0004 1932 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
    02:53:00.0008 1932 ql40xx - ok
    02:53:00.0064 1932 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
    02:53:00.0070 1932 QWAVE - ok
    02:53:00.0117 1932 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
    02:53:00.0119 1932 QWAVEdrv - ok
    02:53:00.0157 1932 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
    02:53:00.0159 1932 RasAcd - ok
    02:53:00.0245 1932 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
    02:53:00.0247 1932 RasAgileVpn - ok
    02:53:00.0293 1932 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
    02:53:00.0298 1932 RasAuto - ok
    02:53:00.0373 1932 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
    02:53:00.0376 1932 Rasl2tp - ok
    02:53:00.0438 1932 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll
    02:53:00.0446 1932 RasMan - ok
    02:53:00.0504 1932 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
    02:53:00.0507 1932 RasPppoe - ok
    02:53:00.0546 1932 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
    02:53:00.0549 1932 RasSstp - ok
    02:53:00.0605 1932 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
    02:53:00.0610 1932 rdbss - ok
    02:53:00.0641 1932 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
    02:53:00.0643 1932 rdpbus - ok
    02:53:00.0684 1932 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
    02:53:00.0686 1932 RDPCDD - ok
    02:53:00.0750 1932 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
    02:53:00.0751 1932 RDPENCDD - ok
    02:53:00.0796 1932 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
    02:53:00.0798 1932 RDPREFMP - ok
    02:53:00.0867 1932 RDPWD (074ac702d8b8b660b0e1371555995386) C:\windows\system32\drivers\RDPWD.sys
    02:53:00.0872 1932 RDPWD - ok
    02:53:00.0944 1932 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\windows\system32\drivers\rdyboost.sys
    02:53:00.0948 1932 rdyboost - ok
    02:53:01.0035 1932 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
    02:53:01.0039 1932 RemoteAccess - ok
    02:53:01.0094 1932 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
    02:53:01.0100 1932 RemoteRegistry - ok
    02:53:01.0134 1932 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
    02:53:01.0138 1932 RpcEptMapper - ok
    02:53:01.0185 1932 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
    02:53:01.0188 1932 RpcLocator - ok
    02:53:01.0290 1932 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
    02:53:01.0298 1932 RpcSs - ok
    02:53:01.0365 1932 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
    02:53:01.0368 1932 rspndr - ok
    02:53:01.0486 1932 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
    02:53:01.0491 1932 RSUSBSTOR - ok
    02:53:01.0659 1932 RTL8192Ce (9befcecd9616cff3dc50e6ebb31d96b4) C:\windows\system32\DRIVERS\rtl8192Ce.sys
    02:53:01.0670 1932 RTL8192Ce - ok
    02:53:01.0743 1932 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
    02:53:01.0746 1932 SamSs - ok
    02:53:01.0807 1932 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
    02:53:01.0810 1932 sbp2port - ok
    02:53:01.0871 1932 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
    02:53:01.0877 1932 SCardSvr - ok
    02:53:01.0926 1932 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
     
  18. Nordox3432

    Nordox3432 TS Rookie Topic Starter Posts: 22

    02:53:01.0928 1932 scfilter - ok
    02:53:02.0121 1932 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll
    02:53:02.0155 1932 Schedule - ok
    02:53:02.0187 1932 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
    02:53:02.0189 1932 SCPolicySvc - ok
    02:53:02.0242 1932 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll
    02:53:02.0249 1932 SDRSVC - ok
    02:53:02.0354 1932 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
    02:53:02.0356 1932 secdrv - ok
    02:53:02.0416 1932 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll
    02:53:02.0420 1932 seclogon - ok
    02:53:02.0466 1932 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
    02:53:02.0470 1932 SENS - ok
    02:53:02.0496 1932 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
    02:53:02.0503 1932 SensrSvc - ok
    02:53:02.0554 1932 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
    02:53:02.0557 1932 Serenum - ok
    02:53:02.0629 1932 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
    02:53:02.0632 1932 Serial - ok
    02:53:02.0675 1932 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
    02:53:02.0677 1932 sermouse - ok
    02:53:02.0754 1932 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll
    02:53:02.0760 1932 SessionEnv - ok
    02:53:02.0812 1932 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
    02:53:02.0814 1932 sffdisk - ok
    02:53:02.0844 1932 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
    02:53:02.0846 1932 sffp_mmc - ok
    02:53:02.0865 1932 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
    02:53:02.0868 1932 sffp_sd - ok
    02:53:02.0904 1932 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
    02:53:02.0905 1932 sfloppy - ok
    02:53:02.0998 1932 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
    02:53:03.0007 1932 SharedAccess - ok
    02:53:03.0087 1932 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll
    02:53:03.0096 1932 ShellHWDetection - ok
    02:53:03.0171 1932 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
    02:53:03.0173 1932 SiSRaid2 - ok
    02:53:03.0217 1932 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
    02:53:03.0220 1932 SiSRaid4 - ok
    02:53:03.0288 1932 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
    02:53:03.0294 1932 Smb - ok
    02:53:03.0381 1932 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
    02:53:03.0384 1932 SNMPTRAP - ok
    02:53:03.0419 1932 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
    02:53:03.0421 1932 spldr - ok
    02:53:03.0513 1932 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe
    02:53:03.0524 1932 Spooler - ok
    02:53:03.0821 1932 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe
    02:53:03.0906 1932 sppsvc - ok
    02:53:04.0048 1932 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
    02:53:04.0053 1932 sppuinotify - ok
    02:53:04.0174 1932 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
    02:53:04.0183 1932 srv - ok
    02:53:04.0234 1932 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
    02:53:04.0255 1932 srv2 - ok
    02:53:04.0314 1932 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
    02:53:04.0319 1932 srvnet - ok
    02:53:04.0405 1932 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
    02:53:04.0411 1932 SSDPSRV - ok
    02:53:04.0443 1932 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
    02:53:04.0448 1932 SstpSvc - ok
    02:53:04.0509 1932 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
    02:53:04.0511 1932 stexstor - ok
    02:53:04.0631 1932 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll
    02:53:04.0652 1932 stisvc - ok
    02:53:04.0682 1932 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
    02:53:04.0683 1932 swenum - ok
    02:53:04.0790 1932 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
    02:53:04.0800 1932 swprv - ok
    02:53:04.0965 1932 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll
    02:53:04.0994 1932 SysMain - ok
    02:53:05.0148 1932 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll
    02:53:05.0153 1932 TabletInputService - ok
    02:53:05.0211 1932 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll
    02:53:05.0219 1932 TapiSrv - ok
    02:53:05.0274 1932 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
    02:53:05.0278 1932 TBS - ok
    02:53:05.0501 1932 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\drivers\tcpip.sys
    02:53:05.0532 1932 Tcpip - ok
    02:53:05.0882 1932 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\DRIVERS\tcpip.sys
    02:53:05.0901 1932 TCPIP6 - ok
    02:53:06.0093 1932 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
    02:53:06.0095 1932 tcpipreg - ok
    02:53:06.0182 1932 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
    02:53:06.0183 1932 tdcmdpst - ok
    02:53:06.0226 1932 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
    02:53:06.0228 1932 TDPIPE - ok
    02:53:06.0272 1932 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\windows\system32\drivers\tdtcp.sys
    02:53:06.0274 1932 TDTCP - ok
    02:53:06.0340 1932 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
    02:53:06.0343 1932 tdx - ok
    02:53:06.0373 1932 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
    02:53:06.0374 1932 TermDD - ok
    02:53:06.0481 1932 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll
    02:53:06.0498 1932 TermService - ok
    02:53:06.0549 1932 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
    02:53:06.0553 1932 Themes - ok
    02:53:06.0598 1932 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    02:53:06.0601 1932 THREADORDER - ok
    02:53:06.0727 1932 TMachInfo (dfe9ba871b9f3dbb591bd113611cbcc0) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    02:53:06.0730 1932 TMachInfo - ok
    02:53:06.0778 1932 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
    02:53:06.0783 1932 TODDSrv - ok
    02:53:06.0914 1932 TosCoSrv (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    02:53:06.0995 1932 TosCoSrv - ok
    02:53:07.0086 1932 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    02:53:07.0090 1932 TOSHIBA HDD SSD Alert Service - ok
    02:53:07.0144 1932 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
    02:53:07.0149 1932 TrkWks - ok
    02:53:07.0300 1932 trufos (df219721ddffcbe03aa894b6b6742ba1) C:\windows\system32\DRIVERS\trufos.sys
    02:53:07.0308 1932 trufos - ok
    02:53:07.0401 1932 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe
    02:53:07.0406 1932 TrustedInstaller - ok
    02:53:07.0458 1932 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
    02:53:07.0460 1932 tssecsrv - ok
    02:53:07.0535 1932 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
    02:53:07.0538 1932 tunnel - ok
    02:53:07.0614 1932 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
    02:53:07.0616 1932 TVALZ - ok
    02:53:07.0664 1932 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
    02:53:07.0668 1932 uagp35 - ok
    02:53:07.0723 1932 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
    02:53:07.0737 1932 udfs - ok
    02:53:07.0798 1932 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
    02:53:07.0802 1932 UI0Detect - ok
    02:53:08.0170 1932 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
    02:53:08.0172 1932 uliagpkx - ok
    02:53:08.0268 1932 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
    02:53:08.0270 1932 umbus - ok
    02:53:08.0308 1932 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
    02:53:08.0310 1932 UmPass - ok
    02:53:08.0524 1932 Update Server (7de3f30967cf77bd1fc440c2b847629a) C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
    02:53:08.0535 1932 Update Server - ok
    02:53:08.0774 1932 UPDATESRV (6fa5ffc3765c9c444d82faf1d46c1cae) C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
    02:53:09.0530 1932 UPDATESRV - ok
    02:53:09.0628 1932 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
    02:53:09.0636 1932 upnphost - ok
    02:53:09.0707 1932 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
    02:53:09.0711 1932 usbccgp - ok
    02:53:09.0808 1932 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
    02:53:09.0811 1932 usbcir - ok
    02:53:09.0864 1932 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\DRIVERS\usbehci.sys
    02:53:09.0866 1932 usbehci - ok
    02:53:09.0956 1932 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
    02:53:09.0963 1932 usbhub - ok
    02:53:09.0994 1932 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\DRIVERS\usbohci.sys
    02:53:09.0995 1932 usbohci - ok
    02:53:10.0047 1932 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
    02:53:10.0050 1932 usbprint - ok
    02:53:10.0161 1932 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
    02:53:10.0164 1932 USBSTOR - ok
    02:53:10.0203 1932 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
    02:53:10.0205 1932 usbuhci - ok
    02:53:10.0292 1932 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\system32\Drivers\usbvideo.sys
    02:53:10.0298 1932 usbvideo - ok
    02:53:10.0344 1932 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
    02:53:10.0349 1932 UxSms - ok
    02:53:10.0409 1932 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
    02:53:10.0411 1932 VaultSvc - ok
    02:53:10.0478 1932 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
    02:53:10.0481 1932 vdrvroot - ok
    02:53:10.0578 1932 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe
    02:53:10.0598 1932 vds - ok
    02:53:10.0683 1932 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
    02:53:10.0685 1932 vga - ok
    02:53:10.0732 1932 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
    02:53:10.0734 1932 VgaSave - ok
    02:53:10.0775 1932 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
    02:53:10.0779 1932 vhdmp - ok
    02:53:10.0826 1932 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
    02:53:10.0828 1932 viaide - ok
    02:53:10.0860 1932 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
    02:53:10.0863 1932 volmgr - ok
    02:53:10.0919 1932 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
    02:53:10.0926 1932 volmgrx - ok
    02:53:10.0982 1932 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
    02:53:10.0988 1932 volsnap - ok
    02:53:11.0050 1932 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
    02:53:11.0054 1932 vsmraid - ok
    02:53:11.0209 1932 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe
    02:53:11.0234 1932 VSS - ok
    02:53:11.0426 1932 VSSERV - ok
    02:53:11.0641 1932 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
    02:53:11.0642 1932 vwifibus - ok
    02:53:11.0707 1932 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
    02:53:11.0709 1932 vwififlt - ok
    02:53:11.0788 1932 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
    02:53:11.0798 1932 W32Time - ok
    02:53:11.0842 1932 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
    02:53:11.0845 1932 WacomPen - ok
    02:53:11.0921 1932 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
    02:53:11.0926 1932 WANARP - ok
    02:53:11.0952 1932 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
    02:53:11.0954 1932 Wanarpv6 - ok
    02:53:12.0110 1932 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
    02:53:12.0151 1932 WatAdminSvc - ok
    02:53:12.0284 1932 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe
    02:53:12.0311 1932 wbengine - ok
    02:53:12.0496 1932 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
    02:53:12.0515 1932 WbioSrvc - ok
    02:53:12.0586 1932 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll
    02:53:12.0595 1932 wcncsvc - ok
    02:53:12.0647 1932 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
    02:53:12.0652 1932 WcsPlugInService - ok
    02:53:12.0732 1932 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
    02:53:12.0734 1932 Wd - ok
    02:53:12.0814 1932 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
    02:53:12.0824 1932 Wdf01000 - ok
    02:53:12.0862 1932 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    02:53:12.0867 1932 WdiServiceHost - ok
    02:53:12.0892 1932 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    02:53:12.0896 1932 WdiSystemHost - ok
    02:53:12.0964 1932 WebClient (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll
    02:53:12.0971 1932 WebClient - ok
    02:53:13.0036 1932 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
    02:53:13.0044 1932 Wecsvc - ok
    02:53:13.0083 1932 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
    02:53:13.0090 1932 wercplsupport - ok
    02:53:13.0166 1932 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
    02:53:13.0172 1932 WerSvc - ok
    02:53:13.0275 1932 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
    02:53:13.0277 1932 WfpLwf - ok
    02:53:13.0322 1932 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
    02:53:13.0324 1932 WIMMount - ok
    02:53:13.0416 1932 WinDefend - ok
    02:53:13.0448 1932 WinHttpAutoProxySvc - ok
    02:53:13.0528 1932 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
    02:53:13.0533 1932 Winmgmt - ok
    02:53:13.0780 1932 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll
    02:53:13.0810 1932 WinRM - ok
    02:53:14.0053 1932 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
    02:53:14.0055 1932 WinUsb - ok
    02:53:14.0177 1932 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
    02:53:14.0192 1932 Wlansvc - ok
    02:53:14.0240 1932 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
    02:53:14.0245 1932 WmiAcpi - ok
    02:53:14.0345 1932 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
    02:53:14.0349 1932 wmiApSrv - ok
    02:53:14.0450 1932 WMPNetworkSvc - ok
    02:53:14.0482 1932 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
    02:53:14.0493 1932 WPCSvc - ok
    02:53:14.0546 1932 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll
    02:53:14.0552 1932 WPDBusEnum - ok
    02:53:14.0605 1932 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
    02:53:14.0606 1932 ws2ifsl - ok
    02:53:14.0708 1932 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\windows\system32\wscsvc.dll
    02:53:14.0713 1932 wscsvc - ok
    02:53:14.0730 1932 WSearch - ok
    02:53:14.0915 1932 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll
    02:53:14.0957 1932 wuauserv - ok
    02:53:15.0136 1932 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
    02:53:15.0138 1932 WudfPf - ok
    02:53:15.0172 1932 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
    02:53:15.0177 1932 WUDFRd - ok
    02:53:15.0231 1932 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll
    02:53:15.0235 1932 wudfsvc - ok
    02:53:15.0289 1932 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
    02:53:15.0378 1932 WwanSvc - ok
    02:53:15.0464 1932 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
    02:53:15.0715 1932 \Device\Harddisk0\DR0 - ok
    02:53:15.0736 1932 Boot (0x1200) (78260c4c95f0ff7582126ba262acd0ac) \Device\Harddisk0\DR0\Partition0
    02:53:15.0738 1932 \Device\Harddisk0\DR0\Partition0 - ok02:53:15.0745 1932 ============================================================
    02:53:15.0745 1932 Scan finished
    02:53:15.0745 1932 ============================================================
    02:53:15.0778 1772 Detected object count: 0
    02:53:15.0778 1772 Actual detected object count: 0
    02:53:29.0201 1092 ============================================================
    02:53:29.0201 1092 Scan started
    02:53:29.0201 1092 Mode: Manual; SigCheck; TDLFS;
    02:53:29.0201 1092 ============================================================
    02:53:30.0055 1092 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\windows\system32\DRIVERS\1394ohci.sys
    02:53:30.0161 1092 1394ohci - ok
    02:53:30.0222 1092 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
    02:53:30.0264 1092 ACPI - ok
    02:53:30.0301 1092 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
    02:53:30.0400 1092 AcpiPmi - ok
    02:53:30.0533 1092 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    02:53:30.0669 1092 AdobeFlashPlayerUpdateSvc - ok
    02:53:30.0755 1092 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
    02:53:30.0790 1092 adp94xx - ok
    02:53:30.0840 1092 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
    02:53:30.0881 1092 adpahci - ok
    02:53:30.0921 1092 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
    02:53:30.0945 1092 adpu320 - ok
    02:53:31.0006 1092 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
    02:53:31.0197 1092 AeLookupSvc - ok
    02:53:31.0275 1092 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys
    02:53:31.0375 1092 AFD - ok
    02:53:31.0431 1092 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
    02:53:31.0451 1092 agp440 - ok
    02:53:31.0514 1092 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
    02:53:31.0570 1092 ALG - ok
    02:53:31.0607 1092 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
    02:53:31.0626 1092 aliide - ok
    02:53:31.0693 1092 AMD External Events Utility (cf4d1ebe8fec994a0df69149ed27e417) C:\windows\system32\atiesrxx.exe
    02:53:31.0785 1092 AMD External Events Utility - ok
    02:53:31.0806 1092 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
    02:53:31.0825 1092 amdide - ok
    02:53:31.0855 1092 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
    02:53:31.0937 1092 AmdK8 - ok
    02:53:32.0500 1092 amdkmdag (375ac85e1130eaa1eaeb62ddd22b0efb) C:\windows\system32\DRIVERS\atikmdag.sys
    02:53:32.0934 1092 amdkmdag - ok
    02:53:33.0119 1092 amdkmdap (daeb3f2bb2095b95b98be6cec99d02e7) C:\windows\system32\DRIVERS\atikmpag.sys
    02:53:33.0185 1092 amdkmdap - ok
    02:53:33.0229 1092 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
    02:53:33.0286 1092 AmdPPM - ok
    02:53:33.0333 1092 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
    02:53:33.0365 1092 amdsata - ok
    02:53:33.0433 1092 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
    02:53:33.0458 1092 amdsbs - ok
    02:53:33.0510 1092 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
    02:53:33.0540 1092 amdxata - ok
    02:53:33.0575 1092 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
    02:53:33.0628 1092 AppID - ok
    02:53:33.0688 1092 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
    02:53:33.0811 1092 AppIDSvc - ok
    02:53:33.0844 1092 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
    02:53:33.0905 1092 Appinfo - ok
    02:53:33.0952 1092 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
    02:53:33.0974 1092 arc - ok
    02:53:34.0028 1092 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
    02:53:34.0064 1092 arcsas - ok
    02:53:34.0101 1092 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
    02:53:34.0220 1092 AsyncMac - ok
    02:53:34.0264 1092 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
    02:53:34.0283 1092 atapi - ok
    02:53:34.0421 1092 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\windows\system32\DRIVERS\athrx.sys
    02:53:34.0512 1092 athr - ok
    02:53:34.0706 1092 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
    02:53:34.0835 1092 AudioEndpointBuilder - ok
    02:53:34.0868 1092 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
    02:53:34.0958 1092 AudioSrv - ok
    02:53:35.0143 1092 avc3 (f57de310bf3bd9df0f7d301c1d7f5432) C:\windows\system32\DRIVERS\avc3.sys
    02:53:35.0201 1092 avc3 - ok
    02:53:35.0291 1092 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\windows\system32\DRIVERS\avchv.sys
    02:53:35.0324 1092 avchv - ok
    02:53:35.0429 1092 avckf (6dc4cca415bbf2fc629beb532aa0e6cd) C:\windows\system32\DRIVERS\avckf.sys
    02:53:35.0460 1092 avckf - ok
    02:53:35.0524 1092 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
    02:53:35.0581 1092 AxInstSV - ok
    02:53:35.0687 1092 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
    02:53:35.0733 1092 b06bdrv - ok
    02:53:35.0808 1092 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
    02:53:35.0854 1092 b57nd60a - ok
    02:53:35.0910 1092 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
    02:53:35.0960 1092 BDESVC - ok
    02:53:36.0042 1092 bdfsfltr (ea195950fa5dd4a8f7bc00822213a363) C:\windows\system32\DRIVERS\bdfsfltr.sys
    02:53:36.0080 1092 bdfsfltr - ok
    02:53:36.0244 1092 bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
    02:53:36.0264 1092 bdfwfpf - ok
    02:53:36.0337 1092 bdsandbox (31571d77c6186ad228f52ee4ebdf8ee9) C:\windows\system32\drivers\bdsandbox.sys
    02:53:36.0364 1092 bdsandbox - ok
    02:53:36.0432 1092 BDVEDISK (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\windows\system32\DRIVERS\bdvedisk.sys
    02:53:36.0450 1092 BDVEDISK - ok
    02:53:36.0488 1092 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
    02:53:36.0616 1092 Beep - ok
    02:53:36.0726 1092 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\system32\qmgr.dll
    02:53:36.0836 1092 BITS - ok
    02:53:36.0881 1092 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
    02:53:36.0934 1092 blbdrive - ok
    02:53:37.0033 1092 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    02:53:37.0078 1092 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
    02:53:37.0079 1092 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
    02:53:37.0141 1092 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
    02:53:37.0214 1092 bowser - ok
    02:53:37.0241 1092 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
    02:53:37.0303 1092 BrFiltLo - ok
    02:53:37.0334 1092 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
    02:53:37.0378 1092 BrFiltUp - ok
    02:53:37.0407 1092 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
    02:53:37.0520 1092 BridgeMP - ok
    02:53:37.0574 1092 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
    02:53:37.0680 1092 Browser - ok
    02:53:37.0739 1092 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
    02:53:37.0791 1092 Brserid - ok
    02:53:37.0832 1092 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
    02:53:37.0884 1092 BrSerWdm - ok
    02:53:37.0948 1092 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
    02:53:38.0022 1092 BrUsbMdm - ok
    02:53:38.0057 1092 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
    02:53:38.0103 1092 BrUsbSer - ok
    02:53:38.0160 1092 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
    02:53:38.0219 1092 BTHMODEM - ok
    02:53:38.0274 1092 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
    02:53:38.0367 1092 bthserv - ok
    02:53:38.0541 1092 catchme - ok
    02:53:38.0585 1092 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
    02:53:38.0677 1092 cdfs - ok
    02:53:38.0719 1092 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
    02:53:38.0775 1092 cdrom - ok
    02:53:38.0823 1092 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
    02:53:38.0989 1092 CertPropSvc - ok
    02:53:39.0031 1092 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
    02:53:39.0091 1092 circlass - ok
    02:53:39.0174 1092 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
    02:53:39.0204 1092 CLFS - ok
    02:53:39.0303 1092 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    02:53:39.0321 1092 clr_optimization_v2.0.50727_32 - ok
    02:53:39.0406 1092 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    02:53:39.0435 1092 clr_optimization_v2.0.50727_64 - ok
    02:53:39.0528 1092 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    02:53:39.0559 1092 clr_optimization_v4.0.30319_32 - ok
    02:53:39.0614 1092 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    02:53:39.0634 1092 clr_optimization_v4.0.30319_64 - ok
    02:53:39.0685 1092 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
    02:53:39.0728 1092 CmBatt - ok
    02:53:39.0762 1092 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
    02:53:39.0781 1092 cmdide - ok
    02:53:39.0875 1092 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
    02:53:39.0939 1092 CNG - ok
    02:53:40.0084 1092 CnxtHdAudService (2816874cb991d6b7f6e434b8c29bb0d1) C:\windows\system32\drivers\CHDRT64.sys
    02:53:40.0138 1092 CnxtHdAudService - ok
    02:53:40.0188 1092 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
    02:53:40.0207 1092 Compbatt - ok
    02:53:40.0243 1092 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
    02:53:40.0304 1092 CompositeBus - ok
    02:53:40.0321 1092 COMSysApp - ok
    02:53:40.0360 1092 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
    02:53:40.0379 1092 crcdisk - ok
    02:53:40.0444 1092 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\windows\system32\cryptsvc.dll
    02:53:40.0573 1092 CryptSvc - ok
    02:53:40.0669 1092 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
    02:53:40.0771 1092 DcomLaunch - ok
    02:53:40.0862 1092 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
    02:53:40.0962 1092 defragsvc - ok
    02:53:41.0013 1092 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
    02:53:41.0073 1092 DfsC - ok
    02:53:41.0138 1092 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
    02:53:41.0242 1092 Dhcp - ok
    02:53:41.0281 1092 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
    02:53:41.0406 1092 discache - ok
    02:53:41.0447 1092 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
    02:53:41.0468 1092 Disk - ok
    02:53:41.0551 1092 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
    02:53:41.0582 1092 Dnscache - ok
    02:53:41.0668 1092 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
    02:53:41.0766 1092 dot3svc - ok
    02:53:41.0834 1092 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
    02:53:41.0938 1092 DPS - ok
    02:53:41.0993 1092 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
     
  19. Nordox3432

    Nordox3432 TS Rookie Topic Starter Posts: 22

    02:53:42.0019 1092 drmkaud - ok
    02:53:42.0177 1092 DXGKrnl (601e731bf8e3f22906ce7d4d724b0439) C:\windows\System32\drivers\dxgkrnl.sys
    02:53:42.0224 1092 DXGKrnl - ok
    02:53:42.0268 1092 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
    02:53:42.0377 1092 EapHost - ok
    02:53:42.0658 1092 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
    02:53:42.0779 1092 ebdrv - ok
    02:53:42.0933 1092 EFS (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe
    02:53:42.0987 1092 EFS - ok
    02:53:43.0108 1092 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe
    02:53:43.0180 1092 ehRecvr - ok
    02:53:43.0233 1092 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
    02:53:43.0258 1092 ehSched - ok
    02:53:43.0416 1092 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
    02:53:43.0450 1092 elxstor - ok
    02:53:43.0479 1092 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
    02:53:43.0553 1092 ErrDev - ok
    02:53:43.0615 1092 ETD (5d82d501d2fee413b1f45f0302b5802c) C:\windows\system32\DRIVERS\ETD.sys
    02:53:43.0637 1092 ETD - ok
    02:53:43.0710 1092 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
    02:53:43.0811 1092 EventSystem - ok
    02:53:43.0864 1092 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
    02:53:43.0953 1092 exfat - ok
    02:53:44.0019 1092 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
    02:53:44.0133 1092 fastfat - ok
    02:53:44.0245 1092 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
    02:53:44.0307 1092 Fax - ok
    02:53:44.0351 1092 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
    02:53:44.0386 1092 fdc - ok
    02:53:44.0432 1092 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
    02:53:44.0539 1092 fdPHost - ok
    02:53:44.0573 1092 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
    02:53:44.0654 1092 FDResPub - ok
    02:53:44.0700 1092 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
    02:53:44.0731 1092 FileInfo - ok
    02:53:44.0763 1092 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
    02:53:44.0855 1092 Filetrace - ok
    02:53:44.0999 1092 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    02:53:45.0057 1092 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
    02:53:45.0057 1092 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
    02:53:45.0126 1092 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
    02:53:45.0173 1092 flpydisk - ok
    02:53:45.0228 1092 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
    02:53:45.0271 1092 FltMgr - ok
    02:53:45.0408 1092 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\windows\system32\FntCache.dll
    02:53:45.0477 1092 FontCache - ok
    02:53:45.0575 1092 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    02:53:45.0603 1092 FontCache3.0.0.0 - ok
    02:53:45.0711 1092 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
    02:53:45.0742 1092 FsDepends - ok
    02:53:45.0792 1092 fssfltr (2bf3b36b96d015af666b6aa63ae2e38f) C:\windows\system32\DRIVERS\fssfltr.sys
    02:53:45.0809 1092 fssfltr - ok
    02:53:45.0985 1092 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    02:53:46.0020 1092 fsssvc - ok
    02:53:46.0064 1092 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\windows\system32\drivers\Fs_Rec.sys
    02:53:46.0083 1092 Fs_Rec - ok
    02:53:46.0149 1092 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
    02:53:46.0196 1092 fvevol - ok
    02:53:46.0242 1092 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
    02:53:46.0300 1092 FwLnk - ok
    02:53:46.0355 1092 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
    02:53:46.0379 1092 gagp30kx - ok
    02:53:46.0456 1092 GameConsoleService (1fda0df739234c4023851a282dd28704) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    02:53:46.0488 1092 GameConsoleService - ok
    02:53:46.0604 1092 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
    02:53:46.0682 1092 gpsvc - ok
    02:53:46.0773 1092 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    02:53:46.0805 1092 gupdate - ok
    02:53:46.0821 1092 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    02:53:46.0853 1092 gupdatem - ok
    02:53:46.0899 1092 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    02:53:46.0929 1092 gusvc - ok
    02:53:47.0012 1092 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\windows\system32\DRIVERS\hamachi.sys
    02:53:47.0039 1092 hamachi - ok
    02:53:47.0076 1092 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
    02:53:47.0113 1092 hcw85cir - ok
    02:53:47.0180 1092 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
    02:53:47.0238 1092 HdAudAddService - ok
    02:53:47.0291 1092 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
    02:53:47.0345 1092 HDAudBus - ok
    02:53:47.0379 1092 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
    02:53:47.0422 1092 HidBatt - ok
    02:53:47.0475 1092 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
    02:53:47.0530 1092 HidBth - ok
    02:53:47.0565 1092 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
    02:53:47.0604 1092 HidIr - ok
    02:53:47.0659 1092 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
    02:53:47.0786 1092 hidserv - ok
    02:53:47.0817 1092 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
    02:53:47.0858 1092 HidUsb - ok
    02:53:47.0926 1092 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll
    02:53:48.0043 1092 hkmsvc - ok
    02:53:48.0127 1092 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll
    02:53:48.0173 1092 HomeGroupListener - ok
    02:53:48.0237 1092 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll
    02:53:48.0262 1092 HomeGroupProvider - ok
    02:53:48.0306 1092 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
    02:53:48.0327 1092 HpSAMD - ok
    02:53:48.0436 1092 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
    02:53:48.0557 1092 HTTP - ok
    02:53:48.0594 1092 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
    02:53:48.0613 1092 hwpolicy - ok
    02:53:48.0661 1092 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
    02:53:48.0686 1092 i8042prt - ok
    02:53:48.0767 1092 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
    02:53:48.0808 1092 iaStorV - ok
    02:53:48.0944 1092 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    02:53:48.0984 1092 idsvc - ok
    02:53:49.0044 1092 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
    02:53:49.0065 1092 iirsp - ok
    02:53:49.0191 1092 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll
    02:53:49.0313 1092 IKEEXT - ok
    02:53:49.0373 1092 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
    02:53:49.0392 1092 intelide - ok
    02:53:49.0450 1092 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
    02:53:49.0493 1092 intelppm - ok
    02:53:49.0558 1092 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
    02:53:49.0663 1092 IPBusEnum - ok
    02:53:49.0699 1092 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
    02:53:49.0786 1092 IpFilterDriver - ok
    02:53:49.0866 1092 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll
    02:53:49.0954 1092 iphlpsvc - ok
    02:53:49.0993 1092 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
    02:53:50.0042 1092 IPMIDRV - ok
    02:53:50.0100 1092 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
    02:53:50.0194 1092 IPNAT - ok
    02:53:50.0240 1092 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
    02:53:50.0279 1092 IRENUM - ok
    02:53:50.0318 1092 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
    02:53:50.0348 1092 isapnp - ok
    02:53:50.0410 1092 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
    02:53:50.0440 1092 iScsiPrt - ok
    02:53:50.0492 1092 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
    02:53:50.0513 1092 kbdclass - ok
    02:53:50.0567 1092 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
    02:53:50.0612 1092 kbdhid - ok
    02:53:50.0666 1092 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
    02:53:50.0693 1092 KeyIso - ok
    02:53:50.0736 1092 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
    02:53:50.0759 1092 KSecDD - ok
    02:53:50.0811 1092 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
    02:53:50.0844 1092 KSecPkg - ok
    02:53:50.0886 1092 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
    02:53:50.0991 1092 ksthunk - ok
    02:53:51.0062 1092 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
    02:53:51.0181 1092 KtmRm - ok
    02:53:51.0241 1092 L1C (0e154da6ca9105354a07d0c576804037) C:\windows\system32\DRIVERS\L1C62x64.sys
    02:53:51.0261 1092 L1C - ok
    02:53:51.0329 1092 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\System32\srvsvc.dll
    02:53:51.0383 1092 LanmanServer - ok
    02:53:51.0438 1092 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll
    02:53:51.0537 1092 LanmanWorkstation - ok
    02:53:51.0595 1092 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
    02:53:51.0718 1092 lltdio - ok
    02:53:51.0788 1092 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
    02:53:51.0891 1092 lltdsvc - ok
    02:53:51.0933 1092 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
    02:53:52.0020 1092 lmhosts - ok
    02:53:52.0066 1092 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
    02:53:52.0099 1092 LSI_FC - ok
    02:53:52.0149 1092 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
    02:53:52.0171 1092 LSI_SAS - ok
    02:53:52.0200 1092 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
    02:53:52.0237 1092 LSI_SAS2 - ok
    02:53:52.0276 1092 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
    02:53:52.0298 1092 LSI_SCSI - ok
    02:53:52.0337 1092 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
    02:53:52.0444 1092 luafv - ok
    02:53:52.0511 1092 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
    02:53:52.0542 1092 MBAMProtector - ok
    02:53:52.0688 1092 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    02:53:52.0734 1092 MBAMService - ok
    02:53:52.0807 1092 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\windows\system32\DRIVERS\mcdbus.sys
    02:53:52.0844 1092 mcdbus - ok
    02:53:52.0908 1092 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll
    02:53:52.0946 1092 Mcx2Svc - ok
    02:53:52.0989 1092 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
    02:53:53.0024 1092 megasas - ok
    02:53:53.0068 1092 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
    02:53:53.0106 1092 MegaSR - ok
    02:53:53.0157 1092 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    02:53:53.0259 1092 MMCSS - ok
    02:53:53.0310 1092 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
    02:53:53.0396 1092 Modem - ok
    02:53:53.0447 1092 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
    02:53:53.0501 1092 monitor - ok
    02:53:53.0550 1092 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
    02:53:53.0571 1092 mouclass - ok
    02:53:53.0628 1092 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
    02:53:53.0674 1092 mouhid - ok
    02:53:53.0716 1092 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
    02:53:53.0741 1092 mountmgr - ok
    02:53:53.0845 1092 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    02:53:53.0865 1092 MozillaMaintenance - ok
    02:53:53.0929 1092 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
    02:53:53.0962 1092 mpio - ok
    02:53:53.0991 1092 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
    02:53:54.0105 1092 mpsdrv - ok
    02:53:54.0151 1092 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
    02:53:54.0206 1092 MRxDAV - ok
    02:53:54.0277 1092 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
    02:53:54.0348 1092 mrxsmb - ok
    02:53:54.0433 1092 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
    02:53:54.0462 1092 mrxsmb10 - ok
    02:53:54.0529 1092 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
    02:53:54.0585 1092 mrxsmb20 - ok
    02:53:54.0628 1092 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\windows\system32\DRIVERS\msahci.sys
    02:53:54.0664 1092 msahci - ok
    02:53:54.0711 1092 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
    02:53:54.0734 1092 msdsm - ok
    02:53:54.0795 1092 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
    02:53:54.0857 1092 MSDTC - ok
    02:53:54.0924 1092 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
    02:53:55.0007 1092 Msfs - ok
    02:53:55.0036 1092 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
    02:53:55.0161 1092 mshidkmdf - ok
    02:53:55.0239 1092 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
    02:53:55.0258 1092 msisadrv - ok
    02:53:55.0321 1092 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
    02:53:55.0434 1092 MSiSCSI - ok
    02:53:55.0462 1092 msiserver - ok
    02:53:55.0520 1092 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
    02:53:55.0619 1092 MSKSSRV - ok
    02:53:55.0654 1092 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
    02:53:55.0742 1092 MSPCLOCK - ok
    02:53:55.0772 1092 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
    02:53:55.0861 1092 MSPQM - ok
    02:53:55.0925 1092 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
    02:53:55.0964 1092 MsRPC - ok
    02:53:56.0022 1092 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
    02:53:56.0045 1092 mssmbios - ok
    02:53:56.0081 1092 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
    02:53:56.0174 1092 MSTEE - ok
    02:53:56.0224 1092 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
    02:53:56.0432 1092 MTConfig - ok
    02:53:56.0485 1092 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
    02:53:56.0522 1092 Mup - ok
    02:53:56.0615 1092 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll
    02:53:56.0734 1092 napagent - ok
    02:53:56.0802 1092 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
    02:53:56.0855 1092 NativeWifiP - ok
    02:53:56.0976 1092 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
    02:53:57.0043 1092 NDIS - ok
    02:53:57.0084 1092 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
    02:53:57.0179 1092 NdisCap - ok
    02:53:57.0223 1092 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
    02:53:57.0302 1092 NdisTapi - ok
    02:53:57.0346 1092 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
    02:53:57.0433 1092 Ndisuio - ok
    02:53:57.0496 1092 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
    02:53:57.0597 1092 NdisWan - ok
    02:53:57.0662 1092 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
    02:53:57.0760 1092 NDProxy - ok
    02:53:57.0789 1092 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
    02:53:57.0901 1092 NetBIOS - ok
    02:53:57.0970 1092 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
    02:53:58.0070 1092 NetBT - ok
    02:53:58.0122 1092 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
    02:53:58.0165 1092 Netlogon - ok
    02:53:58.0238 1092 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
    02:53:58.0337 1092 Netman - ok
    02:53:58.0422 1092 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
    02:53:58.0524 1092 netprofm - ok
    02:53:58.0645 1092 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    02:53:58.0664 1092 NetTcpPortSharing - ok
    02:53:58.0710 1092 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
    02:53:58.0731 1092 nfrd960 - ok
    02:53:58.0794 1092 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll
    02:53:58.0894 1092 NlaSvc - ok
    02:53:58.0959 1092 Norton PC Checkup Application Launcher - ok
    02:53:58.0981 1092 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
    02:53:59.0082 1092 Npfs - ok
    02:53:59.0123 1092 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
    02:53:59.0219 1092 nsi - ok
    02:53:59.0278 1092 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
    02:53:59.0358 1092 nsiproxy - ok
    02:53:59.0551 1092 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
    02:53:59.0622 1092 Ntfs - ok
    02:53:59.0802 1092 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
    02:53:59.0891 1092 Null - ok
    02:53:59.0956 1092 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
    02:53:59.0979 1092 nvraid - ok
    02:54:00.0028 1092 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
    02:54:00.0053 1092 nvstor - ok
    02:54:00.0102 1092 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
    02:54:00.0124 1092 nv_agp - ok
    02:54:00.0168 1092 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
    02:54:00.0199 1092 ohci1394 - ok
    02:54:00.0302 1092 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    02:54:00.0332 1092 ose64 - ok
    02:54:00.0747 1092 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    02:54:00.0935 1092 osppsvc - ok
    02:54:01.0165 1092 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    02:54:01.0215 1092 p2pimsvc - ok
    02:54:01.0286 1092 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
    02:54:01.0339 1092 p2psvc - ok
    02:54:01.0437 1092 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
    02:54:01.0473 1092 Parport - ok
    02:54:01.0539 1092 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\windows\system32\drivers\partmgr.sys
    02:54:01.0561 1092 partmgr - ok
    02:54:01.0620 1092 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
    02:54:01.0692 1092 PcaSvc - ok
    02:54:01.0800 1092 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
    02:54:01.0830 1092 PCCUJobMgr - ok
    02:54:01.0889 1092 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
    02:54:01.0914 1092 pci - ok
    02:54:01.0950 1092 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
    02:54:01.0972 1092 pciide - ok
    02:54:02.0020 1092 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
    02:54:02.0046 1092 pcmcia - ok
    02:54:02.0092 1092 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
    02:54:02.0113 1092 pcw - ok
    02:54:02.0195 1092 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
    02:54:02.0302 1092 PEAUTH - ok
    02:54:02.0413 1092 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
    02:54:02.0466 1092 PerfHost - ok
    02:54:02.0635 1092 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
    02:54:02.0653 1092 PGEffect - ok
    02:54:02.0796 1092 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll
    02:54:02.0953 1092 pla - ok
    02:54:03.0029 1092 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll
    02:54:03.0075 1092 PlugPlay - ok
    02:54:03.0113 1092 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
    02:54:03.0171 1092 PNRPAutoReg - ok
    02:54:03.0241 1092 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    02:54:03.0283 1092 PNRPsvc - ok
    02:54:03.0342 1092 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll
    02:54:03.0426 1092 PolicyAgent - ok
    02:54:03.0515 1092 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
    02:54:03.0612 1092 Power - ok
    02:54:03.0703 1092 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
    02:54:03.0813 1092 PptpMiniport - ok
    02:54:03.0851 1092 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
    02:54:03.0896 1092 Processor - ok
    02:54:03.0955 1092 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\windows\system32\profsvc.dll
    02:54:04.0068 1092 ProfSvc - ok
    02:54:04.0135 1092 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
    02:54:04.0156 1092 ProtectedStorage - ok
    02:54:04.0218 1092 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
    02:54:04.0314 1092 Psched - ok
    02:54:04.0441 1092 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
    02:54:04.0530 1092 ql2300 - ok
    02:54:04.0710 1092 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
    02:54:04.0733 1092 ql40xx - ok
    02:54:04.0792 1092 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
    02:54:04.0848 1092 QWAVE - ok
    02:54:04.0904 1092 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
    02:54:04.0965 1092 QWAVEdrv - ok
    02:54:05.0007 1092 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
    02:54:05.0117 1092 RasAcd - ok
    02:54:05.0166 1092 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
    02:54:05.0253 1092 RasAgileVpn - ok
    02:54:05.0304 1092 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
    02:54:05.0410 1092 RasAuto - ok
    02:54:05.0465 1092 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
    02:54:05.0566 1092 Rasl2tp - ok
    02:54:05.0653 1092 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll
    02:54:05.0756 1092 RasMan - ok
    02:54:05.0787 1092 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
    02:54:05.0899 1092 RasPppoe - ok
    02:54:05.0961 1092 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
    02:54:06.0071 1092 RasSstp - ok
    02:54:06.0148 1092 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
    02:54:06.0246 1092 rdbss - ok
    02:54:06.0288 1092 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
    02:54:06.0344 1092 rdpbus - ok
    02:54:06.0398 1092 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
    02:54:06.0466 1092 RDPCDD - ok
    02:54:06.0502 1092 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
    02:54:06.0593 1092 RDPENCDD - ok
    02:54:06.0654 1092 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
    02:54:06.0739 1092 RDPREFMP - ok
    02:54:06.0793 1092 RDPWD (074ac702d8b8b660b0e1371555995386) C:\windows\system32\drivers\RDPWD.sys
    02:54:06.0830 1092 RDPWD - ok
    02:54:06.0886 1092 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\windows\system32\drivers\rdyboost.sys
    02:54:06.0922 1092 rdyboost - ok
    02:54:06.0975 1092 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
    02:54:07.0067 1092 RemoteAccess - ok
    02:54:07.0136 1092 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
    02:54:07.0245 1092 RemoteRegistry - ok
    02:54:07.0280 1092 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
    02:54:07.0380 1092 RpcEptMapper - ok
    02:54:07.0440 1092 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
    02:54:07.0465 1092 RpcLocator - ok
    02:54:07.0575 1092 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
    02:54:07.0666 1092 RpcSs - ok
    02:54:07.0735 1092 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
    02:54:07.0839 1092 rspndr - ok
    02:54:07.0902 1092 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
    02:54:07.0950 1092 RSUSBSTOR - ok
    02:54:08.0074 1092 RTL8192Ce (9befcecd9616cff3dc50e6ebb31d96b4) C:\windows\system32\DRIVERS\rtl8192Ce.sys
    02:54:08.0125 1092 RTL8192Ce - ok
    02:54:08.0189 1092 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
    02:54:08.0213 1092 SamSs - ok
    02:54:08.0272 1092 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
    02:54:08.0294 1092 sbp2port - ok
    02:54:08.0357 1092 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
    02:54:08.0450 1092 SCardSvr - ok
    02:54:08.0502 1092 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
    02:54:08.0594 1092 scfilter - ok
    02:54:08.0726 1092 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll
    02:54:08.0816 1092 Schedule - ok
    02:54:08.0877 1092 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
    02:54:08.0955 1092 SCPolicySvc - ok
    02:54:09.0014 1092 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll
    02:54:09.0069 1092 SDRSVC - ok
    02:54:09.0157 1092 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
    02:54:09.0262 1092 secdrv - ok
    02:54:09.0297 1092 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll
    02:54:09.0409 1092 seclogon - ok
    02:54:09.0456 1092 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
    02:54:09.0539 1092 SENS - ok
    02:54:09.0602 1092 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
    02:54:09.0638 1092 SensrSvc - ok
    02:54:09.0686 1092 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
    02:54:09.0742 1092 Serenum - ok
    02:54:09.0796 1092 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
    02:54:09.0829 1092 Serial - ok
    02:54:09.0855 1092 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
    02:54:09.0903 1092 sermouse - ok
    02:54:10.0003 1092 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll
    02:54:10.0079 1092 SessionEnv - ok
    02:54:10.0122 1092 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
    02:54:10.0169 1092 sffdisk - ok
    02:54:10.0201 1092 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
    02:54:10.0227 1092 sffp_mmc - ok
    02:54:10.0272 1092 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
    02:54:10.0317 1092 sffp_sd - ok
    02:54:10.0351 1092 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
    02:54:10.0382 1092 sfloppy - ok
    02:54:10.0453 1092 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
    02:54:10.0546 1092 SharedAccess - ok
    02:54:10.0604 1092 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll
    02:54:10.0697 1092 ShellHWDetection - ok
    02:54:10.0751 1092 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
    02:54:10.0771 1092 SiSRaid2 - ok
    02:54:10.0810 1092 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
    02:54:10.0832 1092 SiSRaid4 - ok
    02:54:10.0859 1092 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
    02:54:10.0983 1092 Smb - ok
    02:54:11.0039 1092 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
    02:54:11.0100 1092 SNMPTRAP - ok
    02:54:11.0157 1092 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
    02:54:11.0202 1092 spldr - ok
    02:54:11.0291 1092 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe
    02:54:11.0349 1092 Spooler - ok
    02:54:11.0668 1092 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe
    02:54:11.0799 1092 sppsvc - ok
    02:54:11.0954 1092 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
    02:54:12.0056 1092 sppuinotify - ok
    02:54:12.0198 1092 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
    02:54:12.0284 1092 srv - ok
    02:54:12.0406 1092 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
    02:54:12.0463 1092 srv2 - ok
    02:54:12.0528 1092 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
    02:54:12.0574 1092 srvnet - ok
    02:54:12.0656 1092 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
    02:54:12.0792 1092 SSDPSRV - ok
    02:54:12.0914 1092 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
    02:54:13.0011 1092 SstpSvc - ok
    02:54:13.0068 1092 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
    02:54:13.0093 1092 stexstor - ok
    02:54:13.0167 1092 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll
    02:54:13.0240 1092 stisvc - ok
    02:54:13.0290 1092 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
    02:54:13.0322 1092 swenum - ok
    02:54:13.0398 1092 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
    02:54:13.0507 1092 swprv - ok
    02:54:13.0693 1092 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll
    02:54:13.0790 1092 SysMain - ok
    02:54:13.0942 1092 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll
    02:54:14.0005 1092 TabletInputService - ok
    02:54:14.0087 1092 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll
    02:54:14.0185 1092 TapiSrv - ok
    02:54:14.0246 1092 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
    02:54:14.0318 1092 TBS - ok
    02:54:14.0526 1092 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\drivers\tcpip.sys
    02:54:14.0626 1092 Tcpip - ok
    02:54:14.0997 1092 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\DRIVERS\tcpip.sys
    02:54:15.0068 1092 TCPIP6 - ok
    02:54:15.0273 1092 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
    02:54:15.0355 1092 tcpipreg - ok
    02:54:15.0406 1092 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
    02:54:15.0433 1092 tdcmdpst - ok
    02:54:15.0473 1092 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
    02:54:15.0548 1092 TDPIPE - ok
    02:54:15.0860 1092 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\windows\system32\drivers\tdtcp.sys
    02:54:15.0888 1092 TDTCP - ok
    02:54:15.0954 1092 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
    02:54:16.0058 1092 tdx - ok
    02:54:16.0095 1092 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
    02:54:16.0125 1092 TermDD - ok
    02:54:16.0217 1092 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll
    02:54:16.0322 1092 TermService - ok
    02:54:16.0382 1092 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
    02:54:16.0448 1092 Themes - ok
    02:54:16.0499 1092 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    02:54:16.0584 1092 THREADORDER - ok
    02:54:16.0685 1092 TMachInfo (dfe9ba871b9f3dbb591bd113611cbcc0) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    02:54:16.0703 1092 TMachInfo - ok
    02:54:16.0762 1092 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
    02:54:16.0782 1092 TODDSrv - ok
    02:54:16.0909 1092 TosCoSrv (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    02:54:16.0954 1092 TosCoSrv - ok
    02:54:17.0031 1092 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    02:54:17.0058 1092 TOSHIBA HDD SSD Alert Service - ok
    02:54:17.0094 1092 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
    02:54:17.0212 1092 TrkWks - ok
    02:54:17.0316 1092 trufos (df219721ddffcbe03aa894b6b6742ba1) C:\windows\system32\DRIVERS\trufos.sys
    02:54:17.0342 1092 trufos - ok
    02:54:17.0429 1092 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe
    02:54:17.0458 1092 TrustedInstaller - ok
    02:54:17.0533 1092 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
    02:54:17.0612 1092 tssecsrv - ok
    02:54:17.0648 1092 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
    02:54:17.0751 1092 tunnel - ok
    02:54:17.0806 1092 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
    02:54:17.0822 1092 TVALZ - ok
    02:54:17.0861 1092 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
    02:54:17.0886 1092 uagp35 - ok
    02:54:17.0942 1092 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
    02:54:18.0038 1092 udfs - ok
    02:54:18.0111 1092 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
    02:54:18.0137 1092 UI0Detect - ok
    02:54:18.0194 1092 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
    02:54:18.0214 1092 uliagpkx - ok
    02:54:18.0259 1092 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
    02:54:18.0311 1092 umbus - ok
    02:54:18.0358 1092 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
    02:54:18.0402 1092 UmPass - ok
    02:54:18.0613 1092 Update Server (7de3f30967cf77bd1fc440c2b847629a) C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
    02:54:18.0644 1092 Update Server - ok
    02:54:18.0878 1092 UPDATESRV (6fa5ffc3765c9c444d82faf1d46c1cae) C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
    02:54:18.0896 1092 UPDATESRV - ok
    02:54:18.0965 1092 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
    02:54:19.0078 1092 upnphost - ok
    02:54:19.0139 1092 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
    02:54:19.0186 1092 usbccgp - ok
    02:54:19.0255 1092 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
    02:54:19.0314 1092 usbcir - ok
    02:54:19.0368 1092 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\DRIVERS\usbehci.sys
    02:54:19.0420 1092 usbehci - ok
    02:54:19.0492 1092 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
    02:54:19.0528 1092 usbhub - ok
    02:54:19.0571 1092 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\DRIVERS\usbohci.sys
    02:54:19.0623 1092 usbohci - ok
    02:54:19.0670 1092 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
    02:54:19.0729 1092 usbprint - ok
    02:54:19.0776 1092 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
    02:54:19.0828 1092 USBSTOR - ok
    02:54:19.0879 1092 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
    02:54:19.0900 1092 usbuhci - ok
    02:54:19.0953 1092 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\system32\Drivers\usbvideo.sys
    02:54:20.0015 1092 usbvideo - ok
    02:54:20.0070 1092 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
    02:54:20.0172 1092 UxSms - ok
    02:54:20.0234 1092 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
    02:54:20.0257 1092 VaultSvc - ok
    02:54:20.0314 1092 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
    02:54:20.0334 1092 vdrvroot - ok
    02:54:20.0407 1092 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe
    02:54:20.0484 1092 vds - ok
    02:54:20.0544 1092 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
    02:54:20.0571 1092 vga - ok
    02:54:20.0609 1092 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
    02:54:20.0714 1092 VgaSave - ok
    02:54:20.0766 1092 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
    02:54:20.0802 1092 vhdmp - ok
    02:54:20.0838 1092 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
    02:54:20.0872 1092 viaide - ok
    02:54:20.0918 1092 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
    02:54:20.0941 1092 volmgr - ok
    02:54:21.0002 1092 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
    02:54:21.0032 1092 volmgrx - ok
    02:54:21.0106 1092 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
    02:54:21.0135 1092 volsnap - ok
    02:54:21.0180 1092 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
    02:54:21.0205 1092 vsmraid - ok
    02:54:21.0366 1092 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe
    02:54:21.0460 1092 VSS - ok
    02:54:21.0699 1092 VSSERV - ok
    02:54:21.0981 1092 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
    02:54:22.0044 1092 vwifibus - ok
    02:54:22.0080 1092 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
    02:54:22.0137 1092 vwififlt - ok
    02:54:22.0209 1092 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
    02:54:22.0297 1092 W32Time - ok
    02:54:22.0335 1092 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
    02:54:22.0375 1092 WacomPen - ok
    02:54:22.0419 1092 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
    02:54:22.0509 1092 WANARP - ok
    02:54:22.0525 1092 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
    02:54:22.0628 1092 Wanarpv6 - ok
    02:54:22.0779 1092 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
    02:54:22.0836 1092 WatAdminSvc - ok
    02:54:22.0975 1092 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe
    02:54:23.0042 1092 wbengine - ok
    02:54:23.0214 1092 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
    02:54:23.0260 1092 WbioSrvc - ok
    02:54:23.0325 1092 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll
    02:54:23.0387 1092 wcncsvc - ok
    02:54:23.0440 1092 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
    02:54:23.0463 1092 WcsPlugInService - ok
    02:54:23.0579 1092 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
    02:54:23.0611 1092 Wd - ok
    02:54:23.0689 1092 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
    02:54:23.0731 1092 Wdf01000 - ok
    02:54:23.0766 1092 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    02:54:23.0837 1092 WdiServiceHost - ok
    02:54:23.0852 1092 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    02:54:23.0887 1092 WdiSystemHost - ok
    02:54:23.0979 1092 WebClient (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll
    02:54:24.0025 1092 WebClient - ok
    02:54:24.0088 1092 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
    02:54:24.0226 1092 Wecsvc - ok
    02:54:24.0275 1092 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
    02:54:24.0378 1092 wercplsupport - ok
    02:54:24.0421 1092 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
    02:54:24.0513 1092 WerSvc - ok
    02:54:24.0601 1092 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
    02:54:24.0682 1092 WfpLwf - ok
    02:54:24.0722 1092 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
    02:54:24.0743 1092 WIMMount - ok
    02:54:24.0798 1092 WinDefend - ok
    02:54:24.0824 1092 WinHttpAutoProxySvc - ok
    02:54:24.0917 1092 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
    02:54:25.0014 1092 Winmgmt - ok
    02:54:25.0212 1092 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll
    02:54:25.0350 1092 WinRM - ok
    02:54:25.0546 1092 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
    02:54:25.0604 1092 WinUsb - ok
    02:54:25.0740 1092 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
    02:54:25.0792 1092 Wlansvc - ok
    02:54:25.0846 1092 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
    02:54:25.0869 1092 WmiAcpi - ok
    02:54:25.0948 1092 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
    02:54:25.0993 1092 wmiApSrv - ok
    02:54:26.0064 1092 WMPNetworkSvc - ok
    02:54:26.0107 1092 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
    02:54:26.0129 1092 WPCSvc - ok
    02:54:26.0179 1092 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll
    02:54:26.0229 1092 WPDBusEnum - ok
    02:54:26.0284 1092 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
    02:54:26.0385 1092 ws2ifsl - ok
    02:54:26.0445 1092 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\windows\system32\wscsvc.dll
    02:54:26.0493 1092 wscsvc - ok
    02:54:26.0511 1092 WSearch - ok
    02:54:26.0760 1092 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll
    02:54:26.0899 1092 wuauserv - ok
    02:54:27.0077 1092 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
    02:54:27.0177 1092 WudfPf - ok
    02:54:27.0234 1092 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
    02:54:27.0350 1092 WUDFRd - ok
    02:54:27.0392 1092 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll
    02:54:27.0510 1092 wudfsvc - ok
    02:54:27.0576 1092 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
    02:54:27.0636 1092 WwanSvc - ok
    02:54:27.0708 1092 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
    02:54:28.0032 1092 \Device\Harddisk0\DR0 - ok
    02:54:28.0074 1092 Boot (0x1200) (78260c4c95f0ff7582126ba262acd0ac) \Device\Harddisk0\DR0\Partition0
    02:54:28.0076 1092 \Device\Harddisk0\DR0\Partition0 - ok
    02:54:28.0094 1092 ============================================================
    02:54:28.0094 1092 Scan finished
    02:54:28.0094 1092 ============================================================
    02:54:28.0117 0716 Detected object count: 2
    02:54:28.0117 0716 Actual detected object count: 2
    02:55:05.0504 0716 C:\Program Files (x86)\Bonjour\mDNSResponder.exe - copied to quarantine
    02:55:05.0504 0716 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    02:55:05.0687 0716 C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe - copied to quarantine
    02:55:05.0688 0716 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
    02:55:11.0245 1364 Deinitialize success
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    One of the reasons we discourage users from running some scans is because they don't know how to interprete the results. The TDSS rootkit removing tool 2.7.36.0 May 21 2012 scan was run over a month ago and is now obsolete on your system..

    I don't know what you mean by the term "it worked" nor do I know what you expected Combofix to do when you said "it didn't do anything for me'. I don't know what you expected it to do or whether the scan even ran. But it does show that you downloded programs using unsigned files that had malware.
    ==============================================
    Please download and follow my instructions for Combofix.

    Follow with Download CKScanner and save to your desktop.

    Then Download Security Check by screen317 and save to the desktop.

    Direction for the 3 scans above are in my Reply #15. Please leave the logs in your next reply.
     
  21. Nordox3432

    Nordox3432 TS Rookie Topic Starter Posts: 22

    A friend of mine told me to use combofix, but it didn't even open up, is what I meant. I followed your instructions for Combofix and it did work this time. Here is the log for that, and I'll do the other steps.

    ComboFix 12-06-16.02 - Bethany 06/18/2012 12:45:03.2.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2663.1227 [GMT -5:00]
    Running from: c:\users\Bethany\Downloads\ComboFix.exe
    AV: Bitdefender Antivirus *Disabled/Outdated* {50909708-FF80-02AF-F814-B28405891E92}
    FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
    SP: Bitdefender Antispyware *Disabled/Outdated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\1325023467.bdinstall.bin
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    c:\windows\assembly\temp\@
    c:\windows\assembly\temp\cfg.ini
    c:\windows\system32\consrv.dll
    c:\windows\system32\Thumbs.db
    c:\windows\system32\wbem\Performance\WmiApRpl_new.ini
    c:\windows\System64
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-18 18:31 . 2012-06-18 18:31 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-06-18 18:31 . 2012-06-18 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-17 05:21 . 2012-06-17 05:22 -------- d-----w- c:\users\Eilnae
    2012-06-13 03:12 . 2012-06-13 03:12 128625 ----a-w- c:\windows\system32\bda5DE3.tmp
    2012-06-09 07:55 . 2012-06-09 07:55 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-04 16:40 . 2012-06-04 16:40 -------- d-----w- c:\users\Bethany\AppData\Roaming\Malwarebytes
    2012-06-04 16:39 . 2012-06-04 16:39 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-04 16:39 . 2012-06-04 16:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-04 16:39 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-01 06:35 . 2012-06-01 06:35 -------- d-----w- c:\programdata\BDLogging
    2012-06-01 06:12 . 2012-06-01 06:12 79952 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
    2012-06-01 06:11 . 2012-06-01 06:11 545064 ----a-w- c:\windows\system32\drivers\avckf.sys
    2012-06-01 06:10 . 2012-06-01 06:10 691896 ----a-w- c:\windows\system32\drivers\avc3.sys
    2012-05-31 16:30 . 2012-05-31 16:30 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-31 16:14 . 2012-05-31 16:14 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-05-31 16:14 . 2012-05-31 16:13 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-05-31 16:13 . 2012-05-31 16:13 -------- d-----w- c:\program files (x86)\Java
    2012-05-31 16:07 . 2012-06-01 04:13 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-30 07:26 . 2012-05-30 07:27 -------- d-----w- c:\users\Bethany\AppData\Roaming\Musicnotes
    2012-05-30 07:26 . 2012-05-30 07:26 -------- d-----w- c:\programdata\Musicnotes
    2012-05-30 05:22 . 2012-05-30 06:02 -------- d-----w- c:\program files (x86)\EASEUS
    2012-05-30 04:58 . 2012-05-30 04:58 -------- d-----w- c:\programdata\ParetoLogic
    2012-05-30 04:55 . 2012-05-30 04:55 -------- d-----w- c:\programdata\Cached Installations
    2012-05-29 18:41 . 2012-05-29 18:42 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-05-29 18:41 . 2012-05-29 18:41 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-05-29 18:41 . 2012-05-29 18:41 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-18 16:34 . 2012-06-17 04:53 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5CA3C14C-D645-4F8E-8662-D632BCF325D2}\offreg.dll
    2012-06-01 04:13 . 2011-12-02 21:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-31 16:13 . 2010-11-22 23:14 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-02 05:34 . 2012-05-14 03:31 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-02 04:46 . 2012-05-14 03:30 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-04-02 04:46 . 2012-05-14 03:30 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-04-02 03:01 . 2012-05-14 03:30 3143680 ----a-w- c:\windows\system32\win32k.sys
    2012-03-30 11:09 . 2012-05-14 03:30 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-12-27_23.56.15 )))))))))))))))))))))))))))))))))))))))))

    Edit: Excess Snapshot entries deleted. Total of 8 full posts following were included.
     
  22. Nordox3432

    Nordox3432 TS Rookie Topic Starter Posts: 22

    Edit: Excess Snapshot entries have been deleted.
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-22 39408]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-10 336384]
    "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-11-02 2475384]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
    "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    c:\users\Bethany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-5-2 576000]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-22 136176]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 257696]
    R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
    R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-22 136176]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-29 129976]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-15 466736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
    S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-15 103504]
    S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [2010-10-20 115056]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [2009-08-24 126392]
    S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-06-01 66096]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
    S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-31 04:13]
    .
    2012-06-17 c:\windows\Tasks\At1.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-01 c:\windows\Tasks\At11.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-01 c:\windows\Tasks\At13.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-01 c:\windows\Tasks\At15.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-01 c:\windows\Tasks\At17.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-01 c:\windows\Tasks\At19.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-12 c:\windows\Tasks\At21.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-01 c:\windows\Tasks\At23.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-18 c:\windows\Tasks\At25.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-01 c:\windows\Tasks\At27.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-18 c:\windows\Tasks\At29.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-08 c:\windows\Tasks\At3.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-01 c:\windows\Tasks\At31.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-01 c:\windows\Tasks\At33.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-11 c:\windows\Tasks\At35.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-01 c:\windows\Tasks\At37.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-07 c:\windows\Tasks\At39.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-07 c:\windows\Tasks\At41.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-01 c:\windows\Tasks\At43.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-06 c:\windows\Tasks\At45.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-12 c:\windows\Tasks\At47.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-01 c:\windows\Tasks\At5.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-01 c:\windows\Tasks\At7.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-01 c:\windows\Tasks\At9.job
    - c:\windows\system32\Y8Uj0v.com [2011-12-02 21:22]
    .
    2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-22 23:38]
    .
    2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-22 23:38]
    .
    2012-06-01 c:\windows\Tasks\ParetoLogic Registration.job
    - c:\windows\system32\rundll32.exe [2009-07-13 01:14]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
    "ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
    "SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
    "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
    "SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
    "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
    "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
    "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-06-01 1067256]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
    IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} -
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Bethany\AppData\Roaming\Mozilla\Firefox\Profiles\g18bkup8.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2612669&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1307415405&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB1&ctid=CT1060933&SearchSource=2&q=
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
    Toolbar-Locked - (no file)
    Toolbar-{90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
    Toolbar-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
    WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\SetId\Internal]
    @Denied: (A 2) (LocalSystem)
    "DEVICE2"="vcvIsaaxyAA="
    "DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"0\" InstallSTD=\"1289332796\" isSubsc=\"0\" authStat_av=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"3\" moduleId1=\"9\" moduleId2=\"0\" relType=\"1\" />"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-18 14:10:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-18 19:10
    ComboFix2.txt 2011-12-28 00:10
    .
    Pre-Run: 123,271,667,712 bytes free
    Post-Run: 123,383,304,192 bytes free
    .
    - - End Of File - - 23E7925A4A8C978B0C799581C82244F7
     
  23. Nordox3432

    Nordox3432 TS Rookie Topic Starter Posts: 22

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\program files (x86)\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
    scanner sequence 3.AP.11.TRBBRU
    ----- EOF -----





    Results of screen317's Security Check version 0.99.42
    Windows 7 x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Bitdefender Antivirus
    Antivirus out of date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.61.0.1400
    Java(TM) 6 Update 32
    Java version out of Date!
    Adobe Flash Player 11.2.202.235 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox 12.0 Firefox out of Date!
    Google Chrome 19.0.1084.52
    Google Chrome 19.0.1084.56
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Bitdefender Bitdefender 2012 vsserv.exe
    Bitdefender Bitdefender 2012 bdagent.exe
    Bitdefender Bitdefender 2012 updatesrv.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 9%
    ````````````````````End of Log``````````````````````
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    About advice from friends when it comes to removing malware from computer: The less you take, the better. All of the firums have stickys telling users not to use Combofix unless directed to do so by their helper- who will also assist them with the results!
    ==========================================
    1) Please update the following:
    Note: Check each download screen for any pre-checked Toolbars or BHOs. Uncheck them before the download.

    1. Windows 7 Service Pack: Windows Updates. You should get All updates marked Critical and the current SP updates.
    2. Bit Defender
    3. Adobe Flash>> Flash Player Update without any extras
    Win 32-bit IE> http://fpdownload.macromedia.com/pu...in/install_flash_player_11_active_x_32bit.exe
    Win32-bit other> http://fpdownload.macromedia.com/pu.../win/install_flash_player_11_plugin_32bit.exe
    Win 64-bit IE: http://fpdownload.macromedia.com/pu...in/install_flash_player_11_active_x_64bit.exe
    Win 64-bit Other http://fpdownload.macromedia.com/pu.../win/install_flash_player_11_plugin_64bit.exe
    4. Adobe Reader>> Adobe Reader Update
    5. Java>> Java Updates .
    6. Firefox
    Uninstall all outdated versions of the above as they are vunerabilities to the system.
    ===============================================
    2) Delete the Following Scheduled Tasks:
    Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.
    1. c:\windows\Tasks\Adobe Flash Player Updater
    2. c:\windows\Tasks\ParetoLogic Registration >> this is spyware
    To delete a task> right-click the task> click Delete.
    ==============================================
    3) You have Norton PC Checkup on the system, a known high resource user. This is a program downloaded either separately or as a bundle with updates to Adobe Flash, or in this care, bundled and preloaded by Toshiba. I'd like to remove these processes, okay?

    There are 3 entries for this running:
    1. Toshiba NortonOnlineBackupReminder to activate
    2. Toshiba Norton PC Checkup Application Launcher
    3. Norton ccSvcHst.exe which run it and uses 50-100% of the system resources
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [2011-1-17 115056]

    Let me know on this please.
    ===================================================
    4. Firefox Keyword Reset:

    • [1]. Open FireFox and instead of a url, type about:config in the Address Bar.
      [2]. Firefox will give you a warning, but go in anyway.
      [3]. Locate the keyword.url line. It should look like the image below.
      [​IMG]
      [4]. Right click on keyword.url, then select Reset
    ======================================================
    5) Have you intentionally set these pages to come up blank?
     
  25. Nordox3432

    Nordox3432 TS Rookie Topic Starter Posts: 22

    Thank you for your help. I'll finish updating ASAP, and I already finished steps 2 and 4. I haven't had any problems so far. And no I did not set those pages to intentionally come up blank.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...