Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Hacked, Then Hijacked [Closed]

Started by traveler818 , Oct 27 2012 05:43 AM

  • This topic is locked This topic is locked

#91
traveler818
Posted 16 January 2013 - 06:58 PM

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Sweet Dreams.

Redirects are a big problem. Less popups today after we finished, and the computer is running much faster.

The cursor jumps as does the page I am working on. I seem to be going phishing--I often get a completely unrelated site. Only once so far has text turned itself blue and deleted itself. All problems I had before but except for the redirects not nearly as bad.

Do I need a separate spyware program?

You have really put a lot of time into helping me. Thank you so much. I just emailed my aging mother and aunt--so glad to be back in touch. :D I am eager to have that lean, clean, no more screwups machine you promised when we started. To have got this far seems like a miracle. You know your stuff.

I never saw the option to save OTL to the desktop but I just found the log if you still need it. It was under Documents and entitled extra. Do you still need that log? The same is true of GMER.

How do I get it to the desktop (if I need to keep it)?, or here? I found it in program files, I think. Of the rest I am sure. I think send to an email address is an option, if there is one I should use, though that has never worked for me.

I am blocked from doing many things because I need permission from me the administrator and once I get that message, if the run as admin option is not there on a r click, how do I run as admin?

Edited by traveler818, 17 January 2013 - 12:34 AM.

  • 0

Advertisements

#92
Essexboy
Posted 17 January 2013 - 08:26 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK you will need to uninstall Avast as two antivirus programmes is not a good idea

I am blocked from doing many things because I need permission from me the administrator

What programmes are they ?

On the right click option you now have take ownership so we may need to use that
  • 0

#93
traveler818
Posted 17 January 2013 - 12:04 PM

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
I don't know why this is here twice. I can't delete it. the post below says the same but much more including the mbam log.

I uninstalled Avast to run GMER. When done, I reloaded Norton 360. I do not think there is any other antivirus program runniug.

What programmes are they ? I have to keep a log, but they are all administrator programs. I am told to get permission from computername\myname. Some let me run as admin, some don't. I can try a couple now.

Edited by traveler818, 17 January 2013 - 01:19 PM.

  • 0

#94
traveler818
Posted 17 January 2013 - 12:07 PM

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
I uninstalled Avast to run GMER. When done, I reloaded Norton 360. I do not think there is any other antivirus program runniug.

What programmes are they ? I have to keep a log, but they are all administrator programs. I am told to get permission from computername\myname. Some let me run as admin, some don't. I can try a couple now.

Did I post the mbam file results? I was really tired by then. I only remember that the scan said it was clean. If I did not (I fear I didn't), how do I retrieve them--I have not learned how to turn pages in notebook. Worst case, I can run it again. Scans don't take too long because everything is gone.

When I turned on the power this morning, I found the wireless light on. She removed the icon which I apparently need to reinstall it.

I downloaded a program called chameleon, designed to get mbam running if I can't but it does more. It has updated a driver, and it ran mbam, so the results are posted below. It is now searching for malicious processes.

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.17.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Carrie :: CARRIE-PC [administrator]

Protection: Enabled

1/17/2013 10:10:53 AM
mbam-log-2013-01-17 (10-10-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 222129
Time elapsed: 1 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by traveler818, 17 January 2013 - 12:18 PM.

  • 0

#95
Essexboy
Posted 17 January 2013 - 12:20 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets run one final check, this should come up clean

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#96
traveler818
Posted 17 January 2013 - 12:36 PM

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
10:28:01.0265 4932 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:28:01.0999 4932 ============================================================
10:28:01.0999 4932 Current date / time: 2013/01/17 10:28:01.0999
10:28:01.0999 4932 SystemInfo:
10:28:01.0999 4932
10:28:01.0999 4932 OS Version: 6.1.7601 ServicePack: 1.0
10:28:01.0999 4932 Product type: Workstation
10:28:01.0999 4932 ComputerName: CARRIE-PC
10:28:01.0999 4932 UserName: Carrie
10:28:01.0999 4932 Windows directory: C:\windows
10:28:01.0999 4932 System windows directory: C:\windows
10:28:01.0999 4932 Running under WOW64
10:28:01.0999 4932 Processor architecture: Intel x64
10:28:01.0999 4932 Number of processors: 4
10:28:01.0999 4932 Page size: 0x1000
10:28:01.0999 4932 Boot type: Normal boot
10:28:01.0999 4932 ============================================================
10:28:02.0545 4932 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:28:02.0545 4932 ============================================================
10:28:02.0545 4932 \Device\Harddisk0\DR0:
10:28:02.0545 4932 MBR partitions:
10:28:02.0545 4932 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x36CF4000
10:28:02.0545 4932 ============================================================
10:28:02.0576 4932 C: <-> \Device\Harddisk0\DR0\Partition1
10:28:02.0576 4932 ============================================================
10:28:02.0576 4932 Initialize success
10:28:02.0576 4932 ============================================================
10:29:58.0250 3796 ============================================================
10:29:58.0250 3796 Scan started
10:29:58.0250 3796 Mode: Manual; SigCheck; TDLFS;
10:29:58.0250 3796 ============================================================
10:29:58.0609 3796 ================ Scan system memory ========================
10:29:58.0609 3796 System memory - ok
10:29:58.0624 3796 ================ Scan services =============================
10:29:59.0202 3796 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
10:29:59.0436 3796 1394ohci - ok
10:29:59.0498 3796 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
10:29:59.0545 3796 ACPI - ok
10:29:59.0560 3796 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
10:29:59.0623 3796 AcpiPmi - ok
10:29:59.0685 3796 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
10:29:59.0748 3796 adp94xx - ok
10:29:59.0779 3796 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
10:29:59.0810 3796 adpahci - ok
10:29:59.0810 3796 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
10:29:59.0826 3796 adpu320 - ok
10:29:59.0857 3796 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
10:30:00.0013 3796 AeLookupSvc - ok
10:30:00.0091 3796 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
10:30:00.0200 3796 AFD - ok
10:30:00.0262 3796 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
10:30:00.0294 3796 agp440 - ok
10:30:00.0325 3796 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
10:30:00.0418 3796 ALG - ok
10:30:00.0465 3796 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
10:30:00.0496 3796 aliide - ok
10:30:00.0496 3796 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
10:30:00.0528 3796 amdide - ok
10:30:00.0528 3796 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
10:30:00.0574 3796 AmdK8 - ok
10:30:00.0574 3796 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
10:30:00.0621 3796 AmdPPM - ok
10:30:00.0652 3796 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
10:30:00.0684 3796 amdsata - ok
10:30:00.0684 3796 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
10:30:00.0699 3796 amdsbs - ok
10:30:00.0699 3796 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
10:30:00.0730 3796 amdxata - ok
10:30:00.0746 3796 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
10:30:00.0902 3796 AppID - ok
10:30:00.0933 3796 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
10:30:01.0042 3796 AppIDSvc - ok
10:30:01.0058 3796 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
10:30:01.0136 3796 Appinfo - ok
10:30:01.0167 3796 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
10:30:01.0198 3796 arc - ok
10:30:01.0198 3796 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
10:30:01.0214 3796 arcsas - ok
10:30:01.0464 3796 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:30:01.0510 3796 aspnet_state - ok
10:30:01.0542 3796 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
10:30:01.0604 3796 AsyncMac - ok
10:30:01.0620 3796 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
10:30:01.0651 3796 atapi - ok
10:30:01.0698 3796 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
10:30:01.0776 3796 AudioEndpointBuilder - ok
10:30:01.0791 3796 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
10:30:01.0838 3796 AudioSrv - ok
10:30:01.0854 3796 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
10:30:01.0963 3796 AxInstSV - ok
10:30:01.0994 3796 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
10:30:02.0056 3796 b06bdrv - ok
10:30:02.0088 3796 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
10:30:02.0134 3796 b57nd60a - ok
10:30:02.0166 3796 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
10:30:02.0259 3796 BDESVC - ok
10:30:02.0290 3796 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
10:30:02.0400 3796 Beep - ok
10:30:02.0462 3796 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
10:30:02.0556 3796 BFE - ok
10:30:02.0946 3796 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130111.001\BHDrvx64.sys
10:30:03.0008 3796 BHDrvx64 - ok
10:30:03.0039 3796 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
10:30:03.0117 3796 BITS - ok
10:30:03.0148 3796 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
10:30:03.0226 3796 blbdrive - ok
10:30:03.0258 3796 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
10:30:03.0351 3796 bowser - ok
10:30:03.0367 3796 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
10:30:03.0398 3796 BrFiltLo - ok
10:30:03.0414 3796 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
10:30:03.0429 3796 BrFiltUp - ok
10:30:03.0445 3796 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
10:30:03.0492 3796 BridgeMP - ok
10:30:03.0585 3796 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
10:30:03.0679 3796 Browser - ok
10:30:03.0710 3796 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
10:30:03.0804 3796 Brserid - ok
10:30:03.0819 3796 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
10:30:03.0850 3796 BrSerWdm - ok
10:30:03.0866 3796 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
10:30:03.0913 3796 BrUsbMdm - ok
10:30:03.0944 3796 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
10:30:03.0975 3796 BrUsbSer - ok
10:30:03.0975 3796 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
10:30:04.0006 3796 BTHMODEM - ok
10:30:04.0038 3796 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
10:30:04.0100 3796 bthserv - ok
10:30:04.0178 3796 [ A5C13600F63EB92F8D15123D64BA9895 ] ccSet_N360 C:\windows\system32\drivers\N360x64\1401000.018\ccSetx64.sys
10:30:04.0209 3796 ccSet_N360 - ok
10:30:04.0240 3796 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
10:30:04.0350 3796 cdfs - ok
10:30:04.0381 3796 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
10:30:04.0412 3796 cdrom - ok
10:30:04.0443 3796 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
10:30:04.0537 3796 CertPropSvc - ok
10:30:04.0568 3796 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
10:30:04.0599 3796 circlass - ok
10:30:04.0630 3796 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
10:30:04.0646 3796 CLFS - ok
10:30:04.0755 3796 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:30:04.0786 3796 clr_optimization_v2.0.50727_32 - ok
10:30:04.0880 3796 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:30:04.0911 3796 clr_optimization_v2.0.50727_64 - ok
10:30:05.0130 3796 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:30:05.0176 3796 clr_optimization_v4.0.30319_32 - ok
10:30:05.0192 3796 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:30:05.0239 3796 clr_optimization_v4.0.30319_64 - ok
10:30:05.0270 3796 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
10:30:05.0301 3796 CmBatt - ok
10:30:05.0317 3796 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
10:30:05.0332 3796 cmdide - ok
10:30:05.0379 3796 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys
10:30:05.0410 3796 CNG - ok
10:30:05.0488 3796 [ 20506F12AFAD3DB588D007EA9325FBBC ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
10:30:05.0535 3796 CnxtHdAudService - ok
10:30:05.0582 3796 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
10:30:05.0598 3796 Compbatt - ok
10:30:05.0613 3796 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
10:30:05.0644 3796 CompositeBus - ok
10:30:05.0660 3796 COMSysApp - ok
10:30:05.0660 3796 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
10:30:05.0676 3796 crcdisk - ok
10:30:05.0722 3796 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
10:30:05.0816 3796 CryptSvc - ok
10:30:05.0863 3796 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
10:30:05.0941 3796 DcomLaunch - ok
10:30:05.0972 3796 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
10:30:06.0066 3796 defragsvc - ok
10:30:06.0112 3796 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
10:30:06.0206 3796 DfsC - ok
10:30:06.0253 3796 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
10:30:06.0315 3796 Dhcp - ok
10:30:06.0346 3796 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
10:30:06.0409 3796 discache - ok
10:30:06.0440 3796 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
10:30:06.0456 3796 Disk - ok
10:30:06.0502 3796 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
10:30:06.0580 3796 Dnscache - ok
10:30:06.0596 3796 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
10:30:06.0658 3796 dot3svc - ok
10:30:06.0674 3796 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
10:30:06.0736 3796 DPS - ok
10:30:06.0768 3796 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
10:30:06.0799 3796 drmkaud - ok
10:30:06.0830 3796 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
10:30:06.0877 3796 DXGKrnl - ok
10:30:06.0892 3796 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
10:30:06.0955 3796 EapHost - ok
10:30:07.0064 3796 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
10:30:07.0142 3796 ebdrv - ok
10:30:07.0251 3796 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:30:07.0298 3796 eeCtrl - ok
10:30:07.0329 3796 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
10:30:07.0407 3796 EFS - ok
10:30:07.0548 3796 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
10:30:07.0626 3796 ehRecvr - ok
10:30:07.0688 3796 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
10:30:07.0704 3796 ehSched - ok
10:30:07.0828 3796 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
10:30:09.0778 3796 elxstor - ok
10:30:09.0841 3796 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:30:09.0856 3796 EraserUtilRebootDrv - ok
10:30:09.0856 3796 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
10:30:09.0903 3796 ErrDev - ok
10:30:09.0966 3796 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
10:30:10.0012 3796 EventSystem - ok
10:30:10.0044 3796 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
10:30:10.0090 3796 exfat - ok
10:30:10.0090 3796 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
10:30:10.0168 3796 fastfat - ok
10:30:10.0231 3796 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
10:30:10.0340 3796 Fax - ok
10:30:10.0356 3796 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
10:30:10.0387 3796 fdc - ok
10:30:10.0434 3796 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
10:30:10.0558 3796 fdPHost - ok
10:30:10.0574 3796 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
10:30:10.0636 3796 FDResPub - ok
10:30:10.0683 3796 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
10:30:10.0730 3796 FileInfo - ok
10:30:10.0746 3796 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
10:30:10.0824 3796 Filetrace - ok
10:30:10.0824 3796 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
10:30:10.0839 3796 flpydisk - ok
10:30:10.0870 3796 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
10:30:10.0902 3796 FltMgr - ok
10:30:10.0964 3796 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
10:30:11.0026 3796 FontCache - ok
10:30:11.0073 3796 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:30:11.0089 3796 FontCache3.0.0.0 - ok
10:30:11.0089 3796 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
10:30:11.0104 3796 FsDepends - ok
10:30:11.0151 3796 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
10:30:11.0182 3796 Fs_Rec - ok
10:30:11.0214 3796 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
10:30:11.0245 3796 fvevol - ok
10:30:11.0276 3796 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
10:30:11.0323 3796 gagp30kx - ok
10:30:11.0401 3796 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
10:30:11.0479 3796 gpsvc - ok
10:30:11.0604 3796 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:30:11.0635 3796 gupdate - ok
10:30:11.0650 3796 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:30:11.0666 3796 gupdatem - ok
10:30:11.0697 3796 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
10:30:11.0744 3796 hcw85cir - ok
10:30:11.0775 3796 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
10:30:11.0822 3796 HdAudAddService - ok
10:30:11.0822 3796 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
10:30:11.0853 3796 HDAudBus - ok
10:30:11.0853 3796 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
10:30:11.0931 3796 HidBatt - ok
10:30:11.0947 3796 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
10:30:11.0978 3796 HidBth - ok
10:30:11.0994 3796 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
10:30:12.0025 3796 HidIr - ok
10:30:12.0056 3796 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
10:30:12.0103 3796 hidserv - ok
10:30:12.0134 3796 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
10:30:12.0165 3796 HidUsb - ok
10:30:12.0196 3796 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
10:30:12.0274 3796 hkmsvc - ok
10:30:12.0290 3796 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
10:30:12.0337 3796 HomeGroupListener - ok
10:30:12.0368 3796 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
10:30:12.0399 3796 HomeGroupProvider - ok
10:30:12.0430 3796 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
10:30:12.0462 3796 HpSAMD - ok
10:30:12.0493 3796 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
10:30:12.0555 3796 HTTP - ok
10:30:12.0571 3796 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
10:30:12.0586 3796 hwpolicy - ok
10:30:12.0618 3796 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
10:30:12.0633 3796 i8042prt - ok
10:30:12.0696 3796 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
10:30:12.0711 3796 iaStor - ok
10:30:12.0758 3796 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
10:30:12.0805 3796 iaStorV - ok
10:30:12.0867 3796 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:30:12.0898 3796 IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:30:12.0898 3796 IDriverT - detected UnsignedFile.Multi.Generic (1)
10:30:12.0961 3796 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:30:13.0023 3796 idsvc - ok
10:30:13.0179 3796 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130116.002\IDSvia64.sys
10:30:13.0210 3796 IDSVia64 - ok
10:30:13.0522 3796 [ 0D1B8C64BDF0E5CDC523A1409FFB5EF0 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
10:30:13.0912 3796 igfx - ok
10:30:13.0944 3796 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
10:30:13.0959 3796 iirsp - ok
10:30:14.0006 3796 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
10:30:14.0084 3796 IKEEXT - ok
10:30:14.0131 3796 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
10:30:14.0178 3796 IntcDAud - ok
10:30:14.0193 3796 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
10:30:14.0209 3796 intelide - ok
10:30:14.0240 3796 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
10:30:14.0271 3796 intelppm - ok
10:30:14.0318 3796 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
10:30:14.0380 3796 IPBusEnum - ok
10:30:14.0412 3796 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
10:30:14.0474 3796 IpFilterDriver - ok
10:30:14.0521 3796 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
10:30:14.0614 3796 iphlpsvc - ok
10:30:14.0630 3796 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
10:30:14.0677 3796 IPMIDRV - ok
10:30:14.0677 3796 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
10:30:14.0724 3796 IPNAT - ok
10:30:14.0755 3796 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
10:30:14.0833 3796 IRENUM - ok
10:30:14.0848 3796 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
10:30:14.0864 3796 isapnp - ok
10:30:14.0895 3796 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
10:30:14.0911 3796 iScsiPrt - ok
10:30:14.0926 3796 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
10:30:14.0958 3796 kbdclass - ok
10:30:14.0989 3796 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
10:30:15.0020 3796 kbdhid - ok
10:30:15.0036 3796 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
10:30:15.0082 3796 KeyIso - ok
10:30:15.0098 3796 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
10:30:15.0114 3796 KSecDD - ok
10:30:15.0145 3796 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
10:30:15.0160 3796 KSecPkg - ok
10:30:15.0207 3796 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
10:30:15.0285 3796 ksthunk - ok
10:30:15.0316 3796 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
10:30:15.0394 3796 KtmRm - ok
10:30:15.0426 3796 [ EBED8B3FF4A823C1A6EEBEED7B29353F ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
10:30:15.0441 3796 L1C - ok
10:30:15.0472 3796 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
10:30:15.0519 3796 LanmanServer - ok
10:30:15.0582 3796 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
10:30:15.0660 3796 LanmanWorkstation - ok
10:30:15.0706 3796 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
10:30:15.0800 3796 lltdio - ok
10:30:15.0847 3796 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
10:30:15.0909 3796 lltdsvc - ok
10:30:15.0925 3796 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
10:30:15.0972 3796 lmhosts - ok
10:30:16.0034 3796 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
10:30:16.0081 3796 LMS - ok
10:30:16.0112 3796 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
10:30:16.0143 3796 LSI_FC - ok
10:30:16.0159 3796 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
10:30:16.0174 3796 LSI_SAS - ok
10:30:16.0174 3796 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
10:30:16.0190 3796 LSI_SAS2 - ok
10:30:16.0221 3796 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
10:30:16.0252 3796 LSI_SCSI - ok
10:30:16.0268 3796 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
10:30:16.0330 3796 luafv - ok
10:30:16.0362 3796 [ 8B03202C731A0B967927EB7E5B2E470C ] mbamchameleon C:\windows\system32\drivers\mbamchameleon.sys
10:30:16.0424 3796 mbamchameleon - ok
10:30:16.0471 3796 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\windows\system32\drivers\mbam.sys
10:30:16.0518 3796 MBAMProtector - ok
10:30:16.0580 3796 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:30:16.0611 3796 MBAMScheduler - ok
10:30:16.0658 3796 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:30:16.0674 3796 MBAMService - ok
10:30:16.0736 3796 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
10:30:16.0767 3796 McciCMService ( UnsignedFile.Multi.Generic ) - warning
10:30:16.0767 3796 McciCMService - detected UnsignedFile.Multi.Generic (1)
10:30:16.0876 3796 [ BE3D584D7C021EB7D89166EECB83C341 ] McciCMService64 C:\Program Files\Common Files\Motive\McciCMService.exe
10:30:16.0908 3796 McciCMService64 ( UnsignedFile.Multi.Generic ) - warning
10:30:16.0908 3796 McciCMService64 - detected UnsignedFile.Multi.Generic (1)
10:30:16.0939 3796 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
10:30:17.0001 3796 Mcx2Svc - ok
10:30:17.0032 3796 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
10:30:17.0048 3796 megasas - ok
10:30:17.0064 3796 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
10:30:17.0079 3796 MegaSR - ok
10:30:17.0110 3796 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
10:30:17.0142 3796 MEIx64 - ok
10:30:17.0173 3796 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
10:30:17.0251 3796 MMCSS - ok
10:30:17.0266 3796 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
10:30:17.0313 3796 Modem - ok
10:30:17.0344 3796 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
10:30:17.0376 3796 monitor - ok
10:30:17.0391 3796 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
10:30:17.0407 3796 mouclass - ok
10:30:17.0407 3796 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
10:30:17.0438 3796 mouhid - ok
10:30:17.0454 3796 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
10:30:17.0469 3796 mountmgr - ok
10:30:17.0500 3796 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
10:30:17.0532 3796 mpio - ok
10:30:17.0532 3796 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
10:30:17.0578 3796 mpsdrv - ok
10:30:17.0625 3796 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
10:30:17.0703 3796 MpsSvc - ok
10:30:17.0766 3796 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
10:30:17.0781 3796 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
10:30:17.0781 3796 MREMP50 - detected UnsignedFile.Multi.Generic (1)
10:30:17.0797 3796 MREMP50a64 - ok
10:30:17.0812 3796 MREMPR5 - ok
10:30:17.0828 3796 MRENDIS5 - ok
10:30:17.0844 3796 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
10:30:17.0875 3796 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
10:30:17.0875 3796 MRESP50 - detected UnsignedFile.Multi.Generic (1)
10:30:17.0875 3796 MRESP50a64 - ok
10:30:17.0906 3796 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
10:30:17.0937 3796 MRxDAV - ok
10:30:17.0953 3796 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
10:30:18.0078 3796 mrxsmb - ok
10:30:18.0078 3796 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
10:30:18.0109 3796 mrxsmb10 - ok
10:30:18.0109 3796 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
10:30:18.0140 3796 mrxsmb20 - ok
10:30:18.0140 3796 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
10:30:18.0187 3796 msahci - ok
10:30:18.0187 3796 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
10:30:18.0202 3796 msdsm - ok
10:30:18.0249 3796 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
10:30:18.0327 3796 MSDTC - ok
10:30:18.0358 3796 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
10:30:18.0405 3796 Msfs - ok
10:30:18.0436 3796 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
10:30:18.0499 3796 mshidkmdf - ok
10:30:18.0499 3796 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
10:30:18.0530 3796 msisadrv - ok
10:30:18.0561 3796 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
10:30:18.0624 3796 MSiSCSI - ok
10:30:18.0624 3796 msiserver - ok
10:30:18.0670 3796 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
10:30:18.0748 3796 MSKSSRV - ok
10:30:18.0748 3796 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
10:30:18.0795 3796 MSPCLOCK - ok
10:30:18.0795 3796 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
10:30:18.0873 3796 MSPQM - ok
10:30:18.0904 3796 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
10:30:18.0920 3796 MsRPC - ok
10:30:18.0936 3796 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
10:30:18.0951 3796 mssmbios - ok
10:30:18.0982 3796 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
10:30:19.0029 3796 MSTEE - ok
10:30:19.0029 3796 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
10:30:19.0060 3796 MTConfig - ok
10:30:19.0060 3796 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
10:30:19.0076 3796 Mup - ok
10:30:19.0294 3796 [ 8D11DA92F83D8C8281689739BEF05FD5 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe
10:30:19.0341 3796 N360 - ok
10:30:19.0372 3796 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
10:30:19.0435 3796 napagent - ok
10:30:19.0482 3796 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
10:30:19.0544 3796 NativeWifiP - ok
10:30:19.0669 3796 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130117.003\ENG64.SYS
10:30:19.0716 3796 NAVENG - ok
10:30:19.0809 3796 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130117.003\EX64.SYS
10:30:19.0856 3796 NAVEX15 - ok
10:30:19.0934 3796 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
10:30:19.0997 3796 NDIS - ok
10:30:20.0028 3796 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
10:30:20.0075 3796 NdisCap - ok
10:30:20.0090 3796 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
10:30:20.0137 3796 NdisTapi - ok
10:30:20.0137 3796 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
10:30:20.0199 3796 Ndisuio - ok
10:30:20.0199 3796 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
10:30:20.0246 3796 NdisWan - ok
10:30:20.0277 3796 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
10:30:20.0309 3796 NDProxy - ok
10:30:20.0324 3796 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
10:30:20.0387 3796 NetBIOS - ok
10:30:20.0433 3796 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
10:30:20.0465 3796 NetBT - ok
10:30:20.0480 3796 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
10:30:20.0511 3796 Netlogon - ok
10:30:20.0558 3796 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
10:30:20.0621 3796 Netman - ok
10:30:20.0652 3796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:30:20.0714 3796 NetMsmqActivator - ok
10:30:20.0714 3796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:30:20.0730 3796 NetPipeActivator - ok
10:30:20.0761 3796 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
10:30:20.0823 3796 netprofm - ok
10:30:20.0823 3796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:30:20.0839 3796 NetTcpActivator - ok
10:30:20.0855 3796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:30:20.0870 3796 NetTcpPortSharing - ok
10:30:20.0901 3796 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
10:30:20.0917 3796 nfrd960 - ok
10:30:20.0964 3796 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
10:30:21.0011 3796 NlaSvc - ok
10:30:21.0042 3796 Norton PC Checkup Application Launcher - ok
10:30:21.0042 3796 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
10:30:21.0089 3796 Npfs - ok
10:30:21.0104 3796 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
10:30:21.0167 3796 nsi - ok
10:30:21.0198 3796 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
10:30:21.0245 3796 nsiproxy - ok
10:30:21.0323 3796 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
10:30:21.0369 3796 Ntfs - ok
10:30:21.0385 3796 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
10:30:21.0447 3796 Null - ok
10:30:21.0447 3796 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
10:30:21.0479 3796 nvraid - ok
10:30:21.0479 3796 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
10:30:21.0510 3796 nvstor - ok
10:30:21.0525 3796 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
10:30:21.0541 3796 nv_agp - ok
10:30:21.0572 3796 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
10:30:21.0588 3796 ohci1394 - ok
10:30:21.0619 3796 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
10:30:21.0666 3796 p2pimsvc - ok
10:30:21.0713 3796 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
10:30:21.0759 3796 p2psvc - ok
10:30:21.0775 3796 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
10:30:21.0837 3796 Parport - ok
10:30:21.0869 3796 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
10:30:21.0915 3796 partmgr - ok
10:30:21.0931 3796 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
10:30:21.0978 3796 PcaSvc - ok
10:30:22.0025 3796 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
10:30:22.0040 3796 PCCUJobMgr - ok
10:30:22.0071 3796 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
10:30:22.0103 3796 pci - ok
10:30:22.0103 3796 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
10:30:22.0134 3796 pciide - ok
10:30:22.0134 3796 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
10:30:22.0149 3796 pcmcia - ok
10:30:22.0149 3796 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
10:30:22.0181 3796 pcw - ok
10:30:22.0196 3796 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
10:30:22.0259 3796 PEAUTH - ok
10:30:22.0493 3796 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
10:30:22.0555 3796 PerfHost - ok
10:30:22.0586 3796 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
10:30:22.0649 3796 PGEffect - ok
10:30:22.0727 3796 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
10:30:22.0805 3796 pla - ok
10:30:22.0851 3796 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
10:30:22.0929 3796 PlugPlay - ok
10:30:22.0945 3796 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
10:30:22.0976 3796 PNRPAutoReg - ok
10:30:22.0992 3796 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
10:30:23.0007 3796 PNRPsvc - ok
10:30:23.0039 3796 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
10:30:23.0101 3796 PolicyAgent - ok
10:30:23.0132 3796 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
10:30:23.0210 3796 Power - ok
10:30:23.0257 3796 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
10:30:23.0304 3796 PptpMiniport - ok
10:30:23.0319 3796 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
10:30:23.0366 3796 Processor - ok
10:30:23.0413 3796 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
10:30:23.0507 3796 ProfSvc - ok
10:30:23.0522 3796 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
10:30:23.0538 3796 ProtectedStorage - ok
10:30:23.0569 3796 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
10:30:23.0616 3796 Psched - ok
10:30:23.0663 3796 [ C8FCB4899F8B70CC34E0D9876A80963C ] QIOMem C:\windows\system32\DRIVERS\QIOMem.sys
10:30:23.0741 3796 QIOMem - ok
10:30:23.0803 3796 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
10:30:23.0850 3796 ql2300 - ok
10:30:23.0850 3796 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
10:30:23.0865 3796 ql40xx - ok
10:30:23.0897 3796 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
10:30:23.0928 3796 QWAVE - ok
10:30:23.0928 3796 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
10:30:23.0959 3796 QWAVEdrv - ok
10:30:23.0975 3796 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
10:30:24.0037 3796 RasAcd - ok
10:30:24.0068 3796 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
10:30:24.0146 3796 RasAgileVpn - ok
10:30:24.0162 3796 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
10:30:24.0271 3796 RasAuto - ok
10:30:24.0287 3796 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
10:30:24.0333 3796 Rasl2tp - ok
10:30:24.0380 3796 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
10:30:24.0443 3796 RasMan - ok
10:30:24.0458 3796 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
10:30:24.0521 3796 RasPppoe - ok
10:30:24.0536 3796 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
10:30:24.0599 3796 RasSstp - ok
10:30:24.0614 3796 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
10:30:24.0677 3796 rdbss - ok
10:30:24.0677 3796 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
10:30:24.0708 3796 rdpbus - ok
10:30:24.0723 3796 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
10:30:24.0770 3796 RDPCDD - ok
10:30:24.0770 3796 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
10:30:24.0833 3796 RDPENCDD - ok
10:30:24.0833 3796 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
10:30:24.0879 3796 RDPREFMP - ok
10:30:24.0911 3796 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
10:30:25.0020 3796 RdpVideoMiniport - ok
10:30:25.0067 3796 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
10:30:25.0145 3796 RDPWD - ok
10:30:25.0176 3796 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
10:30:25.0238 3796 rdyboost - ok
10:30:25.0254 3796 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
10:30:25.0347 3796 RemoteAccess - ok
10:30:25.0379 3796 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
10:30:25.0472 3796 RemoteRegistry - ok
10:30:25.0503 3796 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
10:30:25.0550 3796 RpcEptMapper - ok
10:30:25.0581 3796 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
10:30:25.0597 3796 RpcLocator - ok
10:30:25.0613 3796 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
10:30:25.0659 3796 RpcSs - ok
10:30:25.0706 3796 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
10:30:25.0815 3796 rspndr - ok
10:30:25.0878 3796 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
10:30:25.0940 3796 RSUSBSTOR - ok
10:30:25.0971 3796 [ E5DC911D0FEB72CAFF2BBDD6E7C3672F ] RSUSBVSTOR C:\windows\system32\Drivers\RTSUVSTOR.sys
10:30:26.0003 3796 RSUSBVSTOR - ok
10:30:26.0018 3796 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
10:30:26.0034 3796 SamSs - ok
10:30:26.0065 3796 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
10:30:26.0081 3796 sbp2port - ok
10:30:26.0112 3796 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
10:30:26.0190 3796 SCardSvr - ok
10:30:26.0205 3796 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
10:30:26.0268 3796 scfilter - ok
10:30:26.0299 3796 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
10:30:26.0377 3796 Schedule - ok
10:30:26.0393 3796 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
10:30:26.0439 3796 SCPolicySvc - ok
10:30:26.0471 3796 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
10:30:26.0564 3796 SDRSVC - ok
10:30:26.0611 3796 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
10:30:26.0705 3796 secdrv - ok
10:30:26.0736 3796 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
10:30:26.0783 3796 seclogon - ok
10:30:26.0798 3796 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
10:30:26.0861 3796 SENS - ok
10:30:26.0876 3796 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
10:30:26.0923 3796 SensrSvc - ok
10:30:26.0954 3796 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
10:30:26.0985 3796 Serenum - ok
10:30:27.0017 3796 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
10:30:27.0048 3796 Serial - ok
10:30:27.0063 3796 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
10:30:27.0079 3796 sermouse - ok
10:30:27.0126 3796 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
10:30:27.0173 3796 SessionEnv - ok
10:30:27.0204 3796 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
10:30:27.0235 3796 sffdisk - ok
10:30:27.0251 3796 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
10:30:27.0297 3796 sffp_mmc - ok
10:30:27.0313 3796 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
10:30:27.0344 3796 sffp_sd - ok
10:30:27.0360 3796 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
10:30:27.0375 3796 sfloppy - ok
10:30:27.0407 3796 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
10:30:27.0453 3796 SharedAccess - ok
10:30:27.0485 3796 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
10:30:27.0547 3796 ShellHWDetection - ok
10:30:27.0563 3796 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
10:30:27.0594 3796 SiSRaid2 - ok
10:30:27.0594 3796 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
10:30:27.0625 3796 SiSRaid4 - ok
10:30:27.0641 3796 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
10:30:27.0687 3796 Smb - ok
10:30:27.0719 3796 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
10:30:27.0781 3796 SNMPTRAP - ok
10:30:27.0812 3796 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
10:30:27.0828 3796 spldr - ok
10:30:27.0859 3796 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
10:30:27.0890 3796 Spooler - ok
10:30:27.0999 3796 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
10:30:28.0109 3796 sppsvc - ok
10:30:28.0109 3796 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
10:30:28.0155 3796 sppuinotify - ok
10:30:28.0280 3796 [ B2FE88C5E621C8345CC9BAC5CFD366B0 ] SRTSP C:\windows\system32\drivers\N360x64\1401000.018\SRTSP64.SYS
10:30:28.0327 3796 SRTSP - ok
10:30:28.0343 3796 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\windows\system32\drivers\N360x64\1401000.018\SRTSPX64.SYS
10:30:28.0358 3796 SRTSPX - ok
10:30:28.0389 3796 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
10:30:28.0452 3796 srv - ok
10:30:28.0467 3796 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
10:30:28.0499 3796 srv2 - ok
10:30:28.0545 3796 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\windows\system32\DRIVERS\VSTAZL6.SYS
10:30:28.0608 3796 SrvHsfHDA - ok
10:30:28.0655 3796 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\windows\system32\DRIVERS\VSTDPV6.SYS
10:30:28.0717 3796 SrvHsfV92 - ok
10:30:28.0748 3796 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\windows\system32\DRIVERS\VSTCNXT6.SYS
10:30:28.0779 3796 SrvHsfWinac - ok
10:30:28.0795 3796 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
10:30:28.0811 3796 srvnet - ok
10:30:28.0857 3796 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
10:30:28.0920 3796 SSDPSRV - ok
10:30:28.0935 3796 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
10:30:28.0982 3796 SstpSvc - ok
10:30:29.0013 3796 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
10:30:29.0060 3796 stexstor - ok
10:30:29.0138 3796 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
10:30:29.0216 3796 stisvc - ok
10:30:29.0232 3796 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
10:30:29.0263 3796 swenum - ok
10:30:29.0294 3796 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
10:30:29.0372 3796 swprv - ok
10:30:29.0435 3796 [ 688BBE78970E639BC1D66AE733394DCF ] SymDS C:\windows\system32\drivers\N360x64\1401000.018\SYMDS64.SYS
10:30:29.0481 3796 SymDS - ok
10:30:29.0606 3796 [ A17EE0D0D762CC9B56FB9218D7089AFB ] SymEFA C:\windows\system32\drivers\N360x64\1401000.018\SYMEFA64.SYS
10:30:29.0653 3796 SymEFA - ok
10:30:29.0700 3796 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
10:30:29.0715 3796 SymEvent - ok
10:30:29.0762 3796 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\windows\system32\drivers\N360x64\1401000.018\Ironx64.SYS
10:30:29.0793 3796 SymIRON - ok
10:30:29.0856 3796 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\windows\system32\drivers\N360x64\1401000.018\SYMNETS.SYS
10:30:29.0903 3796 SymNetS - ok
10:30:29.0981 3796 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
10:30:30.0074 3796 SynTP - ok
10:30:30.0152 3796 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
10:30:30.0230 3796 SysMain - ok
10:30:30.0246 3796 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
10:30:30.0293 3796 TabletInputService - ok
10:30:30.0527 3796 [ F38BE8B8E7A5B8816A857B0AD0EB8ABA ] taisregispinger C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe
10:30:30.0589 3796 taisregispinger - ok
10:30:30.0620 3796 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
10:30:30.0683 3796 TapiSrv - ok
10:30:30.0698 3796 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
10:30:30.0745 3796 TBS - ok
10:30:30.0823 3796 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
10:30:30.0885 3796 Tcpip - ok
10:30:30.0917 3796 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
10:30:30.0963 3796 TCPIP6 - ok
10:30:30.0979 3796 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
10:30:31.0010 3796 tcpipreg - ok
10:30:31.0057 3796 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
10:30:31.0073 3796 tdcmdpst - ok
10:30:31.0088 3796 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
10:30:31.0151 3796 TDPIPE - ok
10:30:31.0182 3796 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
10:30:31.0229 3796 TDTCP - ok
10:30:31.0260 3796 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
10:30:31.0338 3796 tdx - ok
10:30:31.0338 3796 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
10:30:31.0353 3796 TermDD - ok
10:30:31.0385 3796 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
10:30:31.0431 3796 TermService - ok
10:30:31.0447 3796 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
10:30:31.0478 3796 Themes - ok
10:30:31.0509 3796 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
10:30:31.0541 3796 THREADORDER - ok
10:30:31.0587 3796 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
10:30:31.0603 3796 TMachInfo - ok
10:30:31.0650 3796 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\Windows\system32\TODDSrv.exe
10:30:31.0665 3796 TODDSrv - ok
10:30:31.0806 3796 [ 1C73689B900428C7D054A41C4687F55C ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
10:30:31.0837 3796 TosCoSrv - ok
10:30:31.0884 3796 [ 63AAFCF3EA5DBB17123E0BAE9AFE4D58 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
10:30:31.0915 3796 TOSHIBA eco Utility Service - ok
10:30:31.0977 3796 [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
10:30:32.0024 3796 TOSHIBA HDD SSD Alert Service - ok
10:30:32.0071 3796 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
10:30:32.0102 3796 tos_sps64 - ok
10:30:32.0180 3796 [ 098B8A408C17E125A3D9A8E1166780C8 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
10:30:32.0227 3796 TPCHSrv - ok
10:30:32.0258 3796 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
10:30:32.0321 3796 TrkWks - ok
10:30:32.0367 3796 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
10:30:32.0414 3796 TrustedInstaller - ok
10:30:32.0430 3796 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
10:30:32.0477 3796 tssecsrv - ok
10:30:32.0508 3796 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
10:30:32.0570 3796 TsUsbFlt - ok
10:30:32.0586 3796 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
10:30:32.0617 3796 TsUsbGD - ok
10:30:32.0679 3796 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
10:30:32.0757 3796 tunnel - ok
10:30:32.0789 3796 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
10:30:32.0804 3796 TVALZ - ok
10:30:32.0835 3796 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
10:30:32.0851 3796 TVALZFL - ok
10:30:32.0867 3796 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
10:30:32.0882 3796 uagp35 - ok
10:30:32.0913 3796 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
10:30:33.0007 3796 udfs - ok
10:30:33.0038 3796 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
10:30:33.0054 3796 UI0Detect - ok
10:30:33.0069 3796 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
10:30:33.0101 3796 uliagpkx - ok
10:30:33.0147 3796 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
10:30:33.0210 3796 umbus - ok
10:30:33.0225 3796 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
10:30:33.0257 3796 UmPass - ok
10:30:33.0381 3796 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
10:30:33.0444 3796 UNS - ok
10:30:33.0475 3796 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
10:30:33.0569 3796 upnphost - ok
10:30:33.0600 3796 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
10:30:33.0647 3796 usbccgp - ok
10:30:33.0647 3796 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
10:30:33.0678 3796 usbcir - ok
10:30:33.0678 3796 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
10:30:33.0709 3796 usbehci - ok
10:30:33.0740 3796 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
10:30:33.0787 3796 usbhub - ok
10:30:33.0787 3796 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
10:30:33.0818 3796 usbohci - ok
10:30:33.0849 3796 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
10:30:33.0912 3796 usbprint - ok
10:30:33.0912 3796 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
10:30:33.0959 3796 USBSTOR - ok
10:30:33.0974 3796 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
10:30:34.0005 3796 usbuhci - ok
10:30:34.0037 3796 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
10:30:34.0068 3796 usbvideo - ok
10:30:34.0099 3796 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
10:30:34.0161 3796 UxSms - ok
10:30:34.0177 3796 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
10:30:34.0193 3796 VaultSvc - ok
10:30:34.0224 3796 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
10:30:34.0255 3796 vdrvroot - ok
10:30:34.0271 3796 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
10:30:34.0349 3796 vds - ok
10:30:34.0364 3796 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
10:30:34.0395 3796 vga - ok
10:30:34.0395 3796 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
10:30:34.0458 3796 VgaSave - ok
10:30:34.0473 3796 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
10:30:34.0505 3796 vhdmp - ok
10:30:34.0505 3796 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
10:30:34.0520 3796 viaide - ok
10:30:34.0536 3796 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
10:30:34.0567 3796 volmgr - ok
10:30:34.0583 3796 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
10:30:34.0614 3796 volmgrx - ok
10:30:34.0614 3796 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
10:30:34.0645 3796 volsnap - ok
10:30:34.0661 3796 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
10:30:34.0676 3796 vsmraid - ok
10:30:34.0754 3796 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
10:30:34.0863 3796 VSS - ok
10:30:34.0895 3796 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\System32\drivers\vwifibus.sys
10:30:34.0926 3796 vwifibus - ok
10:30:34.0941 3796 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
10:30:34.0988 3796 W32Time - ok
10:30:34.0988 3796 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
10:30:35.0035 3796 WacomPen - ok
10:30:35.0051 3796 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
10:30:35.0113 3796 WANARP - ok
10:30:35.0129 3796 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
10:30:35.0160 3796 Wanarpv6 - ok
10:30:35.0222 3796 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
10:30:35.0300 3796 WatAdminSvc - ok
10:30:35.0363 3796 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
10:30:35.0487 3796 wbengine - ok
10:30:35.0503 3796 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
10:30:35.0534 3796 WbioSrvc - ok
10:30:35.0550 3796 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
10:30:35.0612 3796 wcncsvc - ok
10:30:35.0628 3796 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
10:30:35.0659 3796 WcsPlugInService - ok
10:30:35.0690 3796 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
10:30:35.0706 3796 Wd - ok
10:30:35.0799 3796 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
10:30:35.0831 3796 Wdf01000 - ok
10:30:35.0862 3796 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
10:30:35.0924 3796 WdiServiceHost - ok
10:30:35.0924 3796 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
10:30:35.0955 3796 WdiSystemHost - ok
10:30:35.0987 3796 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
10:30:36.0096 3796 WebClient - ok
10:30:36.0127 3796 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
10:30:36.0221 3796 Wecsvc - ok
10:30:36.0252 3796 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
10:30:36.0299 3796 wercplsupport - ok
10:30:36.0330 3796 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
10:30:36.0377 3796 WerSvc - ok
10:30:36.0408 3796 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
10:30:36.0470 3796 WfpLwf - ok
10:30:36.0470 3796 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
10:30:36.0486 3796 WIMMount - ok
10:30:36.0501 3796 WinDefend - ok
10:30:36.0501 3796 WinHttpAutoProxySvc - ok
10:30:36.0626 3796 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
10:30:36.0704 3796 Winmgmt - ok
10:30:36.0798 3796 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
10:30:36.0907 3796 WinRM - ok
10:30:36.0969 3796 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
10:30:37.0032 3796 Wlansvc - ok
10:30:37.0063 3796 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:30:37.0079 3796 wlcrasvc - ok
10:30:37.0219 3796 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:30:37.0266 3796 wlidsvc - ok
10:30:37.0297 3796 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
10:30:37.0344 3796 WmiAcpi - ok
10:30:37.0359 3796 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
10:30:37.0406 3796 wmiApSrv - ok
10:30:37.0422 3796 WMPNetworkSvc - ok
10:30:37.0453 3796 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
10:30:37.0515 3796 WPCSvc - ok
10:30:37.0515 3796 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
10:30:37.0562 3796 WPDBusEnum - ok
10:30:37.0578 3796 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
10:30:37.0625 3796 ws2ifsl - ok
10:30:37.0640 3796 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
10:30:37.0687 3796 wscsvc - ok
10:30:37.0687 3796 WSearch - ok
10:30:37.0781 3796 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
10:30:37.0843 3796 wuauserv - ok
10:30:37.0859 3796 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
10:30:37.0937 3796 WudfPf - ok
10:30:37.0968 3796 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
10:30:38.0015 3796 wudfsvc - ok
10:30:38.0046 3796 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
10:30:38.0077 3796 WwanSvc - ok
10:30:38.0186 3796 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:30:38.0249 3796 YahooAUService - ok
10:30:38.0249 3796 ================ Scan global ===============================
10:30:38.0280 3796 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
10:30:38.0311 3796 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
10:30:38.0327 3796 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
10:30:38.0358 3796 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
10:30:38.0389 3796 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
10:30:38.0405 3796 [Global] - ok
10:30:38.0405 3796 ================ Scan MBR ==================================
10:30:38.0420 3796 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
10:30:39.0450 3796 \Device\Harddisk0\DR0 - ok
10:30:39.0450 3796 ================ Scan VBR ==================================
10:30:39.0481 3796 [ 8FE297C1CD24D00E792A57625A4553B7 ] \Device\Harddisk0\DR0\Partition1
10:30:39.0481 3796 \Device\Harddisk0\DR0\Partition1 - ok
10:30:39.0481 3796 ============================================================
10:30:39.0481 3796 Scan finished
10:30:39.0481 3796 ============================================================
10:30:39.0497 4816 Detected object count: 5
10:30:39.0497 4816 Actual detected object count: 5
10:31:39.0245 4816 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:39.0245 4816 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:39.0245 4816 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:39.0245 4816 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:39.0245 4816 McciCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:39.0245 4816 McciCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:39.0245 4816 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:39.0245 4816 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:31:39.0245 4816 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:39.0245 4816 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#97
traveler818
Posted 17 January 2013 - 12:38 PM

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
The scan found several threats. Cure was not available. results are posted. I see only 32-bits, which is what she was changing the system to.

When I am not allowed to access or do something, take ownership doesn't change that. I am still not allowed until I can figure out how to give myself permission.

Under Maintenance in the start menu, I found Windows remote assistance, which says it allows what we did yesterday with Avast.

I am still unable to find the page that lists users at the top and shows their permissions below. Just the one with me as admin--that wasn't there before, neither was the guest acct, which I think is an invitation for trouble.

Switch User was not there before--I do not need it. from inside windows, it only appeared when she was online. Now it is there all the time. From the signon page, it still only shows up when she is online, but it means logging out just to see. It was one way I knew she was online, but she figured it out and set it to be there all the time.

She had a command in the command window to run 32 bits. Originally she also had a hide exe command, which seemed to refer to the 64-bits. The computer couldn't find it, but that is what she does first--gets rid of anything 64-bit.

Edited by traveler818, 17 January 2013 - 02:30 PM.

  • 0

#98
Essexboy
Posted 17 January 2013 - 12:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
They are not threats as such just unsigned files, not a problem :)

How is the computer now ?
  • 0

#99
traveler818
Posted 17 January 2013 - 02:40 PM

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
No change I can see. Startup is slow as molasses and all the other glitches are still active. And my inability to find the users page with permissions has me concerned (I want to see it now or whenever), as do the changes she made--guest acct is unnecessary, but I cannot delete it.

Glad to know the scan results are not a problem. (I just got redirected). Why do I not see 64 bits?

Why is the wireless light on on the modem when I turn on the power, yet I cannot use wifi?--I turn everything off.

I just had a sentence disappear. I just took control of program files. At the top of the command window is:
C\windows\system32\cmd.exe. I don't see 64 bits anywhere so far.

I think some areas of Norton were blocked from me, but not sure.

I just checked Users under Computer. The Administrator file is empty.

I took ownership of the file with my name on it. It is still running. I see a lot of files it cannot find: "system cannot find path specified" . Again the window is labeled C\Windows\System32\cmd.exe. What if I changed the 32 to a 64?

Edited by traveler818, 17 January 2013 - 03:47 PM.

  • 0

#100
Essexboy
Posted 17 January 2013 - 03:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Where are you getting redirected to ?

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

Advertisements

#101
traveler818
Posted 17 January 2013 - 03:51 PM

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
Redirects are usually to my email acct or the Toshiba website, but occasionally, I may try for email and get CNN.
  • 0

#102
Essexboy
Posted 17 January 2013 - 03:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm I do not believe that to be malware

Did AdwCleaner find anything ?

Did you also uninstall Avast ?
  • 0

#103
traveler818
Posted 17 January 2013 - 04:07 PM

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
I uninstalled Avast yesterday and did not reinstall it--I installed Norton 360.

When all is system 32, it is the hackers work.

Running that report stopped the cmd window before it had finished taking ownership of Carrie. Should I do it again later?


Scan report:

# AdwCleaner v2.106 - Logfile created 01/17/2013 at 13:52:49
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Carrie - CARRIE-PC
# Boot Mode : Normal
# Running from : C:\Users\Carrie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K7ZHW6Q5\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Carrie\AppData\Local\Temp\boost_interprocess

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v12.0.742.100

File : C:\Users\Carrie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [842 octets] - [17/01/2013 13:52:49]

########## EOF - C:\AdwCleaner[S1].txt - [901 octets] ##########

Edited by traveler818, 17 January 2013 - 04:22 PM.

  • 0

#104
Essexboy
Posted 17 January 2013 - 04:11 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

When all is system 32, it is the hackers work.

Sorry I do not understand that
  • 0

#105
traveler818
Posted 17 January 2013 - 05:17 PM

traveler818

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts
She was configuring this computer to run in compatibiliy mode with a 32-bit XP, Service pack 3. She had to get rid of any 64-bit programs. Her first step has been as far as I can tell, to make this a 32-bit system. The command prompt is set to 32 bits. I see only 32 bits in the scan.

The first time I restored to factory default there was a message saying the computer couldn't find a file that referenced SYSWOW64, and ended with hidcmd or the like--Hide command.

I still wonder why the wireless light is on on the modem when I turn the power on (I turn off the surge protector at night--not a great idea but the other option involves too many complications.) The light is on before I turn on the computer. It goes off fairly quickly when I sign in.

I swear I saw several videos in the media center yesterday that are gone today--a lot of what she is up to has to do with music and videos. She has done this several times: she puts music, and now videos, in the Media Center, then retrieves them.

My ISP tells me what I am seeing (the wireless light on before I even turn on the computer) is impossible, and insisting that there is no wifi on this machine--the hacker removed the icon that would let me get it back.

Credentials Vault: It has always been empty. Now under Generic Credentials is: virtualapp/didlogical.

Edited by traveler818, 17 January 2013 - 06:24 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP