Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with svchost.exe Trojan Google keeps redirecting


  • This topic is locked This topic is locked
29 replies to this topic

#1 zman4430

zman4430

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 24 February 2012 - 02:11 PM

My wife's laptop has become infected. It initial caused the computer to run slow and google searches in IE to be redirected. The computer was running an updated version of Norton AV but it did not detect the infection. Malwarebytes detects an infected file and an infected memory process but cannot remove them. The infection appears to be getting worse and has now completely disabled Norton AV and my firewall. MB is now detecting additional infections. Please help!

1 - malwarebytes log
2 - DDS log
Attach.txt is attached

1 - malwarebytes log
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.24.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Adam :: LAPTOP [administrator]

2/24/2012 1:26:48 PM
mbam-log-2012-02-24 (13-41-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185324
Time elapsed: 14 minute(s), 37 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 1772 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\AppID\{11C27351-716B-4052-9361-E3B0A3F8221C} (Adware.ClickPotato) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.

Registry Values Detected: 1
HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Data: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.622.0\firefox\extensions -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)
----------------------------------------------------------------------------------------

2 - DDS log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Adam at 13:50:41 on 2012-02-24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.732 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
-netsvcs
C:\Windows\System32\igfxpers.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\SelectRebates\SelectRebates.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine

\3.8.3.6\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\coIEPlg.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam"

UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard

\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web

Printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{87A6FC0A-9066-4C8B-8C15-46ADCAB82422} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{87A6FC0A-9066-4C8B-8C15-46ADCAB82422}\059636B6562796C6C6 : DhcpNameServer = 209.213.160.14 209.213.160.16
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\CoIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine

\3.8.3.6\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: ShopAtHomeIEHelper Class: {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
BHO-X64: ShopAtHomeIEHelper - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.3.6\coIEPlg.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: ShopAtHome.com Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam"

UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-

Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0308030.006\SYMEFA64.SYS --> C:\Windows\system32\drivers

\N360x64\0308030.006\SYMEFA64.SYS [?]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\Drivers\N360x64\0308030.006\BHDrvx64.sys --> C:\Windows\system32\Drivers

\N360x64\0308030.006\BHDrvx64.sys [?]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\N360x64\0308030.006\ccHPx64.sys --> C:\Windows\system32\Drivers

\N360x64\0308030.006\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120214.003\IDSviA64.sys [2012-2-15

488568]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-10-21 89600]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 D-Link SharePort Helper;D-Link SharePort Helper;C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe [2010-11-27 49152]
R2 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-15 227896]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys

[?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:

\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\system32\Drivers\N360x64\0308030.006\SYMNDISV.SYS --> C:\Windows\system32\Drivers

\N360x64\0308030.006\SYMNDISV.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-

3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

[2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-9 138360]
S3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw1v64.sys --> C:

\Windows\system32\DRIVERS\NETw1v64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:

\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS

\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-02-24 18:26:11 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-16 15:41:13 -------- d-----w- C:\Users\Adam\AppData\Roaming\Malwarebytes
2012-02-16 15:41:04 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-16 15:41:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-16 12:50:35 -------- d-----w- C:\Users\Adam\AppData\Local\{B66C3345-3CE6-4B37-A979-7528550BFF11}
2012-02-16 12:50:21 -------- d-----w- C:\Users\Adam\AppData\Local\{D3D3C2CA-E4F4-49BD-B99B-3A1818B49AC1}
2012-02-14 18:23:44 -------- d-----w- C:\Users\Adam\AppData\Local\{810334DE-15F0-4428-A149-BB8312CF934E}
2012-02-14 18:23:29 -------- d-----w- C:\Users\Adam\AppData\Local\{9DAD3882-B248-4477-9AF2-C1B7485EF5A5}
2012-02-14 18:01:38 20480 ----a-w- C:\Windows\svchost.exe
2012-02-14 17:58:00 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\D498.tmp
2012-02-14 17:58:00 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\D497.tmp
2012-02-13 01:48:12 -------- d-----w- C:\Users\Adam\AppData\Roaming\WildTangent
2012-02-12 12:42:46 -------- d-----w- C:\Users\Adam\AppData\Local\{E484860F-350D-47F1-A596-B3C363916F2B}
2012-02-12 12:42:35 -------- d-----w- C:\Users\Adam\AppData\Local\{5096E4FD-DBF1-47D8-B85D-2C67025C76BF}
2012-02-09 19:33:07 -------- d-----w- C:\Users\Adam\AppData\Local\{3E83CFE9-EF40-4FD4-A73C-49E34B08018C}
2012-02-09 19:32:55 -------- d-----w- C:\Users\Adam\AppData\Local\{FF0EDB24-D541-4AF4-BF63-3E5D2738DAC7}
2012-01-30 13:46:23 -------- d-----w- C:\Users\Adam\AppData\Local\{7ECBD976-1A57-454E-9028-456D9F1570B5}
2012-01-30 13:46:12 -------- d-----w- C:\Users\Adam\AppData\Local\{74605CF7-4C89-42FC-B54D-8180C4103B4A}
.
==================== Find3M ====================
.
2012-01-16 13:21:00 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 13:52:42.75 ===============

BC AdBot (Login to Remove)

 


#2 zman4430

zman4430
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 24 February 2012 - 03:03 PM

After reviewing my post, it appears that I may have forgotten to click the "Attach This File" when attempting to attach my attach.txt file. Here is that file.
Thanks

Attached Files



#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:29 PM

Posted 24 February 2012 - 05:13 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

So long, and thanks for all the fish.

 

 


#4 zman4430

zman4430
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 24 February 2012 - 09:58 PM

Thank you for the response. I have followed your instruction and ran the ESET online scanner. The results are as follows:

C:\ProgramData\Microsoft\Windows\DRM\D497.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Microsoft\Windows\DRM\D498.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Microsoft\Windows\DRM\D497.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Microsoft\Windows\DRM\D498.tmp Win64/Olmarik.AD trojan


Also, Norton AV appears to be working again. It is now indicating that I am "protected" and the firewall appears to be working as well. This may be due to the fact that when I ran malwarebytes to post the previous log I allowed it to remove the registry values and registry key; however I did not select to repair the two svchost.exe trojan issues in the memory processes or files because it was unable to remove/repair them previously.

#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:29 PM

Posted 25 February 2012 - 04:06 PM

Good evening. :)

Please download SystemLook by jpshortstuff from one of the links below and save it to your Desktop:

  • Linky #1
  • Linky #2

  • Double-click SystemLook.exe to run it.
  • Copy the contents of the following codebox into the main textfield:


    :filefind
    svchost.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan - the log can also be found on your Desktop entitled SystemLook.txt
  • Please post the contents of this log in your next reply.

So long, and thanks for all the fish.

 

 


#6 zman4430

zman4430
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 25 February 2012 - 04:25 PM

Here is the System Look scan log:

SystemLook 30.07.11 by jpshortstuff
Log created at 16:17 on 25/02/2012 by Adam
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "svchost.*"
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe --a---- 182856 bytes [18:26 24/02/2012] [19:53 13/01/2012] 63EEC8A8B221AB79045E776E5F592868
C:\Windows\svchost.exe --a---- 20480 bytes [18:01 14/02/2012] [01:14 14/07/2009] 2CEFF13ACE25A40BD8D97654944297CD
C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf --a---- 140972 bytes [16:04 24/12/2011] [02:34 25/02/2012] 8CB37F1F959A24BD5F09992DDA0F232F
C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf --a---- 20110 bytes [07:00 27/04/2011] [21:19 25/02/2012] DC193EC060AB76A801F4E47FD4EFA8DA
C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf --a---- 400154 bytes [22:04 01/01/2012] [20:01 25/02/2012] E0C7468526D1AAB12352A48E26B087DB
C:\Windows\System32\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
C:\Windows\System32\en-US\svchost.exe.mui --a---- 2048 bytes [05:35 14/07/2009] [02:02 14/07/2009] FBC18BEE67E9179F02E7894EB548F18D
C:\Windows\SysWOW64\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866
C:\Windows\SysWOW64\en-US\svchost.exe.mui --a---- 2048 bytes [05:35 14/07/2009] [02:02 14/07/2009] FBC18BEE67E9179F02E7894EB548F18D
C:\Windows\winsxs\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad3de280c12aaa17\svchost.exe.mui --a---- 2048 bytes [05:35 14/07/2009] [02:26 14/07/2009] 712EBAA6DD6DBA7DDEE0A3D03C98E6D1
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe --a---- 27136 bytes [23:31 13/07/2009] [01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D
C:\Windows\winsxs\x86_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_511f46fd08cd38e1\svchost.exe.mui --a---- 2048 bytes [05:35 14/07/2009] [02:02 14/07/2009] FBC18BEE67E9179F02E7894EB548F18D
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866

-= EOF =-

#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:29 PM

Posted 27 February 2012 - 04:05 PM

Good evening. :)

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Change parameters and check the two boxes under Additional Options.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#8 zman4430

zman4430
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 27 February 2012 - 04:41 PM

Here is the log from TDSSKiller: (Also, for what it's worth, since our last email exchange, my computer did an automatic windows update and reboot. Norton has also detected and stopped numerous threats)

16:27:43.0202 2248 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
16:27:45.0205 2248 ============================================================
16:27:45.0205 2248 Current date / time: 2012/02/27 16:27:45.0205
16:27:45.0205 2248 SystemInfo:
16:27:45.0205 2248
16:27:45.0205 2248 OS Version: 6.1.7600 ServicePack: 0.0
16:27:45.0205 2248 Product type: Workstation
16:27:45.0205 2248 ComputerName: LAPTOP
16:27:45.0206 2248 UserName: Adam
16:27:45.0206 2248 Windows directory: C:\Windows
16:27:45.0206 2248 System windows directory: C:\Windows
16:27:45.0206 2248 Running under WOW64
16:27:45.0206 2248 Processor architecture: Intel x64
16:27:45.0206 2248 Number of processors: 2
16:27:45.0206 2248 Page size: 0x1000
16:27:45.0206 2248 Boot type: Normal boot
16:27:45.0206 2248 ============================================================
16:28:03.0082 2248 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:28:03.0112 2248 \Device\Harddisk0\DR0:
16:28:03.0113 2248 MBR used
16:28:03.0113 2248 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
16:28:03.0113 2248 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23B77000
16:28:03.0113 2248 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23BDB000, BlocksNum 0x1853000
16:28:05.0034 2248 Initialize success
16:28:05.0034 2248 ============================================================
16:28:25.0360 2496 ============================================================
16:28:25.0361 2496 Scan started
16:28:25.0361 2496 Mode: Manual; SigCheck; TDLFS;
16:28:25.0361 2496 ============================================================
16:28:35.0067 2496 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
16:28:36.0210 2496 1394ohci - ok
16:28:36.0418 2496 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
16:28:36.0496 2496 ACPI - ok
16:28:36.0669 2496 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
16:28:36.0830 2496 AcpiPmi - ok
16:28:36.0898 2496 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:28:36.0979 2496 adp94xx - ok
16:28:37.0119 2496 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:28:37.0179 2496 adpahci - ok
16:28:37.0385 2496 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:28:37.0430 2496 adpu320 - ok
16:28:38.0148 2496 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
16:28:38.0315 2496 AFD - ok
16:28:38.0504 2496 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys
16:28:38.0689 2496 AgereSoftModem - ok
16:28:39.0021 2496 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
16:28:39.0144 2496 agp440 - ok
16:28:39.0466 2496 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
16:28:39.0554 2496 aliide - ok
16:28:39.0867 2496 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
16:28:40.0450 2496 amdide - ok
16:28:40.0590 2496 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:28:40.0789 2496 AmdK8 - ok
16:28:41.0019 2496 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:28:41.0220 2496 AmdPPM - ok
16:28:41.0647 2496 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
16:28:41.0780 2496 amdsata - ok
16:28:42.0055 2496 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:28:42.0177 2496 amdsbs - ok
16:28:42.0557 2496 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
16:28:42.0634 2496 amdxata - ok
16:28:42.0805 2496 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
16:28:43.0073 2496 AppID - ok
16:28:43.0618 2496 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:28:43.0676 2496 arc - ok
16:28:43.0962 2496 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:28:44.0055 2496 arcsas - ok
16:28:44.0227 2496 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:28:44.0677 2496 AsyncMac - ok
16:28:44.0842 2496 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
16:28:45.0839 2496 atapi - ok
16:28:46.0235 2496 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:28:46.0928 2496 b06bdrv - ok
16:28:47.0069 2496 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:28:47.0270 2496 b57nd60a - ok
16:28:48.0213 2496 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:28:48.0376 2496 Beep - ok
16:28:49.0003 2496 BHDrvx64 (4d7f8401eae7eaa4ef702fa6f4153269) C:\Windows\System32\Drivers\N360x64\0308030.006\BHDrvx64.sys
16:28:49.0174 2496 BHDrvx64 - ok
16:28:49.0731 2496 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:28:49.0845 2496 blbdrive - ok
16:28:50.0142 2496 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
16:28:50.0320 2496 bowser - ok
16:28:50.0550 2496 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:28:50.0703 2496 BrFiltLo - ok
16:28:50.0908 2496 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:28:50.0975 2496 BrFiltUp - ok
16:28:51.0188 2496 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:28:51.0912 2496 Brserid - ok
16:28:52.0293 2496 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:28:52.0425 2496 BrSerWdm - ok
16:28:52.0582 2496 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:28:52.0761 2496 BrUsbMdm - ok
16:28:53.0305 2496 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:28:54.0023 2496 BrUsbSer - ok
16:28:54.0318 2496 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:28:54.0462 2496 BTHMODEM - ok
16:28:56.0461 2496 ccHP (a2e6ab452b9393ca8d11d28827e0e1a1) C:\Windows\System32\Drivers\N360x64\0308030.006\ccHPx64.sys
16:28:56.0808 2496 ccHP - ok
16:28:57.0058 2496 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:28:57.0388 2496 cdfs - ok
16:28:58.0191 2496 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
16:28:58.0331 2496 cdrom - ok
16:28:59.0121 2496 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:28:59.0442 2496 circlass - ok
16:28:59.0562 2496 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:28:59.0628 2496 CLFS - ok
16:28:59.0937 2496 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:29:00.0055 2496 CmBatt - ok
16:29:00.0359 2496 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
16:29:00.0456 2496 cmdide - ok
16:29:00.0742 2496 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
16:29:00.0904 2496 CNG - ok
16:29:02.0541 2496 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:29:02.0623 2496 Compbatt - ok
16:29:02.0937 2496 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:29:03.0045 2496 CompositeBus - ok
16:29:03.0465 2496 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:29:03.0564 2496 crcdisk - ok
16:29:04.0007 2496 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
16:29:04.0243 2496 DfsC - ok
16:29:04.0502 2496 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:29:04.0729 2496 discache - ok
16:29:04.0971 2496 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:29:05.0020 2496 Disk - ok
16:29:05.0849 2496 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:29:06.0117 2496 drmkaud - ok
16:29:06.0331 2496 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
16:29:06.0445 2496 DXGKrnl - ok
16:29:06.0757 2496 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:29:07.0054 2496 ebdrv - ok
16:29:07.0380 2496 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:29:07.0471 2496 eeCtrl - ok
16:29:08.0143 2496 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:29:08.0222 2496 elxstor - ok
16:29:08.0471 2496 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:29:08.0567 2496 EraserUtilRebootDrv - ok
16:29:08.0777 2496 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
16:29:08.0925 2496 ErrDev - ok
16:29:09.0143 2496 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:29:09.0343 2496 exfat - ok
16:29:09.0505 2496 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:29:09.0624 2496 fastfat - ok
16:29:09.0810 2496 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:29:10.0115 2496 fdc - ok
16:29:10.0519 2496 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:29:10.0638 2496 FileInfo - ok
16:29:11.0004 2496 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:29:11.0207 2496 Filetrace - ok
16:29:11.0554 2496 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:29:11.0756 2496 flpydisk - ok
16:29:12.0167 2496 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
16:29:12.0291 2496 FltMgr - ok
16:29:12.0624 2496 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:29:12.0785 2496 FsDepends - ok
16:29:13.0227 2496 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:29:13.0999 2496 Fs_Rec - ok
16:29:14.0516 2496 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:29:14.0660 2496 fvevol - ok
16:29:16.0103 2496 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:29:17.0390 2496 gagp30kx - ok
16:29:18.0129 2496 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:29:18.0198 2496 GEARAspiWDM - ok
16:29:18.0451 2496 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:29:18.0708 2496 hcw85cir - ok
16:29:19.0182 2496 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
16:29:19.0524 2496 HdAudAddService - ok
16:29:20.0328 2496 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:29:20.0463 2496 HDAudBus - ok
16:29:20.0742 2496 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:29:20.0954 2496 HidBatt - ok
16:29:21.0307 2496 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:29:21.0499 2496 HidBth - ok
16:29:21.0808 2496 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:29:22.0116 2496 HidIr - ok
16:29:22.0401 2496 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
16:29:22.0675 2496 HidUsb - ok
16:29:23.0714 2496 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:29:23.0927 2496 HpqKbFiltr - ok
16:29:24.0130 2496 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:29:24.0205 2496 HpSAMD - ok
16:29:24.0479 2496 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
16:29:24.0675 2496 HTTP - ok
16:29:25.0050 2496 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
16:29:25.0089 2496 hwpolicy - ok
16:29:26.0750 2496 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:29:27.0059 2496 i8042prt - ok
16:29:27.0792 2496 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
16:29:27.0860 2496 iaStorV - ok
16:29:28.0387 2496 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120224.002\IDSvia64.sys
16:29:28.0466 2496 IDSVia64 - ok
16:29:29.0066 2496 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:29:30.0287 2496 igfx - ok
16:29:30.0540 2496 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:29:30.0643 2496 iirsp - ok
16:29:30.0976 2496 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
16:29:31.0428 2496 IntcHdmiAddService - ok
16:29:32.0447 2496 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
16:29:32.0505 2496 intelide - ok
16:29:32.0759 2496 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:29:33.0179 2496 intelppm - ok
16:29:34.0107 2496 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:29:34.0292 2496 IpFilterDriver - ok
16:29:34.0460 2496 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:29:34.0600 2496 IPMIDRV - ok
16:29:34.0752 2496 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:29:34.0910 2496 IPNAT - ok
16:29:35.0129 2496 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:29:35.0576 2496 IRENUM - ok
16:29:35.0923 2496 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
16:29:35.0975 2496 isapnp - ok
16:29:37.0200 2496 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
16:29:37.0292 2496 iScsiPrt - ok
16:29:37.0602 2496 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:29:37.0717 2496 kbdclass - ok
16:29:37.0933 2496 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
16:29:38.0130 2496 kbdhid - ok
16:29:38.0491 2496 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
16:29:38.0619 2496 KSecDD - ok
16:29:39.0349 2496 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
16:29:39.0458 2496 KSecPkg - ok
16:29:39.0889 2496 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:29:39.0997 2496 ksthunk - ok
16:29:40.0255 2496 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:29:40.0359 2496 lltdio - ok
16:29:40.0607 2496 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:29:40.0682 2496 LSI_FC - ok
16:29:40.0804 2496 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:29:40.0869 2496 LSI_SAS - ok
16:29:41.0097 2496 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:29:41.0174 2496 LSI_SAS2 - ok
16:29:41.0350 2496 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:29:41.0462 2496 LSI_SCSI - ok
16:29:41.0753 2496 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:29:41.0883 2496 luafv - ok
16:29:42.0103 2496 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:29:42.0180 2496 megasas - ok
16:29:42.0353 2496 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:29:42.0425 2496 MegaSR - ok
16:29:42.0583 2496 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:29:42.0765 2496 Modem - ok
16:29:42.0956 2496 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:29:43.0099 2496 monitor - ok
16:29:43.0448 2496 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:29:43.0616 2496 mouclass - ok
16:29:43.0833 2496 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:29:43.0945 2496 mouhid - ok
16:29:44.0023 2496 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
16:29:44.0159 2496 mountmgr - ok
16:29:44.0309 2496 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
16:29:44.0376 2496 mpio - ok
16:29:44.0460 2496 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:29:44.0583 2496 mpsdrv - ok
16:29:45.0026 2496 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
16:29:45.0242 2496 MRxDAV - ok
16:29:45.0468 2496 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:29:45.0758 2496 mrxsmb - ok
16:29:46.0108 2496 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:29:46.0265 2496 mrxsmb10 - ok
16:29:46.0806 2496 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:29:46.0958 2496 mrxsmb20 - ok
16:29:47.0305 2496 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
16:29:47.0401 2496 msahci - ok
16:29:47.0685 2496 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
16:29:47.0747 2496 msdsm - ok
16:29:47.0972 2496 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:29:48.0071 2496 Msfs - ok
16:29:48.0260 2496 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:29:48.0458 2496 mshidkmdf - ok
16:29:48.0693 2496 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
16:29:48.0766 2496 msisadrv - ok
16:29:49.0016 2496 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:29:49.0237 2496 MSKSSRV - ok
16:29:49.0537 2496 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:29:49.0717 2496 MSPCLOCK - ok
16:29:49.0928 2496 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:29:50.0290 2496 MSPQM - ok
16:29:50.0455 2496 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
16:29:50.0557 2496 MsRPC - ok
16:29:50.0798 2496 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:29:50.0861 2496 mssmbios - ok
16:29:51.0444 2496 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:29:51.0632 2496 MSTEE - ok
16:29:51.0857 2496 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:29:51.0998 2496 MTConfig - ok
16:29:52.0241 2496 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:29:52.0352 2496 Mup - ok
16:29:52.0657 2496 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:29:52.0759 2496 NativeWifiP - ok
16:29:53.0112 2496 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120224.034\ENG64.SYS
16:29:53.0290 2496 NAVENG - ok
16:29:53.0774 2496 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120224.034\EX64.SYS
16:29:53.0978 2496 NAVEX15 - ok
16:29:54.0269 2496 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
16:29:54.0382 2496 NDIS - ok
16:29:54.0566 2496 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:29:54.0877 2496 NdisCap - ok
16:29:55.0437 2496 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:29:55.0576 2496 NdisTapi - ok
16:29:55.0877 2496 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
16:29:56.0064 2496 Ndisuio - ok
16:29:56.0234 2496 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:29:56.0348 2496 NdisWan - ok
16:29:57.0609 2496 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
16:29:57.0777 2496 NDProxy - ok
16:29:57.0997 2496 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:29:58.0161 2496 NetBIOS - ok
16:29:58.0417 2496 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
16:29:58.0540 2496 NetBT - ok
16:29:58.0970 2496 NETw1v64 (e72f4522801ffb8f0456924fb0017bff) C:\Windows\system32\DRIVERS\NETw1v64.sys
16:29:59.0913 2496 NETw1v64 - ok
16:30:00.0285 2496 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
16:30:00.0761 2496 NETw5s64 - ok
16:30:01.0244 2496 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
16:30:01.0695 2496 netw5v64 - ok
16:30:01.0945 2496 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:30:02.0032 2496 nfrd960 - ok
16:30:02.0380 2496 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:30:02.0629 2496 Npfs - ok
16:30:02.0836 2496 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:30:03.0097 2496 nsiproxy - ok
16:30:03.0425 2496 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
16:30:03.0517 2496 Ntfs - ok
16:30:03.0712 2496 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:30:03.0851 2496 Null - ok
16:30:04.0141 2496 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
16:30:04.0239 2496 nvraid - ok
16:30:04.0530 2496 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
16:30:04.0612 2496 nvstor - ok
16:30:04.0904 2496 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
16:30:05.0015 2496 nv_agp - ok
16:30:05.0505 2496 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
16:30:05.0735 2496 ohci1394 - ok
16:30:06.0049 2496 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:30:06.0208 2496 Parport - ok
16:30:06.0515 2496 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
16:30:06.0574 2496 partmgr - ok
16:30:06.0786 2496 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
16:30:06.0846 2496 pci - ok
16:30:06.0901 2496 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
16:30:06.0948 2496 pciide - ok
16:30:07.0076 2496 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:30:07.0157 2496 pcmcia - ok
16:30:07.0529 2496 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:30:07.0622 2496 pcw - ok
16:30:08.0027 2496 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:30:08.0860 2496 PEAUTH - ok
16:30:09.0509 2496 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
16:30:09.0726 2496 PptpMiniport - ok
16:30:09.0928 2496 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:30:10.0166 2496 Processor - ok
16:30:10.0445 2496 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
16:30:10.0601 2496 Psched - ok
16:30:10.0676 2496 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:30:10.0746 2496 ql2300 - ok
16:30:10.0787 2496 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:30:10.0816 2496 ql40xx - ok
16:30:10.0860 2496 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:30:10.0999 2496 QWAVEdrv - ok
16:30:11.0027 2496 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:30:11.0144 2496 RasAcd - ok
16:30:11.0214 2496 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:30:11.0302 2496 RasAgileVpn - ok
16:30:11.0395 2496 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:30:11.0535 2496 Rasl2tp - ok
16:30:11.0994 2496 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:30:12.0149 2496 RasPppoe - ok
16:30:12.0502 2496 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:30:12.0669 2496 RasSstp - ok
16:30:12.0927 2496 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
16:30:13.0112 2496 rdbss - ok
16:30:13.0427 2496 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:30:13.0549 2496 rdpbus - ok
16:30:13.0818 2496 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:30:14.0239 2496 RDPCDD - ok
16:30:14.0515 2496 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:30:14.0651 2496 RDPENCDD - ok
16:30:15.0190 2496 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:30:15.0376 2496 RDPREFMP - ok
16:30:15.0759 2496 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
16:30:16.0065 2496 RDPWD - ok
16:30:16.0357 2496 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
16:30:16.0417 2496 rdyboost - ok
16:30:16.0857 2496 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:30:17.0023 2496 rspndr - ok
16:30:17.0440 2496 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
16:30:18.0557 2496 RSUSBSTOR - ok
16:30:19.0778 2496 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:30:19.0850 2496 RTL8167 - ok
16:30:20.0168 2496 RtsUIR - ok
16:30:20.0347 2496 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
16:30:20.0440 2496 sbp2port - ok
16:30:20.0662 2496 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
16:30:20.0945 2496 scfilter - ok
16:30:22.0135 2496 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\drivers\sdbus.sys
16:30:22.0635 2496 sdbus - ok
16:30:23.0111 2496 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:30:23.0737 2496 secdrv - ok
16:30:24.0051 2496 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:30:24.0367 2496 Serenum - ok
16:30:24.0600 2496 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:30:24.0670 2496 Serial - ok
16:30:25.0113 2496 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:30:25.0437 2496 sermouse - ok
16:30:25.0746 2496 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:30:26.0131 2496 sffdisk - ok
16:30:26.0402 2496 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:30:26.0687 2496 sffp_mmc - ok
16:30:27.0060 2496 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
16:30:27.0250 2496 sffp_sd - ok
16:30:28.0111 2496 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:30:28.0475 2496 sfloppy - ok
16:30:29.0944 2496 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:30:30.0559 2496 SiSRaid2 - ok
16:30:31.0018 2496 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:30:31.0118 2496 SiSRaid4 - ok
16:30:31.0415 2496 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:30:31.0657 2496 Smb - ok
16:30:32.0091 2496 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:30:32.0329 2496 spldr - ok
16:30:32.0680 2496 SRTSP (9e399476e5d5e0d3c8822c857a7e9a9a) C:\Windows\System32\Drivers\N360x64\0308030.006\SRTSP64.SYS
16:30:32.0862 2496 SRTSP - ok
16:30:33.0214 2496 SRTSPX (3d7717b582f0365e75071556936e5a6b) C:\Windows\system32\drivers\N360x64\0308030.006\SRTSPX64.SYS
16:30:33.0353 2496 SRTSPX - ok
16:30:33.0602 2496 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
16:30:33.0728 2496 srv - ok
16:30:33.0906 2496 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
16:30:34.0022 2496 srv2 - ok
16:30:34.0404 2496 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:30:34.0564 2496 SrvHsfHDA - ok
16:30:34.0796 2496 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:30:35.0224 2496 SrvHsfV92 - ok
16:30:35.0513 2496 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:30:35.0713 2496 SrvHsfWinac - ok
16:30:36.0057 2496 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
16:30:36.0149 2496 srvnet - ok
16:30:36.0600 2496 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:30:36.0714 2496 stexstor - ok
16:30:36.0957 2496 STHDA (a3fb7ad8720d7e02aa0111a6b51c2744) C:\Windows\system32\DRIVERS\stwrt64.sys
16:30:37.0133 2496 STHDA - ok
16:30:37.0865 2496 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:30:38.0028 2496 swenum - ok
16:30:39.0031 2496 sxuptp (20a4a4513e50f84b662e106eb27f5aeb) C:\Windows\system32\DRIVERS\sxuptp.sys
16:30:39.0419 2496 sxuptp - ok
16:30:40.0428 2496 SymEFA (4f87bb5389a93778ebc363b28271a65b) C:\Windows\system32\drivers\N360x64\0308030.006\SYMEFA64.SYS
16:30:40.0543 2496 SymEFA - ok
16:30:40.0767 2496 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:30:40.0913 2496 SymEvent - ok
16:30:41.0291 2496 SYMFW (b4af6633ecd674b74bd4e80788299d2a) C:\Windows\System32\Drivers\N360x64\0308030.006\SYMFW.SYS
16:30:41.0355 2496 SYMFW - ok
16:30:41.0628 2496 SymIM (212bbf5a964513980d5de9397381534f) C:\Windows\system32\DRIVERS\SymIMv.sys
16:30:41.0733 2496 SymIM - ok
16:30:42.0204 2496 SYMNDISV (d451a05f7e7b9d1f9f8fb76b2a16d786) C:\Windows\System32\Drivers\N360x64\0308030.006\SYMNDISV.SYS
16:30:42.0305 2496 SYMNDISV - ok
16:30:42.0655 2496 SYMTDI (33b37cb0a74f1f4b78a665ece9184095) C:\Windows\System32\Drivers\N360x64\0308030.006\SYMTDI.SYS
16:30:42.0778 2496 SYMTDI - ok
16:30:42.0936 2496 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
16:30:43.0009 2496 SynTP - ok
16:30:43.0299 2496 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
16:30:43.0424 2496 Tcpip - ok
16:30:43.0710 2496 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
16:30:43.0907 2496 TCPIP6 - ok
16:30:44.0093 2496 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
16:30:44.0184 2496 tcpipreg - ok
16:30:44.0763 2496 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:30:45.0458 2496 TDPIPE - ok
16:30:45.0654 2496 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:30:45.0847 2496 TDTCP - ok
16:30:46.0078 2496 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
16:30:46.0318 2496 tdx - ok
16:30:46.0626 2496 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
16:30:46.0694 2496 TermDD - ok
16:30:47.0011 2496 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:30:47.0278 2496 tssecsrv - ok
16:30:47.0511 2496 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
16:30:47.0696 2496 tunnel - ok
16:30:47.0928 2496 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:30:48.0042 2496 uagp35 - ok
16:30:48.0237 2496 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
16:30:48.0471 2496 udfs - ok
16:30:48.0645 2496 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:30:48.0755 2496 uliagpkx - ok
16:30:48.0979 2496 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
16:30:49.0074 2496 umbus - ok
16:30:49.0226 2496 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:30:49.0467 2496 UmPass - ok
16:30:49.0689 2496 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
16:30:49.0864 2496 usbaudio - ok
16:30:50.0471 2496 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
16:30:51.0096 2496 usbbus - ok
16:30:51.0673 2496 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
16:30:52.0113 2496 usbccgp - ok
16:30:52.0400 2496 USBCCID - ok
16:30:52.0471 2496 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
16:30:52.0863 2496 usbcir - ok
16:30:53.0207 2496 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
16:30:53.0398 2496 UsbDiag - ok
16:30:53.0975 2496 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
16:30:54.0046 2496 usbehci - ok
16:30:54.0249 2496 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
16:30:54.0365 2496 usbhub - ok
16:30:54.0638 2496 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
16:30:54.0766 2496 USBModem - ok
16:30:54.0934 2496 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
16:30:55.0062 2496 usbohci - ok
16:30:55.0210 2496 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:30:55.0360 2496 usbprint - ok
16:30:55.0881 2496 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:30:56.0126 2496 USBSTOR - ok
16:30:56.0430 2496 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:30:57.0051 2496 usbuhci - ok
16:30:57.0479 2496 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
16:30:57.0624 2496 usbvideo - ok
16:30:58.0106 2496 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:30:58.0214 2496 vdrvroot - ok
16:30:58.0441 2496 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:30:58.0667 2496 vga - ok
16:30:59.0405 2496 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:30:59.0718 2496 VgaSave - ok
16:31:00.0095 2496 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
16:31:00.0182 2496 vhdmp - ok
16:31:00.0411 2496 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
16:31:00.0490 2496 viaide - ok
16:31:00.0566 2496 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
16:31:00.0624 2496 volmgr - ok
16:31:00.0715 2496 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
16:31:01.0342 2496 volmgrx - ok
16:31:01.0879 2496 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
16:31:02.0102 2496 volsnap - ok
16:31:02.0698 2496 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:31:02.0841 2496 vsmraid - ok
16:31:03.0027 2496 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:31:03.0157 2496 vwifibus - ok
16:31:03.0420 2496 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:31:03.0563 2496 vwififlt - ok
16:31:04.0017 2496 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:31:04.0268 2496 WacomPen - ok
16:31:04.0731 2496 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:31:04.0912 2496 WANARP - ok
16:31:05.0008 2496 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:31:05.0433 2496 Wanarpv6 - ok
16:31:05.0657 2496 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:31:05.0728 2496 Wd - ok
16:31:05.0925 2496 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:31:06.0007 2496 Wdf01000 - ok
16:31:06.0219 2496 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:31:06.0369 2496 WfpLwf - ok
16:31:08.0321 2496 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:31:08.0419 2496 WIMMount - ok
16:31:08.0795 2496 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
16:31:09.0004 2496 WinUsb - ok
16:31:09.0444 2496 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:31:09.0627 2496 WmiAcpi - ok
16:31:09.0896 2496 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:31:10.0038 2496 ws2ifsl - ok
16:31:10.0294 2496 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
16:31:10.0439 2496 WudfPf - ok
16:31:10.0628 2496 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:31:10.0759 2496 WUDFRd - ok
16:31:12.0545 2496 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
16:31:12.0785 2496 yukonw7 - ok
16:31:12.0906 2496 MBR (0x1B8) (35a4fa451025305a24e864aaa8e364c9) \Device\Harddisk0\DR0
16:31:13.0519 2496 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:31:13.0519 2496 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:31:13.0937 2496 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:31:13.0937 2496 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:31:13.0966 2496 Boot (0x1200) (0252da4908762c66c6d2fdf1485a5949) \Device\Harddisk0\DR0\Partition0
16:31:13.0967 2496 \Device\Harddisk0\DR0\Partition0 - ok
16:31:13.0977 2496 Boot (0x1200) (7d0e58ddfed842e87fbf4c21b7bbcd40) \Device\Harddisk0\DR0\Partition1
16:31:13.0978 2496 \Device\Harddisk0\DR0\Partition1 - ok
16:31:14.0354 2496 Boot (0x1200) (a2a80c22dda38266321d3e51502616fe) \Device\Harddisk0\DR0\Partition2
16:31:14.0359 2496 \Device\Harddisk0\DR0\Partition2 - ok
16:31:14.0362 2496 ============================================================
16:31:14.0363 2496 Scan finished
16:31:14.0363 2496 ============================================================
16:31:14.0413 5412 Detected object count: 2
16:31:14.0413 5412 Actual detected object count: 2
16:31:45.0685 5412 \Device\Harddisk0\DR0\# - copied to quarantine
16:31:45.0690 5412 \Device\Harddisk0\DR0 - copied to quarantine
16:31:45.0749 5412 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
16:31:46.0780 5412 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
16:31:46.0879 5412 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
16:31:46.0952 5412 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
16:31:46.0986 5412 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
16:31:47.0053 5412 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
16:31:47.0113 5412 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
16:31:47.0119 5412 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
16:31:47.0124 5412 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
16:31:47.0137 5412 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
16:31:47.0565 5412 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
16:31:47.0679 5412 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
16:31:48.0190 5412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
16:31:48.0191 5412 \Device\Harddisk0\DR0 - ok
16:31:51.0607 5412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
16:31:51.0607 5412 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:31:51.0607 5412 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
16:32:22.0769 2032 Deinitialize success


Thanks

#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:29 PM

Posted 28 February 2012 - 03:33 PM

Good evening. :)

Will you run a full MalwareBytes scan and let me have the log once it has completed.

So long, and thanks for all the fish.

 

 


#10 zman4430

zman4430
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 28 February 2012 - 04:16 PM

I updated Malwarebytes and ran a new scan...It's still detecting the svchost.exe infection....Here is the log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.24.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Adam :: LAPTOP [administrator]

2/27/2012 4:49:11 PM
mbam-log-2012-02-27 (16-55-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185383
Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:29 PM

Posted 28 February 2012 - 05:17 PM

Run TDSSKiller again and Cure any remaining detections and let me have the log as before.

So long, and thanks for all the fish.

 

 


#12 zman4430

zman4430
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 28 February 2012 - 06:44 PM

I ran TDSSKiller again using the same parameters as the previous time. It found a threat. There was no option to "cure", only to Skip, Quarantine, or Delete. I chose to Quarantine the threat. Immediately after Quarantining the threat, Norton gave several alerts advising that it had just blocked multiple trojans and a "hacktool.rootkit"
Here is the TDSS log:

18:27:36.0523 5752 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
18:27:37.0139 5752 ============================================================
18:27:37.0139 5752 Current date / time: 2012/02/28 18:27:37.0139
18:27:37.0139 5752 SystemInfo:
18:27:37.0139 5752
18:27:37.0140 5752 OS Version: 6.1.7600 ServicePack: 0.0
18:27:37.0140 5752 Product type: Workstation
18:27:37.0140 5752 ComputerName: LAPTOP
18:27:37.0140 5752 UserName: Adam
18:27:37.0140 5752 Windows directory: C:\Windows
18:27:37.0140 5752 System windows directory: C:\Windows
18:27:37.0140 5752 Running under WOW64
18:27:37.0140 5752 Processor architecture: Intel x64
18:27:37.0140 5752 Number of processors: 2
18:27:37.0140 5752 Page size: 0x1000
18:27:37.0140 5752 Boot type: Normal boot
18:27:37.0140 5752 ============================================================
18:27:39.0288 5752 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:27:39.0306 5752 \Device\Harddisk0\DR0:
18:27:39.0306 5752 MBR used
18:27:39.0306 5752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:27:39.0306 5752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23B77000
18:27:39.0306 5752 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23BDB000, BlocksNum 0x1853000
18:27:39.0381 5752 Initialize success
18:27:39.0381 5752 ============================================================
18:28:39.0858 1048 ============================================================
18:28:39.0858 1048 Scan started
18:28:39.0858 1048 Mode: Manual; SigCheck; TDLFS;
18:28:39.0858 1048 ============================================================
18:28:41.0250 1048 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:28:41.0545 1048 1394ohci - ok
18:28:41.0700 1048 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:28:41.0748 1048 ACPI - ok
18:28:41.0783 1048 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:28:41.0920 1048 AcpiPmi - ok
18:28:41.0972 1048 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:28:42.0050 1048 adp94xx - ok
18:28:42.0091 1048 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:28:42.0153 1048 adpahci - ok
18:28:42.0176 1048 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:28:42.0236 1048 adpu320 - ok
18:28:42.0319 1048 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
18:28:42.0469 1048 AFD - ok
18:28:42.0550 1048 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys
18:28:42.0802 1048 AgereSoftModem - ok
18:28:42.0934 1048 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:28:43.0002 1048 agp440 - ok
18:28:43.0046 1048 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:28:43.0086 1048 aliide - ok
18:28:43.0133 1048 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:28:43.0223 1048 amdide - ok
18:28:43.0280 1048 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:28:43.0360 1048 AmdK8 - ok
18:28:43.0387 1048 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:28:43.0476 1048 AmdPPM - ok
18:28:43.0526 1048 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
18:28:43.0594 1048 amdsata - ok
18:28:43.0644 1048 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:28:43.0709 1048 amdsbs - ok
18:28:43.0747 1048 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
18:28:43.0820 1048 amdxata - ok
18:28:43.0871 1048 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:28:44.0012 1048 AppID - ok
18:28:44.0162 1048 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:28:44.0235 1048 arc - ok
18:28:44.0273 1048 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:28:44.0342 1048 arcsas - ok
18:28:44.0371 1048 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:28:44.0593 1048 AsyncMac - ok
18:28:44.0686 1048 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:28:44.0727 1048 atapi - ok
18:28:44.0801 1048 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:28:44.0950 1048 b06bdrv - ok
18:28:45.0068 1048 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:28:45.0162 1048 b57nd60a - ok
18:28:45.0333 1048 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:28:45.0438 1048 Beep - ok
18:28:45.0567 1048 BHDrvx64 (4d7f8401eae7eaa4ef702fa6f4153269) C:\Windows\System32\Drivers\N360x64\0308030.006\BHDrvx64.sys
18:28:45.0685 1048 BHDrvx64 - ok
18:28:45.0739 1048 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:28:45.0821 1048 blbdrive - ok
18:28:45.0884 1048 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:28:46.0035 1048 bowser - ok
18:28:46.0069 1048 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:28:46.0189 1048 BrFiltLo - ok
18:28:46.0216 1048 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:28:46.0259 1048 BrFiltUp - ok
18:28:46.0285 1048 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:28:46.0392 1048 Brserid - ok
18:28:46.0412 1048 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:28:46.0502 1048 BrSerWdm - ok
18:28:46.0535 1048 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:28:46.0622 1048 BrUsbMdm - ok
18:28:46.0645 1048 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:28:46.0697 1048 BrUsbSer - ok
18:28:46.0735 1048 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:28:46.0803 1048 BTHMODEM - ok
18:28:46.0908 1048 ccHP (a2e6ab452b9393ca8d11d28827e0e1a1) C:\Windows\System32\Drivers\N360x64\0308030.006\ccHPx64.sys
18:28:47.0015 1048 ccHP - ok
18:28:47.0063 1048 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:28:47.0152 1048 cdfs - ok
18:28:47.0206 1048 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:28:47.0285 1048 cdrom - ok
18:28:47.0336 1048 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:28:47.0404 1048 circlass - ok
18:28:47.0639 1048 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:28:47.0817 1048 CLFS - ok
18:28:47.0896 1048 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:28:47.0970 1048 CmBatt - ok
18:28:47.0995 1048 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:28:48.0060 1048 cmdide - ok
18:28:48.0123 1048 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
18:28:48.0181 1048 CNG - ok
18:28:48.0277 1048 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:28:48.0356 1048 Compbatt - ok
18:28:48.0395 1048 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:28:48.0474 1048 CompositeBus - ok
18:28:48.0511 1048 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:28:48.0552 1048 crcdisk - ok
18:28:48.0652 1048 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:28:48.0767 1048 DfsC - ok
18:28:48.0814 1048 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:28:48.0921 1048 discache - ok
18:28:48.0971 1048 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:28:49.0012 1048 Disk - ok
18:28:49.0061 1048 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:28:49.0131 1048 drmkaud - ok
18:28:49.0184 1048 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:28:49.0295 1048 DXGKrnl - ok
18:28:49.0423 1048 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:28:49.0640 1048 ebdrv - ok
18:28:49.0834 1048 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:28:49.0972 1048 eeCtrl - ok
18:28:50.0722 1048 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:28:50.0922 1048 elxstor - ok
18:28:51.0105 1048 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:28:51.0363 1048 EraserUtilRebootDrv - ok
18:28:51.0566 1048 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:28:51.0658 1048 ErrDev - ok
18:28:52.0039 1048 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:28:52.0230 1048 exfat - ok
18:28:52.0772 1048 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:28:53.0279 1048 fastfat - ok
18:28:53.0645 1048 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:28:53.0747 1048 fdc - ok
18:28:54.0110 1048 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:28:54.0234 1048 FileInfo - ok
18:28:54.0635 1048 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:28:54.0941 1048 Filetrace - ok
18:28:55.0195 1048 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:28:55.0368 1048 flpydisk - ok
18:28:55.0517 1048 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:28:55.0571 1048 FltMgr - ok
18:28:55.0659 1048 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:28:55.0693 1048 FsDepends - ok
18:28:55.0720 1048 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:28:55.0778 1048 Fs_Rec - ok
18:28:55.0834 1048 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:28:55.0896 1048 fvevol - ok
18:28:55.0958 1048 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:28:56.0034 1048 gagp30kx - ok
18:28:56.0304 1048 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:28:56.0378 1048 GEARAspiWDM - ok
18:28:56.0426 1048 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:28:56.0565 1048 hcw85cir - ok
18:28:56.0791 1048 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:28:56.0951 1048 HdAudAddService - ok
18:28:57.0258 1048 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:28:57.0437 1048 HDAudBus - ok
18:28:57.0605 1048 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:28:57.0723 1048 HidBatt - ok
18:28:57.0948 1048 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:28:58.0071 1048 HidBth - ok
18:28:58.0283 1048 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:28:58.0451 1048 HidIr - ok
18:28:58.0753 1048 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:28:59.0001 1048 HidUsb - ok
18:28:59.0355 1048 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:28:59.0557 1048 HpqKbFiltr - ok
18:28:59.0737 1048 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:28:59.0849 1048 HpSAMD - ok
18:28:59.0978 1048 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:29:00.0325 1048 HTTP - ok
18:29:00.0723 1048 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:29:00.0788 1048 hwpolicy - ok
18:29:01.0001 1048 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:29:01.0112 1048 i8042prt - ok
18:29:01.0321 1048 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
18:29:01.0413 1048 iaStorV - ok
18:29:01.0806 1048 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120225.004\IDSvia64.sys
18:29:01.0883 1048 IDSVia64 - ok
18:29:02.0481 1048 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:29:03.0465 1048 igfx - ok
18:29:04.0389 1048 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:29:04.0548 1048 iirsp - ok
18:29:05.0014 1048 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
18:29:05.0182 1048 IntcHdmiAddService - ok
18:29:05.0340 1048 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:29:05.0381 1048 intelide - ok
18:29:05.0641 1048 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:29:05.0843 1048 intelppm - ok
18:29:06.0433 1048 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:29:06.0833 1048 IpFilterDriver - ok
18:29:07.0297 1048 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:29:07.0435 1048 IPMIDRV - ok
18:29:07.0887 1048 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:29:07.0998 1048 IPNAT - ok
18:29:08.0466 1048 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:29:08.0690 1048 IRENUM - ok
18:29:08.0972 1048 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:29:09.0056 1048 isapnp - ok
18:29:09.0592 1048 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:29:09.0824 1048 iScsiPrt - ok
18:29:10.0100 1048 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:29:10.0205 1048 kbdclass - ok
18:29:10.0515 1048 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:29:11.0363 1048 kbdhid - ok
18:29:11.0544 1048 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
18:29:11.0659 1048 KSecDD - ok
18:29:11.0784 1048 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
18:29:12.0114 1048 KSecPkg - ok
18:29:12.0250 1048 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:29:12.0391 1048 ksthunk - ok
18:29:12.0860 1048 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:29:13.0377 1048 lltdio - ok
18:29:13.0591 1048 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:29:13.0716 1048 LSI_FC - ok
18:29:14.0332 1048 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:29:14.0484 1048 LSI_SAS - ok
18:29:14.0792 1048 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:29:14.0899 1048 LSI_SAS2 - ok
18:29:15.0356 1048 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:29:15.0441 1048 LSI_SCSI - ok
18:29:15.0659 1048 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:29:15.0911 1048 luafv - ok
18:29:16.0898 1048 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:29:17.0022 1048 megasas - ok
18:29:17.0382 1048 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:29:17.0561 1048 MegaSR - ok
18:29:17.0878 1048 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:29:18.0121 1048 Modem - ok
18:29:18.0352 1048 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:29:18.0433 1048 monitor - ok
18:29:18.0521 1048 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:29:18.0600 1048 mouclass - ok
18:29:18.0661 1048 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:29:18.0746 1048 mouhid - ok
18:29:18.0774 1048 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:29:18.0890 1048 mountmgr - ok
18:29:18.0949 1048 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:29:18.0997 1048 mpio - ok
18:29:19.0021 1048 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:29:19.0119 1048 mpsdrv - ok
18:29:19.0154 1048 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:29:19.0281 1048 MRxDAV - ok
18:29:19.0422 1048 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:29:19.0524 1048 mrxsmb - ok
18:29:19.0635 1048 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:29:19.0770 1048 mrxsmb10 - ok
18:29:19.0954 1048 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:29:20.0034 1048 mrxsmb20 - ok
18:29:20.0109 1048 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:29:20.0164 1048 msahci - ok
18:29:20.0267 1048 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:29:20.0338 1048 msdsm - ok
18:29:20.0409 1048 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:29:20.0490 1048 Msfs - ok
18:29:20.0530 1048 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:29:20.0770 1048 mshidkmdf - ok
18:29:20.0796 1048 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:29:21.0057 1048 msisadrv - ok
18:29:21.0098 1048 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:29:21.0171 1048 MSKSSRV - ok
18:29:21.0207 1048 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:29:21.0318 1048 MSPCLOCK - ok
18:29:21.0343 1048 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:29:21.0429 1048 MSPQM - ok
18:29:21.0525 1048 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:29:21.0574 1048 MsRPC - ok
18:29:21.0601 1048 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:29:21.0654 1048 mssmbios - ok
18:29:21.0691 1048 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:29:21.0766 1048 MSTEE - ok
18:29:21.0793 1048 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:29:21.0896 1048 MTConfig - ok
18:29:21.0976 1048 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:29:22.0220 1048 Mup - ok
18:29:22.0482 1048 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:29:22.0612 1048 NativeWifiP - ok
18:29:22.0810 1048 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120228.006\ENG64.SYS
18:29:22.0921 1048 NAVENG - ok
18:29:23.0027 1048 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120228.006\EX64.SYS
18:29:23.0227 1048 NAVEX15 - ok
18:29:23.0369 1048 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:29:23.0459 1048 NDIS - ok
18:29:23.0534 1048 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:29:23.0673 1048 NdisCap - ok
18:29:23.0705 1048 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:29:23.0792 1048 NdisTapi - ok
18:29:23.0833 1048 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:29:23.0948 1048 Ndisuio - ok
18:29:23.0979 1048 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:29:24.0064 1048 NdisWan - ok
18:29:24.0087 1048 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:29:24.0231 1048 NDProxy - ok
18:29:24.0297 1048 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:29:24.0399 1048 NetBIOS - ok
18:29:24.0450 1048 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:29:24.0558 1048 NetBT - ok
18:29:24.0776 1048 NETw1v64 (e72f4522801ffb8f0456924fb0017bff) C:\Windows\system32\DRIVERS\NETw1v64.sys
18:29:25.0180 1048 NETw1v64 - ok
18:29:25.0477 1048 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
18:29:25.0862 1048 NETw5s64 - ok
18:29:26.0103 1048 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
18:29:26.0472 1048 netw5v64 - ok
18:29:26.0610 1048 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:29:26.0661 1048 nfrd960 - ok
18:29:26.0726 1048 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:29:26.0859 1048 Npfs - ok
18:29:26.0891 1048 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:29:26.0995 1048 nsiproxy - ok
18:29:27.0061 1048 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
18:29:27.0182 1048 Ntfs - ok
18:29:27.0209 1048 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:29:27.0307 1048 Null - ok
18:29:27.0431 1048 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
18:29:27.0518 1048 nvraid - ok
18:29:27.0550 1048 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
18:29:27.0599 1048 nvstor - ok
18:29:27.0635 1048 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:29:27.0715 1048 nv_agp - ok
18:29:27.0757 1048 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:29:27.0880 1048 ohci1394 - ok
18:29:27.0923 1048 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:29:27.0973 1048 Parport - ok
18:29:27.0997 1048 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
18:29:28.0063 1048 partmgr - ok
18:29:28.0094 1048 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:29:28.0185 1048 pci - ok
18:29:28.0211 1048 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:29:28.0249 1048 pciide - ok
18:29:28.0272 1048 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:29:28.0342 1048 pcmcia - ok
18:29:28.0363 1048 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:29:28.0419 1048 pcw - ok
18:29:28.0457 1048 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:29:28.0596 1048 PEAUTH - ok
18:29:28.0682 1048 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:29:28.0767 1048 PptpMiniport - ok
18:29:28.0790 1048 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:29:28.0862 1048 Processor - ok
18:29:28.0907 1048 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:29:29.0002 1048 Psched - ok
18:29:29.0059 1048 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:29:29.0166 1048 ql2300 - ok
18:29:29.0194 1048 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:29:29.0254 1048 ql40xx - ok
18:29:29.0278 1048 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:29:29.0344 1048 QWAVEdrv - ok
18:29:29.0367 1048 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:29:29.0458 1048 RasAcd - ok
18:29:29.0509 1048 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:29:29.0631 1048 RasAgileVpn - ok
18:29:29.0657 1048 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:29:29.0743 1048 Rasl2tp - ok
18:29:29.0777 1048 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:29:29.0875 1048 RasPppoe - ok
18:29:29.0908 1048 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:29:29.0991 1048 RasSstp - ok
18:29:30.0022 1048 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:29:30.0108 1048 rdbss - ok
18:29:30.0133 1048 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:29:30.0195 1048 rdpbus - ok
18:29:30.0224 1048 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:29:30.0301 1048 RDPCDD - ok
18:29:30.0343 1048 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:29:30.0423 1048 RDPENCDD - ok
18:29:30.0451 1048 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:29:30.0512 1048 RDPREFMP - ok
18:29:30.0542 1048 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
18:29:30.0773 1048 RDPWD - ok
18:29:30.0984 1048 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:29:31.0104 1048 rdyboost - ok
18:29:31.0183 1048 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:29:31.0279 1048 rspndr - ok
18:29:31.0343 1048 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
18:29:31.0453 1048 RSUSBSTOR - ok
18:29:31.0513 1048 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:29:31.0607 1048 RTL8167 - ok
18:29:31.0652 1048 RtsUIR - ok
18:29:31.0693 1048 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:29:31.0777 1048 sbp2port - ok
18:29:31.0808 1048 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:29:31.0911 1048 scfilter - ok
18:29:31.0980 1048 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\drivers\sdbus.sys
18:29:32.0121 1048 sdbus - ok
18:29:32.0167 1048 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:29:32.0249 1048 secdrv - ok
18:29:32.0284 1048 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:29:32.0351 1048 Serenum - ok
18:29:32.0377 1048 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:29:32.0489 1048 Serial - ok
18:29:32.0556 1048 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:29:32.0733 1048 sermouse - ok
18:29:32.0778 1048 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:29:32.0897 1048 sffdisk - ok
18:29:32.0923 1048 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:29:33.0011 1048 sffp_mmc - ok
18:29:33.0035 1048 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
18:29:33.0088 1048 sffp_sd - ok
18:29:33.0119 1048 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:29:33.0175 1048 sfloppy - ok
18:29:33.0218 1048 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:29:33.0281 1048 SiSRaid2 - ok
18:29:33.0303 1048 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:29:33.0357 1048 SiSRaid4 - ok
18:29:33.0388 1048 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:29:33.0480 1048 Smb - ok
18:29:33.0531 1048 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:29:33.0572 1048 spldr - ok
18:29:33.0699 1048 SRTSP (9e399476e5d5e0d3c8822c857a7e9a9a) C:\Windows\System32\Drivers\N360x64\0308030.006\SRTSP64.SYS
18:29:33.0814 1048 SRTSP - ok
18:29:33.0853 1048 SRTSPX (3d7717b582f0365e75071556936e5a6b) C:\Windows\system32\drivers\N360x64\0308030.006\SRTSPX64.SYS
18:29:33.0929 1048 SRTSPX - ok
18:29:33.0973 1048 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:29:34.0099 1048 srv - ok
18:29:34.0133 1048 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:29:34.0193 1048 srv2 - ok
18:29:34.0242 1048 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:29:34.0332 1048 SrvHsfHDA - ok
18:29:34.0391 1048 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:29:34.0515 1048 SrvHsfV92 - ok
18:29:34.0549 1048 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:29:34.0650 1048 SrvHsfWinac - ok
18:29:34.0706 1048 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:29:34.0825 1048 srvnet - ok
18:29:34.0871 1048 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:29:34.0929 1048 stexstor - ok
18:29:34.0995 1048 STHDA (a3fb7ad8720d7e02aa0111a6b51c2744) C:\Windows\system32\DRIVERS\stwrt64.sys
18:29:35.0133 1048 STHDA - ok
18:29:35.0180 1048 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:29:35.0245 1048 swenum - ok
18:29:35.0311 1048 sxuptp (20a4a4513e50f84b662e106eb27f5aeb) C:\Windows\system32\DRIVERS\sxuptp.sys
18:29:35.0380 1048 sxuptp - ok
18:29:35.0496 1048 SymEFA (4f87bb5389a93778ebc363b28271a65b) C:\Windows\system32\drivers\N360x64\0308030.006\SYMEFA64.SYS
18:29:35.0581 1048 SymEFA - ok
18:29:35.0713 1048 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
18:29:35.0781 1048 SymEvent - ok
18:29:35.0904 1048 SYMFW (b4af6633ecd674b74bd4e80788299d2a) C:\Windows\System32\Drivers\N360x64\0308030.006\SYMFW.SYS
18:29:35.0963 1048 SYMFW - ok
18:29:36.0018 1048 SymIM (212bbf5a964513980d5de9397381534f) C:\Windows\system32\DRIVERS\SymIMv.sys
18:29:36.0087 1048 SymIM - ok
18:29:36.0138 1048 SYMNDISV (d451a05f7e7b9d1f9f8fb76b2a16d786) C:\Windows\System32\Drivers\N360x64\0308030.006\SYMNDISV.SYS
18:29:36.0219 1048 SYMNDISV - ok
18:29:36.0289 1048 SYMTDI (33b37cb0a74f1f4b78a665ece9184095) C:\Windows\System32\Drivers\N360x64\0308030.006\SYMTDI.SYS
18:29:36.0370 1048 SYMTDI - ok
18:29:36.0435 1048 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
18:29:36.0540 1048 SynTP - ok
18:29:36.0643 1048 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
18:29:36.0812 1048 Tcpip - ok
18:29:36.0883 1048 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
18:29:36.0966 1048 TCPIP6 - ok
18:29:37.0016 1048 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:29:37.0100 1048 tcpipreg - ok
18:29:37.0129 1048 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:29:37.0214 1048 TDPIPE - ok
18:29:37.0242 1048 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:29:37.0320 1048 TDTCP - ok
18:29:37.0344 1048 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:29:37.0445 1048 tdx - ok
18:29:37.0469 1048 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:29:37.0498 1048 TermDD - ok
18:29:37.0527 1048 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:29:37.0616 1048 tssecsrv - ok
18:29:37.0676 1048 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:29:37.0883 1048 tunnel - ok
18:29:37.0904 1048 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:29:38.0085 1048 uagp35 - ok
18:29:38.0306 1048 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
18:29:38.0607 1048 udfs - ok
18:29:38.0777 1048 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:29:38.0863 1048 uliagpkx - ok
18:29:38.0944 1048 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:29:39.0052 1048 umbus - ok
18:29:39.0191 1048 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:29:39.0275 1048 UmPass - ok
18:29:39.0665 1048 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
18:29:39.0831 1048 usbaudio - ok
18:29:39.0902 1048 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
18:29:40.0005 1048 usbbus - ok
18:29:40.0037 1048 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
18:29:40.0201 1048 usbccgp - ok
18:29:40.0212 1048 USBCCID - ok
18:29:40.0246 1048 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:29:40.0333 1048 usbcir - ok
18:29:40.0393 1048 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
18:29:40.0445 1048 UsbDiag - ok
18:29:40.0493 1048 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
18:29:40.0565 1048 usbehci - ok
18:29:40.0634 1048 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
18:29:40.0733 1048 usbhub - ok
18:29:40.0779 1048 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
18:29:40.0968 1048 USBModem - ok
18:29:41.0030 1048 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
18:29:41.0328 1048 usbohci - ok
18:29:41.0373 1048 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:29:41.0489 1048 usbprint - ok
18:29:41.0532 1048 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:29:41.0638 1048 USBSTOR - ok
18:29:41.0676 1048 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:29:41.0751 1048 usbuhci - ok
18:29:41.0828 1048 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
18:29:41.0936 1048 usbvideo - ok
18:29:41.0977 1048 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:29:42.0058 1048 vdrvroot - ok
18:29:42.0112 1048 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:29:42.0161 1048 vga - ok
18:29:42.0195 1048 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:29:42.0289 1048 VgaSave - ok
18:29:42.0321 1048 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:29:42.0384 1048 vhdmp - ok
18:29:42.0412 1048 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:29:42.0471 1048 viaide - ok
18:29:42.0492 1048 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:29:42.0553 1048 volmgr - ok
18:29:42.0589 1048 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:29:42.0682 1048 volmgrx - ok
18:29:42.0713 1048 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:29:42.0769 1048 volsnap - ok
18:29:42.0811 1048 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:29:42.0876 1048 vsmraid - ok
18:29:42.0902 1048 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:29:42.0970 1048 vwifibus - ok
18:29:43.0012 1048 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:29:43.0166 1048 vwififlt - ok
18:29:43.0197 1048 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:29:43.0253 1048 WacomPen - ok
18:29:43.0298 1048 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:29:43.0400 1048 WANARP - ok
18:29:43.0423 1048 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:29:43.0496 1048 Wanarpv6 - ok
18:29:43.0536 1048 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:29:43.0574 1048 Wd - ok
18:29:43.0604 1048 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:29:43.0688 1048 Wdf01000 - ok
18:29:43.0742 1048 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:29:43.0807 1048 WfpLwf - ok
18:29:43.0832 1048 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:29:43.0887 1048 WIMMount - ok
18:29:43.0984 1048 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
18:29:44.0105 1048 WinUsb - ok
18:29:44.0165 1048 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:29:44.0246 1048 WmiAcpi - ok
18:29:44.0306 1048 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:29:44.0414 1048 ws2ifsl - ok
18:29:44.0449 1048 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:29:44.0527 1048 WudfPf - ok
18:29:44.0572 1048 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:29:44.0666 1048 WUDFRd - ok
18:29:44.0722 1048 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
18:29:44.0807 1048 yukonw7 - ok
18:29:44.0848 1048 MBR (0x1B8) (0b1dadf37e478804cb22509cf36f5b47) \Device\Harddisk0\DR0
18:29:44.0925 1048 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:29:44.0925 1048 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:29:44.0962 1048 Boot (0x1200) (0252da4908762c66c6d2fdf1485a5949) \Device\Harddisk0\DR0\Partition0
18:29:44.0964 1048 \Device\Harddisk0\DR0\Partition0 - ok
18:29:44.0973 1048 Boot (0x1200) (7d0e58ddfed842e87fbf4c21b7bbcd40) \Device\Harddisk0\DR0\Partition1
18:29:44.0975 1048 \Device\Harddisk0\DR0\Partition1 - ok
18:29:45.0004 1048 Boot (0x1200) (a2a80c22dda38266321d3e51502616fe) \Device\Harddisk0\DR0\Partition2
18:29:45.0005 1048 \Device\Harddisk0\DR0\Partition2 - ok
18:29:45.0006 1048 ============================================================
18:29:45.0006 1048 Scan finished
18:29:45.0006 1048 ============================================================
18:29:45.0021 4048 Detected object count: 1
18:29:45.0021 4048 Actual detected object count: 1
18:31:48.0635 4048 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:31:49.0163 4048 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
18:31:49.0189 4048 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
18:31:49.0259 4048 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
18:31:49.0351 4048 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:31:49.0471 4048 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
18:31:49.0519 4048 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:31:49.0526 4048 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:31:49.0532 4048 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:31:49.0540 4048 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:31:49.0575 4048 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
18:31:49.0668 4048 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:31:49.0673 4048 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine

#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:29 PM

Posted 28 February 2012 - 06:56 PM

Looks like they reworded the tool since I last played with it. Run it again and Delete everything it will let you delete and let me have the resulting log.

So long, and thanks for all the fish.

 

 


#14 zman4430

zman4430
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 28 February 2012 - 07:00 PM

18:27:36.0523 5752 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
18:27:37.0139 5752 ============================================================
18:27:37.0139 5752 Current date / time: 2012/02/28 18:27:37.0139
18:27:37.0139 5752 SystemInfo:
18:27:37.0139 5752
18:27:37.0140 5752 OS Version: 6.1.7600 ServicePack: 0.0
18:27:37.0140 5752 Product type: Workstation
18:27:37.0140 5752 ComputerName: LAPTOP
18:27:37.0140 5752 UserName: Adam
18:27:37.0140 5752 Windows directory: C:\Windows
18:27:37.0140 5752 System windows directory: C:\Windows
18:27:37.0140 5752 Running under WOW64
18:27:37.0140 5752 Processor architecture: Intel x64
18:27:37.0140 5752 Number of processors: 2
18:27:37.0140 5752 Page size: 0x1000
18:27:37.0140 5752 Boot type: Normal boot
18:27:37.0140 5752 ============================================================
18:27:39.0288 5752 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:27:39.0306 5752 \Device\Harddisk0\DR0:
18:27:39.0306 5752 MBR used
18:27:39.0306 5752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:27:39.0306 5752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23B77000
18:27:39.0306 5752 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23BDB000, BlocksNum 0x1853000
18:27:39.0381 5752 Initialize success
18:27:39.0381 5752 ============================================================
18:28:39.0858 1048 ============================================================
18:28:39.0858 1048 Scan started
18:28:39.0858 1048 Mode: Manual; SigCheck; TDLFS;
18:28:39.0858 1048 ============================================================
18:28:41.0250 1048 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:28:41.0545 1048 1394ohci - ok
18:28:41.0700 1048 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:28:41.0748 1048 ACPI - ok
18:28:41.0783 1048 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:28:41.0920 1048 AcpiPmi - ok
18:28:41.0972 1048 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:28:42.0050 1048 adp94xx - ok
18:28:42.0091 1048 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:28:42.0153 1048 adpahci - ok
18:28:42.0176 1048 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:28:42.0236 1048 adpu320 - ok
18:28:42.0319 1048 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
18:28:42.0469 1048 AFD - ok
18:28:42.0550 1048 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys
18:28:42.0802 1048 AgereSoftModem - ok
18:28:42.0934 1048 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:28:43.0002 1048 agp440 - ok
18:28:43.0046 1048 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:28:43.0086 1048 aliide - ok
18:28:43.0133 1048 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:28:43.0223 1048 amdide - ok
18:28:43.0280 1048 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:28:43.0360 1048 AmdK8 - ok
18:28:43.0387 1048 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:28:43.0476 1048 AmdPPM - ok
18:28:43.0526 1048 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
18:28:43.0594 1048 amdsata - ok
18:28:43.0644 1048 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:28:43.0709 1048 amdsbs - ok
18:28:43.0747 1048 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
18:28:43.0820 1048 amdxata - ok
18:28:43.0871 1048 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:28:44.0012 1048 AppID - ok
18:28:44.0162 1048 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:28:44.0235 1048 arc - ok
18:28:44.0273 1048 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:28:44.0342 1048 arcsas - ok
18:28:44.0371 1048 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:28:44.0593 1048 AsyncMac - ok
18:28:44.0686 1048 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:28:44.0727 1048 atapi - ok
18:28:44.0801 1048 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:28:44.0950 1048 b06bdrv - ok
18:28:45.0068 1048 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:28:45.0162 1048 b57nd60a - ok
18:28:45.0333 1048 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:28:45.0438 1048 Beep - ok
18:28:45.0567 1048 BHDrvx64 (4d7f8401eae7eaa4ef702fa6f4153269) C:\Windows\System32\Drivers\N360x64\0308030.006\BHDrvx64.sys
18:28:45.0685 1048 BHDrvx64 - ok
18:28:45.0739 1048 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:28:45.0821 1048 blbdrive - ok
18:28:45.0884 1048 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:28:46.0035 1048 bowser - ok
18:28:46.0069 1048 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:28:46.0189 1048 BrFiltLo - ok
18:28:46.0216 1048 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:28:46.0259 1048 BrFiltUp - ok
18:28:46.0285 1048 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:28:46.0392 1048 Brserid - ok
18:28:46.0412 1048 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:28:46.0502 1048 BrSerWdm - ok
18:28:46.0535 1048 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:28:46.0622 1048 BrUsbMdm - ok
18:28:46.0645 1048 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:28:46.0697 1048 BrUsbSer - ok
18:28:46.0735 1048 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:28:46.0803 1048 BTHMODEM - ok
18:28:46.0908 1048 ccHP (a2e6ab452b9393ca8d11d28827e0e1a1) C:\Windows\System32\Drivers\N360x64\0308030.006\ccHPx64.sys
18:28:47.0015 1048 ccHP - ok
18:28:47.0063 1048 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:28:47.0152 1048 cdfs - ok
18:28:47.0206 1048 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:28:47.0285 1048 cdrom - ok
18:28:47.0336 1048 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:28:47.0404 1048 circlass - ok
18:28:47.0639 1048 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:28:47.0817 1048 CLFS - ok
18:28:47.0896 1048 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:28:47.0970 1048 CmBatt - ok
18:28:47.0995 1048 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:28:48.0060 1048 cmdide - ok
18:28:48.0123 1048 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
18:28:48.0181 1048 CNG - ok
18:28:48.0277 1048 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:28:48.0356 1048 Compbatt - ok
18:28:48.0395 1048 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:28:48.0474 1048 CompositeBus - ok
18:28:48.0511 1048 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:28:48.0552 1048 crcdisk - ok
18:28:48.0652 1048 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:28:48.0767 1048 DfsC - ok
18:28:48.0814 1048 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:28:48.0921 1048 discache - ok
18:28:48.0971 1048 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:28:49.0012 1048 Disk - ok
18:28:49.0061 1048 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:28:49.0131 1048 drmkaud - ok
18:28:49.0184 1048 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:28:49.0295 1048 DXGKrnl - ok
18:28:49.0423 1048 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:28:49.0640 1048 ebdrv - ok
18:28:49.0834 1048 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:28:49.0972 1048 eeCtrl - ok
18:28:50.0722 1048 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:28:50.0922 1048 elxstor - ok
18:28:51.0105 1048 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:28:51.0363 1048 EraserUtilRebootDrv - ok
18:28:51.0566 1048 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:28:51.0658 1048 ErrDev - ok
18:28:52.0039 1048 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:28:52.0230 1048 exfat - ok
18:28:52.0772 1048 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:28:53.0279 1048 fastfat - ok
18:28:53.0645 1048 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:28:53.0747 1048 fdc - ok
18:28:54.0110 1048 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:28:54.0234 1048 FileInfo - ok
18:28:54.0635 1048 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:28:54.0941 1048 Filetrace - ok
18:28:55.0195 1048 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:28:55.0368 1048 flpydisk - ok
18:28:55.0517 1048 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:28:55.0571 1048 FltMgr - ok
18:28:55.0659 1048 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:28:55.0693 1048 FsDepends - ok
18:28:55.0720 1048 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:28:55.0778 1048 Fs_Rec - ok
18:28:55.0834 1048 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:28:55.0896 1048 fvevol - ok
18:28:55.0958 1048 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:28:56.0034 1048 gagp30kx - ok
18:28:56.0304 1048 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:28:56.0378 1048 GEARAspiWDM - ok
18:28:56.0426 1048 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:28:56.0565 1048 hcw85cir - ok
18:28:56.0791 1048 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:28:56.0951 1048 HdAudAddService - ok
18:28:57.0258 1048 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:28:57.0437 1048 HDAudBus - ok
18:28:57.0605 1048 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:28:57.0723 1048 HidBatt - ok
18:28:57.0948 1048 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:28:58.0071 1048 HidBth - ok
18:28:58.0283 1048 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:28:58.0451 1048 HidIr - ok
18:28:58.0753 1048 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:28:59.0001 1048 HidUsb - ok
18:28:59.0355 1048 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:28:59.0557 1048 HpqKbFiltr - ok
18:28:59.0737 1048 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:28:59.0849 1048 HpSAMD - ok
18:28:59.0978 1048 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:29:00.0325 1048 HTTP - ok
18:29:00.0723 1048 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:29:00.0788 1048 hwpolicy - ok
18:29:01.0001 1048 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:29:01.0112 1048 i8042prt - ok
18:29:01.0321 1048 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
18:29:01.0413 1048 iaStorV - ok
18:29:01.0806 1048 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120225.004\IDSvia64.sys
18:29:01.0883 1048 IDSVia64 - ok
18:29:02.0481 1048 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:29:03.0465 1048 igfx - ok
18:29:04.0389 1048 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:29:04.0548 1048 iirsp - ok
18:29:05.0014 1048 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
18:29:05.0182 1048 IntcHdmiAddService - ok
18:29:05.0340 1048 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:29:05.0381 1048 intelide - ok
18:29:05.0641 1048 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:29:05.0843 1048 intelppm - ok
18:29:06.0433 1048 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:29:06.0833 1048 IpFilterDriver - ok
18:29:07.0297 1048 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:29:07.0435 1048 IPMIDRV - ok
18:29:07.0887 1048 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:29:07.0998 1048 IPNAT - ok
18:29:08.0466 1048 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:29:08.0690 1048 IRENUM - ok
18:29:08.0972 1048 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:29:09.0056 1048 isapnp - ok
18:29:09.0592 1048 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:29:09.0824 1048 iScsiPrt - ok
18:29:10.0100 1048 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:29:10.0205 1048 kbdclass - ok
18:29:10.0515 1048 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:29:11.0363 1048 kbdhid - ok
18:29:11.0544 1048 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
18:29:11.0659 1048 KSecDD - ok
18:29:11.0784 1048 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
18:29:12.0114 1048 KSecPkg - ok
18:29:12.0250 1048 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:29:12.0391 1048 ksthunk - ok
18:29:12.0860 1048 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:29:13.0377 1048 lltdio - ok
18:29:13.0591 1048 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:29:13.0716 1048 LSI_FC - ok
18:29:14.0332 1048 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:29:14.0484 1048 LSI_SAS - ok
18:29:14.0792 1048 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:29:14.0899 1048 LSI_SAS2 - ok
18:29:15.0356 1048 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:29:15.0441 1048 LSI_SCSI - ok
18:29:15.0659 1048 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:29:15.0911 1048 luafv - ok
18:29:16.0898 1048 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:29:17.0022 1048 megasas - ok
18:29:17.0382 1048 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:29:17.0561 1048 MegaSR - ok
18:29:17.0878 1048 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:29:18.0121 1048 Modem - ok
18:29:18.0352 1048 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:29:18.0433 1048 monitor - ok
18:29:18.0521 1048 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:29:18.0600 1048 mouclass - ok
18:29:18.0661 1048 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:29:18.0746 1048 mouhid - ok
18:29:18.0774 1048 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:29:18.0890 1048 mountmgr - ok
18:29:18.0949 1048 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:29:18.0997 1048 mpio - ok
18:29:19.0021 1048 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:29:19.0119 1048 mpsdrv - ok
18:29:19.0154 1048 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:29:19.0281 1048 MRxDAV - ok
18:29:19.0422 1048 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:29:19.0524 1048 mrxsmb - ok
18:29:19.0635 1048 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:29:19.0770 1048 mrxsmb10 - ok
18:29:19.0954 1048 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:29:20.0034 1048 mrxsmb20 - ok
18:29:20.0109 1048 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:29:20.0164 1048 msahci - ok
18:29:20.0267 1048 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:29:20.0338 1048 msdsm - ok
18:29:20.0409 1048 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:29:20.0490 1048 Msfs - ok
18:29:20.0530 1048 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:29:20.0770 1048 mshidkmdf - ok
18:29:20.0796 1048 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:29:21.0057 1048 msisadrv - ok
18:29:21.0098 1048 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:29:21.0171 1048 MSKSSRV - ok
18:29:21.0207 1048 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:29:21.0318 1048 MSPCLOCK - ok
18:29:21.0343 1048 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:29:21.0429 1048 MSPQM - ok
18:29:21.0525 1048 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:29:21.0574 1048 MsRPC - ok
18:29:21.0601 1048 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:29:21.0654 1048 mssmbios - ok
18:29:21.0691 1048 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:29:21.0766 1048 MSTEE - ok
18:29:21.0793 1048 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:29:21.0896 1048 MTConfig - ok
18:29:21.0976 1048 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:29:22.0220 1048 Mup - ok
18:29:22.0482 1048 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:29:22.0612 1048 NativeWifiP - ok
18:29:22.0810 1048 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120228.006\ENG64.SYS
18:29:22.0921 1048 NAVENG - ok
18:29:23.0027 1048 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120228.006\EX64.SYS
18:29:23.0227 1048 NAVEX15 - ok
18:29:23.0369 1048 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:29:23.0459 1048 NDIS - ok
18:29:23.0534 1048 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:29:23.0673 1048 NdisCap - ok
18:29:23.0705 1048 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:29:23.0792 1048 NdisTapi - ok
18:29:23.0833 1048 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:29:23.0948 1048 Ndisuio - ok
18:29:23.0979 1048 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:29:24.0064 1048 NdisWan - ok
18:29:24.0087 1048 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:29:24.0231 1048 NDProxy - ok
18:29:24.0297 1048 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:29:24.0399 1048 NetBIOS - ok
18:29:24.0450 1048 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:29:24.0558 1048 NetBT - ok
18:29:24.0776 1048 NETw1v64 (e72f4522801ffb8f0456924fb0017bff) C:\Windows\system32\DRIVERS\NETw1v64.sys
18:29:25.0180 1048 NETw1v64 - ok
18:29:25.0477 1048 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
18:29:25.0862 1048 NETw5s64 - ok
18:29:26.0103 1048 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
18:29:26.0472 1048 netw5v64 - ok
18:29:26.0610 1048 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:29:26.0661 1048 nfrd960 - ok
18:29:26.0726 1048 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:29:26.0859 1048 Npfs - ok
18:29:26.0891 1048 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:29:26.0995 1048 nsiproxy - ok
18:29:27.0061 1048 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
18:29:27.0182 1048 Ntfs - ok
18:29:27.0209 1048 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:29:27.0307 1048 Null - ok
18:29:27.0431 1048 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
18:29:27.0518 1048 nvraid - ok
18:29:27.0550 1048 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
18:29:27.0599 1048 nvstor - ok
18:29:27.0635 1048 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:29:27.0715 1048 nv_agp - ok
18:29:27.0757 1048 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:29:27.0880 1048 ohci1394 - ok
18:29:27.0923 1048 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:29:27.0973 1048 Parport - ok
18:29:27.0997 1048 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
18:29:28.0063 1048 partmgr - ok
18:29:28.0094 1048 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:29:28.0185 1048 pci - ok
18:29:28.0211 1048 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:29:28.0249 1048 pciide - ok
18:29:28.0272 1048 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:29:28.0342 1048 pcmcia - ok
18:29:28.0363 1048 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:29:28.0419 1048 pcw - ok
18:29:28.0457 1048 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:29:28.0596 1048 PEAUTH - ok
18:29:28.0682 1048 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:29:28.0767 1048 PptpMiniport - ok
18:29:28.0790 1048 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:29:28.0862 1048 Processor - ok
18:29:28.0907 1048 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:29:29.0002 1048 Psched - ok
18:29:29.0059 1048 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:29:29.0166 1048 ql2300 - ok
18:29:29.0194 1048 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:29:29.0254 1048 ql40xx - ok
18:29:29.0278 1048 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:29:29.0344 1048 QWAVEdrv - ok
18:29:29.0367 1048 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:29:29.0458 1048 RasAcd - ok
18:29:29.0509 1048 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:29:29.0631 1048 RasAgileVpn - ok
18:29:29.0657 1048 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:29:29.0743 1048 Rasl2tp - ok
18:29:29.0777 1048 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:29:29.0875 1048 RasPppoe - ok
18:29:29.0908 1048 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:29:29.0991 1048 RasSstp - ok
18:29:30.0022 1048 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:29:30.0108 1048 rdbss - ok
18:29:30.0133 1048 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:29:30.0195 1048 rdpbus - ok
18:29:30.0224 1048 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:29:30.0301 1048 RDPCDD - ok
18:29:30.0343 1048 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:29:30.0423 1048 RDPENCDD - ok
18:29:30.0451 1048 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:29:30.0512 1048 RDPREFMP - ok
18:29:30.0542 1048 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
18:29:30.0773 1048 RDPWD - ok
18:29:30.0984 1048 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:29:31.0104 1048 rdyboost - ok
18:29:31.0183 1048 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:29:31.0279 1048 rspndr - ok
18:29:31.0343 1048 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
18:29:31.0453 1048 RSUSBSTOR - ok
18:29:31.0513 1048 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:29:31.0607 1048 RTL8167 - ok
18:29:31.0652 1048 RtsUIR - ok
18:29:31.0693 1048 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:29:31.0777 1048 sbp2port - ok
18:29:31.0808 1048 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:29:31.0911 1048 scfilter - ok
18:29:31.0980 1048 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\drivers\sdbus.sys
18:29:32.0121 1048 sdbus - ok
18:29:32.0167 1048 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:29:32.0249 1048 secdrv - ok
18:29:32.0284 1048 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:29:32.0351 1048 Serenum - ok
18:29:32.0377 1048 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:29:32.0489 1048 Serial - ok
18:29:32.0556 1048 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:29:32.0733 1048 sermouse - ok
18:29:32.0778 1048 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:29:32.0897 1048 sffdisk - ok
18:29:32.0923 1048 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:29:33.0011 1048 sffp_mmc - ok
18:29:33.0035 1048 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
18:29:33.0088 1048 sffp_sd - ok
18:29:33.0119 1048 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:29:33.0175 1048 sfloppy - ok
18:29:33.0218 1048 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:29:33.0281 1048 SiSRaid2 - ok
18:29:33.0303 1048 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:29:33.0357 1048 SiSRaid4 - ok
18:29:33.0388 1048 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:29:33.0480 1048 Smb - ok
18:29:33.0531 1048 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:29:33.0572 1048 spldr - ok
18:29:33.0699 1048 SRTSP (9e399476e5d5e0d3c8822c857a7e9a9a) C:\Windows\System32\Drivers\N360x64\0308030.006\SRTSP64.SYS
18:29:33.0814 1048 SRTSP - ok
18:29:33.0853 1048 SRTSPX (3d7717b582f0365e75071556936e5a6b) C:\Windows\system32\drivers\N360x64\0308030.006\SRTSPX64.SYS
18:29:33.0929 1048 SRTSPX - ok
18:29:33.0973 1048 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:29:34.0099 1048 srv - ok
18:29:34.0133 1048 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:29:34.0193 1048 srv2 - ok
18:29:34.0242 1048 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:29:34.0332 1048 SrvHsfHDA - ok
18:29:34.0391 1048 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:29:34.0515 1048 SrvHsfV92 - ok
18:29:34.0549 1048 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:29:34.0650 1048 SrvHsfWinac - ok
18:29:34.0706 1048 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:29:34.0825 1048 srvnet - ok
18:29:34.0871 1048 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:29:34.0929 1048 stexstor - ok
18:29:34.0995 1048 STHDA (a3fb7ad8720d7e02aa0111a6b51c2744) C:\Windows\system32\DRIVERS\stwrt64.sys
18:29:35.0133 1048 STHDA - ok
18:29:35.0180 1048 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:29:35.0245 1048 swenum - ok
18:29:35.0311 1048 sxuptp (20a4a4513e50f84b662e106eb27f5aeb) C:\Windows\system32\DRIVERS\sxuptp.sys
18:29:35.0380 1048 sxuptp - ok
18:29:35.0496 1048 SymEFA (4f87bb5389a93778ebc363b28271a65b) C:\Windows\system32\drivers\N360x64\0308030.006\SYMEFA64.SYS
18:29:35.0581 1048 SymEFA - ok
18:29:35.0713 1048 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
18:29:35.0781 1048 SymEvent - ok
18:29:35.0904 1048 SYMFW (b4af6633ecd674b74bd4e80788299d2a) C:\Windows\System32\Drivers\N360x64\0308030.006\SYMFW.SYS
18:29:35.0963 1048 SYMFW - ok
18:29:36.0018 1048 SymIM (212bbf5a964513980d5de9397381534f) C:\Windows\system32\DRIVERS\SymIMv.sys
18:29:36.0087 1048 SymIM - ok
18:29:36.0138 1048 SYMNDISV (d451a05f7e7b9d1f9f8fb76b2a16d786) C:\Windows\System32\Drivers\N360x64\0308030.006\SYMNDISV.SYS
18:29:36.0219 1048 SYMNDISV - ok
18:29:36.0289 1048 SYMTDI (33b37cb0a74f1f4b78a665ece9184095) C:\Windows\System32\Drivers\N360x64\0308030.006\SYMTDI.SYS
18:29:36.0370 1048 SYMTDI - ok
18:29:36.0435 1048 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
18:29:36.0540 1048 SynTP - ok
18:29:36.0643 1048 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
18:29:36.0812 1048 Tcpip - ok
18:29:36.0883 1048 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
18:29:36.0966 1048 TCPIP6 - ok
18:29:37.0016 1048 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:29:37.0100 1048 tcpipreg - ok
18:29:37.0129 1048 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:29:37.0214 1048 TDPIPE - ok
18:29:37.0242 1048 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:29:37.0320 1048 TDTCP - ok
18:29:37.0344 1048 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:29:37.0445 1048 tdx - ok
18:29:37.0469 1048 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:29:37.0498 1048 TermDD - ok
18:29:37.0527 1048 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:29:37.0616 1048 tssecsrv - ok
18:29:37.0676 1048 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:29:37.0883 1048 tunnel - ok
18:29:37.0904 1048 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:29:38.0085 1048 uagp35 - ok
18:29:38.0306 1048 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
18:29:38.0607 1048 udfs - ok
18:29:38.0777 1048 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:29:38.0863 1048 uliagpkx - ok
18:29:38.0944 1048 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:29:39.0052 1048 umbus - ok
18:29:39.0191 1048 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:29:39.0275 1048 UmPass - ok
18:29:39.0665 1048 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
18:29:39.0831 1048 usbaudio - ok
18:29:39.0902 1048 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
18:29:40.0005 1048 usbbus - ok
18:29:40.0037 1048 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
18:29:40.0201 1048 usbccgp - ok
18:29:40.0212 1048 USBCCID - ok
18:29:40.0246 1048 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:29:40.0333 1048 usbcir - ok
18:29:40.0393 1048 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
18:29:40.0445 1048 UsbDiag - ok
18:29:40.0493 1048 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
18:29:40.0565 1048 usbehci - ok
18:29:40.0634 1048 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
18:29:40.0733 1048 usbhub - ok
18:29:40.0779 1048 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
18:29:40.0968 1048 USBModem - ok
18:29:41.0030 1048 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
18:29:41.0328 1048 usbohci - ok
18:29:41.0373 1048 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:29:41.0489 1048 usbprint - ok
18:29:41.0532 1048 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:29:41.0638 1048 USBSTOR - ok
18:29:41.0676 1048 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:29:41.0751 1048 usbuhci - ok
18:29:41.0828 1048 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
18:29:41.0936 1048 usbvideo - ok
18:29:41.0977 1048 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:29:42.0058 1048 vdrvroot - ok
18:29:42.0112 1048 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:29:42.0161 1048 vga - ok
18:29:42.0195 1048 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:29:42.0289 1048 VgaSave - ok
18:29:42.0321 1048 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:29:42.0384 1048 vhdmp - ok
18:29:42.0412 1048 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:29:42.0471 1048 viaide - ok
18:29:42.0492 1048 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:29:42.0553 1048 volmgr - ok
18:29:42.0589 1048 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:29:42.0682 1048 volmgrx - ok
18:29:42.0713 1048 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:29:42.0769 1048 volsnap - ok
18:29:42.0811 1048 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:29:42.0876 1048 vsmraid - ok
18:29:42.0902 1048 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:29:42.0970 1048 vwifibus - ok
18:29:43.0012 1048 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:29:43.0166 1048 vwififlt - ok
18:29:43.0197 1048 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:29:43.0253 1048 WacomPen - ok
18:29:43.0298 1048 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:29:43.0400 1048 WANARP - ok
18:29:43.0423 1048 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:29:43.0496 1048 Wanarpv6 - ok
18:29:43.0536 1048 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:29:43.0574 1048 Wd - ok
18:29:43.0604 1048 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:29:43.0688 1048 Wdf01000 - ok
18:29:43.0742 1048 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:29:43.0807 1048 WfpLwf - ok
18:29:43.0832 1048 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:29:43.0887 1048 WIMMount - ok
18:29:43.0984 1048 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
18:29:44.0105 1048 WinUsb - ok
18:29:44.0165 1048 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:29:44.0246 1048 WmiAcpi - ok
18:29:44.0306 1048 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:29:44.0414 1048 ws2ifsl - ok
18:29:44.0449 1048 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:29:44.0527 1048 WudfPf - ok
18:29:44.0572 1048 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:29:44.0666 1048 WUDFRd - ok
18:29:44.0722 1048 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
18:29:44.0807 1048 yukonw7 - ok
18:29:44.0848 1048 MBR (0x1B8) (0b1dadf37e478804cb22509cf36f5b47) \Device\Harddisk0\DR0
18:29:44.0925 1048 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:29:44.0925 1048 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:29:44.0962 1048 Boot (0x1200) (0252da4908762c66c6d2fdf1485a5949) \Device\Harddisk0\DR0\Partition0
18:29:44.0964 1048 \Device\Harddisk0\DR0\Partition0 - ok
18:29:44.0973 1048 Boot (0x1200) (7d0e58ddfed842e87fbf4c21b7bbcd40) \Device\Harddisk0\DR0\Partition1
18:29:44.0975 1048 \Device\Harddisk0\DR0\Partition1 - ok
18:29:45.0004 1048 Boot (0x1200) (a2a80c22dda38266321d3e51502616fe) \Device\Harddisk0\DR0\Partition2
18:29:45.0005 1048 \Device\Harddisk0\DR0\Partition2 - ok
18:29:45.0006 1048 ============================================================
18:29:45.0006 1048 Scan finished
18:29:45.0006 1048 ============================================================
18:29:45.0021 4048 Detected object count: 1
18:29:45.0021 4048 Actual detected object count: 1
18:31:48.0635 4048 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:31:49.0163 4048 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
18:31:49.0189 4048 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
18:31:49.0259 4048 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
18:31:49.0351 4048 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:31:49.0471 4048 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
18:31:49.0519 4048 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:31:49.0526 4048 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:31:49.0532 4048 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:31:49.0540 4048 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:31:49.0575 4048 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
18:31:49.0668 4048 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:31:49.0673 4048 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
18:44:46.0869 1708 ============================================================
18:44:46.0869 1708 Scan started
18:44:46.0869 1708 Mode: Manual; SigCheck; TDLFS;
18:44:46.0869 1708 ============================================================
18:44:48.0277 1708 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
18:44:48.0375 1708 1394ohci - ok
18:44:48.0415 1708 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
18:44:48.0442 1708 ACPI - ok
18:44:48.0466 1708 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
18:44:48.0497 1708 AcpiPmi - ok
18:44:48.0533 1708 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:44:48.0575 1708 adp94xx - ok
18:44:48.0607 1708 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:44:48.0645 1708 adpahci - ok
18:44:48.0670 1708 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:44:48.0711 1708 adpu320 - ok
18:44:48.0755 1708 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
18:44:48.0801 1708 AFD - ok
18:44:48.0870 1708 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys
18:44:48.0921 1708 AgereSoftModem - ok
18:44:48.0950 1708 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
18:44:48.0989 1708 agp440 - ok
18:44:49.0017 1708 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
18:44:49.0043 1708 aliide - ok
18:44:49.0060 1708 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
18:44:49.0089 1708 amdide - ok
18:44:49.0118 1708 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:44:49.0151 1708 AmdK8 - ok
18:44:49.0169 1708 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:44:49.0201 1708 AmdPPM - ok
18:44:49.0241 1708 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
18:44:49.0269 1708 amdsata - ok
18:44:49.0293 1708 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:44:49.0322 1708 amdsbs - ok
18:44:49.0362 1708 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
18:44:49.0391 1708 amdxata - ok
18:44:49.0420 1708 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
18:44:49.0466 1708 AppID - ok
18:44:49.0499 1708 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:44:49.0528 1708 arc - ok
18:44:49.0544 1708 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:44:49.0578 1708 arcsas - ok
18:44:49.0598 1708 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:44:49.0649 1708 AsyncMac - ok
18:44:49.0668 1708 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
18:44:49.0695 1708 atapi - ok
18:44:49.0737 1708 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:44:49.0781 1708 b06bdrv - ok
18:44:49.0804 1708 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:44:49.0837 1708 b57nd60a - ok
18:44:49.0870 1708 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:44:49.0920 1708 Beep - ok
18:44:50.0015 1708 BHDrvx64 (4d7f8401eae7eaa4ef702fa6f4153269) C:\Windows\System32\Drivers\N360x64\0308030.006\BHDrvx64.sys
18:44:50.0075 1708 BHDrvx64 - ok
18:44:50.0109 1708 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:44:50.0139 1708 blbdrive - ok
18:44:50.0187 1708 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
18:44:50.0219 1708 bowser - ok
18:44:50.0239 1708 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:44:50.0271 1708 BrFiltLo - ok
18:44:50.0297 1708 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:44:50.0328 1708 BrFiltUp - ok
18:44:50.0355 1708 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:44:50.0391 1708 Brserid - ok
18:44:50.0416 1708 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:44:50.0451 1708 BrSerWdm - ok
18:44:50.0472 1708 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:44:50.0516 1708 BrUsbMdm - ok
18:44:50.0537 1708 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:44:50.0565 1708 BrUsbSer - ok
18:44:50.0583 1708 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:44:50.0614 1708 BTHMODEM - ok
18:44:50.0700 1708 ccHP (a2e6ab452b9393ca8d11d28827e0e1a1) C:\Windows\System32\Drivers\N360x64\0308030.006\ccHPx64.sys
18:44:50.0749 1708 ccHP - ok
18:44:50.0766 1708 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:44:50.0819 1708 cdfs - ok
18:44:50.0842 1708 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
18:44:50.0875 1708 cdrom - ok
18:44:50.0889 1708 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:44:50.0921 1708 circlass - ok
18:44:50.0957 1708 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:44:50.0989 1708 CLFS - ok
18:44:51.0021 1708 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:44:51.0049 1708 CmBatt - ok
18:44:51.0065 1708 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
18:44:51.0093 1708 cmdide - ok
18:44:51.0137 1708 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
18:44:51.0177 1708 CNG - ok
18:44:51.0202 1708 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:44:51.0229 1708 Compbatt - ok
18:44:51.0242 1708 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:44:51.0277 1708 CompositeBus - ok
18:44:51.0302 1708 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:44:51.0330 1708 crcdisk - ok
18:44:51.0388 1708 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
18:44:51.0424 1708 DfsC - ok
18:44:51.0450 1708 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:44:51.0506 1708 discache - ok
18:44:51.0529 1708 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:44:51.0556 1708 Disk - ok
18:44:51.0585 1708 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:44:51.0614 1708 drmkaud - ok
18:44:51.0667 1708 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
18:44:51.0711 1708 DXGKrnl - ok
18:44:51.0827 1708 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:44:51.0892 1708 ebdrv - ok
18:44:51.0981 1708 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:44:52.0016 1708 eeCtrl - ok
18:44:52.0133 1708 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:44:52.0168 1708 elxstor - ok
18:44:52.0195 1708 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:44:52.0236 1708 EraserUtilRebootDrv - ok
18:44:52.0334 1708 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
18:44:52.0378 1708 ErrDev - ok
18:44:52.0429 1708 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:44:52.0483 1708 exfat - ok
18:44:52.0506 1708 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:44:52.0571 1708 fastfat - ok
18:44:52.0600 1708 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:44:52.0630 1708 fdc - ok
18:44:52.0664 1708 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:44:52.0694 1708 FileInfo - ok
18:44:52.0711 1708 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:44:52.0765 1708 Filetrace - ok
18:44:52.0782 1708 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:44:52.0810 1708 flpydisk - ok
18:44:52.0838 1708 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
18:44:52.0862 1708 FltMgr - ok
18:44:52.0880 1708 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:44:52.0901 1708 FsDepends - ok
18:44:52.0918 1708 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:44:52.0960 1708 Fs_Rec - ok
18:44:52.0999 1708 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:44:53.0039 1708 fvevol - ok
18:44:53.0067 1708 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:44:53.0101 1708 gagp30kx - ok
18:44:53.0147 1708 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:44:53.0173 1708 GEARAspiWDM - ok
18:44:53.0202 1708 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:44:53.0232 1708 hcw85cir - ok
18:44:53.0389 1708 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
18:44:53.0446 1708 HdAudAddService - ok
18:44:53.0567 1708 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:44:53.0612 1708 HDAudBus - ok
18:44:53.0636 1708 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:44:53.0664 1708 HidBatt - ok
18:44:53.0690 1708 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:44:53.0724 1708 HidBth - ok
18:44:53.0746 1708 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:44:53.0780 1708 HidIr - ok
18:44:53.0806 1708 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
18:44:53.0833 1708 HidUsb - ok
18:44:53.0885 1708 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:44:53.0910 1708 HpqKbFiltr - ok
18:44:53.0934 1708 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:44:53.0963 1708 HpSAMD - ok
18:44:53.0993 1708 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
18:44:54.0061 1708 HTTP - ok
18:44:54.0086 1708 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
18:44:54.0106 1708 hwpolicy - ok
18:44:54.0130 1708 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:44:54.0170 1708 i8042prt - ok
18:44:54.0216 1708 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
18:44:54.0252 1708 iaStorV - ok
18:44:54.0424 1708 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120225.004\IDSvia64.sys
18:44:54.0484 1708 IDSVia64 - ok
18:44:54.0830 1708 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:44:54.0975 1708 igfx - ok
18:44:55.0062 1708 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:44:55.0111 1708 iirsp - ok
18:44:55.0165 1708 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
18:44:55.0202 1708 IntcHdmiAddService - ok
18:44:55.0224 1708 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
18:44:55.0250 1708 intelide - ok
18:44:55.0269 1708 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:44:55.0302 1708 intelppm - ok
18:44:55.0327 1708 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:44:55.0382 1708 IpFilterDriver - ok
18:44:55.0413 1708 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:44:55.0606 1708 IPMIDRV - ok
18:44:55.0692 1708 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:44:55.0789 1708 IPNAT - ok
18:44:55.0816 1708 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:44:55.0849 1708 IRENUM - ok
18:44:55.0876 1708 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
18:44:55.0903 1708 isapnp - ok
18:44:55.0917 1708 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
18:44:55.0950 1708 iScsiPrt - ok
18:44:55.0970 1708 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:44:55.0999 1708 kbdclass - ok
18:44:56.0018 1708 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
18:44:56.0046 1708 kbdhid - ok
18:44:56.0090 1708 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
18:44:56.0111 1708 KSecDD - ok
18:44:56.0141 1708 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
18:44:56.0171 1708 KSecPkg - ok
18:44:56.0196 1708 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:44:56.0246 1708 ksthunk - ok
18:44:56.0283 1708 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:44:56.0334 1708 lltdio - ok
18:44:56.0358 1708 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:44:56.0386 1708 LSI_FC - ok
18:44:56.0410 1708 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:44:56.0455 1708 LSI_SAS - ok
18:44:56.0481 1708 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:44:56.0511 1708 LSI_SAS2 - ok
18:44:56.0533 1708 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:44:56.0560 1708 LSI_SCSI - ok
18:44:56.0581 1708 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:44:56.0637 1708 luafv - ok
18:44:56.0652 1708 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:44:56.0680 1708 megasas - ok
18:44:56.0702 1708 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:44:56.0731 1708 MegaSR - ok
18:44:56.0754 1708 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:44:56.0808 1708 Modem - ok
18:44:56.0828 1708 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:44:56.0858 1708 monitor - ok
18:44:56.0875 1708 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:44:56.0904 1708 mouclass - ok
18:44:56.0915 1708 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:44:56.0943 1708 mouhid - ok
18:44:56.0961 1708 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
18:44:56.0992 1708 mountmgr - ok
18:44:57.0013 1708 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
18:44:57.0037 1708 mpio - ok
18:44:57.0052 1708 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:44:57.0105 1708 mpsdrv - ok
18:44:57.0130 1708 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
18:44:57.0168 1708 MRxDAV - ok
18:44:57.0217 1708 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:44:57.0266 1708 mrxsmb - ok
18:44:57.0310 1708 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:44:57.0351 1708 mrxsmb10 - ok
18:44:57.0396 1708 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:44:57.0425 1708 mrxsmb20 - ok
18:44:57.0440 1708 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
18:44:57.0469 1708 msahci - ok
18:44:57.0486 1708 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
18:44:57.0520 1708 msdsm - ok
18:44:57.0551 1708 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:44:57.0603 1708 Msfs - ok
18:44:57.0628 1708 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:44:57.0677 1708 mshidkmdf - ok
18:44:57.0694 1708 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
18:44:57.0719 1708 msisadrv - ok
18:44:57.0751 1708 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:44:57.0800 1708 MSKSSRV - ok
18:44:57.0816 1708 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:44:57.0864 1708 MSPCLOCK - ok
18:44:57.0884 1708 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:44:57.0933 1708 MSPQM - ok
18:44:57.0966 1708 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
18:44:57.0992 1708 MsRPC - ok
18:44:58.0020 1708 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:44:58.0048 1708 mssmbios - ok
18:44:58.0066 1708 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:44:58.0116 1708 MSTEE - ok
18:44:58.0145 1708 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:44:58.0182 1708 MTConfig - ok
18:44:58.0217 1708 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:44:58.0256 1708 Mup - ok
18:44:58.0312 1708 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:44:58.0362 1708 NativeWifiP - ok
18:44:58.0507 1708 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120228.006\ENG64.SYS
18:44:58.0551 1708 NAVENG - ok
18:44:58.0702 1708 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120228.006\EX64.SYS
18:44:58.0767 1708 NAVEX15 - ok
18:44:58.0912 1708 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
18:44:58.0965 1708 NDIS - ok
18:44:58.0997 1708 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:44:59.0048 1708 NdisCap - ok
18:44:59.0068 1708 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:44:59.0118 1708 NdisTapi - ok
18:44:59.0141 1708 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
18:44:59.0197 1708 Ndisuio - ok
18:44:59.0220 1708 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:44:59.0272 1708 NdisWan - ok
18:44:59.0294 1708 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
18:44:59.0350 1708 NDProxy - ok
18:44:59.0371 1708 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:44:59.0423 1708 NetBIOS - ok
18:44:59.0446 1708 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
18:44:59.0498 1708 NetBT - ok
18:44:59.0707 1708 NETw1v64 (e72f4522801ffb8f0456924fb0017bff) C:\Windows\system32\DRIVERS\NETw1v64.sys
18:44:59.0845 1708 NETw1v64 - ok
18:45:00.0071 1708 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
18:45:00.0204 1708 NETw5s64 - ok
18:45:00.0359 1708 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
18:45:00.0450 1708 netw5v64 - ok
18:45:00.0484 1708 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:45:00.0513 1708 nfrd960 - ok
18:45:00.0533 1708 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:45:00.0587 1708 Npfs - ok
18:45:00.0609 1708 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:45:00.0661 1708 nsiproxy - ok
18:45:00.0734 1708 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
18:45:00.0830 1708 Ntfs - ok
18:45:00.0849 1708 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:45:00.0899 1708 Null - ok
18:45:00.0937 1708 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
18:45:00.0964 1708 nvraid - ok
18:45:01.0001 1708 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
18:45:01.0031 1708 nvstor - ok
18:45:01.0052 1708 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
18:45:01.0090 1708 nv_agp - ok
18:45:01.0119 1708 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
18:45:01.0147 1708 ohci1394 - ok
18:45:01.0185 1708 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:45:01.0217 1708 Parport - ok
18:45:01.0237 1708 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
18:45:01.0267 1708 partmgr - ok
18:45:01.0289 1708 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
18:45:01.0321 1708 pci - ok
18:45:01.0340 1708 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
18:45:01.0365 1708 pciide - ok
18:45:01.0390 1708 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:45:01.0423 1708 pcmcia - ok
18:45:01.0446 1708 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:45:01.0472 1708 pcw - ok
18:45:01.0496 1708 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:45:01.0557 1708 PEAUTH - ok
18:45:01.0609 1708 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
18:45:01.0665 1708 PptpMiniport - ok
18:45:01.0684 1708 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:45:01.0717 1708 Processor - ok
18:45:01.0745 1708 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
18:45:01.0797 1708 Psched - ok
18:45:01.0842 1708 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:45:01.0907 1708 ql2300 - ok
18:45:01.0932 1708 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:45:01.0960 1708 ql40xx - ok
18:45:01.0983 1708 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:45:02.0016 1708 QWAVEdrv - ok
18:45:02.0038 1708 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:45:02.0090 1708 RasAcd - ok
18:45:02.0125 1708 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:45:02.0176 1708 RasAgileVpn - ok
18:45:02.0195 1708 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:45:02.0248 1708 Rasl2tp - ok
18:45:02.0271 1708 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:45:02.0331 1708 RasPppoe - ok
18:45:02.0346 1708 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:45:02.0399 1708 RasSstp - ok
18:45:02.0427 1708 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
18:45:02.0481 1708 rdbss - ok
18:45:02.0504 1708 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:45:02.0536 1708 rdpbus - ok
18:45:02.0562 1708 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:45:02.0612 1708 RDPCDD - ok
18:45:02.0636 1708 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:45:02.0686 1708 RDPENCDD - ok
18:45:02.0711 1708 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:45:02.0761 1708 RDPREFMP - ok
18:45:02.0791 1708 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
18:45:02.0846 1708 RDPWD - ok
18:45:02.0877 1708 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
18:45:02.0913 1708 rdyboost - ok
18:45:02.0943 1708 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:45:02.0995 1708 rspndr - ok
18:45:03.0047 1708 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
18:45:03.0093 1708 RSUSBSTOR - ok
18:45:03.0140 1708 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:45:03.0169 1708 RTL8167 - ok
18:45:03.0180 1708 RtsUIR - ok
18:45:03.0208 1708 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
18:45:03.0243 1708 sbp2port - ok
18:45:03.0268 1708 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
18:45:03.0322 1708 scfilter - ok
18:45:03.0373 1708 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\drivers\sdbus.sys
18:45:03.0405 1708 sdbus - ok
18:45:03.0427 1708 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:45:03.0477 1708 secdrv - ok
18:45:03.0510 1708 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:45:03.0541 1708 Serenum - ok
18:45:03.0569 1708 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:45:03.0605 1708 Serial - ok
18:45:03.0627 1708 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:45:03.0655 1708 sermouse - ok
18:45:03.0937 1708 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:45:03.0990 1708 sffdisk - ok
18:45:04.0016 1708 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:45:04.0043 1708 sffp_mmc - ok
18:45:04.0062 1708 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
18:45:04.0089 1708 sffp_sd - ok
18:45:04.0112 1708 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:45:04.0139 1708 sfloppy - ok
18:45:04.0166 1708 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:45:04.0194 1708 SiSRaid2 - ok
18:45:04.0218 1708 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:45:04.0251 1708 SiSRaid4 - ok
18:45:04.0270 1708 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:45:04.0321 1708 Smb - ok
18:45:04.0346 1708 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:45:04.0372 1708 spldr - ok
18:45:04.0470 1708 SRTSP (9e399476e5d5e0d3c8822c857a7e9a9a) C:\Windows\System32\Drivers\N360x64\0308030.006\SRTSP64.SYS
18:45:04.0520 1708 SRTSP - ok
18:45:04.0546 1708 SRTSPX (3d7717b582f0365e75071556936e5a6b) C:\Windows\system32\drivers\N360x64\0308030.006\SRTSPX64.SYS
18:45:04.0570 1708 SRTSPX - ok
18:45:04.0623 1708 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
18:45:04.0698 1708 srv - ok
18:45:04.0736 1708 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
18:45:04.0773 1708 srv2 - ok
18:45:04.0812 1708 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:45:04.0851 1708 SrvHsfHDA - ok
18:45:04.0900 1708 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:45:04.0947 1708 SrvHsfV92 - ok
18:45:04.0986 1708 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:45:05.0022 1708 SrvHsfWinac - ok
18:45:05.0065 1708 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
18:45:05.0100 1708 srvnet - ok
18:45:05.0130 1708 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:45:05.0157 1708 stexstor - ok
18:45:05.0221 1708 STHDA (a3fb7ad8720d7e02aa0111a6b51c2744) C:\Windows\system32\DRIVERS\stwrt64.sys
18:45:05.0263 1708 STHDA - ok
18:45:05.0306 1708 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:45:05.0340 1708 swenum - ok
18:45:05.0393 1708 sxuptp (20a4a4513e50f84b662e106eb27f5aeb) C:\Windows\system32\DRIVERS\sxuptp.sys
18:45:05.0432 1708 sxuptp - ok
18:45:05.0764 1708 SymEFA (4f87bb5389a93778ebc363b28271a65b) C:\Windows\system32\drivers\N360x64\0308030.006\SYMEFA64.SYS
18:45:05.0844 1708 SymEFA - ok
18:45:05.0894 1708 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
18:45:05.0927 1708 SymEvent - ok
18:45:05.0951 1708 SYMFW (b4af6633ecd674b74bd4e80788299d2a) C:\Windows\System32\Drivers\N360x64\0308030.006\SYMFW.SYS
18:45:05.0970 1708 SYMFW - ok
18:45:06.0010 1708 SymIM (212bbf5a964513980d5de9397381534f) C:\Windows\system32\DRIVERS\SymIMv.sys
18:45:06.0033 1708 SymIM - ok
18:45:06.0075 1708 SYMNDISV (d451a05f7e7b9d1f9f8fb76b2a16d786) C:\Windows\System32\Drivers\N360x64\0308030.006\SYMNDISV.SYS
18:45:06.0101 1708 SYMNDISV - ok
18:45:06.0125 1708 SYMTDI (33b37cb0a74f1f4b78a665ece9184095) C:\Windows\System32\Drivers\N360x64\0308030.006\SYMTDI.SYS
18:45:06.0148 1708 SYMTDI - ok
18:45:06.0194 1708 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
18:45:06.0232 1708 SynTP - ok
18:45:06.0324 1708 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
18:45:06.0422 1708 Tcpip - ok
18:45:06.0467 1708 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
18:45:06.0532 1708 TCPIP6 - ok
18:45:06.0575 1708 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
18:45:06.0625 1708 tcpipreg - ok
18:45:06.0654 1708 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:45:06.0705 1708 TDPIPE - ok
18:45:06.0723 1708 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:45:06.0775 1708 TDTCP - ok
18:45:06.0802 1708 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
18:45:06.0855 1708 tdx - ok
18:45:06.0872 1708 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
18:45:06.0893 1708 TermDD - ok
18:45:06.0920 1708 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:45:06.0974 1708 tssecsrv - ok
18:45:06.0990 1708 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
18:45:07.0044 1708 tunnel - ok
18:45:07.0063 1708 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:45:07.0094 1708 uagp35 - ok
18:45:07.0127 1708 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
18:45:07.0184 1708 udfs - ok
18:45:07.0213 1708 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:45:07.0244 1708 uliagpkx - ok
18:45:07.0269 1708 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
18:45:07.0297 1708 umbus - ok
18:45:07.0316 1708 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:45:07.0343 1708 UmPass - ok
18:45:07.0389 1708 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
18:45:07.0424 1708 usbaudio - ok
18:45:07.0459 1708 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
18:45:07.0499 1708 usbbus - ok
18:45:07.0539 1708 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
18:45:07.0576 1708 usbccgp - ok
18:45:07.0586 1708 USBCCID - ok
18:45:07.0614 1708 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
18:45:07.0655 1708 usbcir - ok
18:45:07.0694 1708 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
18:45:07.0721 1708 UsbDiag - ok
18:45:07.0762 1708 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
18:45:07.0802 1708 usbehci - ok
18:45:07.0858 1708 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
18:45:07.0897 1708 usbhub - ok
18:45:07.0925 1708 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
18:45:07.0952 1708 USBModem - ok
18:45:07.0987 1708 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
18:45:08.0015 1708 usbohci - ok
18:45:08.0052 1708 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:45:08.0084 1708 usbprint - ok
18:45:08.0122 1708 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:45:08.0164 1708 USBSTOR - ok
18:45:08.0188 1708 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:45:08.0217 1708 usbuhci - ok
18:45:08.0251 1708 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
18:45:08.0279 1708 usbvideo - ok
18:45:08.0301 1708 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:45:08.0328 1708 vdrvroot - ok
18:45:08.0358 1708 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:45:08.0391 1708 vga - ok
18:45:08.0419 1708 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:45:08.0471 1708 VgaSave - ok
18:45:08.0511 1708 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
18:45:08.0539 1708 vhdmp - ok
18:45:08.0557 1708 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
18:45:08.0584 1708 viaide - ok
18:45:08.0604 1708 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
18:45:08.0633 1708 volmgr - ok
18:45:08.0657 1708 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
18:45:08.0692 1708 volmgrx - ok
18:45:08.0714 1708 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
18:45:08.0743 1708 volsnap - ok
18:45:08.0768 1708 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:45:08.0807 1708 vsmraid - ok
18:45:08.0825 1708 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:45:08.0854 1708 vwifibus - ok
18:45:08.0879 1708 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:45:08.0906 1708 vwififlt - ok
18:45:08.0931 1708 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:45:08.0961 1708 WacomPen - ok
18:45:09.0066 1708 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:45:09.0160 1708 WANARP - ok
18:45:09.0165 1708 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
18:45:09.0224 1708 Wanarpv6 - ok
18:45:09.0259 1708 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:45:09.0284 1708 Wd - ok
18:45:09.0316 1708 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:45:09.0353 1708 Wdf01000 - ok
18:45:09.0388 1708 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:45:09.0439 1708 WfpLwf - ok
18:45:09.0466 1708 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:45:09.0493 1708 WIMMount - ok
18:45:09.0551 1708 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
18:45:09.0582 1708 WinUsb - ok
18:45:09.0610 1708 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:45:09.0639 1708 WmiAcpi - ok
18:45:09.0674 1708 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:45:09.0725 1708 ws2ifsl - ok
18:45:09.0760 1708 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
18:45:09.0812 1708 WudfPf - ok
18:45:09.0838 1708 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:45:09.0894 1708 WUDFRd - ok
18:45:09.0934 1708 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
18:45:09.0967 1708 yukonw7 - ok
18:45:09.0993 1708 MBR (0x1B8) (0b1dadf37e478804cb22509cf36f5b47) \Device\Harddisk0\DR0
18:45:10.0057 1708 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:45:10.0057 1708 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:45:10.0085 1708 Boot (0x1200) (0252da4908762c66c6d2fdf1485a5949) \Device\Harddisk0\DR0\Partition0
18:45:10.0087 1708 \Device\Harddisk0\DR0\Partition0 - ok
18:45:10.0096 1708 Boot (0x1200) (7d0e58ddfed842e87fbf4c21b7bbcd40) \Device\Harddisk0\DR0\Partition1
18:45:10.0097 1708 \Device\Harddisk0\DR0\Partition1 - ok
18:45:10.0126 1708 Boot (0x1200) (a2a80c22dda38266321d3e51502616fe) \Device\Harddisk0\DR0\Partition2
18:45:10.0128 1708 \Device\Harddisk0\DR0\Partition2 - ok
18:45:10.0129 1708 ============================================================
18:45:10.0129 1708 Scan finished
18:45:10.0129 1708 ============================================================
18:45:10.0145 4296 Detected object count: 1
18:45:10.0145 4296 Actual detected object count: 1
18:56:33.0978 4296 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:56:34.0072 4296 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
18:56:34.0250 4296 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
18:56:34.0372 4296 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
18:56:34.0450 4296 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:56:34.0547 4296 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
18:56:34.0625 4296 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:56:34.0638 4296 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:56:34.0644 4296 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:56:34.0651 4296 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:56:34.0732 4296 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
18:56:34.0819 4296 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:56:34.0824 4296 \Device\Harddisk0\DR0\TDLFS - deleted
18:56:34.0824 4296 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

#15 zman4430

zman4430
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:29 PM

Posted 28 February 2012 - 07:13 PM

As indicated by the TDSS log above, I had it Delete the only remaining threat that it detected. Immediately upon deleting it, Norton blocked an attack. A subsequent Malwarbytes scan still shows the svchost.exe threat as being present.

MB Log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.28.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Adam :: LAPTOP [administrator]

2/28/2012 7:06:49 PM
mbam-log-2012-02-28 (19-09-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186514
Time elapsed: 1 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users