Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FakeHDD Virus has left a trojan in svchost.exe


  • Please log in to reply
7 replies to this topic

#1 Fyrefly

Fyrefly

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 21 April 2012 - 12:15 AM

Hello all. I'm hoping you will be able to help me avoid a complete Nuke from Orbit reformat, because I'm at the end of my rope.

I am running Windows 7 Professional Edition, ordinary Dell XPS, Core i5, nothing particularly out of the ordinary.

A few weeks ago I contracted a virus from what I'm guessing was a poisoned webpage which hid my entire desktop, C:/ drive, Control Panel, etc. It then proceeded to pop up a window with the "PC Performance and Stability Analysis Report" program in it which claimed I had suffered major hardware damage and please run to save what data can be salvaged! It also vomited a bunch of big scary error windows all over the place. But some details like forgetting to get rid of my post it notes and a bit of messing around via the Display menu to get into the Control Panel proper showed everything was still installed just fine, only hidden.

I went in via Safe Mode and ran Malwarebytes via the command prompt and was able to at least take out the portion of the virus that was spitting windows at me upon every boot-up. I then used Unhide.exe to get my stuff back because I had some pretty major thesis work that I didn't have backed up and needed to save (bad of me I know but I learned my lesson.)

I decided to nuke from orbit once I was certain that I had my data, so I used my factory restore disk from Dell. But it offered an option to partition off selected files before resetting, so I took it, deciding it would be way easier to just tell it to save the folders in question than to move everything off then back on.

Fast forward to today and it appears that a little something has survived the psuedo-reformat. I'm using Symantec Anti-Virus through my university, and it found a trojan in svchost.exe which I attempted to delete but upon reboot was still there. Malwarebytes, Spybot Search and Destroy, and TDSSKiller have all found the same trojan, deleted it, and it's still been there upon reboot. I have tried running all 4 programs in Safe Mode as well with no results.

I'd love to see if I can kill this thing without doing a full reformat. Any assitance would be greatly appreciated. Thanks!

Edited by Fyrefly, 21 April 2012 - 12:16 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:37 AM

Posted 21 April 2012 - 08:48 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Edited by narenxp, 21 April 2012 - 08:49 AM.


#3 Fyrefly

Fyrefly
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 21 April 2012 - 10:29 AM

TDSSKiller Log

12:13:52.0967 3936 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
12:13:53.0341 3936 ============================================================
12:13:53.0341 3936 Current date / time: 2012/04/21 12:13:53.0341
12:13:53.0341 3936 SystemInfo:
12:13:53.0341 3936
12:13:53.0341 3936 OS Version: 6.1.7600 ServicePack: 0.0
12:13:53.0341 3936 Product type: Workstation
12:13:53.0341 3936 ComputerName: BAKPC
12:13:53.0341 3936 UserName: Brittany
12:13:53.0341 3936 Windows directory: C:\Windows
12:13:53.0341 3936 System windows directory: C:\Windows
12:13:53.0341 3936 Running under WOW64
12:13:53.0341 3936 Processor architecture: Intel x64
12:13:53.0341 3936 Number of processors: 4
12:13:53.0341 3936 Page size: 0x1000
12:13:53.0341 3936 Boot type: Normal boot
12:13:53.0341 3936 ============================================================
12:13:53.0825 3936 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:13:53.0825 3936 \Device\Harddisk0\DR0:
12:13:53.0840 3936 MBR partitions:
12:13:53.0840 3936 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
12:13:53.0840 3936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x48AF80EB
12:13:53.0872 3936 C: <-> \Device\Harddisk0\DR0\Partition1
12:13:53.0872 3936 Initialize success
12:13:53.0872 3936 ============================================================
12:14:03.0200 4692 ============================================================
12:14:03.0200 4692 Scan started
12:14:03.0200 4692 Mode: Manual; TDLFS;
12:14:03.0200 4692 ============================================================
12:14:03.0934 4692 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
12:14:03.0949 4692 1394ohci - ok
12:14:04.0012 4692 Acceler (7a505465bbb1eb8b5ad4d76e8749383b) C:\Windows\system32\DRIVERS\Accelern.sys
12:14:04.0012 4692 Acceler - ok
12:14:04.0214 4692 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
12:14:04.0214 4692 ACPI - ok
12:14:04.0261 4692 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
12:14:04.0261 4692 AcpiPmi - ok
12:14:04.0355 4692 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:14:04.0355 4692 adp94xx - ok
12:14:04.0402 4692 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:14:04.0402 4692 adpahci - ok
12:14:04.0448 4692 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:14:04.0448 4692 adpu320 - ok
12:14:04.0495 4692 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:14:04.0511 4692 AeLookupSvc - ok
12:14:04.0604 4692 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
12:14:04.0604 4692 AERTFilters - ok
12:14:04.0729 4692 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
12:14:04.0745 4692 AFD - ok
12:14:04.0823 4692 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
12:14:04.0823 4692 agp440 - ok
12:14:04.0870 4692 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:14:04.0870 4692 ALG - ok
12:14:04.0932 4692 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
12:14:04.0932 4692 aliide - ok
12:14:05.0182 4692 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
12:14:05.0182 4692 amdide - ok
12:14:05.0275 4692 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:14:05.0275 4692 AmdK8 - ok
12:14:05.0306 4692 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:14:05.0306 4692 AmdPPM - ok
12:14:05.0384 4692 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
12:14:05.0384 4692 amdsata - ok
12:14:05.0416 4692 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:14:05.0416 4692 amdsbs - ok
12:14:05.0478 4692 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
12:14:05.0478 4692 amdxata - ok
12:14:05.0556 4692 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:14:05.0556 4692 AppID - ok
12:14:05.0650 4692 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:14:05.0650 4692 AppIDSvc - ok
12:14:05.0696 4692 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
12:14:05.0696 4692 Appinfo - ok
12:14:05.0759 4692 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
12:14:05.0774 4692 AppMgmt - ok
12:14:05.0821 4692 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:14:05.0821 4692 arc - ok
12:14:05.0884 4692 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:14:05.0884 4692 arcsas - ok
12:14:05.0946 4692 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:14:05.0946 4692 AsyncMac - ok
12:14:06.0024 4692 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
12:14:06.0040 4692 atapi - ok
12:14:06.0118 4692 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
12:14:06.0118 4692 AudioEndpointBuilder - ok
12:14:06.0133 4692 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
12:14:06.0149 4692 AudioSrv - ok
12:14:06.0180 4692 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
12:14:06.0196 4692 AxInstSV - ok
12:14:06.0305 4692 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:14:06.0305 4692 b06bdrv - ok
12:14:06.0336 4692 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:14:06.0352 4692 b57nd60a - ok
12:14:06.0476 4692 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:14:06.0476 4692 BDESVC - ok
12:14:06.0539 4692 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:14:06.0539 4692 Beep - ok
12:14:06.0601 4692 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
12:14:06.0601 4692 BFE - ok
12:14:06.0726 4692 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
12:14:06.0742 4692 BITS - ok
12:14:06.0913 4692 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:14:06.0913 4692 blbdrive - ok
12:14:06.0976 4692 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
12:14:06.0976 4692 bowser - ok
12:14:07.0022 4692 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:14:07.0022 4692 BrFiltLo - ok
12:14:07.0038 4692 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:14:07.0038 4692 BrFiltUp - ok
12:14:07.0100 4692 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
12:14:07.0100 4692 Browser - ok
12:14:07.0194 4692 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:14:07.0194 4692 Brserid - ok
12:14:07.0288 4692 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:14:07.0288 4692 BrSerWdm - ok
12:14:07.0319 4692 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:14:07.0334 4692 BrUsbMdm - ok
12:14:07.0366 4692 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:14:07.0366 4692 BrUsbSer - ok
12:14:07.0397 4692 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:14:07.0397 4692 BTHMODEM - ok
12:14:07.0459 4692 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:14:07.0459 4692 bthserv - ok
12:14:07.0646 4692 ccEvtMgr (5e68928ba2412e60ff1c61441313cf8d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
12:14:07.0646 4692 ccEvtMgr - ok
12:14:07.0662 4692 ccSetMgr (5e68928ba2412e60ff1c61441313cf8d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
12:14:07.0662 4692 ccSetMgr - ok
12:14:07.0802 4692 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:14:07.0802 4692 cdfs - ok
12:14:07.0865 4692 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
12:14:07.0865 4692 cdrom - ok
12:14:07.0943 4692 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
12:14:07.0943 4692 CertPropSvc - ok
12:14:08.0068 4692 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:14:08.0068 4692 circlass - ok
12:14:08.0099 4692 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:14:08.0114 4692 CLFS - ok
12:14:08.0208 4692 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:14:08.0208 4692 clr_optimization_v2.0.50727_32 - ok
12:14:08.0270 4692 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:14:08.0270 4692 clr_optimization_v2.0.50727_64 - ok
12:14:08.0380 4692 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:14:08.0395 4692 CmBatt - ok
12:14:08.0660 4692 cmdAgent (539496faa87062bade23726a8b43d209) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
12:14:08.0676 4692 cmdAgent - ok
12:14:08.0848 4692 cmdGuard (0020e6598d80b92e4d8618554c4843ab) C:\Windows\system32\DRIVERS\cmdguard.sys
12:14:08.0848 4692 cmdGuard - ok
12:14:08.0926 4692 cmdHlp (7a2af19b01bf433c23ac1111610acf84) C:\Windows\system32\DRIVERS\cmdhlp.sys
12:14:08.0926 4692 cmdHlp - ok
12:14:08.0972 4692 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
12:14:08.0972 4692 cmdide - ok
12:14:09.0035 4692 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
12:14:09.0035 4692 CNG - ok
12:14:09.0113 4692 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:14:09.0113 4692 Compbatt - ok
12:14:09.0160 4692 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:14:09.0160 4692 CompositeBus - ok
12:14:09.0175 4692 COMSysApp - ok
12:14:09.0206 4692 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:14:09.0222 4692 crcdisk - ok
12:14:09.0300 4692 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
12:14:09.0300 4692 CryptSvc - ok
12:14:09.0362 4692 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
12:14:09.0362 4692 CSC - ok
12:14:09.0409 4692 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
12:14:09.0425 4692 CscService - ok
12:14:09.0503 4692 CtClsFlt (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows\system32\DRIVERS\CtClsFlt.sys
12:14:09.0503 4692 CtClsFlt - ok
12:14:09.0581 4692 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
12:14:09.0581 4692 DcomLaunch - ok
12:14:09.0628 4692 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:14:09.0643 4692 defragsvc - ok
12:14:09.0674 4692 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
12:14:09.0674 4692 DfsC - ok
12:14:09.0752 4692 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
12:14:09.0752 4692 Dhcp - ok
12:14:09.0799 4692 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:14:09.0799 4692 discache - ok
12:14:09.0862 4692 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:14:09.0862 4692 Disk - ok
12:14:09.0908 4692 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
12:14:09.0908 4692 Dnscache - ok
12:14:10.0049 4692 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
12:14:10.0049 4692 dot3svc - ok
12:14:10.0064 4692 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
12:14:10.0064 4692 DPS - ok
12:14:10.0142 4692 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:14:10.0142 4692 drmkaud - ok
12:14:10.0205 4692 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
12:14:10.0220 4692 DXGKrnl - ok
12:14:10.0392 4692 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:14:10.0392 4692 EapHost - ok
12:14:10.0501 4692 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:14:10.0517 4692 ebdrv - ok
12:14:10.0688 4692 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:14:10.0688 4692 eeCtrl - ok
12:14:10.0782 4692 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
12:14:10.0782 4692 EFS - ok
12:14:10.0985 4692 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
12:14:10.0985 4692 ehRecvr - ok
12:14:11.0063 4692 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:14:11.0063 4692 ehSched - ok
12:14:11.0172 4692 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:14:11.0172 4692 elxstor - ok
12:14:11.0359 4692 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:14:11.0359 4692 EraserUtilRebootDrv - ok
12:14:11.0531 4692 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
12:14:11.0531 4692 ErrDev - ok
12:14:11.0624 4692 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:14:11.0624 4692 EventSystem - ok
12:14:11.0796 4692 EvtEng (b56d9602db5fe1c116b1ca5efd8e2e50) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:14:11.0812 4692 EvtEng - ok
12:14:11.0921 4692 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:14:11.0921 4692 exfat - ok
12:14:11.0983 4692 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
12:14:11.0983 4692 FACAP - ok
12:14:12.0014 4692 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:14:12.0014 4692 fastfat - ok
12:14:12.0092 4692 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
12:14:12.0108 4692 Fax - ok
12:14:12.0186 4692 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:14:12.0186 4692 fdc - ok
12:14:12.0233 4692 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:14:12.0233 4692 fdPHost - ok
12:14:12.0248 4692 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:14:12.0248 4692 FDResPub - ok
12:14:12.0295 4692 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:14:12.0295 4692 FileInfo - ok
12:14:12.0311 4692 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:14:12.0311 4692 Filetrace - ok
12:14:12.0342 4692 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:14:12.0342 4692 flpydisk - ok
12:14:12.0436 4692 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
12:14:12.0436 4692 FltMgr - ok
12:14:12.0482 4692 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
12:14:12.0498 4692 FontCache - ok
12:14:12.0576 4692 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:14:12.0576 4692 FontCache3.0.0.0 - ok
12:14:12.0638 4692 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:14:12.0638 4692 FsDepends - ok
12:14:12.0685 4692 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
12:14:12.0685 4692 Fs_Rec - ok
12:14:12.0732 4692 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:14:12.0748 4692 fvevol - ok
12:14:12.0810 4692 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:14:12.0826 4692 gagp30kx - ok
12:14:12.0904 4692 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
12:14:12.0919 4692 GoToAssist - ok
12:14:13.0013 4692 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
12:14:13.0028 4692 gpsvc - ok
12:14:13.0060 4692 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:14:13.0060 4692 hcw85cir - ok
12:14:13.0138 4692 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:14:13.0138 4692 HDAudBus - ok
12:14:13.0184 4692 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
12:14:13.0184 4692 HECIx64 - ok
12:14:13.0231 4692 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:14:13.0231 4692 HidBatt - ok
12:14:13.0262 4692 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:14:13.0262 4692 HidBth - ok
12:14:13.0309 4692 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:14:13.0309 4692 HidIr - ok
12:14:13.0356 4692 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
12:14:13.0356 4692 hidserv - ok
12:14:13.0418 4692 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
12:14:13.0418 4692 HidUsb - ok
12:14:13.0465 4692 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
12:14:13.0465 4692 hkmsvc - ok
12:14:13.0512 4692 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
12:14:13.0528 4692 HomeGroupListener - ok
12:14:13.0574 4692 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
12:14:13.0574 4692 HomeGroupProvider - ok
12:14:13.0637 4692 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:14:13.0652 4692 HpSAMD - ok
12:14:13.0715 4692 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
12:14:13.0730 4692 HTTP - ok
12:14:13.0777 4692 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
12:14:13.0777 4692 hwpolicy - ok
12:14:13.0824 4692 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:14:13.0824 4692 i8042prt - ok
12:14:13.0902 4692 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
12:14:13.0902 4692 iaStor - ok
12:14:14.0011 4692 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:14:14.0011 4692 IAStorDataMgrSvc - ok
12:14:14.0167 4692 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
12:14:14.0167 4692 iaStorV - ok
12:14:14.0323 4692 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:14:14.0339 4692 idsvc - ok
12:14:14.0963 4692 igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:14:15.0134 4692 igfx - ok
12:14:15.0259 4692 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:14:15.0259 4692 iirsp - ok
12:14:15.0322 4692 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
12:14:15.0337 4692 IKEEXT - ok
12:14:15.0384 4692 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
12:14:15.0384 4692 Impcd - ok
12:14:15.0509 4692 inspect (fc863d6ec8fc977ac4be6ca7ddc10dae) C:\Windows\system32\DRIVERS\inspect.sys
12:14:15.0524 4692 inspect - ok
12:14:15.0712 4692 IntcAzAudAddService (491dadcc74327fabc85e0ab80af8f204) C:\Windows\system32\drivers\RTKVHD64.sys
12:14:15.0712 4692 IntcAzAudAddService - ok
12:14:15.0836 4692 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
12:14:15.0836 4692 IntcDAud - ok
12:14:15.0899 4692 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
12:14:15.0899 4692 intelide - ok
12:14:15.0946 4692 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:14:15.0946 4692 intelppm - ok
12:14:15.0992 4692 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:14:15.0992 4692 IPBusEnum - ok
12:14:16.0117 4692 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:14:16.0117 4692 IpFilterDriver - ok
12:14:16.0148 4692 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
12:14:16.0148 4692 iphlpsvc - ok
12:14:16.0180 4692 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:14:16.0180 4692 IPMIDRV - ok
12:14:16.0211 4692 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:14:16.0211 4692 IPNAT - ok
12:14:16.0258 4692 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:14:16.0258 4692 IRENUM - ok
12:14:16.0351 4692 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
12:14:16.0351 4692 isapnp - ok
12:14:16.0382 4692 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
12:14:16.0398 4692 iScsiPrt - ok
12:14:16.0414 4692 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:14:16.0414 4692 kbdclass - ok
12:14:16.0429 4692 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
12:14:16.0429 4692 kbdhid - ok
12:14:16.0492 4692 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:14:16.0492 4692 KeyIso - ok
12:14:16.0616 4692 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
12:14:16.0616 4692 KSecDD - ok
12:14:16.0663 4692 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
12:14:16.0679 4692 KSecPkg - ok
12:14:16.0726 4692 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:14:16.0726 4692 ksthunk - ok
12:14:16.0788 4692 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:14:16.0788 4692 KtmRm - ok
12:14:16.0882 4692 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
12:14:16.0897 4692 LanmanServer - ok
12:14:16.0928 4692 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
12:14:16.0928 4692 LanmanWorkstation - ok
12:14:17.0459 4692 LiveUpdate (6105b28f5d03c4affa7197b228768849) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
12:14:17.0490 4692 LiveUpdate - ok
12:14:17.0646 4692 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:14:17.0646 4692 lltdio - ok
12:14:17.0708 4692 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:14:17.0708 4692 lltdsvc - ok
12:14:17.0786 4692 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:14:17.0786 4692 lmhosts - ok
12:14:17.0911 4692 LMS (23d990150d56b670a62b21b9abdd45ee) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:14:17.0911 4692 LMS - ok
12:14:18.0005 4692 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:14:18.0005 4692 LSI_FC - ok
12:14:18.0052 4692 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:14:18.0067 4692 LSI_SAS - ok
12:14:18.0098 4692 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:14:18.0098 4692 LSI_SAS2 - ok
12:14:18.0114 4692 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:14:18.0114 4692 LSI_SCSI - ok
12:14:18.0145 4692 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:14:18.0145 4692 luafv - ok
12:14:18.0192 4692 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
12:14:18.0192 4692 Mcx2Svc - ok
12:14:18.0254 4692 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:14:18.0270 4692 megasas - ok
12:14:18.0379 4692 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:14:18.0379 4692 MegaSR - ok
12:14:18.0442 4692 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:14:18.0457 4692 MMCSS - ok
12:14:18.0520 4692 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:14:18.0520 4692 Modem - ok
12:14:18.0644 4692 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:14:18.0644 4692 monitor - ok
12:14:18.0691 4692 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:14:18.0691 4692 mouclass - ok
12:14:18.0722 4692 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:14:18.0722 4692 mouhid - ok
12:14:18.0785 4692 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
12:14:18.0785 4692 mountmgr - ok
12:14:18.0925 4692 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
12:14:18.0925 4692 mpio - ok
12:14:18.0956 4692 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:14:18.0956 4692 mpsdrv - ok
12:14:19.0019 4692 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
12:14:19.0019 4692 MpsSvc - ok
12:14:19.0081 4692 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
12:14:19.0081 4692 MRxDAV - ok
12:14:19.0159 4692 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:14:19.0159 4692 mrxsmb - ok
12:14:19.0190 4692 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:14:19.0190 4692 mrxsmb10 - ok
12:14:19.0237 4692 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:14:19.0237 4692 mrxsmb20 - ok
12:14:19.0268 4692 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
12:14:19.0268 4692 msahci - ok
12:14:19.0331 4692 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
12:14:19.0346 4692 msdsm - ok
12:14:19.0424 4692 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:14:19.0440 4692 MSDTC - ok
12:14:19.0456 4692 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:14:19.0471 4692 Msfs - ok
12:14:19.0487 4692 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:14:19.0487 4692 mshidkmdf - ok
12:14:19.0502 4692 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
12:14:19.0502 4692 msisadrv - ok
12:14:19.0565 4692 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:14:19.0580 4692 MSiSCSI - ok
12:14:19.0580 4692 msiserver - ok
12:14:19.0705 4692 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:14:19.0705 4692 MSKSSRV - ok
12:14:19.0736 4692 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:14:19.0736 4692 MSPCLOCK - ok
12:14:19.0752 4692 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:14:19.0752 4692 MSPQM - ok
12:14:19.0783 4692 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
12:14:19.0799 4692 MsRPC - ok
12:14:19.0814 4692 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:14:19.0814 4692 mssmbios - ok
12:14:19.0939 4692 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:14:19.0939 4692 MSTEE - ok
12:14:19.0970 4692 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:14:19.0970 4692 MTConfig - ok
12:14:20.0002 4692 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:14:20.0002 4692 Mup - ok
12:14:20.0111 4692 MyWiFiDHCPDNS (a9bc2302fbdf52c8af4e2fc966288d21) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:14:20.0111 4692 MyWiFiDHCPDNS - ok
12:14:20.0220 4692 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
12:14:20.0220 4692 napagent - ok
12:14:20.0298 4692 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:14:20.0298 4692 NativeWifiP - ok
12:14:20.0470 4692 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120419.002\ENG64.SYS
12:14:20.0470 4692 NAVENG - ok
12:14:20.0532 4692 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120419.002\EX64.SYS
12:14:20.0548 4692 NAVEX15 - ok
12:14:20.0704 4692 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
12:14:20.0735 4692 NDIS - ok
12:14:20.0782 4692 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:14:20.0782 4692 NdisCap - ok
12:14:20.0891 4692 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:14:20.0891 4692 NdisTapi - ok
12:14:20.0953 4692 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
12:14:20.0953 4692 Ndisuio - ok
12:14:20.0969 4692 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:14:20.0969 4692 NdisWan - ok
12:14:21.0016 4692 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
12:14:21.0016 4692 NDProxy - ok
12:14:21.0047 4692 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:14:21.0047 4692 NetBIOS - ok
12:14:21.0203 4692 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
12:14:21.0203 4692 NetBT - ok
12:14:21.0250 4692 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:14:21.0250 4692 Netlogon - ok
12:14:21.0359 4692 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:14:21.0374 4692 Netman - ok
12:14:21.0390 4692 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:14:21.0406 4692 netprofm - ok
12:14:21.0499 4692 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:14:21.0499 4692 NetTcpPortSharing - ok
12:14:22.0045 4692 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
12:14:22.0170 4692 NETw5s64 - ok
12:14:22.0388 4692 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:14:22.0388 4692 nfrd960 - ok
12:14:22.0466 4692 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
12:14:22.0466 4692 NlaSvc - ok
12:14:22.0498 4692 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:14:22.0498 4692 Npfs - ok
12:14:22.0576 4692 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:14:22.0576 4692 nsi - ok
12:14:22.0638 4692 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:14:22.0638 4692 nsiproxy - ok
12:14:22.0716 4692 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
12:14:22.0732 4692 Ntfs - ok
12:14:22.0763 4692 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:14:22.0763 4692 Null - ok
12:14:22.0841 4692 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
12:14:22.0841 4692 nusb3hub - ok
12:14:22.0934 4692 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:14:22.0950 4692 nusb3xhc - ok
12:14:22.0981 4692 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
12:14:22.0981 4692 NVHDA - ok
12:14:23.0558 4692 nvlddmkm (011f0596d167d073e6813ae88e7947a9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:14:23.0605 4692 nvlddmkm - ok
12:14:23.0792 4692 nvpciflt (2bcc53e4ba1acc9b63595c4ae7361ad3) C:\Windows\system32\DRIVERS\nvpciflt.sys
12:14:23.0792 4692 nvpciflt - ok
12:14:23.0824 4692 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
12:14:23.0839 4692 nvraid - ok
12:14:23.0855 4692 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
12:14:23.0870 4692 nvstor - ok
12:14:23.0980 4692 nvsvc (e72422f9c55078dfa298ac7aa0a87970) C:\Windows\system32\nvvsvc.exe
12:14:23.0980 4692 nvsvc - ok
12:14:24.0104 4692 nvUpdatusService (6df10645a794878776dc8f5338427388) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
12:14:24.0120 4692 nvUpdatusService - ok
12:14:24.0245 4692 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
12:14:24.0245 4692 nv_agp - ok
12:14:24.0416 4692 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:14:24.0416 4692 odserv - ok
12:14:24.0526 4692 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
12:14:24.0526 4692 ohci1394 - ok
12:14:24.0635 4692 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:14:24.0635 4692 ose - ok
12:14:24.0744 4692 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:14:24.0760 4692 p2pimsvc - ok
12:14:24.0791 4692 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:14:24.0806 4692 p2psvc - ok
12:14:24.0869 4692 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:14:24.0884 4692 Parport - ok
12:14:24.0947 4692 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
12:14:24.0947 4692 partmgr - ok
12:14:24.0994 4692 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:14:24.0994 4692 PcaSvc - ok
12:14:25.0025 4692 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
12:14:25.0025 4692 pci - ok
12:14:25.0056 4692 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
12:14:25.0056 4692 pciide - ok
12:14:25.0087 4692 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:14:25.0087 4692 pcmcia - ok
12:14:25.0134 4692 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:14:25.0134 4692 pcw - ok
12:14:25.0228 4692 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:14:25.0243 4692 PEAUTH - ok
12:14:25.0321 4692 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
12:14:25.0337 4692 PeerDistSvc - ok
12:14:25.0446 4692 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:14:25.0462 4692 PerfHost - ok
12:14:25.0742 4692 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
12:14:25.0774 4692 pla - ok
12:14:25.0883 4692 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
12:14:25.0898 4692 PlugPlay - ok
12:14:25.0930 4692 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:14:25.0945 4692 PNRPAutoReg - ok
12:14:25.0961 4692 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:14:25.0961 4692 PNRPsvc - ok
12:14:26.0008 4692 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
12:14:26.0023 4692 PolicyAgent - ok
12:14:26.0086 4692 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:14:26.0086 4692 Power - ok
12:14:26.0226 4692 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
12:14:26.0226 4692 PptpMiniport - ok
12:14:26.0242 4692 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:14:26.0242 4692 Processor - ok
12:14:26.0304 4692 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
12:14:26.0304 4692 ProfSvc - ok
12:14:26.0335 4692 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:14:26.0351 4692 ProtectedStorage - ok
12:14:26.0460 4692 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
12:14:26.0460 4692 Psched - ok
12:14:26.0491 4692 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:14:26.0491 4692 PxHlpa64 - ok
12:14:26.0569 4692 qicflt (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
12:14:26.0569 4692 qicflt - ok
12:14:26.0647 4692 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:14:26.0663 4692 ql2300 - ok
12:14:26.0694 4692 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:14:26.0694 4692 ql40xx - ok
12:14:26.0866 4692 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:14:26.0881 4692 QWAVE - ok
12:14:26.0975 4692 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:14:26.0975 4692 QWAVEdrv - ok
12:14:27.0037 4692 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:14:27.0037 4692 RasAcd - ok
12:14:27.0100 4692 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:14:27.0100 4692 RasAgileVpn - ok
12:14:27.0178 4692 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:14:27.0178 4692 RasAuto - ok
12:14:27.0256 4692 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:14:27.0256 4692 Rasl2tp - ok
12:14:27.0318 4692 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
12:14:27.0334 4692 RasMan - ok
12:14:27.0365 4692 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:14:27.0380 4692 RasPppoe - ok
12:14:27.0396 4692 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:14:27.0396 4692 RasSstp - ok
12:14:27.0412 4692 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
12:14:27.0412 4692 rdbss - ok
12:14:27.0474 4692 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:14:27.0474 4692 rdpbus - ok
12:14:27.0521 4692 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:14:27.0521 4692 RDPCDD - ok
12:14:27.0583 4692 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
12:14:27.0583 4692 RDPDR - ok
12:14:27.0614 4692 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:14:27.0614 4692 RDPENCDD - ok
12:14:27.0661 4692 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:14:27.0661 4692 RDPREFMP - ok
12:14:27.0724 4692 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
12:14:27.0724 4692 RDPWD - ok
12:14:27.0833 4692 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
12:14:27.0848 4692 rdyboost - ok
12:14:27.0989 4692 RegSrvc (0aa473966357c4a41b5eb19649eb6e5e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:14:27.0989 4692 RegSrvc - ok
12:14:28.0160 4692 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:14:28.0160 4692 RemoteAccess - ok
12:14:28.0207 4692 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:14:28.0207 4692 RemoteRegistry - ok
12:14:28.0363 4692 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
12:14:28.0379 4692 RoxMediaDB10 - ok
12:14:28.0519 4692 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:14:28.0535 4692 RpcEptMapper - ok
12:14:28.0566 4692 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:14:28.0566 4692 RpcLocator - ok
12:14:28.0644 4692 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
12:14:28.0660 4692 RpcSs - ok
12:14:28.0878 4692 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:14:28.0878 4692 rspndr - ok
12:14:28.0972 4692 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:14:28.0972 4692 RTL8167 - ok
12:14:29.0034 4692 RxFilter - ok
12:14:29.0096 4692 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
12:14:29.0096 4692 s3cap - ok
12:14:29.0159 4692 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:14:29.0159 4692 SamSs - ok
12:14:29.0237 4692 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
12:14:29.0237 4692 sbp2port - ok
12:14:29.0284 4692 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:14:29.0299 4692 SCardSvr - ok
12:14:29.0362 4692 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
12:14:29.0362 4692 scfilter - ok
12:14:29.0408 4692 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
12:14:29.0440 4692 Schedule - ok
12:14:29.0471 4692 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
12:14:29.0471 4692 SCPolicySvc - ok
12:14:29.0502 4692 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
12:14:29.0502 4692 SDRSVC - ok
12:14:29.0642 4692 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
12:14:29.0642 4692 SeaPort - ok
12:14:29.0767 4692 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:14:29.0767 4692 secdrv - ok
12:14:29.0814 4692 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
12:14:29.0814 4692 seclogon - ok
12:14:29.0845 4692 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
12:14:29.0845 4692 SENS - ok
12:14:29.0861 4692 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:14:29.0861 4692 SensrSvc - ok
12:14:29.0892 4692 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:14:29.0892 4692 Serenum - ok
12:14:29.0939 4692 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:14:29.0939 4692 Serial - ok
12:14:29.0970 4692 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:14:29.0970 4692 sermouse - ok
12:14:30.0048 4692 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
12:14:30.0048 4692 SessionEnv - ok
12:14:30.0079 4692 SessionLauncher - ok
12:14:30.0157 4692 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:14:30.0157 4692 sffdisk - ok
12:14:30.0188 4692 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:14:30.0188 4692 sffp_mmc - ok
12:14:30.0204 4692 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:14:30.0204 4692 sffp_sd - ok
12:14:30.0235 4692 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:14:30.0235 4692 sfloppy - ok
12:14:30.0313 4692 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
12:14:30.0313 4692 SftService - ok
12:14:30.0500 4692 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:14:30.0500 4692 SharedAccess - ok
12:14:30.0594 4692 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
12:14:30.0594 4692 ShellHWDetection - ok
12:14:30.0703 4692 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:14:30.0703 4692 SiSRaid2 - ok
12:14:30.0734 4692 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:14:30.0734 4692 SiSRaid4 - ok
12:14:30.0750 4692 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:14:30.0750 4692 Smb - ok
12:14:31.0436 4692 SmcService (48bfc901748a6cbdbcadd7991c867060) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
12:14:31.0452 4692 SmcService - ok
12:14:31.0795 4692 SNAC (767de5ffe38b673c03551f50d96eba0b) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
12:14:31.0795 4692 SNAC - ok
12:14:31.0920 4692 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:14:31.0920 4692 SNMPTRAP - ok
12:14:31.0998 4692 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:14:31.0998 4692 spldr - ok
12:14:32.0045 4692 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
12:14:32.0060 4692 Spooler - ok
12:14:32.0419 4692 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
12:14:32.0435 4692 sppsvc - ok
12:14:32.0591 4692 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:14:32.0591 4692 sppuinotify - ok
12:14:32.0762 4692 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
12:14:32.0762 4692 sprtsvc_DellSupportCenter - ok
12:14:33.0012 4692 SRTSP (b531fc8918dcdaae638511a123c3465e) C:\Windows\system32\Drivers\SRTSP64.SYS
12:14:33.0012 4692 SRTSP - ok
12:14:33.0293 4692 SRTSPL (2bd3a73d0601320b72486fc3ebc2544f) C:\Windows\system32\Drivers\SRTSPL64.SYS
12:14:33.0293 4692 SRTSPL - ok
12:14:33.0308 4692 SRTSPX (529b337c1aeeb289f0b502eb0ee6a8f5) C:\Windows\system32\Drivers\SRTSPX64.SYS
12:14:33.0308 4692 SRTSPX - ok
12:14:33.0449 4692 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
12:14:33.0449 4692 srv - ok
12:14:33.0496 4692 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
12:14:33.0511 4692 srv2 - ok
12:14:33.0558 4692 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
12:14:33.0558 4692 srvnet - ok
12:14:33.0667 4692 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:14:33.0683 4692 SSDPSRV - ok
12:14:33.0714 4692 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:14:33.0714 4692 SstpSvc - ok
12:14:33.0776 4692 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
12:14:33.0792 4692 stdcfltn - ok
12:14:33.0932 4692 Stereo Service (c6539a0cb1ebff488d3d4b070c4f17f8) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:14:33.0932 4692 Stereo Service - ok
12:14:34.0057 4692 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:14:34.0057 4692 stexstor - ok
12:14:34.0120 4692 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
12:14:34.0135 4692 stisvc - ok
12:14:34.0229 4692 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
12:14:34.0229 4692 stllssvr - ok
12:14:34.0385 4692 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
12:14:34.0385 4692 storflt - ok
12:14:34.0447 4692 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
12:14:34.0447 4692 StorSvc - ok
12:14:34.0494 4692 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
12:14:34.0494 4692 storvsc - ok
12:14:34.0541 4692 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:14:34.0541 4692 swenum - ok
12:14:34.0603 4692 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:14:34.0619 4692 swprv - ok
12:14:34.0946 4692 Symantec AntiVirus (d880fbd65b6f4885ac89628225b91398) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
12:14:34.0962 4692 Symantec AntiVirus - ok
12:14:35.0071 4692 SymEvent (d1f1a5e72e33d6be449f5f1f4a513dd1) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:14:35.0071 4692 SymEvent - ok
12:14:35.0134 4692 SynTP (36f506c894e1ea59c65faf6398bdf49a) C:\Windows\system32\DRIVERS\SynTP.sys
12:14:35.0149 4692 SynTP - ok
12:14:35.0227 4692 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
12:14:35.0243 4692 SysMain - ok
12:14:35.0274 4692 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
12:14:35.0290 4692 TabletInputService - ok
12:14:35.0305 4692 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
12:14:35.0321 4692 TapiSrv - ok
12:14:35.0336 4692 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:14:35.0336 4692 TBS - ok
12:14:35.0430 4692 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
12:14:35.0446 4692 Tcpip - ok
12:14:35.0508 4692 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
12:14:35.0524 4692 TCPIP6 - ok
12:14:35.0570 4692 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
12:14:35.0570 4692 tcpipreg - ok
12:14:35.0633 4692 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:14:35.0633 4692 TDPIPE - ok
12:14:35.0680 4692 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
12:14:35.0680 4692 TDTCP - ok
12:14:35.0726 4692 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
12:14:35.0726 4692 tdx - ok
12:14:35.0758 4692 Teefer2 (ef6ccf8b483201f7196d83fc136fa43a) C:\Windows\system32\DRIVERS\teefer2.sys
12:14:35.0773 4692 Teefer2 - ok
12:14:35.0804 4692 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
12:14:35.0804 4692 TermDD - ok
12:14:35.0914 4692 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
12:14:35.0914 4692 TermService - ok
12:14:35.0929 4692 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:14:35.0929 4692 Themes - ok
12:14:35.0976 4692 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:14:35.0976 4692 THREADORDER - ok
12:14:36.0023 4692 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:14:36.0023 4692 TrkWks - ok
12:14:36.0085 4692 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
12:14:36.0085 4692 TrustedInstaller - ok
12:14:36.0132 4692 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:14:36.0132 4692 tssecsrv - ok
12:14:36.0226 4692 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
12:14:36.0226 4692 tunnel - ok
12:14:36.0288 4692 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
12:14:36.0288 4692 TurboB - ok
12:14:36.0335 4692 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
12:14:36.0335 4692 TurboBoost - ok
12:14:36.0397 4692 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:14:36.0397 4692 uagp35 - ok
12:14:36.0460 4692 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
12:14:36.0475 4692 udfs - ok
12:14:36.0522 4692 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:14:36.0522 4692 UI0Detect - ok
12:14:36.0584 4692 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:14:36.0584 4692 uliagpkx - ok
12:14:36.0662 4692 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
12:14:36.0662 4692 umbus - ok
12:14:36.0740 4692 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:14:36.0740 4692 UmPass - ok
12:14:36.0772 4692 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
12:14:36.0772 4692 UmRdpService - ok
12:14:36.0943 4692 UNS (cbdee152d73200ee49031a26310b9d3e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:14:36.0959 4692 UNS - ok
12:14:37.0052 4692 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:14:37.0068 4692 upnphost - ok
12:14:37.0146 4692 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
12:14:37.0146 4692 usbccgp - ok
12:14:37.0177 4692 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
12:14:37.0177 4692 usbcir - ok
12:14:37.0208 4692 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
12:14:37.0208 4692 usbehci - ok
12:14:37.0286 4692 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
12:14:37.0286 4692 usbhub - ok
12:14:37.0333 4692 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
12:14:37.0333 4692 usbohci - ok
12:14:37.0349 4692 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:14:37.0349 4692 usbprint - ok
12:14:37.0396 4692 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:14:37.0411 4692 USBSTOR - ok
12:14:37.0474 4692 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:14:37.0474 4692 usbuhci - ok
12:14:37.0567 4692 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
12:14:37.0567 4692 usbvideo - ok
12:14:37.0614 4692 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:14:37.0614 4692 UxSms - ok
12:14:37.0661 4692 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:14:37.0676 4692 VaultSvc - ok
12:14:37.0723 4692 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:14:37.0739 4692 vdrvroot - ok
12:14:37.0801 4692 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
12:14:37.0801 4692 vds - ok
12:14:37.0832 4692 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:14:37.0848 4692 vga - ok
12:14:37.0864 4692 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:14:37.0864 4692 VgaSave - ok
12:14:37.0895 4692 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
12:14:37.0895 4692 vhdmp - ok
12:14:37.0926 4692 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
12:14:37.0926 4692 viaide - ok
12:14:37.0973 4692 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
12:14:37.0973 4692 vmbus - ok
12:14:38.0051 4692 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
12:14:38.0051 4692 VMBusHID - ok
12:14:38.0082 4692 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
12:14:38.0082 4692 volmgr - ok
12:14:38.0129 4692 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
12:14:38.0129 4692 volmgrx - ok
12:14:38.0176 4692 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
12:14:38.0176 4692 volsnap - ok
12:14:38.0238 4692 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:14:38.0254 4692 vsmraid - ok
12:14:38.0347 4692 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
12:14:38.0363 4692 VSS - ok
12:14:38.0394 4692 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:14:38.0410 4692 vwifibus - ok
12:14:38.0456 4692 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:14:38.0456 4692 vwififlt - ok
12:14:38.0534 4692 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:14:38.0534 4692 vwifimp - ok
12:14:38.0675 4692 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:14:38.0675 4692 W32Time - ok
12:14:38.0737 4692 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:14:38.0737 4692 WacomPen - ok
12:14:38.0784 4692 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:14:38.0784 4692 WANARP - ok
12:14:38.0815 4692 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:14:38.0815 4692 Wanarpv6 - ok
12:14:38.0956 4692 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:14:38.0971 4692 WatAdminSvc - ok
12:14:39.0049 4692 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
12:14:39.0065 4692 wbengine - ok
12:14:39.0096 4692 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:14:39.0096 4692 WbioSrvc - ok
12:14:39.0143 4692 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
12:14:39.0143 4692 wcncsvc - ok
12:14:39.0205 4692 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:14:39.0205 4692 WcsPlugInService - ok
12:14:39.0252 4692 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:14:39.0252 4692 Wd - ok
12:14:39.0283 4692 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:14:39.0299 4692 Wdf01000 - ok
12:14:39.0346 4692 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:14:39.0346 4692 WdiServiceHost - ok
12:14:39.0361 4692 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:14:39.0361 4692 WdiSystemHost - ok
12:14:39.0424 4692 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
12:14:39.0424 4692 WebClient - ok
12:14:39.0471 4692 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:14:39.0471 4692 Wecsvc - ok
12:14:39.0533 4692 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:14:39.0533 4692 wercplsupport - ok
12:14:39.0564 4692 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:14:39.0580 4692 WerSvc - ok
12:14:39.0642 4692 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:14:39.0642 4692 WfpLwf - ok
12:14:39.0689 4692 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
12:14:39.0689 4692 WimFltr - ok
12:14:39.0705 4692 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:14:39.0705 4692 WIMMount - ok
12:14:39.0751 4692 WinDefend - ok
12:14:39.0767 4692 WinHttpAutoProxySvc - ok
12:14:39.0876 4692 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:14:39.0876 4692 Winmgmt - ok
12:14:39.0954 4692 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
12:14:39.0985 4692 WinRM - ok
12:14:40.0048 4692 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:14:40.0048 4692 Wlansvc - ok
12:14:40.0141 4692 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:14:40.0157 4692 WmiAcpi - ok
12:14:40.0235 4692 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:14:40.0235 4692 wmiApSrv - ok
12:14:40.0282 4692 WMPNetworkSvc - ok
12:14:40.0391 4692 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:14:40.0407 4692 WPCSvc - ok
12:14:40.0438 4692 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
12:14:40.0438 4692 WPDBusEnum - ok
12:14:40.0469 4692 WPS (37725ebe2f8972809903a10599c365a2) C:\Windows\system32\drivers\wpsdrvnt.sys
12:14:40.0469 4692 WPS - ok
12:14:40.0531 4692 WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\Windows\system32\drivers\WpsHelper.sys
12:14:40.0531 4692 WpsHelper - ok
12:14:40.0578 4692 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:14:40.0594 4692 ws2ifsl - ok
12:14:40.0687 4692 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
12:14:40.0703 4692 wscsvc - ok
12:14:40.0719 4692 WSearch - ok
12:14:40.0812 4692 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
12:14:40.0828 4692 wuauserv - ok
12:14:40.0890 4692 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
12:14:40.0890 4692 WudfPf - ok
12:14:40.0968 4692 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:14:40.0984 4692 WUDFRd - ok
12:14:41.0031 4692 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll
12:14:41.0046 4692 wudfsvc - ok
12:14:41.0062 4692 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:14:41.0062 4692 WwanSvc - ok
12:14:41.0140 4692 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:14:41.0826 4692 \Device\Harddisk0\DR0 - ok
12:14:41.0857 4692 Boot (0x1200) (18ae7c98ae07d726ef8ace2808fa44c5) \Device\Harddisk0\DR0\Partition0
12:14:41.0873 4692 \Device\Harddisk0\DR0\Partition0 - ok
12:14:41.0873 4692 Boot (0x1200) (c591cca9af08efa701645c62131a8a43) \Device\Harddisk0\DR0\Partition1
12:14:41.0873 4692 \Device\Harddisk0\DR0\Partition1 - ok
12:14:41.0889 4692 ============================================================
12:14:41.0889 4692 Scan finished
12:14:41.0889 4692 ============================================================
12:14:41.0904 1116 Detected object count: 0
12:14:41.0904 1116 Actual detected object count: 0
12:14:55.0539 4600 Deinitialize success



aswMRB Log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-21 12:16:29
-----------------------------
12:16:29.716 OS Version: Windows x64 6.1.7600
12:16:29.716 Number of processors: 4 586 0x2505
12:16:29.716 ComputerName: BAKPC UserName:
12:16:31.354 Initialize success
12:17:35.388 AVAST engine defs: 12042100
12:18:35.557 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:18:35.557 Disk 0 Vendor: TOSHIBA_ MC00 Size: 610480MB BusType: 3
12:18:35.573 Disk 0 MBR read successfully
12:18:35.573 Disk 0 MBR scan
12:18:35.573 Disk 0 Windows VISTA default MBR code
12:18:35.589 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:18:35.589 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
12:18:35.604 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 595440 MB offset 30800325
12:18:35.635 Disk 0 scanning C:\Windows\system32\drivers
12:18:47.632 Service scanning
12:19:20.517 Modules scanning
12:19:20.532 Disk 0 trace - called modules:
12:19:20.564 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys iaStor.sys hal.dll
12:19:20.564 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80082f0060]
12:19:20.579 3 CLASSPNP.SYS[fffff88001a2b43f] -> nt!IofCallDriver -> [0xfffffa80081c8cb0]
12:19:20.595 5 stdcfltn.sys[fffff88001686c52] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800807e050]
12:19:21.905 AVAST engine scan C:\Windows
12:19:24.760 AVAST engine scan C:\Windows\system32
12:22:39.573 AVAST engine scan C:\Windows\system32\drivers
12:22:55.017 AVAST engine scan C:\Users\Brittany
12:23:19.322 AVAST engine scan C:\ProgramData
12:24:00.366 Scan finished successfully
12:24:32.938 Disk 0 MBR has been saved successfully to "C:\Users\Brittany\Desktop\MBR.dat"
12:24:32.938 The log file has been saved successfully to "C:\Users\Brittany\Desktop\aswMBR.txt"

If it helps, Malwarebytes found an issue with svchost.exe in Safe Mode right before I wrote my post (haven't done anythings since that except what you told me) and following the aswMBR scan, Symantec gave me the following window:

Posted Image

Thanks again for your assistance!

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:37 AM

Posted 21 April 2012 - 10:51 AM

Lets check that after we finish the scans

Run malwarebytes-FULL SCAN-remove infections-reboot the PC and run it again unless if you get a clean log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 Fyrefly

Fyrefly
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 21 April 2012 - 10:14 PM

The first Malwarebytes scan returned the svchost.exe trojan again. Cleaned, rebooted, and ran again per your instructions and the second scan reported no malitious items.

ESET Log:

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO6XENAD\post[1].htm HTML/Iframe.B.Gen virus deleted - quarantined

Minitoolbox Log:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Brittany (administrator) on 22-04-2012 at 00:11:01
Microsoft Windows 7 Professional (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6200 AGN = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : bakpc
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 00-27-10-B8-5A-05
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-27-10-B8-5A-05
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6200 AGN
Physical Address. . . . . . . . . : 00-27-10-B8-5A-04
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::617d:c796:254d:3a73%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.8(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, April 21, 2012 9:50:52 PM
Lease Expires . . . . . . . . . . : Wednesday, May 29, 2148 6:39:31 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 184559376
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-7F-B8-68-F0-4D-A2-5A-B3-10
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : F0-4D-A2-5A-B3-10
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A54BDCAE-9940-4813-9460-A26F30707EEF}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{255BDD14-5E8D-4D88-9BB4-A4BC9F3A78E0}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c76:dbe:3f57:fdf7(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c76:dbe:3f57:fdf7%23(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{2893834B-5D08-4A43-9676-4599B30AC443}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server:
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.226.233
74.125.226.231
74.125.226.230
74.125.226.238
74.125.226.227
74.125.226.229
74.125.226.225
74.125.226.226
74.125.226.232
74.125.226.228
74.125.226.224


Pinging google.com [74.125.226.233] with 32 bytes of data:
Reply from 74.125.226.233: bytes=32 time=116ms TTL=54
Reply from 74.125.226.233: bytes=32 time=61ms TTL=54

Ping statistics for 74.125.226.233:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 61ms, Maximum = 116ms, Average = 88ms
Server:
Address: 192.168.2.1

Name: yahoo.com
Address: 209.191.122.70


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=165ms TTL=49
Reply from 209.191.122.70: bytes=32 time=119ms TTL=49

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 119ms, Maximum = 165ms, Average = 142ms
Server:
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...00 27 10 b8 5a 05 ......Microsoft Virtual WiFi Miniport Adapter #2
14...00 27 10 b8 5a 05 ......Microsoft Virtual WiFi Miniport Adapter
13...00 27 10 b8 5a 04 ......Intel® Centrino® Advanced-N 6200 AGN
11...f0 4d a2 5a b3 10 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
23...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.8 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.8 281
192.168.2.8 255.255.255.255 On-link 192.168.2.8 281
192.168.2.255 255.255.255.255 On-link 192.168.2.8 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.8 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.8 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
23 58 ::/0 On-link
1 306 ::1/128 On-link
23 58 2001::/32 On-link
23 306 2001:0:4137:9e76:1c76:dbe:3f57:fdf7/128
On-link
13 281 fe80::/64 On-link
23 306 fe80::/64 On-link
23 306 fe80::1c76:dbe:3f57:fdf7/128
On-link
13 281 fe80::617d:c796:254d:3a73/128
On-link
1 306 ff00::/8 On-link
23 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/21/2012 10:58:05 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (04/21/2012 10:57:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (04/21/2012 10:57:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (04/21/2012 08:47:42 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Trojan.Gen in File: C:\Users\Brittany\AppData\Local\Temp\DWH17FC.tmp by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: The file was left unchanged.

Error: (04/21/2012 08:46:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (04/21/2012 08:46:40 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (04/21/2012 00:27:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (04/21/2012 00:27:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (04/21/2012 00:08:07 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (04/21/2012 01:38:17 AM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()


System errors:
=============
Error: (04/21/2012 09:50:47 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter

Error: (04/21/2012 09:50:44 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (04/21/2012 00:06:50 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter

Error: (04/21/2012 00:06:38 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (04/21/2012 01:43:46 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/21/2012 01:43:46 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/21/2012 01:43:46 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/21/2012 01:43:46 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/21/2012 01:43:46 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/21/2012 01:43:46 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.57
AccelerometerP11 (Version: 2.00.11.15)
Accidental Damage Services Agreement (Version: 2.0.0)
Adobe Flash Player 10 ActiveX (Version: 10.1.85.3)
Adobe Reader 9.1.2 (Version: 9.1.2)
Advanced Audio FX Engine (Version: 1.12.05)
COMODO Internet Security (Version: 5.0.32580.1142)
Cozi (Version: 1.0.4323.24051)
Dell DataSafe Local Backup - Support Software
Dell DataSafe Local Backup (Version: 9.4.47)
Dell DataSafe Online (Version: 1.2.0011)
Dell Dock (Version: 2.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.5.09100)
Dell Webcam Central (Version: 2.00.35)
DirectXInstallService (Version: 9.0.2)
EMC 10 Content (Version: 1.0.035)
EMCGadgets64 (Version: 1.0.302)
ESET Online Scanner v3
Face Recognition (Version: 3.0.56.1)
GoToAssist 8.0.0.514
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2182)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® PROSet/Wireless WiFi Software (Version: 13.02.1000)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
Intel® Turbo Boost Technology Monitor (Version: 1.0.186.6)
Internet Explorer (Version: 8)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 21 (64-bit) (Version: 6.0.210)
Java™ 6 Update 21 (Version: 6.0.210)
JMicron Flash Media Controller Driver (Version: 1.0.41.2)
Junk Mail filter update (Version: 14.0.8089.726)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.96)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MATLAB R2007b (Version: 7.5)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Display Control Panel (Version: 6.14.12.5939)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.5939)
NVIDIA Updatus (Version: 1.0.3)
Quickset64 (Version: 10.8.5)
Realtek High Definition Audio Driver (Version: 6.0.1.6194)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.0)
Roxio Burn (Version: 1.0.0)
Roxio Central Audio (Version: 3.8.0)
Roxio Central Copy (Version: 3.8.0)
Roxio Central Core (Version: 3.8.0)
Roxio Central Data (Version: 3.8.0)
Roxio Central Tools (Version: 3.8.0)
Roxio Easy CD and DVD Burning (Version: 10.3)
Roxio Easy CD and DVD Burning (Version: 10.3.105)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio File Backup (Version: 1.3.0)
Roxio Update Manager (Version: 6.0.0)
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.169)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Symantec Endpoint Protection (Version: 11.0.6100.645)
Synaptics Pointing Device Driver (Version: 15.1.4.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974631)
Update for Microsoft Office Word 2007 Help (KB963665)
VD64Inst (Version: 1.00.0000)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)

========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 7924.3 MB
Available physical RAM: 5331.82 MB
Total Pagefile: 15846.74 MB
Available Pagefile: 13265.58 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.38 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:581.48 GB) (Free:435.07 GB) NTFS

========================= Users: ========================================

User accounts for \\BAKPC

Administrator Brittany Guest
UpdatusUser


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:37 AM

Posted 21 April 2012 - 10:41 PM

That looks good

symantec shows quarantined infections.Not the active one

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp



Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#7 Fyrefly

Fyrefly
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 22 April 2012 - 01:07 PM

Thanks so much for all your help! So far everything is looking good.

If I might trouble you for one quick question, which of the utilities in your opinion killed the thing? Because there was a lot of back and forth where some would find things, others wouldn't, etc. I sincerely hope none of this will happen again (will be installing NoScript etc. for added security while browsing) but if it does I was wondering which programs I should bear in mind.

Thanks again!

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:37 AM

Posted 22 April 2012 - 02:48 PM

which of the utilities in your opinion killed the thing?

TDSSkiller+malwarebytes

You can run these tools,if issue persists,you may start a topic in this forum.

good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users