Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.zeroaccess!inf


  • This topic is locked This topic is locked
32 replies to this topic

#1 dagiz

dagiz

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 01 May 2012 - 12:53 AM

Hello -

Norton has let me know that I have an infection of trojan.zeroaccess, yet when I run the TDSSKiller it shows nothing...so I am not exactly sure what is going on. The trojan has been showing up the last coupe of weeks and when I do follow what Norton specifies, it still show up so...after a couple of weeks of hair pulling at trying to figure out what to do, I am turning to you good folks for a wee bit of assistance and hopefully get rid of this nasty little thing. If you need anything else from me please let me know!! Thanks!!!

DDS LOG:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_26
Run by JAG2 at 23:41:04 on 2012-04-30
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4062.2149 [GMT -6:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\CISVC.EXE
C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.msn.iplay.com/?o=shp
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Health Check Scheduler] "c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
DPF: {14453FED-537A-4452-BE2B-C0F4A6176865} - hxxp://www.hudl.com/HudlAdvancedFeatures.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BF6E039F-8812-49D9-8155-4B5EDD4B4032} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{F97701C6-BDF8-40AE-AE83-701EE542D3AC} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{F97701C6-BDF8-40AE-AE83-701EE542D3AC} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO-X64: QFX Software KeyScrambler - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [HP Health Check Scheduler] "c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JAG2\AppData\Roaming\Mozilla\Firefox\Profiles\n96q191u.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - component: C:\Users\JAG2\AppData\Roaming\Mozilla\Firefox\Profiles\n96q191u.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-4-23 1160824]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120427.001\IDSviA64.sys [2012-4-28 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0502010.003\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0502010.003\SYMTDIV.SYS [?]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/12/22 17:52:12];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-9-1 146928]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 KjsUpdateService2;AppLife Update Service 2.0;C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe [2011-8-3 12800]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccsvchst.exe [2012-4-24 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-15 2253120]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2008-10-20 365904]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-3 1153368]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-4-12 138360]
R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys --> C:\Windows\system32\drivers\keyscrambler.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 253088]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-10-20 193840]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-3-17 89920]
.
=============== Created Last 30 ================
.
2012-04-24 07:27:05 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symefa64.sys
2012-04-24 07:27:05 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symds64.sys
2012-04-24 07:27:05 432760 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symtdiv.sys
2012-04-24 07:27:05 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\srtspx64.sys
2012-04-24 07:27:05 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symnets.sys
2012-04-24 07:27:04 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\srtsp64.sys
2012-04-24 07:27:04 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0502010.003\ironx64.sys
2012-04-24 07:26:47 -------- d-----w- C:\Windows\System32\drivers\N360x64\0502010.003
2012-04-14 06:31:35 78848 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-14 06:31:35 5632 ----a-w- C:\Windows\System32\wmi.dll
2012-04-14 06:31:35 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-14 06:31:35 219136 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-14 06:31:35 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-14 06:31:35 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-14 06:31:35 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 00:44:11 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-04-12 00:35:21 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-04-12 00:35:21 -------- d-----w- C:\Program Files\Symantec
2012-04-12 00:34:14 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2012-04-12 00:33:40 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-04-09 15:33:02 -------- d-----w- C:\Users\JAG2\AppData\Local\NPE
2012-04-09 13:54:37 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2012-04-06 02:26:54 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-02 04:26:36 -------- d-----w- C:\Program Files\iPod
2012-04-02 04:26:34 -------- d-----w- C:\Program Files\iTunes
.
==================== Find3M ====================
.
2012-04-18 02:10:36 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-28 15:35:29 1032192 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 15:26:16 834048 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 14:56:20 485376 ----a-w- C:\Windows\System32\html.iec
2012-02-28 14:21:25 389632 ----a-w- C:\Windows\SysWow64\html.iec
2012-02-28 14:19:28 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 13:56:50 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-15 17:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 17:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 23:41:41.61 ===============


TDSSKILLER REPORT:
23:45:32.0027 4072 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
23:45:32.0473 4072 ============================================================
23:45:32.0473 4072 Current date / time: 2012/04/30 23:45:32.0473
23:45:32.0473 4072 SystemInfo:
23:45:32.0473 4072
23:45:32.0473 4072 OS Version: 6.0.6002 ServicePack: 2.0
23:45:32.0473 4072 Product type: Workstation
23:45:32.0473 4072 ComputerName: JAG2-PC
23:45:32.0473 4072 UserName: JAG2
23:45:32.0473 4072 Windows directory: C:\Windows
23:45:32.0473 4072 System windows directory: C:\Windows
23:45:32.0473 4072 Running under WOW64
23:45:32.0473 4072 Processor architecture: Intel x64
23:45:32.0473 4072 Number of processors: 2
23:45:32.0474 4072 Page size: 0x1000
23:45:32.0474 4072 Boot type: Normal boot
23:45:32.0474 4072 ============================================================
23:45:34.0063 4072 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:45:34.0074 4072 ============================================================
23:45:34.0074 4072 \Device\Harddisk0\DR0:
23:45:34.0075 4072 MBR partitions:
23:45:34.0075 4072 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x238377C1
23:45:34.0075 4072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23837800, BlocksNum 0x1BF5800
23:45:34.0075 4072 ============================================================
23:45:34.0088 4072 C: <-> \Device\Harddisk0\DR0\Partition0
23:45:34.0138 4072 D: <-> \Device\Harddisk0\DR0\Partition1
23:45:34.0138 4072 ============================================================
23:45:34.0138 4072 Initialize success
23:45:34.0138 4072 ============================================================
23:45:36.0106 4296 ============================================================
23:45:36.0106 4296 Scan started
23:45:36.0106 4296 Mode: Manual;
23:45:36.0106 4296 ============================================================
23:45:36.0956 4296 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
23:45:36.0957 4296 Accelerometer - ok
23:45:37.0041 4296 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
23:45:37.0045 4296 ACPI - ok
23:45:37.0239 4296 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:45:37.0242 4296 AdobeFlashPlayerUpdateSvc - ok
23:45:37.0362 4296 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
23:45:37.0367 4296 adp94xx - ok
23:45:37.0408 4296 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
23:45:37.0412 4296 adpahci - ok
23:45:37.0444 4296 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
23:45:37.0445 4296 adpu160m - ok
23:45:37.0473 4296 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
23:45:37.0475 4296 adpu320 - ok
23:45:37.0532 4296 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
23:45:37.0533 4296 AeLookupSvc - ok
23:45:37.0645 4296 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
23:45:37.0649 4296 AFD - ok
23:45:37.0716 4296 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe
23:45:37.0717 4296 AgereModemAudio - ok
23:45:37.0878 4296 AgereSoftModem (70e15cda25e151dfc60636ef73f5a7be) C:\Windows\system32\DRIVERS\agrsm64.sys
23:45:37.0890 4296 AgereSoftModem - ok
23:45:37.0973 4296 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
23:45:37.0974 4296 agp440 - ok
23:45:38.0029 4296 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
23:45:38.0031 4296 aic78xx - ok
23:45:38.0060 4296 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
23:45:38.0062 4296 ALG - ok
23:45:38.0115 4296 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
23:45:38.0116 4296 aliide - ok
23:45:38.0123 4296 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
23:45:38.0125 4296 amdide - ok
23:45:38.0148 4296 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
23:45:38.0149 4296 AmdK8 - ok
23:45:38.0208 4296 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
23:45:38.0209 4296 Appinfo - ok
23:45:38.0458 4296 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:45:38.0460 4296 Apple Mobile Device - ok
23:45:38.0526 4296 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
23:45:38.0527 4296 arc - ok
23:45:38.0562 4296 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
23:45:38.0564 4296 arcsas - ok
23:45:38.0747 4296 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:45:38.0748 4296 aspnet_state - ok
23:45:38.0795 4296 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
23:45:38.0796 4296 AsyncMac - ok
23:45:38.0847 4296 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
23:45:38.0848 4296 atapi - ok
23:45:38.0978 4296 atksgt (09149d03629a44f4773e621c432d1d89) C:\Windows\system32\DRIVERS\atksgt.sys
23:45:38.0981 4296 atksgt - ok
23:45:39.0085 4296 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
23:45:39.0090 4296 AudioEndpointBuilder - ok
23:45:39.0098 4296 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
23:45:39.0104 4296 AudioSrv - ok
23:45:39.0229 4296 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
23:45:39.0234 4296 BFE - ok
23:45:39.0513 4296 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys
23:45:39.0524 4296 BHDrvx64 - ok
23:45:39.0865 4296 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
23:45:39.0878 4296 BITS - ok
23:45:39.0923 4296 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
23:45:39.0924 4296 blbdrive - ok
23:45:40.0072 4296 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:45:40.0077 4296 Bonjour Service - ok
23:45:40.0138 4296 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
23:45:40.0140 4296 bowser - ok
23:45:40.0172 4296 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
23:45:40.0174 4296 BrFiltLo - ok
23:45:40.0185 4296 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
23:45:40.0186 4296 BrFiltUp - ok
23:45:40.0253 4296 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
23:45:40.0255 4296 Browser - ok
23:45:40.0321 4296 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
23:45:40.0323 4296 Brserid - ok
23:45:40.0348 4296 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
23:45:40.0349 4296 BrSerWdm - ok
23:45:40.0355 4296 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
23:45:40.0356 4296 BrUsbMdm - ok
23:45:40.0364 4296 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
23:45:40.0365 4296 BrUsbSer - ok
23:45:40.0413 4296 BthEnum (471ff09330a53177bbe9fd6ddf8a8259) C:\Windows\system32\DRIVERS\BthEnum.sys
23:45:40.0414 4296 BthEnum - ok
23:45:40.0433 4296 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
23:45:40.0435 4296 BTHMODEM - ok
23:45:40.0457 4296 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
23:45:40.0459 4296 BthPan - ok
23:45:40.0725 4296 BTHPORT (7d104f22c04a76f0d2f96f789ac07fcb) C:\Windows\system32\Drivers\BTHport.sys
23:45:40.0732 4296 BTHPORT - ok
23:45:40.0787 4296 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
23:45:40.0789 4296 BthServ - ok
23:45:40.0832 4296 BTHUSB (d9324f0c142267961ce900bfc3798bb1) C:\Windows\system32\Drivers\BTHUSB.sys
23:45:40.0833 4296 BTHUSB - ok
23:45:40.0870 4296 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
23:45:40.0871 4296 cdfs - ok
23:45:40.0951 4296 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
23:45:40.0952 4296 cdrom - ok
23:45:41.0022 4296 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
23:45:41.0023 4296 CertPropSvc - ok
23:45:41.0052 4296 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
23:45:41.0053 4296 circlass - ok
23:45:41.0113 4296 CISVC (2c0f16506bcbc80097d58099bc6be4c0) C:\Windows\system32\CISVC.EXE
23:45:41.0114 4296 CISVC - ok
23:45:41.0199 4296 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
23:45:41.0208 4296 CLFS - ok
23:45:41.0296 4296 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:45:41.0297 4296 clr_optimization_v2.0.50727_32 - ok
23:45:41.0384 4296 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:45:41.0386 4296 clr_optimization_v2.0.50727_64 - ok
23:45:41.0543 4296 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:45:41.0545 4296 clr_optimization_v4.0.30319_32 - ok
23:45:41.0591 4296 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:45:41.0593 4296 clr_optimization_v4.0.30319_64 - ok
23:45:41.0646 4296 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
23:45:41.0647 4296 CmBatt - ok
23:45:41.0657 4296 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
23:45:41.0658 4296 cmdide - ok
23:45:41.0808 4296 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
23:45:41.0810 4296 Com4QLBEx - ok
23:45:41.0818 4296 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
23:45:41.0819 4296 Compbatt - ok
23:45:41.0824 4296 COMSysApp - ok
23:45:41.0842 4296 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
23:45:41.0843 4296 crcdisk - ok
23:45:41.0916 4296 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
23:45:41.0919 4296 CryptSvc - ok
23:45:42.0076 4296 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
23:45:42.0086 4296 DcomLaunch - ok
23:45:42.0163 4296 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
23:45:42.0165 4296 DfsC - ok
23:45:42.0276 4296 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
23:45:42.0279 4296 Dhcp - ok
23:45:42.0337 4296 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
23:45:42.0338 4296 disk - ok
23:45:42.0407 4296 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
23:45:42.0409 4296 Dnscache - ok
23:45:42.0476 4296 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
23:45:42.0479 4296 dot3svc - ok
23:45:42.0512 4296 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
23:45:42.0515 4296 DPS - ok
23:45:42.0580 4296 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
23:45:42.0581 4296 drmkaud - ok
23:45:42.0732 4296 DXGKrnl (e828cdca431d1f98d33501dfc390079a) C:\Windows\System32\drivers\dxgkrnl.sys
23:45:42.0742 4296 DXGKrnl - ok
23:45:42.0811 4296 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
23:45:42.0813 4296 E1G60 - ok
23:45:42.0867 4296 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
23:45:42.0870 4296 EapHost - ok
23:45:42.0966 4296 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
23:45:42.0968 4296 Ecache - ok
23:45:43.0139 4296 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
23:45:43.0144 4296 eeCtrl - ok
23:45:43.0226 4296 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
23:45:43.0230 4296 ehRecvr - ok
23:45:43.0260 4296 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
23:45:43.0262 4296 ehSched - ok
23:45:43.0313 4296 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
23:45:43.0314 4296 ehstart - ok
23:45:43.0386 4296 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
23:45:43.0390 4296 elxstor - ok
23:45:43.0484 4296 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
23:45:43.0489 4296 EMDMgmt - ok
23:45:43.0549 4296 enecir (0e3f3301052673cf16813e65d5de98ad) C:\Windows\system32\DRIVERS\enecir.sys
23:45:43.0550 4296 enecir - ok
23:45:43.0683 4296 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:45:43.0685 4296 EraserUtilRebootDrv - ok
23:45:43.0698 4296 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
23:45:43.0699 4296 ErrDev - ok
23:45:43.0808 4296 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
23:45:43.0812 4296 EventSystem - ok
23:45:43.0882 4296 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
23:45:43.0884 4296 exfat - ok
23:45:43.0963 4296 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
23:45:43.0965 4296 fastfat - ok
23:45:44.0026 4296 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
23:45:44.0027 4296 fdc - ok
23:45:44.0059 4296 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
23:45:44.0061 4296 fdPHost - ok
23:45:44.0074 4296 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
23:45:44.0076 4296 FDResPub - ok
23:45:44.0092 4296 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
23:45:44.0093 4296 FileInfo - ok
23:45:44.0120 4296 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
23:45:44.0121 4296 Filetrace - ok
23:45:44.0131 4296 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:45:44.0132 4296 flpydisk - ok
23:45:44.0220 4296 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
23:45:44.0223 4296 FltMgr - ok
23:45:44.0303 4296 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:45:44.0304 4296 FontCache3.0.0.0 - ok
23:45:44.0320 4296 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
23:45:44.0321 4296 Fs_Rec - ok
23:45:44.0372 4296 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
23:45:44.0373 4296 gagp30kx - ok
23:45:44.0419 4296 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:45:44.0420 4296 GEARAspiWDM - ok
23:45:44.0557 4296 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
23:45:44.0565 4296 gpsvc - ok
23:45:44.0633 4296 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
23:45:44.0636 4296 HdAudAddService - ok
23:45:44.0778 4296 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:45:44.0787 4296 HDAudBus - ok
23:45:44.0802 4296 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
23:45:44.0803 4296 HidBth - ok
23:45:44.0824 4296 HidIr (1d4e03e5c5ba4c3679c38cb6b4c60d5f) C:\Windows\system32\DRIVERS\hidir.sys
23:45:44.0825 4296 HidIr - ok
23:45:44.0876 4296 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
23:45:44.0878 4296 hidserv - ok
23:45:44.0903 4296 HidUsb (59a7b5e13356c20d67983868242167c5) C:\Windows\system32\DRIVERS\hidusb.sys
23:45:44.0904 4296 HidUsb - ok
23:45:44.0942 4296 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
23:45:44.0945 4296 hkmsvc - ok
23:45:45.0053 4296 HP Health Check Service (89f9e1984c1cd9e5f4fe39642d886e11) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
23:45:45.0055 4296 HP Health Check Service - ok
23:45:45.0100 4296 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
23:45:45.0101 4296 HpCISSs - ok
23:45:45.0152 4296 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
23:45:45.0153 4296 hpdskflt - ok
23:45:45.0172 4296 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
23:45:45.0174 4296 HpqKbFiltr - ok
23:45:45.0248 4296 hpqwmiex (1665c7121a026df10c903db9bc5e9d43) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
23:45:45.0250 4296 hpqwmiex - ok
23:45:45.0273 4296 hpsrv (6bf024ea61d7894bf4af0b10a90b546e) C:\Windows\system32\Hpservice.exe
23:45:45.0274 4296 hpsrv - ok
23:45:45.0386 4296 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
23:45:45.0392 4296 HTTP - ok
23:45:45.0421 4296 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
23:45:45.0422 4296 i2omp - ok
23:45:45.0469 4296 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
23:45:45.0470 4296 i8042prt - ok
23:45:45.0510 4296 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
23:45:45.0513 4296 iaStorV - ok
23:45:45.0599 4296 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:45:45.0601 4296 IDriverT - ok
23:45:46.0008 4296 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:45:46.0016 4296 idsvc - ok
23:45:46.0224 4296 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120427.001\IDSvia64.sys
23:45:46.0228 4296 IDSVia64 - ok
23:45:46.0381 4296 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
23:45:46.0383 4296 iirsp - ok
23:45:46.0478 4296 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
23:45:46.0483 4296 IKEEXT - ok
23:45:46.0528 4296 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
23:45:46.0529 4296 intelide - ok
23:45:46.0544 4296 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
23:45:46.0545 4296 intelppm - ok
23:45:46.0619 4296 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
23:45:46.0622 4296 IPBusEnum - ok
23:45:46.0671 4296 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:45:46.0672 4296 IpFilterDriver - ok
23:45:46.0736 4296 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
23:45:46.0740 4296 iphlpsvc - ok
23:45:46.0745 4296 IpInIp - ok
23:45:46.0791 4296 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
23:45:46.0793 4296 IPMIDRV - ok
23:45:46.0824 4296 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
23:45:46.0826 4296 IPNAT - ok
23:45:47.0007 4296 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
23:45:47.0016 4296 iPod Service - ok
23:45:47.0031 4296 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
23:45:47.0032 4296 IRENUM - ok
23:45:47.0096 4296 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
23:45:47.0097 4296 isapnp - ok
23:45:47.0173 4296 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
23:45:47.0176 4296 iScsiPrt - ok
23:45:47.0193 4296 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
23:45:47.0195 4296 iteatapi - ok
23:45:47.0238 4296 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
23:45:47.0239 4296 iteraid - ok
23:45:47.0273 4296 JMCR (15371306d1adbbf35e475c8da516a956) C:\Windows\system32\DRIVERS\jmcr.sys
23:45:47.0275 4296 JMCR - ok
23:45:47.0293 4296 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
23:45:47.0294 4296 kbdclass - ok
23:45:47.0324 4296 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
23:45:47.0325 4296 kbdhid - ok
23:45:47.0363 4296 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:45:47.0365 4296 KeyIso - ok
23:45:47.0439 4296 KeyScrambler (e3cf421210ebddacb4590ae67a0226dc) C:\Windows\system32\drivers\keyscrambler.sys
23:45:47.0442 4296 KeyScrambler - ok
23:45:47.0555 4296 KjsUpdateService2 (0c1672984c5d608740bdfacf483b01f1) C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe
23:45:47.0556 4296 KjsUpdateService2 - ok
23:45:47.0626 4296 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
23:45:47.0631 4296 KSecDD - ok
23:45:47.0686 4296 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
23:45:47.0687 4296 ksthunk - ok
23:45:47.0781 4296 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
23:45:47.0786 4296 KtmRm - ok
23:45:47.0865 4296 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
23:45:47.0870 4296 LanmanServer - ok
23:45:47.0939 4296 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
23:45:47.0944 4296 LanmanWorkstation - ok
23:45:48.0820 4296 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
23:45:48.0877 4296 LeapFrog Connect Device Service - ok
23:45:49.0022 4296 LightScribeService (0ee66bdf485c6828aa65c0ef5d591133) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
23:45:49.0023 4296 LightScribeService - ok
23:45:49.0223 4296 lirsgt (5ea407821bb3104c31a705175ab4f309) C:\Windows\system32\DRIVERS\lirsgt.sys
23:45:49.0224 4296 lirsgt - ok
23:45:49.0255 4296 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
23:45:49.0256 4296 lltdio - ok
23:45:49.0319 4296 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
23:45:49.0323 4296 lltdsvc - ok
23:45:49.0345 4296 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
23:45:49.0347 4296 lmhosts - ok
23:45:49.0372 4296 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
23:45:49.0373 4296 LSI_FC - ok
23:45:49.0388 4296 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
23:45:49.0390 4296 LSI_SAS - ok
23:45:49.0407 4296 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
23:45:49.0409 4296 LSI_SCSI - ok
23:45:49.0426 4296 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
23:45:49.0428 4296 luafv - ok
23:45:49.0520 4296 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
23:45:49.0522 4296 MarvinBus - ok
23:45:49.0551 4296 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
23:45:49.0553 4296 Mcx2Svc - ok
23:45:49.0604 4296 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
23:45:49.0605 4296 megasas - ok
23:45:49.0684 4296 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
23:45:49.0687 4296 MegaSR - ok
23:45:49.0714 4296 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
23:45:49.0716 4296 MMCSS - ok
23:45:49.0734 4296 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
23:45:49.0735 4296 Modem - ok
23:45:49.0787 4296 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
23:45:49.0788 4296 monitor - ok
23:45:49.0804 4296 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
23:45:49.0805 4296 mouclass - ok
23:45:49.0851 4296 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
23:45:49.0852 4296 mouhid - ok
23:45:49.0871 4296 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
23:45:49.0873 4296 MountMgr - ok
23:45:49.0902 4296 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
23:45:49.0904 4296 mpio - ok
23:45:49.0928 4296 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
23:45:49.0929 4296 mpsdrv - ok
23:45:50.0048 4296 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
23:45:50.0055 4296 MpsSvc - ok
23:45:50.0068 4296 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
23:45:50.0070 4296 Mraid35x - ok
23:45:50.0143 4296 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
23:45:50.0145 4296 MRxDAV - ok
23:45:50.0208 4296 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:45:50.0210 4296 mrxsmb - ok
23:45:50.0264 4296 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:45:50.0267 4296 mrxsmb10 - ok
23:45:50.0296 4296 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:45:50.0297 4296 mrxsmb20 - ok
23:45:50.0365 4296 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
23:45:50.0367 4296 msahci - ok
23:45:50.0414 4296 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
23:45:50.0416 4296 msdsm - ok
23:45:50.0450 4296 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
23:45:50.0453 4296 MSDTC - ok
23:45:50.0480 4296 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
23:45:50.0482 4296 Msfs - ok
23:45:50.0523 4296 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
23:45:50.0524 4296 msisadrv - ok
23:45:50.0568 4296 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
23:45:50.0571 4296 MSiSCSI - ok
23:45:50.0575 4296 msiserver - ok
23:45:50.0628 4296 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
23:45:50.0629 4296 MSKSSRV - ok
23:45:50.0641 4296 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
23:45:50.0642 4296 MSPCLOCK - ok
23:45:50.0674 4296 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
23:45:50.0675 4296 MSPQM - ok
23:45:50.0760 4296 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
23:45:50.0764 4296 MsRPC - ok
23:45:50.0785 4296 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
23:45:50.0786 4296 mssmbios - ok
23:45:50.0830 4296 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
23:45:50.0831 4296 MSTEE - ok
23:45:50.0852 4296 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
23:45:50.0853 4296 Mup - ok
23:45:50.0961 4296 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
23:45:50.0963 4296 N360 - ok
23:45:51.0052 4296 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
23:45:51.0059 4296 napagent - ok
23:45:51.0153 4296 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
23:45:51.0156 4296 NativeWifiP - ok
23:45:51.0286 4296 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120429.009\ENG64.SYS
23:45:51.0287 4296 NAVENG - ok
23:45:51.0606 4296 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120429.009\EX64.SYS
23:45:51.0625 4296 NAVEX15 - ok
23:45:51.0908 4296 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
23:45:51.0915 4296 NDIS - ok
23:45:51.0941 4296 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
23:45:51.0942 4296 NdisTapi - ok
23:45:51.0962 4296 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
23:45:51.0963 4296 Ndisuio - ok
23:45:52.0033 4296 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
23:45:52.0035 4296 NdisWan - ok
23:45:52.0056 4296 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
23:45:52.0058 4296 NDProxy - ok
23:45:52.0077 4296 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
23:45:52.0078 4296 NetBIOS - ok
23:45:52.0153 4296 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
23:45:52.0155 4296 netbt - ok
23:45:52.0186 4296 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:45:52.0188 4296 Netlogon - ok
23:45:52.0255 4296 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
23:45:52.0260 4296 Netman - ok
23:45:52.0411 4296 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:45:52.0413 4296 NetMsmqActivator - ok
23:45:52.0419 4296 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:45:52.0421 4296 NetPipeActivator - ok
23:45:52.0474 4296 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
23:45:52.0479 4296 netprofm - ok
23:45:52.0484 4296 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:45:52.0486 4296 NetTcpActivator - ok
23:45:52.0494 4296 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:45:52.0496 4296 NetTcpPortSharing - ok
23:45:52.0904 4296 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
23:45:52.0933 4296 NETw3v64 - ok
23:45:53.0653 4296 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys
23:45:53.0696 4296 NETw5v64 - ok
23:45:53.0830 4296 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
23:45:53.0832 4296 nfrd960 - ok
23:45:53.0885 4296 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
23:45:53.0888 4296 NlaSvc - ok
23:45:53.0934 4296 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
23:45:53.0935 4296 Npfs - ok
23:45:53.0945 4296 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
23:45:53.0947 4296 nsi - ok
23:45:53.0966 4296 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
23:45:53.0967 4296 nsiproxy - ok
23:45:54.0154 4296 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
23:45:54.0165 4296 Ntfs - ok
23:45:54.0344 4296 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
23:45:54.0345 4296 Null - ok
23:45:54.0436 4296 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
23:45:54.0438 4296 NVHDA - ok
23:45:55.0917 4296 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:45:56.0018 4296 nvlddmkm - ok
23:45:56.0197 4296 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
23:45:56.0198 4296 nvraid - ok
23:45:56.0224 4296 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
23:45:56.0225 4296 nvstor - ok
23:45:56.0435 4296 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
23:45:56.0452 4296 nvsvc - ok
23:45:56.0787 4296 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
23:45:56.0807 4296 nvUpdatusService - ok
23:45:56.0974 4296 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
23:45:56.0976 4296 nv_agp - ok
23:45:56.0981 4296 NwlnkFlt - ok
23:45:56.0988 4296 NwlnkFwd - ok
23:45:57.0058 4296 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
23:45:57.0059 4296 ohci1394 - ok
23:45:57.0212 4296 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:45:57.0222 4296 p2pimsvc - ok
23:45:57.0237 4296 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:45:57.0247 4296 p2psvc - ok
23:45:57.0272 4296 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
23:45:57.0273 4296 Parport - ok
23:45:57.0338 4296 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
23:45:57.0340 4296 partmgr - ok
23:45:57.0374 4296 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
23:45:57.0378 4296 PcaSvc - ok
23:45:57.0408 4296 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
23:45:57.0410 4296 pci - ok
23:45:57.0431 4296 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys
23:45:57.0432 4296 pciide - ok
23:45:57.0469 4296 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
23:45:57.0471 4296 pcmcia - ok
23:45:57.0567 4296 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
23:45:57.0574 4296 PEAUTH - ok
23:45:57.0676 4296 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
23:45:57.0678 4296 PerfHost - ok
23:45:57.0873 4296 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
23:45:57.0888 4296 pla - ok
23:45:57.0966 4296 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
23:45:57.0972 4296 PlugPlay - ok
23:45:58.0112 4296 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:45:58.0122 4296 PNRPAutoReg - ok
23:45:58.0138 4296 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:45:58.0148 4296 PNRPsvc - ok
23:45:58.0261 4296 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
23:45:58.0267 4296 PolicyAgent - ok
23:45:58.0364 4296 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
23:45:58.0366 4296 PptpMiniport - ok
23:45:58.0391 4296 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
23:45:58.0392 4296 Processor - ok
23:45:58.0465 4296 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
23:45:58.0469 4296 ProfSvc - ok
23:45:58.0497 4296 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:45:58.0499 4296 ProtectedStorage - ok
23:45:58.0561 4296 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
23:45:58.0563 4296 PSched - ok
23:45:58.0691 4296 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
23:45:58.0703 4296 ql2300 - ok
23:45:58.0729 4296 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
23:45:58.0731 4296 ql40xx - ok
23:45:58.0777 4296 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
23:45:58.0781 4296 QWAVE - ok
23:45:58.0795 4296 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
23:45:58.0796 4296 QWAVEdrv - ok
23:45:58.0805 4296 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
23:45:58.0806 4296 RasAcd - ok
23:45:58.0830 4296 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
23:45:58.0834 4296 RasAuto - ok
23:45:58.0893 4296 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:45:58.0895 4296 Rasl2tp - ok
23:45:58.0931 4296 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
23:45:58.0936 4296 RasMan - ok
23:45:58.0982 4296 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
23:45:58.0983 4296 RasPppoe - ok
23:45:59.0061 4296 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
23:45:59.0063 4296 RasSstp - ok
23:45:59.0143 4296 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
23:45:59.0146 4296 rdbss - ok
23:45:59.0174 4296 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:45:59.0175 4296 RDPCDD - ok
23:45:59.0242 4296 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
23:45:59.0245 4296 rdpdr - ok
23:45:59.0250 4296 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
23:45:59.0251 4296 RDPENCDD - ok
23:45:59.0319 4296 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
23:45:59.0322 4296 RDPWD - ok
23:45:59.0431 4296 Recovery Service for Windows (d5f08cc3d19b1c7f49619b9dad43c0ce) C:\Program Files (x86)\SMINST\BLService.exe
23:45:59.0435 4296 Recovery Service for Windows - ok
23:45:59.0461 4296 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
23:45:59.0464 4296 RemoteAccess - ok
23:45:59.0534 4296 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
23:45:59.0539 4296 RemoteRegistry - ok
23:45:59.0582 4296 RFCOMM (72c35598ba591abddc37fce7d26fe1c4) C:\Windows\system32\DRIVERS\rfcomm.sys
23:45:59.0584 4296 RFCOMM - ok
23:45:59.0718 4296 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
23:45:59.0720 4296 RichVideo - ok
23:45:59.0739 4296 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
23:45:59.0741 4296 RpcLocator - ok
23:45:59.0872 4296 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
23:45:59.0882 4296 RpcSs - ok
23:45:59.0918 4296 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
23:45:59.0920 4296 rspndr - ok
23:45:59.0989 4296 RTL8169 (dfadcae64aebe2c67da9cd2ae74ccde5) C:\Windows\system32\DRIVERS\Rtlh64.sys
23:45:59.0991 4296 RTL8169 - ok
23:46:00.0019 4296 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:46:00.0021 4296 SamSs - ok
23:46:00.0083 4296 sbp2port (8c8862dc7417d89b375492c981c491f7) C:\Windows\system32\drivers\sbp2port.sys
23:46:00.0085 4296 sbp2port - ok
23:46:00.0323 4296 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
23:46:00.0334 4296 SBSDWSCService - ok
23:46:00.0402 4296 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
23:46:00.0405 4296 SCardSvr - ok
23:46:00.0527 4296 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
23:46:00.0535 4296 Schedule - ok
23:46:00.0588 4296 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
23:46:00.0589 4296 SCPolicySvc - ok
23:46:00.0660 4296 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
23:46:00.0661 4296 sdbus - ok
23:46:00.0702 4296 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
23:46:00.0706 4296 SDRSVC - ok
23:46:00.0713 4296 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:46:00.0715 4296 secdrv - ok
23:46:00.0728 4296 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
23:46:00.0732 4296 seclogon - ok
23:46:00.0746 4296 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
23:46:00.0750 4296 SENS - ok
23:46:00.0766 4296 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
23:46:00.0767 4296 Serenum - ok
23:46:00.0795 4296 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
23:46:00.0796 4296 Serial - ok
23:46:00.0817 4296 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
23:46:00.0818 4296 sermouse - ok
23:46:00.0858 4296 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
23:46:00.0862 4296 SessionEnv - ok
23:46:00.0884 4296 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
23:46:00.0885 4296 sffdisk - ok
23:46:00.0912 4296 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
23:46:00.0913 4296 sffp_mmc - ok
23:46:00.0934 4296 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
23:46:00.0935 4296 sffp_sd - ok
23:46:00.0955 4296 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
23:46:00.0956 4296 sfloppy - ok
23:46:01.0021 4296 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
23:46:01.0025 4296 SharedAccess - ok
23:46:01.0104 4296 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
23:46:01.0109 4296 ShellHWDetection - ok
23:46:01.0134 4296 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
23:46:01.0135 4296 SiSRaid2 - ok
23:46:01.0151 4296 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
23:46:01.0152 4296 SiSRaid4 - ok
23:46:01.0500 4296 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
23:46:01.0526 4296 slsvc - ok
23:46:01.0694 4296 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
23:46:01.0697 4296 SLUINotify - ok
23:46:01.0774 4296 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
23:46:01.0775 4296 Smb - ok
23:46:01.0842 4296 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
23:46:01.0846 4296 SNMPTRAP - ok
23:46:01.0887 4296 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
23:46:01.0888 4296 spldr - ok
23:46:01.0970 4296 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
23:46:01.0975 4296 Spooler - ok
23:46:02.0125 4296 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502010.003\SRTSP64.SYS
23:46:02.0132 4296 SRTSP - ok
23:46:02.0155 4296 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502010.003\SRTSPX64.SYS
23:46:02.0156 4296 SRTSPX - ok
23:46:02.0255 4296 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
23:46:02.0259 4296 srv - ok
23:46:02.0317 4296 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
23:46:02.0320 4296 srv2 - ok
23:46:02.0352 4296 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
23:46:02.0354 4296 srvnet - ok
23:46:02.0401 4296 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
23:46:02.0406 4296 SSDPSRV - ok
23:46:02.0478 4296 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
23:46:02.0482 4296 SstpSvc - ok
23:46:02.0684 4296 STacSV (810199dcc3bdc38304d7d649992ea7bc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
23:46:02.0686 4296 STacSV - ok
23:46:02.0812 4296 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
23:46:02.0817 4296 STHDA - ok
23:46:02.0936 4296 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
23:46:02.0944 4296 stisvc - ok
23:46:02.0966 4296 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
23:46:02.0967 4296 swenum - ok
23:46:03.0062 4296 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
23:46:03.0069 4296 swprv - ok
23:46:03.0093 4296 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
23:46:03.0095 4296 Symc8xx - ok
23:46:03.0216 4296 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS
23:46:03.0220 4296 SymDS - ok
23:46:03.0369 4296 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS
23:46:03.0378 4296 SymEFA - ok
23:46:03.0454 4296 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
23:46:03.0457 4296 SymEvent - ok
23:46:03.0490 4296 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS
23:46:03.0492 4296 SymIRON - ok
23:46:03.0561 4296 SYMTDIv (61d06be74fa23ebb7d816e4468edd19e) C:\Windows\System32\Drivers\N360x64\0502010.003\SYMTDIV.SYS
23:46:03.0565 4296 SYMTDIv - ok
23:46:03.0596 4296 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
23:46:03.0598 4296 Sym_hi - ok
23:46:03.0619 4296 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
23:46:03.0621 4296 Sym_u3 - ok
23:46:03.0720 4296 SynTP (c52b05821884f9a0ebee38c45dbd73cd) C:\Windows\system32\DRIVERS\SynTP.sys
23:46:03.0724 4296 SynTP - ok
23:46:03.0879 4296 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
23:46:03.0891 4296 SysMain - ok
23:46:03.0927 4296 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
23:46:03.0930 4296 TabletInputService - ok
23:46:04.0015 4296 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
23:46:04.0020 4296 TapiSrv - ok
23:46:04.0045 4296 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
23:46:04.0048 4296 TBS - ok
23:46:04.0292 4296 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
23:46:04.0306 4296 Tcpip - ok
23:46:04.0561 4296 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
23:46:04.0574 4296 Tcpip6 - ok
23:46:04.0703 4296 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
23:46:04.0704 4296 tcpipreg - ok
23:46:04.0736 4296 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
23:46:04.0737 4296 TDPIPE - ok
23:46:04.0755 4296 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
23:46:04.0756 4296 TDTCP - ok
23:46:04.0812 4296 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
23:46:04.0814 4296 tdx - ok
23:46:04.0877 4296 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
23:46:04.0879 4296 TermDD - ok
23:46:04.0992 4296 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
23:46:05.0000 4296 TermService - ok
23:46:05.0082 4296 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
23:46:05.0087 4296 Themes - ok
23:46:05.0115 4296 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
23:46:05.0118 4296 THREADORDER - ok
23:46:05.0177 4296 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
23:46:05.0180 4296 TrkWks - ok
23:46:05.0250 4296 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
23:46:05.0251 4296 TrustedInstaller - ok
23:46:05.0285 4296 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:46:05.0286 4296 tssecsrv - ok
23:46:05.0329 4296 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
23:46:05.0330 4296 tunmp - ok
23:46:05.0394 4296 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
23:46:05.0395 4296 tunnel - ok
23:46:05.0427 4296 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
23:46:05.0428 4296 uagp35 - ok
23:46:05.0501 4296 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
23:46:05.0505 4296 udfs - ok
23:46:05.0537 4296 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
23:46:05.0540 4296 UI0Detect - ok
23:46:05.0586 4296 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
23:46:05.0587 4296 uliagpkx - ok
23:46:05.0641 4296 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
23:46:05.0644 4296 uliahci - ok
23:46:05.0673 4296 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
23:46:05.0675 4296 UlSata - ok
23:46:05.0713 4296 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
23:46:05.0716 4296 ulsata2 - ok
23:46:05.0725 4296 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
23:46:05.0726 4296 umbus - ok
23:46:05.0778 4296 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
23:46:05.0784 4296 upnphost - ok
23:46:05.0863 4296 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
23:46:05.0864 4296 USBAAPL64 - ok
23:46:05.0939 4296 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
23:46:05.0940 4296 usbccgp - ok
23:46:05.0968 4296 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
23:46:05.0969 4296 usbcir - ok
23:46:06.0022 4296 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
23:46:06.0023 4296 usbehci - ok
23:46:06.0069 4296 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
23:46:06.0072 4296 usbhub - ok
23:46:06.0090 4296 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
23:46:06.0091 4296 usbohci - ok
23:46:06.0117 4296 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
23:46:06.0118 4296 usbprint - ok
23:46:06.0170 4296 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:46:06.0171 4296 USBSTOR - ok
23:46:06.0195 4296 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
23:46:06.0196 4296 usbuhci - ok
23:46:06.0244 4296 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
23:46:06.0246 4296 usbvideo - ok
23:46:06.0301 4296 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
23:46:06.0305 4296 UxSms - ok
23:46:06.0405 4296 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
23:46:06.0411 4296 vds - ok
23:46:06.0453 4296 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
23:46:06.0454 4296 vga - ok
23:46:06.0464 4296 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
23:46:06.0465 4296 VgaSave - ok
23:46:06.0479 4296 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
23:46:06.0480 4296 viaide - ok
23:46:06.0537 4296 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
23:46:06.0539 4296 volmgr - ok
23:46:06.0628 4296 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
23:46:06.0632 4296 volmgrx - ok
23:46:06.0713 4296 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
23:46:06.0716 4296 volsnap - ok
23:46:06.0765 4296 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
23:46:06.0767 4296 vsmraid - ok
23:46:06.0974 4296 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
23:46:06.0989 4296 VSS - ok
23:46:07.0188 4296 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
23:46:07.0194 4296 W32Time - ok
23:46:07.0236 4296 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
23:46:07.0237 4296 WacomPen - ok
23:46:07.0305 4296 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
23:46:07.0307 4296 Wanarp - ok
23:46:07.0312 4296 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
23:46:07.0313 4296 Wanarpv6 - ok
23:46:07.0396 4296 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
23:46:07.0404 4296 wcncsvc - ok
23:46:07.0433 4296 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
23:46:07.0437 4296 WcsPlugInService - ok
23:46:07.0449 4296 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
23:46:07.0450 4296 Wd - ok
23:46:07.0560 4296 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
23:46:07.0569 4296 Wdf01000 - ok
23:46:07.0587 4296 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
23:46:07.0591 4296 WdiServiceHost - ok
23:46:07.0596 4296 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
23:46:07.0600 4296 WdiSystemHost - ok
23:46:07.0675 4296 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
23:46:07.0680 4296 WebClient - ok
23:46:07.0717 4296 Wecsvc (bd9a749f36710ffa02e0e530f7451936) C:\Windows\system32\wecsvc.dll
23:46:07.0722 4296 Wecsvc - ok
23:46:07.0742 4296 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
23:46:07.0745 4296 wercplsupport - ok
23:46:07.0786 4296 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
23:46:07.0791 4296 WerSvc - ok
23:46:07.0839 4296 WinDefend - ok
23:46:07.0854 4296 WinHttpAutoProxySvc - ok
23:46:07.0955 4296 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
23:46:07.0958 4296 Winmgmt - ok
23:46:08.0138 4296 WinRM (42717db2be3a075d0f0cd5c927c27a43) C:\Windows\system32\WsmSvc.dll
23:46:08.0152 4296 WinRM - ok
23:46:08.0275 4296 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
23:46:08.0283 4296 Wlansvc - ok
23:46:08.0332 4296 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:46:08.0333 4296 WmiAcpi - ok
23:46:08.0446 4296 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
23:46:08.0449 4296 wmiApSrv - ok
23:46:08.0498 4296 WMPNetworkSvc - ok
23:46:08.0556 4296 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
23:46:08.0561 4296 WPCSvc - ok
23:46:08.0580 4296 WPDBusEnum (a27c8f92d84e2ddc151978e4692c978e) C:\Windows\system32\wpdbusenum.dll
23:46:08.0584 4296 WPDBusEnum - ok
23:46:08.0648 4296 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
23:46:08.0649 4296 WpdUsb - ok
23:46:08.0911 4296 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:46:08.0921 4296 WPFFontCache_v0400 - ok
23:46:08.0945 4296 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
23:46:08.0947 4296 ws2ifsl - ok
23:46:09.0006 4296 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
23:46:09.0010 4296 wscsvc - ok
23:46:09.0062 4296 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
23:46:09.0064 4296 WSDPrintDevice - ok
23:46:09.0069 4296 WSearch - ok
23:46:09.0400 4296 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
23:46:09.0425 4296 wuauserv - ok
23:46:09.0565 4296 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
23:46:09.0569 4296 wudfsvc - ok
23:46:09.0678 4296 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
23:46:09.0681 4296 yukonx64 - ok
23:46:09.0830 4296 {B154377D-700F-42cc-9474-23858FBDF4BD} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
23:46:09.0831 4296 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
23:46:09.0876 4296 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
23:46:09.0903 4296 \Device\Harddisk0\DR0 - ok
23:46:09.0908 4296 Boot (0x1200) (5083a0cb94df7d89203f68b7620059ca) \Device\Harddisk0\DR0\Partition0
23:46:09.0910 4296 \Device\Harddisk0\DR0\Partition0 - ok
23:46:09.0926 4296 Boot (0x1200) (b3f3ac884d27a751e21957e91cd09d2e) \Device\Harddisk0\DR0\Partition1
23:46:09.0928 4296 \Device\Harddisk0\DR0\Partition1 - ok
23:46:09.0929 4296 ============================================================
23:46:09.0929 4296 Scan finished
23:46:09.0929 4296 ============================================================
23:46:10.0007 4628 Detected object count: 0
23:46:10.0007 4628 Actual detected object count: 0

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:17 AM

Posted 01 May 2012 - 02:34 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dagiz

dagiz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 01 May 2012 - 11:36 PM

Thanks for the reply. Here is the requested log.


Scan result of Farbar Recovery Scan Tool Version: 01-05-2012 01
Ran by SYSTEM at 01-05-2012 22:18:03
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [HP Health Check Scheduler] "c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [75008 2008-06-16] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
AppInit_DLLs:
Tcpip\..\Interfaces\{BF6E039F-8812-49D9-8155-4B5EDD4B4032}: [NameServer]156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{F97701C6-BDF8-40AE-AE83-701EE542D3AC}: [NameServer]156.154.70.22,156.154.71.22

==================== Services (Whitelisted) ======

2 AgereModemAudio; C:\Windows\system32\agr64svc.exe [15872 2007-12-11] (Agere Systems)
2 CISVC; C:\Windows\System32\CISVC.EXE [11776 2006-11-02] (Microsoft Corporation)
2 hpsrv; C:\Windows\System32\Hpservice.exe [23040 2008-03-18] (Hewlett-Packard Corporation)
2 KjsUpdateService2; "C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe" [12800 2011-08-03] (Kinetic Jump Software, LLC)
2 N360; "C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
3 p2pimsvc; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
3 p2psvc; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
3 PNRPAutoReg; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\SysWow64\p2psvc.dll [644608 2009-04-10] (Microsoft Corporation)
2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365904 2008-09-23] ()
3 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [241734 2008-06-29] ()
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
3 SCardSvr; C:\Windows\SysWow64\SCardSvr.dll [95232 2009-04-10] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
2 Themes; C:\Windows\SysWow64\shsvcs.dll [247808 2009-07-10] (Microsoft Corporation)
2 HP Health Check Service; "c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
3 msiserver; C:\Windows\System32\msiexec /V [x]

========================== Drivers (Whitelisted) =============

3 Accelerometer; C:\Windows\System32\Drivers\Accelerometer.sys [40296 2008-03-27] (Hewlett-Packard Corporation)
3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1253376 2008-11-21] (Agere Systems)
2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [312480 2011-04-21] ()
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [1160824 2012-04-02] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-04-11] (Symantec Corporation)
3 enecir; C:\Windows\System32\Drivers\enecir.sys [64000 2008-04-28] (ENE TECHNOLOGY INC.)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-04-11] (Symantec Corporation)
0 hpdskflt; C:\Windows\System32\Drivers\hpdskflt.sys [26984 2008-03-27] (Hewlett-Packard Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120427.001\IDSvia64.sys [488568 2012-04-11] (Symantec Corporation)
3 KeyScrambler; C:\Windows\System32\Drivers\KeyScrambler.sys [222904 2011-12-14] (QFX Software Corporation)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43168 2011-04-21] ()
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120429.009\ENG64.SYS [117880 2012-04-11] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120429.009\EX64.SYS [2048632 2012-04-11] (Symantec Corporation)
3 NETw3v64; C:\Windows\System32\Drivers\NETw3v64.sys [3154432 2008-01-20] (Intel Corporation)
3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh64.sys [207872 2009-05-25] (Realtek )
3 SRTSP; C:\Windows\System32\Drivers\N360x64\0502010.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\N360x64\0502010.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0502010.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0502010.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-04-11] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\N360x64\0502010.003\Ironx64.SYS [171128 2010-11-15] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\0502010.003\SYMTDIV.SYS [432760 2011-04-20] (Symantec Corporation)
2 {B154377D-700F-42cc-9474-23858FBDF4BD}; \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2009-09-01] (CyberLink Corp.)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVCx32: Themes

============ One Month Created Files and Folders ==============

2012-05-01 22:17 - 2010-07-04 20:00 - 0000000 ____D C:\FRST
2012-04-30 21:45 - 2012-04-30 21:40 - 0120934 ____A C:\TDSSKiller.2.7.33.0_30.04.2012_23.45.32_log.txt
2012-04-30 21:39 - 2012-04-30 21:38 - 0120934 ____A C:\TDSSKiller.2.7.33.0_30.04.2012_23.39.01_log.txt
2012-04-30 21:38 - 2012-04-30 21:38 - 2054861 ____A C:\Users\JAG2\Desktop\tdsskiller.zip
2012-04-30 21:38 - 2012-04-08 16:53 - 0000348 ____A C:\TDSSKiller.2.7.26.0_30.04.2012_23.38.38_log.txt
2012-04-30 21:38 - 2011-03-18 17:34 - 0000000 ____D C:\Users\JAG2\Desktop\tdsskiller
2012-04-30 21:14 - 2012-04-30 21:10 - 0016582 ____A C:\Users\JAG2\Desktop\DDS.txt
2012-04-30 21:14 - 2012-03-25 12:13 - 0006664 ____A C:\Users\JAG2\Desktop\Attach.txt
2012-04-30 21:09 - 2011-10-24 19:51 - 0607260 ____R (Swearware) C:\Users\JAG2\Desktop\dds.scr
2012-04-27 20:37 - 2012-04-08 00:09 - 0002640 ____A C:\{2F0FBB98-7410-4BB1-9891-34825F310131}
2012-04-25 20:47 - 2011-06-03 19:46 - 0000861 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-04-25 20:47 - 2011-06-03 19:46 - 0000861 ____A C:\Users\All Users\Desktop\VLC media player.lnk
2012-04-25 20:45 - 2011-04-06 08:34 - 22259528 ____A C:\Users\JAG2\Downloads\vlc-2.0.1-win32.exe
2012-04-24 11:41 - 2012-04-24 11:41 - 0204968 ____A C:\Users\JAG2\My Documents\transcriptsAG.xps
2012-04-24 11:41 - 2012-04-24 11:41 - 0204968 ____A C:\Users\JAG2\Documents\transcriptsAG.xps
2012-04-24 11:41 - 2010-12-23 10:07 - 0204968 ____A C:\Users\JAG2\My Documents\transcripts.xps
2012-04-24 11:41 - 2010-12-23 10:07 - 0204968 ____A C:\Users\JAG2\Documents\transcripts.xps
2012-04-19 13:35 - 2012-04-19 13:35 - 0000000 ____D C:\Users\JAG2\Desktop\paypal laura m photo_files
2012-04-19 13:35 - 2010-08-08 19:02 - 0009965 ____A C:\Users\JAG2\Desktop\paypal laura m photo.htm
2012-04-13 22:31 - 2008-10-19 22:24 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-13 22:31 - 2008-01-20 18:50 - 0172032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-13 22:31 - 2008-01-20 18:49 - 0219136 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-13 22:31 - 2006-11-02 07:04 - 0005632 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-13 22:31 - 2006-11-02 07:04 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-13 22:31 - 2006-11-02 03:15 - 0078848 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-13 22:31 - 2006-11-02 01:44 - 0157696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-13 11:16 - 2012-02-28 07:35 - 1428992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-13 11:16 - 2012-02-28 07:33 - 1383424 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-13 11:16 - 2012-02-28 07:33 - 0249856 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-13 11:16 - 2012-02-28 07:26 - 1176576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-13 11:16 - 2012-02-28 07:24 - 1383424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-13 11:16 - 2012-02-28 07:23 - 0193024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-13 11:16 - 2012-02-28 06:19 - 0759808 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-13 11:16 - 2012-02-28 05:56 - 0478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-13 11:16 - 2011-11-16 08:43 - 1032192 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-13 11:16 - 2011-11-16 08:23 - 0834048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-13 11:16 - 2011-04-21 07:24 - 7020544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-13 11:16 - 2011-04-21 06:57 - 6090240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-13 11:16 - 2011-03-31 13:54 - 0389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-13 11:16 - 2011-02-16 08:40 - 0032256 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-13 11:16 - 2011-02-16 08:18 - 0027648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-13 11:16 - 2010-03-23 05:14 - 0485376 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-13 11:16 - 2009-07-15 02:23 - 0590848 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-13 11:16 - 2009-06-17 22:58 - 0422400 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-13 11:16 - 2009-06-17 22:57 - 0380928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-04-13 11:16 - 2009-04-10 23:11 - 1129984 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-04-13 11:16 - 2009-04-10 22:28 - 0671232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-04-13 11:16 - 2009-04-10 22:28 - 0471040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-13 11:16 - 2008-01-20 18:50 - 5720064 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-13 11:16 - 2008-01-20 18:49 - 0270336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-13 11:16 - 2008-01-20 18:49 - 0180736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-13 11:16 - 2008-01-20 18:48 - 3618304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-13 11:16 - 2008-01-20 18:48 - 0375808 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-13 11:16 - 2008-01-20 18:48 - 0224768 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-13 11:16 - 2006-11-02 03:19 - 0108544 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-13 11:16 - 2006-11-02 01:46 - 0106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-11 16:35 - 2012-04-11 16:43 - 0174200 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-04-11 16:35 - 2012-04-11 16:43 - 0000855 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF
2012-04-11 16:35 - 2011-10-09 21:10 - 0002276 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk
2012-04-11 16:35 - 2011-10-09 21:10 - 0002276 ____A C:\Users\All Users\Desktop\Norton Security Suite.lnk
2012-04-11 16:35 - 2006-11-02 07:07 - 0000000 ____D C:\Program Files\Symantec
2012-04-11 16:35 - 2006-11-02 04:02 - 0007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-04-11 16:34 - 2009-08-15 18:08 - 0000000 ____D C:\Program Files (x86)\Norton Security Suite
2012-04-11 16:33 - 2012-04-11 16:34 - 0000000 ____D C:\Program Files (x86)\NortonInstaller
2012-04-09 07:35 - 2011-05-07 23:47 - 0388948 ____A C:\Windows\ntbtlog.txt
2012-04-09 07:33 - 2009-08-15 17:24 - 0000000 ____D C:\Users\JAG2\Local Settings\NPE
2012-04-09 07:33 - 2009-08-15 17:24 - 0000000 ____D C:\Users\JAG2\Local Settings\Application Data\NPE
2012-04-09 07:33 - 2009-08-15 17:24 - 0000000 ____D C:\Users\JAG2\AppData\Local\NPE
2012-04-09 05:54 - 2008-01-20 18:48 - 0027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-04-08 16:51 - 2012-04-30 21:54 - 0000346 ____A C:\TDSSKiller.2.7.7.0_08.04.2012_18.51.21_log.txt
2012-04-08 16:51 - 2012-03-09 20:36 - 0120480 ____A C:\TDSSKiller.2.7.26.0_08.04.2012_18.51.56_log.txt
2012-04-08 00:09 - 2012-04-13 22:30 - 0002680 ____A C:\{056175D7-ECA5-4E71-913E-F1F06CAB8A8D}
2012-04-08 00:07 - 2012-04-27 20:37 - 0002584 ____A C:\{DE3B6609-A6DC-4E6B-8CC4-AC8B2660FB2D}
2012-04-05 18:26 - 2006-11-02 01:45 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-05 18:26 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-04 04:23 - - 8484767 ____A C:\Users\JAG2\Desktop\2011April102.jpg
2012-04-01 20:27 - 2012-02-06 08:31 - 0001654 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-01 20:27 - 2012-02-06 08:31 - 0001654 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-04-01 20:26 - 2012-04-17 18:06 - 0000000 ____D C:\Program Files\iPod
2012-04-01 20:26 - 2011-02-09 09:27 - 0000000 ____D C:\Program Files\iTunes

============ 3 Months Modified Files and Folders =============

2012-05-01 22:17 - 2012-05-01 22:17 - 0000000 ____D C:\FRST
2012-05-01 20:13 - 2009-08-15 12:40 - 1991619 ____A C:\Windows\WindowsUpdate.log
2012-05-01 20:13 - 2008-10-19 21:53 - 0000012 ____A C:\Windows\bthservsdp.dat
2012-05-01 20:13 - 2006-11-02 07:42 - 0032552 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-01 20:13 - 2006-11-02 07:42 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-01 20:13 - 2006-11-02 07:22 - 0003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-01 20:13 - 2006-11-02 07:22 - 0003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-01 20:10 - 2006-11-02 04:46 - 0817166 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-01 20:09 - 2012-04-05 18:26 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-01 19:01 - 2012-01-04 20:58 - 4260319232 __ASH C:\hiberfil.sys
2012-05-01 19:01 - 2009-09-03 12:51 - 0000236 ____A C:\Windows\Tasks\PersonalAV.job
2012-04-30 21:54 - 2012-04-30 21:45 - 0120934 ____A C:\TDSSKiller.2.7.33.0_30.04.2012_23.45.32_log.txt
2012-04-30 21:45 - 2012-04-30 21:14 - 0006664 ____A C:\Users\JAG2\Desktop\Attach.txt
2012-04-30 21:44 - 2012-04-30 21:14 - 0016582 ____A C:\Users\JAG2\Desktop\DDS.txt
2012-04-30 21:40 - 2012-04-30 21:39 - 0120934 ____A C:\TDSSKiller.2.7.33.0_30.04.2012_23.39.01_log.txt
2012-04-30 21:38 - 2012-04-30 21:38 - 2054861 ____A C:\Users\JAG2\Desktop\tdsskiller.zip
2012-04-30 21:38 - 2012-04-30 21:38 - 0000348 ____A C:\TDSSKiller.2.7.26.0_30.04.2012_23.38.38_log.txt
2012-04-30 21:38 - 2012-04-30 21:38 - 0000000 ____D C:\Users\JAG2\Desktop\tdsskiller
2012-04-30 21:10 - 2012-04-30 21:09 - 0607260 ____R (Swearware) C:\Users\JAG2\Desktop\dds.scr
2012-04-30 13:26 - 2011-03-06 14:22 - 0000000 ____D C:\Users\JAG2\My Documents\Church
2012-04-30 13:26 - 2011-03-06 14:22 - 0000000 ____D C:\Users\JAG2\Documents\Church
2012-04-30 13:25 - 2009-08-21 20:27 - 0000000 ____D C:\Users\JAG2\Games
2012-04-30 13:15 - 2010-07-15 15:10 - 0000000 ____D C:\Users\JAG2\My Documents\Andrei - School
2012-04-30 13:15 - 2010-07-15 15:10 - 0000000 ____D C:\Users\JAG2\Documents\Andrei - School
2012-04-30 12:45 - 2009-08-15 17:04 - 0000000 ____D C:\users\JAG2
2012-04-30 09:42 - 2010-03-03 23:03 - 0000000 ____D C:\Users\JAG2\Application Data\vlc
2012-04-30 09:42 - 2010-03-03 23:03 - 0000000 ____D C:\Users\JAG2\AppData\Roaming\vlc
2012-04-30 08:36 - 2011-09-27 10:20 - 0000000 ____D C:\Users\JAG2\Local Settings\CrashDumps
2012-04-30 08:36 - 2011-09-27 10:20 - 0000000 ____D C:\Users\JAG2\Local Settings\Application Data\CrashDumps
2012-04-30 08:36 - 2011-09-27 10:20 - 0000000 ____D C:\Users\JAG2\AppData\Local\CrashDumps
2012-04-27 20:37 - 2012-04-27 20:37 - 0002640 ____A C:\{2F0FBB98-7410-4BB1-9891-34825F310131}
2012-04-25 20:47 - 2012-04-25 20:47 - 0000861 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-04-25 20:47 - 2012-04-25 20:47 - 0000861 ____A C:\Users\All Users\Desktop\VLC media player.lnk
2012-04-25 20:46 - 2012-04-25 20:45 - 22259528 ____A C:\Users\JAG2\Downloads\vlc-2.0.1-win32.exe
2012-04-24 21:19 - 2009-08-15 17:24 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-24 11:41 - 2012-04-24 11:41 - 0204968 ____A C:\Users\JAG2\My Documents\transcriptsAG.xps
2012-04-24 11:41 - 2012-04-24 11:41 - 0204968 ____A C:\Users\JAG2\My Documents\transcripts.xps
2012-04-24 11:41 - 2012-04-24 11:41 - 0204968 ____A C:\Users\JAG2\Documents\transcriptsAG.xps
2012-04-24 11:41 - 2012-04-24 11:41 - 0204968 ____A C:\Users\JAG2\Documents\transcripts.xps
2012-04-24 11:41 - 2009-08-15 17:05 - 0000000 ____D C:\Users\JAG2\AppData\LocalLow
2012-04-24 04:43 - 2012-04-11 16:35 - 0002276 ____A C:\Users\Public\Desktop\Norton Security Suite.lnk
2012-04-24 04:43 - 2012-04-11 16:35 - 0002276 ____A C:\Users\All Users\Desktop\Norton Security Suite.lnk
2012-04-24 04:43 - 2011-08-19 20:55 - 0000000 ____D C:\Windows\System32\Drivers\N360x64
2012-04-20 13:31 - 2010-12-28 20:20 - 0000000 ____D C:\Users\JAG2\Desktop\New Folder
2012-04-19 13:35 - 2012-04-19 13:35 - 0009965 ____A C:\Users\JAG2\Desktop\paypal laura m photo.htm
2012-04-19 13:35 - 2012-04-19 13:35 - 0000000 ____D C:\Users\JAG2\Desktop\paypal laura m photo_files
2012-04-18 08:03 - 2012-01-13 13:46 - 0001877 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-18 08:03 - 2012-01-13 13:46 - 0001877 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk
2012-04-18 06:54 - 2012-04-09 05:54 - 0027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-04-17 18:10 - 2012-04-05 18:26 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-17 18:10 - 2011-05-23 09:30 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-13 22:29 - 2006-11-02 04:35 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-04-13 11:05 - 2011-10-09 21:17 - 0051936 ____A C:\Windows\PFRO.log
2012-04-11 16:43 - 2012-04-11 16:35 - 0174200 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-04-11 16:43 - 2012-04-11 16:35 - 0007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-04-11 16:43 - 2012-04-11 16:35 - 0000855 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF
2012-04-11 16:43 - 2012-04-11 16:35 - 0000000 ____D C:\Program Files\Symantec
2012-04-11 16:35 - 2011-08-19 20:56 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-04-11 16:34 - 2012-04-11 16:34 - 0000000 ____D C:\Program Files (x86)\Norton Security Suite
2012-04-11 16:33 - 2012-04-11 16:33 - 0000000 ____D C:\Program Files (x86)\NortonInstaller
2012-04-11 16:30 - 2011-08-19 20:52 - 0000000 ____D C:\Users\All Users\NortonInstaller
2012-04-11 16:30 - 2011-08-19 20:52 - 0000000 ____D C:\Users\All Users\Application Data\NortonInstaller
2012-04-11 16:30 - 2011-08-19 20:52 - 0000000 ____D C:\ProgramData\NortonInstaller
2012-04-09 10:25 - 2012-04-09 07:33 - 0000000 ____D C:\Users\JAG2\Local Settings\NPE
2012-04-09 10:25 - 2012-04-09 07:33 - 0000000 ____D C:\Users\JAG2\Local Settings\Application Data\NPE
2012-04-09 10:25 - 2012-04-09 07:33 - 0000000 ____D C:\Users\JAG2\AppData\Local\NPE
2012-04-09 07:33 - 2011-08-19 20:48 - 0000000 ____D C:\Users\All Users\Norton
2012-04-09 07:33 - 2011-08-19 20:48 - 0000000 ____D C:\Users\All Users\Application Data\Norton
2012-04-09 07:33 - 2011-08-19 20:48 - 0000000 ____D C:\ProgramData\Norton
2012-04-08 16:55 - 2006-11-02 04:34 - 0442061 ____R C:\Windows\System32\Drivers\etc\hosts
2012-04-08 16:53 - 2012-04-08 16:51 - 0120480 ____A C:\TDSSKiller.2.7.26.0_08.04.2012_18.51.56_log.txt
2012-04-08 16:51 - 2012-04-08 16:51 - 0000346 ____A C:\TDSSKiller.2.7.7.0_08.04.2012_18.51.21_log.txt
2012-04-08 00:09 - 2012-04-08 00:09 - 0002680 ____A C:\{056175D7-ECA5-4E71-913E-F1F06CAB8A8D}
2012-04-08 00:07 - 2012-04-08 00:07 - 0002584 ____A C:\{DE3B6609-A6DC-4E6B-8CC4-AC8B2660FB2D}
2012-04-01 20:27 - 2012-04-01 20:27 - 0001654 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-01 20:27 - 2012-04-01 20:27 - 0001654 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-04-01 20:27 - 2012-04-01 20:26 - 0000000 ____D C:\Program Files\iTunes
2012-04-01 20:27 - 2010-12-23 09:05 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-01 20:26 - 2012-04-01 20:26 - 0000000 ____D C:\Program Files\iPod
2012-04-01 12:27 - 2011-10-16 18:13 - 0002414 ____A C:\Windows\setupact.log
2012-03-25 13:03 - 2012-03-25 13:03 - 0925605 ____A C:\Users\JAG2\Desktop\Farmhouse Bed.pdf
2012-03-25 12:13 - 2012-03-25 12:13 - 0792754 ____A C:\Users\JAG2\Desktop\Ana_White_-_Hailey_Storage_Bed_-_Twin_-_2011-11-27.pdf
2012-03-13 20:05 - 2006-11-02 07:21 - 0399896 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-09 20:50 - 2006-11-02 04:34 - 0441412 ___RA C:\Windows\System32\Drivers\etc\hosts.20120408-185555.backup
2012-03-09 20:36 - 2012-03-09 20:34 - 0079616 ____A C:\TDSSKiller.2.7.19.0_09.03.2012_21.34.38_log.txt
2012-03-09 20:35 - 2012-02-17 06:29 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-03-09 20:34 - 2012-03-09 20:34 - 0000000 ____D C:\Users\JAG2\My Documents\tdsskiller
2012-03-09 20:34 - 2012-03-09 20:34 - 0000000 ____D C:\Users\JAG2\Documents\tdsskiller
2012-03-09 20:34 - 2012-02-17 06:27 - 2044980 ____A C:\Users\JAG2\My Documents\tdsskiller.zip
2012-03-09 20:34 - 2012-02-17 06:27 - 2044980 ____A C:\Users\JAG2\Documents\tdsskiller.zip
2012-03-09 20:33 - 2012-03-09 20:33 - 0000346 ____A C:\TDSSKiller.2.7.7.0_09.03.2012_21.33.53_log.txt
2012-03-09 20:33 - 2012-03-09 20:32 - 0000348 ____A C:\TDSSKiller.2.7.13.0_09.03.2012_21.32.57_log.txt
2012-03-09 20:33 - 2012-02-23 09:11 - 0000000 ____D C:\Users\JAG2\Downloads\tdsskiller
2012-03-04 13:55 - 2012-03-04 13:29 - 0000000 ____D C:\Users\JAG2\My Documents\Tx
2012-03-04 13:55 - 2012-03-04 13:29 - 0000000 ____D C:\Users\JAG2\Documents\Tx
2012-03-04 00:11 - 2011-11-14 22:53 - 0000000 ____D C:\users\UpdatusUser
2012-02-29 07:37 - 2012-04-13 22:31 - 0219136 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 07:37 - 2012-04-13 22:31 - 0005632 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 07:35 - 2012-04-13 22:31 - 0078848 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 07:11 - 2012-04-13 22:31 - 0172032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 07:11 - 2012-04-13 22:31 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 07:09 - 2012-04-13 22:31 - 0157696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 05:52 - 2012-04-13 22:31 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-28 07:35 - 2012-04-13 11:16 - 1428992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-28 07:35 - 2012-04-13 11:16 - 1032192 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-28 07:35 - 2012-04-13 11:16 - 0108544 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-28 07:34 - 2012-04-13 11:16 - 1129984 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-02-28 07:33 - 2012-04-13 11:16 - 7020544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-28 07:33 - 2012-04-13 11:16 - 5720064 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-28 07:33 - 2012-04-13 11:16 - 0759808 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-28 07:33 - 2012-04-13 11:16 - 0590848 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-28 07:33 - 2012-04-13 11:16 - 0422400 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-02-28 07:33 - 2012-04-13 11:16 - 0375808 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-28 07:33 - 2012-04-13 11:16 - 0249856 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-28 07:33 - 2012-04-13 11:16 - 0224768 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-28 07:33 - 2012-04-13 11:16 - 0032256 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-28 07:26 - 2012-04-13 11:16 - 1176576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-28 07:26 - 2012-04-13 11:16 - 0834048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-28 07:26 - 2012-04-13 11:16 - 0106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-28 07:24 - 2012-04-13 11:16 - 3618304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-28 07:24 - 2012-04-13 11:16 - 0671232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-02-28 07:24 - 2012-04-13 11:16 - 0478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-28 07:24 - 2012-04-13 11:16 - 0471040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-02-28 07:24 - 2012-04-13 11:16 - 0027648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-28 07:23 - 2012-04-13 11:16 - 6090240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-28 07:23 - 2012-04-13 11:16 - 0380928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-02-28 07:23 - 2012-04-13 11:16 - 0270336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-28 07:23 - 2012-04-13 11:16 - 0193024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-02-28 07:23 - 2012-04-13 11:16 - 0180736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-28 06:56 - 2012-04-13 11:16 - 0485376 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-28 06:21 - 2012-04-13 11:16 - 0389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-02-28 06:19 - 2012-04-13 11:16 - 1383424 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-28 05:56 - 2012-04-13 11:16 - 1383424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-23 09:13 - 2012-02-23 09:12 - 0076818 ____A C:\TDSSKiller.2.7.13.0_23.02.2012_10.12.55_log.txt
2012-02-23 09:11 - 2012-02-23 09:11 - 0000346 ____A C:\TDSSKiller.2.7.7.0_23.02.2012_10.11.47_log.txt
2012-02-23 09:06 - 2012-02-23 09:06 - 0000012 ____A C:\Windows\srun.log
2012-02-21 19:51 - 2011-02-06 12:59 - 0000000 ____D C:\Users\JAG2\My Documents\Jacque Folder
2012-02-21 19:51 - 2011-02-06 12:59 - 0000000 ____D C:\Users\JAG2\Documents\Jacque Folder
2012-02-21 19:46 - 2012-02-21 19:46 - 0269244 ____A C:\Users\JAG2\My Documents\Hygiene compliance w insurance.xps
2012-02-21 19:46 - 2012-02-21 19:46 - 0269244 ____A C:\Users\JAG2\Documents\Hygiene compliance w insurance.xps
2012-02-17 06:29 - 2012-02-17 06:27 - 0079616 ____A C:\TDSSKiller.2.7.13.0_17.02.2012_07.27.59_log.txt
2012-02-17 06:22 - 2012-02-17 06:22 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\JAG2\My Documents\mbam--setup-1.60.1.1000.exe
2012-02-17 06:22 - 2012-02-17 06:22 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\JAG2\Documents\mbam--setup-1.60.1.1000.exe
2012-02-15 19:23 - 2008-10-19 23:29 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 12:42 - 2009-11-02 18:06 - 0000000 ____D C:\Users\JAG2\.gimp-2.6
2012-02-15 09:01 - 2012-02-15 09:01 - 4547944 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2012-02-15 09:01 - 2012-02-15 09:01 - 0052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys
2012-02-06 10:15 - 2011-05-02 20:53 - 0000000 ____D C:\Users\JAG2\Desktop\Kingston Backup
2012-02-06 09:28 - 2009-09-02 17:09 - 0171008 ____A C:\Users\JAG2\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-02-06 09:28 - 2009-09-02 17:09 - 0171008 ____A C:\Users\JAG2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-02-06 09:28 - 2009-09-02 17:09 - 0171008 ____A C:\Users\JAG2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-02-06 08:39 - 2012-02-06 08:39 - 0000000 ____D C:\Users\JAG2\Application Data\Agile Sports Technologies
2012-02-06 08:39 - 2012-02-06 08:39 - 0000000 ____D C:\Users\JAG2\AppData\Roaming\Agile Sports Technologies
2012-02-06 08:38 - 2012-02-06 08:38 - 0000842 ____A C:\Users\JAG2\.recently-used.xbel
2012-02-06 08:37 - 2011-12-13 19:21 - 0000000 ____D C:\Users\JAG2\Desktop\Kylee
2012-02-06 08:32 - 2012-02-06 08:31 - 0000000 ____D C:\Program Files (x86)\AviSynth 2.5
2012-02-06 08:32 - 2010-12-23 08:51 - 0000000 ____D C:\Program Files (x86)\ffdshow
2012-02-06 08:31 - 2012-02-06 08:31 - 0001130 ____A C:\Users\Public\Desktop\Hudl Video Editor.lnk
2012-02-06 08:31 - 2012-02-06 08:31 - 0001130 ____A C:\Users\All Users\Desktop\Hudl Video Editor.lnk
2012-02-06 08:31 - 2011-05-25 18:48 - 0000000 ____D C:\Program Files (x86)\Agile Sports Technologies
2012-02-06 07:37 - 2012-02-06 07:20 - 0000000 ____D C:\Users\JAG2\Desktop\Temp License
2012-02-02 07:34 - 2012-03-13 14:14 - 2765824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 4062.02 MB
Available physical RAM: 3350.45 MB
Total Pagefile: 3737.22 MB
Available Pagefile: 3328.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:284.11 GB) (Free:83.6 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:13.98 GB) (Free:2.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (MY_DATA_050311) (CDROM) (Total:2.58 GB) (Free:0 GB) CDFS
4 Drive f: (KINGSTON) (Removable) (Total:7.45 GB) (Free:2.54 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 7635 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 284 GB 32 KB
Partition 2 Primary 14 GB 284 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 284 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7635 MB 32 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F KINGSTON FAT32 Removable 7635 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-01 19:11

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:17 AM

Posted 01 May 2012 - 11:50 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 dagiz

dagiz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 02 May 2012 - 07:40 PM

[*]Log from Combofix
[*]let me know of any problems you may have had
[*]How is the computer doing now?
[/list]
Gringo


Going in reverse order of questions:
1.) Computer starts up faster than it did - however Firefox is completely dead. Can get to my start page, but after that it freezes up or I am directed straight to another type of website that I am not looking for. Writing this from another PC in the house. no other programs seems to freeze like that.

2.) there was an issue where there was an error message during combofix that an .exe was not responding...before I had a chance to write it down, one misclick closed the program. Combofix seemed to be stuck on stage 48...a quick reboot and combofix finished a new scan.

3.) Combofix log:
ComboFix 12-05-02.03 - JAG2 05/02/2012 15:36:55.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4062.2696 [GMT -6:00]
Running from: c:\users\JAG2\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Common Files\Uninstall
c:\programdata\SymUpdate.exe
c:\users\JAG2\AppData\Local\Del84B1.tmp
.
c:\windows\SysWow64\userinit.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 06:17 . 2012-05-02 06:19 -------- d-----w- C:\FRST
2012-04-24 07:26 . 2012-04-24 12:42 -------- d-----w- c:\windows\system32\drivers\N360x64\0502010.003
2012-04-14 06:31 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-04-14 06:31 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-04-14 06:31 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-14 06:31 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-14 06:31 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-14 06:31 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-14 06:31 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 00:44 . 2012-04-12 00:44 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-04-12 00:35 . 2012-04-12 00:43 -------- d-----w- c:\program files\Symantec
2012-04-12 00:35 . 2012-04-12 00:43 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-04-12 00:34 . 2012-04-12 00:34 -------- d-----w- c:\program files (x86)\Norton Security Suite
2012-04-12 00:33 . 2012-04-12 00:33 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-04-09 15:33 . 2012-04-09 18:25 -------- d-----w- c:\users\JAG2\AppData\Local\NPE
2012-04-09 13:54 . 2012-04-18 14:54 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-04-06 02:26 . 2012-04-18 02:10 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 02:10 . 2011-05-23 17:30 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 17:01 . 2012-02-15 17:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 17:01 . 2012-02-15 17:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 253088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 19:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 02:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.msn.iplay.com/?o=shp
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{BF6E039F-8812-49D9-8155-4B5EDD4B4032}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{F97701C6-BDF8-40AE-AE83-701EE542D3AC}: NameServer = 156.154.70.22,156.154.71.22
DPF: {14453FED-537A-4452-BE2B-C0F4A6176865} - hxxp://www.hudl.com/HudlAdvancedFeatures.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\JAG2\AppData\Roaming\Mozilla\Firefox\Profiles\n96q191u.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Balancing Chemical Equations - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1768554090-2623086581-203288670-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:a1,0d,be,40,98,dc,16,80,11,a7,3b,9c,43,7c,c4,75,3d,0c,fe,4d,bd,
9a,96,05,f2,7f,b9,9c,98,8c,98,44,ad,85,b6,3b,44,69,ae,59,a0,12,76,fe,69,84,\
"rkeysecu"=hex:38,6e,f1,66,b7,a5,6b,d3,20,9f,1e,20,4a,28,ac,32
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-05-02 15:56:55
ComboFix-quarantined-files.txt 2012-05-02 21:56
.
Pre-Run: 83,726,336,000 bytes free
Post-Run: 83,627,294,720 bytes free
.
- - End Of File - - 57C2B817B4AD52A6198DA3787532F3BB

Edited by dagiz, 02 May 2012 - 07:41 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:17 AM

Posted 02 May 2012 - 08:39 PM

Greetings

Uninstall firefox and if asked about user settings or data remove that also

restart the computer and reinstall firefox

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 dagiz

dagiz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 03 May 2012 - 11:58 AM

Well still having issues with Firefox...forgot about IE so posting using IE (which I am not happy about). Firefox has been uininstalled, reinstalled at least three times. Not sure what's up. TDSSKiller still reporting nothing wrong. Logs:

10:46:03.0760 3748 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
10:46:04.0291 3748 ============================================================
10:46:04.0291 3748 Current date / time: 2012/05/03 10:46:04.0291
10:46:04.0291 3748 SystemInfo:
10:46:04.0291 3748
10:46:04.0291 3748 OS Version: 6.0.6002 ServicePack: 2.0
10:46:04.0291 3748 Product type: Workstation
10:46:04.0291 3748 ComputerName: JAG2-PC
10:46:04.0291 3748 UserName: JAG2
10:46:04.0291 3748 Windows directory: C:\Windows
10:46:04.0291 3748 System windows directory: C:\Windows
10:46:04.0291 3748 Running under WOW64
10:46:04.0291 3748 Processor architecture: Intel x64
10:46:04.0291 3748 Number of processors: 2
10:46:04.0291 3748 Page size: 0x1000
10:46:04.0291 3748 Boot type: Normal boot
10:46:04.0291 3748 ============================================================
10:46:06.0428 3748 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:46:06.0443 3748 ============================================================
10:46:06.0443 3748 \Device\Harddisk0\DR0:
10:46:06.0443 3748 MBR partitions:
10:46:06.0443 3748 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x238377C1
10:46:06.0443 3748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23837800, BlocksNum 0x1BF5800
10:46:06.0443 3748 ============================================================
10:46:06.0553 3748 C: <-> \Device\Harddisk0\DR0\Partition0
10:46:06.0709 3748 D: <-> \Device\Harddisk0\DR0\Partition1
10:46:06.0724 3748 ============================================================
10:46:06.0724 3748 Initialize success
10:46:06.0724 3748 ============================================================
10:46:08.0737 3740 ============================================================
10:46:08.0737 3740 Scan started
10:46:08.0737 3740 Mode: Manual;
10:46:08.0737 3740 ============================================================
10:46:09.0641 3740 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
10:46:09.0641 3740 Accelerometer - ok
10:46:09.0751 3740 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
10:46:09.0751 3740 ACPI - ok
10:46:09.0938 3740 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:46:09.0938 3740 AdobeFlashPlayerUpdateSvc - ok
10:46:10.0063 3740 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
10:46:10.0063 3740 adp94xx - ok
10:46:10.0125 3740 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
10:46:10.0125 3740 adpahci - ok
10:46:10.0172 3740 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
10:46:10.0172 3740 adpu160m - ok
10:46:10.0234 3740 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
10:46:10.0234 3740 adpu320 - ok
10:46:10.0297 3740 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
10:46:10.0297 3740 AeLookupSvc - ok
10:46:10.0406 3740 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
10:46:10.0421 3740 AFD - ok
10:46:10.0484 3740 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe
10:46:10.0484 3740 AgereModemAudio - ok
10:46:10.0702 3740 AgereSoftModem (70e15cda25e151dfc60636ef73f5a7be) C:\Windows\system32\DRIVERS\agrsm64.sys
10:46:10.0718 3740 AgereSoftModem - ok
10:46:10.0765 3740 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
10:46:10.0765 3740 agp440 - ok
10:46:10.0811 3740 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
10:46:10.0811 3740 aic78xx - ok
10:46:10.0843 3740 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
10:46:10.0843 3740 ALG - ok
10:46:10.0905 3740 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
10:46:10.0921 3740 aliide - ok
10:46:10.0921 3740 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
10:46:10.0921 3740 amdide - ok
10:46:10.0952 3740 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
10:46:10.0952 3740 AmdK8 - ok
10:46:10.0999 3740 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
10:46:10.0999 3740 Appinfo - ok
10:46:11.0170 3740 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:46:11.0170 3740 Apple Mobile Device - ok
10:46:11.0248 3740 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
10:46:11.0248 3740 arc - ok
10:46:11.0279 3740 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
10:46:11.0279 3740 arcsas - ok
10:46:11.0482 3740 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:46:11.0498 3740 aspnet_state - ok
10:46:11.0529 3740 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
10:46:11.0545 3740 AsyncMac - ok
10:46:11.0591 3740 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
10:46:11.0607 3740 atapi - ok
10:46:11.0685 3740 atksgt (09149d03629a44f4773e621c432d1d89) C:\Windows\system32\DRIVERS\atksgt.sys
10:46:11.0685 3740 atksgt - ok
10:46:11.0825 3740 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
10:46:11.0825 3740 AudioEndpointBuilder - ok
10:46:11.0825 3740 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
10:46:11.0841 3740 AudioSrv - ok
10:46:11.0888 3740 Beep - ok
10:46:12.0013 3740 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
10:46:12.0013 3740 BFE - ok
10:46:12.0309 3740 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys
10:46:12.0325 3740 BHDrvx64 - ok
10:46:15.0398 3740 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
10:46:15.0413 3740 BITS - ok
10:46:15.0741 3740 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
10:46:15.0741 3740 blbdrive - ok
10:46:16.0193 3740 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:46:16.0193 3740 Bonjour Service - ok
10:46:16.0381 3740 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
10:46:16.0381 3740 bowser - ok
10:46:16.0443 3740 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
10:46:16.0443 3740 BrFiltLo - ok
10:46:16.0490 3740 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
10:46:16.0490 3740 BrFiltUp - ok
10:46:16.0552 3740 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
10:46:16.0552 3740 Browser - ok
10:46:16.0615 3740 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
10:46:16.0615 3740 Brserid - ok
10:46:16.0677 3740 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
10:46:16.0677 3740 BrSerWdm - ok
10:46:16.0724 3740 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
10:46:16.0724 3740 BrUsbMdm - ok
10:46:16.0771 3740 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
10:46:16.0771 3740 BrUsbSer - ok
10:46:16.0802 3740 BthEnum (471ff09330a53177bbe9fd6ddf8a8259) C:\Windows\system32\DRIVERS\BthEnum.sys
10:46:16.0817 3740 BthEnum - ok
10:46:16.0864 3740 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
10:46:16.0864 3740 BTHMODEM - ok
10:46:16.0958 3740 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
10:46:16.0958 3740 BthPan - ok
10:46:17.0207 3740 BTHPORT (7d104f22c04a76f0d2f96f789ac07fcb) C:\Windows\system32\Drivers\BTHport.sys
10:46:17.0223 3740 BTHPORT - ok
10:46:17.0301 3740 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
10:46:17.0301 3740 BthServ - ok
10:46:17.0379 3740 BTHUSB (d9324f0c142267961ce900bfc3798bb1) C:\Windows\system32\Drivers\BTHUSB.sys
10:46:17.0379 3740 BTHUSB - ok
10:46:17.0395 3740 catchme - ok
10:46:17.0426 3740 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
10:46:17.0441 3740 cdfs - ok
10:46:17.0519 3740 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
10:46:17.0519 3740 cdrom - ok
10:46:17.0613 3740 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
10:46:17.0613 3740 CertPropSvc - ok
10:46:17.0644 3740 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
10:46:17.0644 3740 circlass - ok
10:46:17.0722 3740 CISVC (2c0f16506bcbc80097d58099bc6be4c0) C:\Windows\system32\CISVC.EXE
10:46:17.0722 3740 CISVC - ok
10:46:17.0878 3740 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
10:46:17.0878 3740 CLFS - ok
10:46:18.0175 3740 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:46:18.0175 3740 clr_optimization_v2.0.50727_32 - ok
10:46:18.0393 3740 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:46:18.0393 3740 clr_optimization_v2.0.50727_64 - ok
10:46:18.0689 3740 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:46:18.0689 3740 clr_optimization_v4.0.30319_32 - ok
10:46:19.0189 3740 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:46:19.0189 3740 clr_optimization_v4.0.30319_64 - ok
10:46:19.0251 3740 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
10:46:19.0251 3740 CmBatt - ok
10:46:19.0267 3740 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
10:46:19.0267 3740 cmdide - ok
10:46:19.0423 3740 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
10:46:19.0423 3740 Com4QLBEx - ok
10:46:19.0423 3740 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
10:46:19.0423 3740 Compbatt - ok
10:46:19.0438 3740 COMSysApp - ok
10:46:19.0516 3740 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
10:46:19.0516 3740 crcdisk - ok
10:46:19.0688 3740 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
10:46:19.0688 3740 CryptSvc - ok
10:46:20.0093 3740 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
10:46:20.0109 3740 DcomLaunch - ok
10:46:20.0156 3740 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
10:46:20.0171 3740 DfsC - ok
10:46:20.0265 3740 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
10:46:20.0265 3740 Dhcp - ok
10:46:20.0327 3740 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
10:46:20.0327 3740 disk - ok
10:46:20.0405 3740 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
10:46:20.0405 3740 Dnscache - ok
10:46:20.0468 3740 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
10:46:20.0468 3740 dot3svc - ok
10:46:20.0530 3740 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
10:46:20.0530 3740 DPS - ok
10:46:20.0593 3740 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
10:46:20.0593 3740 drmkaud - ok
10:46:21.0263 3740 DXGKrnl (e828cdca431d1f98d33501dfc390079a) C:\Windows\System32\drivers\dxgkrnl.sys
10:46:21.0279 3740 DXGKrnl - ok
10:46:21.0419 3740 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
10:46:21.0435 3740 E1G60 - ok
10:46:21.0513 3740 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
10:46:21.0513 3740 EapHost - ok
10:46:21.0638 3740 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
10:46:21.0638 3740 Ecache - ok
10:46:22.0137 3740 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:46:22.0153 3740 eeCtrl - ok
10:46:22.0293 3740 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
10:46:22.0293 3740 ehRecvr - ok
10:46:22.0340 3740 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
10:46:22.0340 3740 ehSched - ok
10:46:22.0371 3740 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
10:46:22.0371 3740 ehstart - ok
10:46:22.0496 3740 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
10:46:22.0496 3740 elxstor - ok
10:46:22.0870 3740 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
10:46:22.0886 3740 EMDMgmt - ok
10:46:22.0948 3740 enecir (0e3f3301052673cf16813e65d5de98ad) C:\Windows\system32\DRIVERS\enecir.sys
10:46:22.0948 3740 enecir - ok
10:46:23.0089 3740 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:46:23.0089 3740 EraserUtilRebootDrv - ok
10:46:23.0167 3740 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
10:46:23.0167 3740 ErrDev - ok
10:46:23.0291 3740 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
10:46:23.0307 3740 EventSystem - ok
10:46:23.0447 3740 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
10:46:23.0463 3740 exfat - ok
10:46:23.0666 3740 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
10:46:23.0666 3740 fastfat - ok
10:46:23.0728 3740 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
10:46:23.0728 3740 fdc - ok
10:46:23.0806 3740 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
10:46:23.0806 3740 fdPHost - ok
10:46:23.0853 3740 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
10:46:23.0853 3740 FDResPub - ok
10:46:24.0009 3740 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
10:46:24.0009 3740 FileInfo - ok
10:46:24.0040 3740 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
10:46:24.0040 3740 Filetrace - ok
10:46:24.0071 3740 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:46:24.0071 3740 flpydisk - ok
10:46:24.0259 3740 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
10:46:24.0274 3740 FltMgr - ok
10:46:24.0383 3740 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:46:24.0399 3740 FontCache3.0.0.0 - ok
10:46:24.0415 3740 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
10:46:24.0415 3740 Fs_Rec - ok
10:46:24.0508 3740 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
10:46:24.0508 3740 gagp30kx - ok
10:46:24.0571 3740 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:46:24.0571 3740 GEARAspiWDM - ok
10:46:25.0085 3740 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
10:46:25.0117 3740 gpsvc - ok
10:46:25.0210 3740 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
10:46:25.0226 3740 HdAudAddService - ok
10:46:25.0522 3740 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:46:25.0569 3740 HDAudBus - ok
10:46:25.0585 3740 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
10:46:25.0585 3740 HidBth - ok
10:46:25.0616 3740 HidIr (1d4e03e5c5ba4c3679c38cb6b4c60d5f) C:\Windows\system32\DRIVERS\hidir.sys
10:46:25.0616 3740 HidIr - ok
10:46:25.0663 3740 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
10:46:25.0663 3740 hidserv - ok
10:46:25.0756 3740 HidUsb (59a7b5e13356c20d67983868242167c5) C:\Windows\system32\DRIVERS\hidusb.sys
10:46:25.0756 3740 HidUsb - ok
10:46:25.0803 3740 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
10:46:25.0803 3740 hkmsvc - ok
10:46:25.0990 3740 HP Health Check Service (89f9e1984c1cd9e5f4fe39642d886e11) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
10:46:25.0990 3740 HP Health Check Service - ok
10:46:26.0053 3740 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
10:46:26.0053 3740 HpCISSs - ok
10:46:26.0131 3740 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
10:46:26.0131 3740 hpdskflt - ok
10:46:26.0177 3740 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
10:46:26.0209 3740 HpqKbFiltr - ok
10:46:26.0287 3740 hpqwmiex (1665c7121a026df10c903db9bc5e9d43) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
10:46:26.0287 3740 hpqwmiex - ok
10:46:26.0333 3740 hpsrv (6bf024ea61d7894bf4af0b10a90b546e) C:\Windows\system32\Hpservice.exe
10:46:26.0333 3740 hpsrv - ok
10:46:26.0567 3740 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
10:46:26.0599 3740 HTTP - ok
10:46:26.0630 3740 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
10:46:26.0630 3740 i2omp - ok
10:46:26.0677 3740 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
10:46:26.0677 3740 i8042prt - ok
10:46:26.0817 3740 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
10:46:26.0833 3740 iaStorV - ok
10:46:26.0973 3740 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:46:26.0989 3740 IDriverT - ok
10:46:27.0394 3740 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:46:27.0441 3740 idsvc - ok
10:46:27.0815 3740 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120427.001\IDSvia64.sys
10:46:27.0831 3740 IDSVia64 - ok
10:46:28.0502 3740 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
10:46:28.0517 3740 iirsp - ok
10:46:28.0892 3740 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
10:46:28.0923 3740 IKEEXT - ok
10:46:28.0985 3740 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
10:46:28.0985 3740 intelide - ok
10:46:29.0001 3740 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
10:46:29.0001 3740 intelppm - ok
10:46:29.0079 3740 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
10:46:29.0126 3740 IPBusEnum - ok
10:46:29.0173 3740 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:46:29.0173 3740 IpFilterDriver - ok
10:46:29.0251 3740 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
10:46:29.0251 3740 iphlpsvc - ok
10:46:29.0251 3740 IpInIp - ok
10:46:29.0282 3740 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
10:46:29.0297 3740 IPMIDRV - ok
10:46:29.0329 3740 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
10:46:29.0329 3740 IPNAT - ok
10:46:29.0594 3740 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
10:46:29.0625 3740 iPod Service - ok
10:46:29.0656 3740 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
10:46:29.0656 3740 IRENUM - ok
10:46:29.0703 3740 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
10:46:29.0703 3740 isapnp - ok
10:46:29.0890 3740 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
10:46:29.0890 3740 iScsiPrt - ok
10:46:29.0937 3740 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
10:46:29.0937 3740 iteatapi - ok
10:46:29.0984 3740 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
10:46:29.0984 3740 iteraid - ok
10:46:30.0046 3740 JMCR (15371306d1adbbf35e475c8da516a956) C:\Windows\system32\DRIVERS\jmcr.sys
10:46:30.0046 3740 JMCR - ok
10:46:30.0124 3740 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
10:46:30.0124 3740 kbdclass - ok
10:46:30.0187 3740 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
10:46:30.0202 3740 kbdhid - ok
10:46:30.0233 3740 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:46:30.0233 3740 KeyIso - ok
10:46:30.0311 3740 KeyScrambler (e3cf421210ebddacb4590ae67a0226dc) C:\Windows\system32\drivers\keyscrambler.sys
10:46:30.0311 3740 KeyScrambler - ok
10:46:30.0421 3740 KjsUpdateService2 (0c1672984c5d608740bdfacf483b01f1) C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe
10:46:30.0421 3740 KjsUpdateService2 - ok
10:46:30.0592 3740 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
10:46:30.0592 3740 KSecDD - ok
10:46:30.0623 3740 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
10:46:30.0623 3740 ksthunk - ok
10:46:30.0733 3740 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
10:46:30.0748 3740 KtmRm - ok
10:46:30.0826 3740 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
10:46:30.0826 3740 LanmanServer - ok
10:46:30.0935 3740 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
10:46:30.0951 3740 LanmanWorkstation - ok
10:46:34.0009 3740 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
10:46:34.0165 3740 LeapFrog Connect Device Service - ok
10:46:34.0383 3740 LightScribeService (0ee66bdf485c6828aa65c0ef5d591133) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:46:34.0383 3740 LightScribeService - ok
10:46:34.0867 3740 lirsgt (5ea407821bb3104c31a705175ab4f309) C:\Windows\system32\DRIVERS\lirsgt.sys
10:46:34.0867 3740 lirsgt - ok
10:46:34.0929 3740 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
10:46:34.0929 3740 lltdio - ok
10:46:35.0054 3740 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
10:46:35.0069 3740 lltdsvc - ok
10:46:35.0116 3740 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
10:46:35.0116 3740 lmhosts - ok
10:46:35.0210 3740 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
10:46:35.0225 3740 LSI_FC - ok
10:46:35.0241 3740 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
10:46:35.0241 3740 LSI_SAS - ok
10:46:35.0288 3740 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
10:46:35.0288 3740 LSI_SCSI - ok
10:46:35.0303 3740 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
10:46:35.0319 3740 luafv - ok
10:46:35.0428 3740 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
10:46:35.0428 3740 MarvinBus - ok
10:46:35.0522 3740 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
10:46:35.0537 3740 Mcx2Svc - ok
10:46:35.0553 3740 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
10:46:35.0569 3740 megasas - ok
10:46:35.0631 3740 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
10:46:35.0647 3740 MegaSR - ok
10:46:35.0662 3740 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
10:46:35.0678 3740 MMCSS - ok
10:46:35.0693 3740 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
10:46:35.0693 3740 Modem - ok
10:46:35.0740 3740 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
10:46:35.0740 3740 monitor - ok
10:46:35.0756 3740 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
10:46:35.0756 3740 mouclass - ok
10:46:35.0818 3740 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
10:46:35.0818 3740 mouhid - ok
10:46:35.0834 3740 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
10:46:35.0834 3740 MountMgr - ok
10:46:35.0943 3740 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:46:35.0943 3740 MozillaMaintenance - ok
10:46:36.0005 3740 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
10:46:36.0037 3740 mpio - ok
10:46:36.0099 3740 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
10:46:36.0099 3740 mpsdrv - ok
10:46:36.0505 3740 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
10:46:36.0536 3740 MpsSvc - ok
10:46:36.0551 3740 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
10:46:36.0551 3740 Mraid35x - ok
10:46:36.0645 3740 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
10:46:36.0661 3740 MRxDAV - ok
10:46:36.0801 3740 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:46:36.0801 3740 mrxsmb - ok
10:46:36.0863 3740 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:46:36.0863 3740 mrxsmb10 - ok
10:46:36.0895 3740 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:46:36.0910 3740 mrxsmb20 - ok
10:46:36.0973 3740 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
10:46:36.0973 3740 msahci - ok
10:46:37.0191 3740 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
10:46:37.0191 3740 msdsm - ok
10:46:37.0238 3740 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
10:46:37.0238 3740 MSDTC - ok
10:46:37.0285 3740 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
10:46:37.0285 3740 Msfs - ok
10:46:37.0347 3740 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
10:46:37.0363 3740 msisadrv - ok
10:46:37.0394 3740 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
10:46:37.0409 3740 MSiSCSI - ok
10:46:37.0409 3740 msiserver - ok
10:46:37.0456 3740 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
10:46:37.0456 3740 MSKSSRV - ok
10:46:37.0487 3740 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
10:46:37.0487 3740 MSPCLOCK - ok
10:46:37.0519 3740 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
10:46:37.0519 3740 MSPQM - ok
10:46:37.0690 3740 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
10:46:37.0690 3740 MsRPC - ok
10:46:37.0862 3740 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
10:46:37.0877 3740 mssmbios - ok
10:46:37.0924 3740 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
10:46:37.0924 3740 MSTEE - ok
10:46:38.0236 3740 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
10:46:38.0267 3740 Mup - ok
10:46:38.0517 3740 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
10:46:38.0517 3740 N360 - ok
10:46:38.0767 3740 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
10:46:38.0767 3740 napagent - ok
10:46:39.0032 3740 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
10:46:39.0047 3740 NativeWifiP - ok
10:46:39.0328 3740 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120429.009\ENG64.SYS
10:46:39.0328 3740 NAVENG - ok
10:46:40.0358 3740 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120429.009\EX64.SYS
10:46:40.0373 3740 NAVEX15 - ok
10:46:41.0606 3740 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
10:46:41.0637 3740 NDIS - ok
10:46:41.0653 3740 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
10:46:41.0653 3740 NdisTapi - ok
10:46:41.0668 3740 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
10:46:41.0668 3740 Ndisuio - ok
10:46:41.0746 3740 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
10:46:41.0746 3740 NdisWan - ok
10:46:41.0762 3740 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
10:46:41.0762 3740 NDProxy - ok
10:46:41.0793 3740 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
10:46:41.0793 3740 NetBIOS - ok
10:46:41.0933 3740 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
10:46:41.0933 3740 netbt - ok
10:46:41.0965 3740 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:46:41.0965 3740 Netlogon - ok
10:46:42.0027 3740 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
10:46:42.0043 3740 Netman - ok
10:46:42.0323 3740 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:46:42.0323 3740 NetMsmqActivator - ok
10:46:42.0339 3740 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:46:42.0339 3740 NetPipeActivator - ok
10:46:42.0386 3740 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
10:46:42.0386 3740 netprofm - ok
10:46:42.0386 3740 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:46:42.0386 3740 NetTcpActivator - ok
10:46:42.0401 3740 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:46:42.0401 3740 NetTcpPortSharing - ok
10:46:44.0819 3740 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
10:46:44.0929 3740 NETw3v64 - ok
10:46:52.0651 3740 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys
10:46:52.0791 3740 NETw5v64 - ok
10:46:54.0242 3740 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
10:46:54.0273 3740 nfrd960 - ok
10:46:54.0772 3740 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
10:46:54.0835 3740 NlaSvc - ok
10:46:55.0115 3740 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
10:46:55.0131 3740 Npfs - ok
10:46:55.0178 3740 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
10:46:55.0178 3740 nsi - ok
10:46:55.0318 3740 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
10:46:55.0349 3740 nsiproxy - ok
10:46:57.0533 3740 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
10:46:57.0596 3740 Ntfs - ok
10:46:58.0329 3740 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
10:46:58.0376 3740 Null - ok
10:46:58.0735 3740 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
10:46:58.0750 3740 NVHDA - ok
10:47:11.0807 3740 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:47:11.0917 3740 nvlddmkm - ok
10:47:12.0291 3740 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
10:47:12.0291 3740 nvraid - ok
10:47:12.0322 3740 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
10:47:12.0322 3740 nvstor - ok
10:47:13.0648 3740 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
10:47:13.0711 3740 nvsvc - ok
10:47:16.0191 3740 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
10:47:16.0253 3740 nvUpdatusService - ok
10:47:17.0252 3740 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
10:47:17.0252 3740 nv_agp - ok
10:47:17.0267 3740 NwlnkFlt - ok
10:47:17.0267 3740 NwlnkFwd - ok
10:47:17.0408 3740 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
10:47:17.0408 3740 ohci1394 - ok
10:47:17.0720 3740 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:47:17.0767 3740 p2pimsvc - ok
10:47:17.0782 3740 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:47:17.0782 3740 p2psvc - ok
10:47:17.0923 3740 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
10:47:17.0938 3740 Parport - ok
10:47:17.0985 3740 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
10:47:17.0985 3740 partmgr - ok
10:47:18.0032 3740 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
10:47:18.0032 3740 PcaSvc - ok
10:47:18.0235 3740 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
10:47:18.0235 3740 pci - ok
10:47:18.0281 3740 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys
10:47:18.0281 3740 pciide - ok
10:47:18.0640 3740 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
10:47:18.0640 3740 pcmcia - ok
10:47:19.0046 3740 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
10:47:19.0077 3740 PEAUTH - ok
10:47:19.0280 3740 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
10:47:19.0280 3740 PerfHost - ok
10:47:20.0933 3740 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
10:47:20.0996 3740 pla - ok
10:47:21.0121 3740 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
10:47:21.0121 3740 PlugPlay - ok
10:47:21.0542 3740 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:47:21.0557 3740 PNRPAutoReg - ok
10:47:21.0573 3740 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:47:21.0589 3740 PNRPsvc - ok
10:47:21.0698 3740 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
10:47:21.0713 3740 PolicyAgent - ok
10:47:21.0807 3740 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
10:47:21.0807 3740 PptpMiniport - ok
10:47:21.0838 3740 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
10:47:21.0838 3740 Processor - ok
10:47:21.0916 3740 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
10:47:21.0916 3740 ProfSvc - ok
10:47:21.0947 3740 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:47:21.0947 3740 ProtectedStorage - ok
10:47:22.0010 3740 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
10:47:22.0010 3740 PSched - ok
10:47:22.0166 3740 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
10:47:22.0197 3740 ql2300 - ok
10:47:22.0228 3740 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
10:47:22.0244 3740 ql40xx - ok
10:47:22.0291 3740 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
10:47:22.0306 3740 QWAVE - ok
10:47:22.0337 3740 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
10:47:22.0337 3740 QWAVEdrv - ok
10:47:22.0353 3740 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
10:47:22.0353 3740 RasAcd - ok
10:47:22.0384 3740 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
10:47:22.0384 3740 RasAuto - ok
10:47:22.0447 3740 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:47:22.0462 3740 Rasl2tp - ok
10:47:22.0509 3740 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
10:47:22.0509 3740 RasMan - ok
10:47:22.0556 3740 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
10:47:22.0571 3740 RasPppoe - ok
10:47:22.0634 3740 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
10:47:22.0649 3740 RasSstp - ok
10:47:22.0727 3740 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
10:47:22.0727 3740 rdbss - ok
10:47:22.0759 3740 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:47:22.0759 3740 RDPCDD - ok
10:47:22.0821 3740 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
10:47:22.0837 3740 rdpdr - ok
10:47:22.0837 3740 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
10:47:22.0837 3740 RDPENCDD - ok
10:47:22.0899 3740 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
10:47:22.0899 3740 RDPWD - ok
10:47:23.0008 3740 Recovery Service for Windows (d5f08cc3d19b1c7f49619b9dad43c0ce) C:\Program Files (x86)\SMINST\BLService.exe
10:47:23.0024 3740 Recovery Service for Windows - ok
10:47:23.0055 3740 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
10:47:23.0055 3740 RemoteAccess - ok
10:47:23.0117 3740 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
10:47:23.0133 3740 RemoteRegistry - ok
10:47:23.0180 3740 RFCOMM (72c35598ba591abddc37fce7d26fe1c4) C:\Windows\system32\DRIVERS\rfcomm.sys
10:47:23.0180 3740 RFCOMM - ok
10:47:23.0305 3740 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
10:47:23.0320 3740 RichVideo - ok
10:47:23.0336 3740 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
10:47:23.0351 3740 RpcLocator - ok
10:47:23.0476 3740 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
10:47:23.0492 3740 RpcSs - ok
10:47:23.0523 3740 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
10:47:23.0523 3740 rspndr - ok
10:47:23.0585 3740 RTL8169 (dfadcae64aebe2c67da9cd2ae74ccde5) C:\Windows\system32\DRIVERS\Rtlh64.sys
10:47:23.0601 3740 RTL8169 - ok
10:47:23.0617 3740 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:47:23.0617 3740 SamSs - ok
10:47:23.0679 3740 sbp2port (8c8862dc7417d89b375492c981c491f7) C:\Windows\system32\drivers\sbp2port.sys
10:47:23.0695 3740 sbp2port - ok
10:47:23.0929 3740 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
10:47:23.0960 3740 SBSDWSCService - ok
10:47:24.0022 3740 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
10:47:24.0038 3740 SCardSvr - ok
10:47:24.0194 3740 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
10:47:24.0209 3740 Schedule - ok
10:47:24.0256 3740 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
10:47:24.0256 3740 SCPolicySvc - ok
10:47:24.0350 3740 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
10:47:24.0350 3740 sdbus - ok
10:47:24.0397 3740 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
10:47:24.0397 3740 SDRSVC - ok
10:47:24.0412 3740 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:47:24.0412 3740 secdrv - ok
10:47:24.0412 3740 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
10:47:24.0428 3740 seclogon - ok
10:47:24.0443 3740 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
10:47:24.0443 3740 SENS - ok
10:47:24.0459 3740 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
10:47:24.0459 3740 Serenum - ok
10:47:24.0490 3740 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
10:47:24.0490 3740 Serial - ok
10:47:24.0506 3740 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
10:47:24.0506 3740 sermouse - ok
10:47:24.0553 3740 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
10:47:24.0553 3740 SessionEnv - ok
10:47:24.0584 3740 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
10:47:24.0584 3740 sffdisk - ok
10:47:24.0599 3740 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
10:47:24.0599 3740 sffp_mmc - ok
10:47:24.0631 3740 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
10:47:24.0631 3740 sffp_sd - ok
10:47:24.0646 3740 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
10:47:24.0646 3740 sfloppy - ok
10:47:24.0709 3740 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
10:47:24.0724 3740 SharedAccess - ok
10:47:24.0802 3740 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
10:47:24.0818 3740 ShellHWDetection - ok
10:47:24.0833 3740 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
10:47:24.0833 3740 SiSRaid2 - ok
10:47:24.0849 3740 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
10:47:24.0849 3740 SiSRaid4 - ok
10:47:25.0208 3740 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
10:47:25.0255 3740 slsvc - ok
10:47:25.0426 3740 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
10:47:25.0442 3740 SLUINotify - ok
10:47:25.0504 3740 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
10:47:25.0520 3740 Smb - ok
10:47:25.0551 3740 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
10:47:25.0551 3740 SNMPTRAP - ok
10:47:25.0582 3740 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
10:47:25.0598 3740 spldr - ok
10:47:25.0676 3740 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
10:47:25.0676 3740 Spooler - ok
10:47:25.0832 3740 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502010.003\SRTSP64.SYS
10:47:25.0847 3740 SRTSP - ok
10:47:25.0863 3740 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502010.003\SRTSPX64.SYS
10:47:25.0863 3740 SRTSPX - ok
10:47:25.0957 3740 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
10:47:25.0972 3740 srv - ok
10:47:26.0035 3740 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
10:47:26.0035 3740 srv2 - ok
10:47:26.0066 3740 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
10:47:26.0066 3740 srvnet - ok
10:47:26.0128 3740 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
10:47:26.0128 3740 SSDPSRV - ok
10:47:26.0191 3740 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
10:47:26.0191 3740 SstpSvc - ok
10:47:26.0378 3740 STacSV (810199dcc3bdc38304d7d649992ea7bc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
10:47:26.0393 3740 STacSV - ok
10:47:26.0503 3740 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
10:47:26.0518 3740 STHDA - ok
10:47:26.0627 3740 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
10:47:26.0643 3740 stisvc - ok
10:47:26.0674 3740 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
10:47:26.0674 3740 swenum - ok
10:47:26.0768 3740 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
10:47:26.0783 3740 swprv - ok
10:47:26.0799 3740 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
10:47:26.0799 3740 Symc8xx - ok
10:47:26.0908 3740 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS
10:47:26.0924 3740 SymDS - ok
10:47:27.0080 3740 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS
10:47:27.0111 3740 SymEFA - ok
10:47:27.0189 3740 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:47:27.0189 3740 SymEvent - ok
10:47:27.0251 3740 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS
10:47:27.0251 3740 SymIRON - ok
10:47:27.0314 3740 SYMTDIv (61d06be74fa23ebb7d816e4468edd19e) C:\Windows\System32\Drivers\N360x64\0502010.003\SYMTDIV.SYS
10:47:27.0314 3740 SYMTDIv - ok
10:47:27.0345 3740 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
10:47:27.0361 3740 Sym_hi - ok
10:47:27.0392 3740 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
10:47:27.0407 3740 Sym_u3 - ok
10:47:27.0501 3740 SynTP (c52b05821884f9a0ebee38c45dbd73cd) C:\Windows\system32\DRIVERS\SynTP.sys
10:47:27.0501 3740 SynTP - ok
10:47:27.0657 3740 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
10:47:27.0673 3740 SysMain - ok
10:47:27.0719 3740 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
10:47:27.0719 3740 TabletInputService - ok
10:47:27.0813 3740 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
10:47:27.0813 3740 TapiSrv - ok
10:47:27.0829 3740 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
10:47:27.0844 3740 TBS - ok
10:47:28.0078 3740 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
10:47:28.0109 3740 Tcpip - ok
10:47:28.0468 3740 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
10:47:28.0484 3740 Tcpip6 - ok
10:47:28.0593 3740 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
10:47:28.0593 3740 tcpipreg - ok
10:47:28.0624 3740 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
10:47:28.0624 3740 TDPIPE - ok
10:47:28.0655 3740 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
10:47:28.0655 3740 TDTCP - ok
10:47:28.0718 3740 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
10:47:28.0718 3740 tdx - ok
10:47:28.0780 3740 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
10:47:28.0780 3740 TermDD - ok
10:47:28.0889 3740 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
10:47:28.0905 3740 TermService - ok
10:47:28.0999 3740 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
10:47:28.0999 3740 Themes - ok
10:47:29.0030 3740 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
10:47:29.0030 3740 THREADORDER - ok
10:47:29.0077 3740 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
10:47:29.0077 3740 TrkWks - ok
10:47:29.0155 3740 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
10:47:29.0155 3740 TrustedInstaller - ok
10:47:29.0186 3740 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:47:29.0186 3740 tssecsrv - ok
10:47:29.0233 3740 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
10:47:29.0233 3740 tunmp - ok
10:47:29.0295 3740 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
10:47:29.0295 3740 tunnel - ok
10:47:29.0326 3740 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
10:47:29.0326 3740 uagp35 - ok
10:47:29.0404 3740 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
10:47:29.0404 3740 udfs - ok
10:47:29.0451 3740 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
10:47:29.0451 3740 UI0Detect - ok
10:47:29.0498 3740 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
10:47:29.0498 3740 uliagpkx - ok
10:47:29.0560 3740 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
10:47:29.0560 3740 uliahci - ok
10:47:29.0591 3740 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
10:47:29.0591 3740 UlSata - ok
10:47:29.0623 3740 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
10:47:29.0638 3740 ulsata2 - ok
10:47:29.0638 3740 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
10:47:29.0638 3740 umbus - ok
10:47:29.0685 3740 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
10:47:29.0701 3740 upnphost - ok
10:47:29.0763 3740 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
10:47:29.0763 3740 USBAAPL64 - ok
10:47:29.0810 3740 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
10:47:29.0810 3740 usbccgp - ok
10:47:29.0841 3740 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
10:47:29.0841 3740 usbcir - ok
10:47:29.0919 3740 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
10:47:29.0919 3740 usbehci - ok
10:47:29.0966 3740 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
10:47:29.0966 3740 usbhub - ok
10:47:29.0997 3740 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
10:47:30.0013 3740 usbohci - ok
10:47:30.0028 3740 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
10:47:30.0028 3740 usbprint - ok
10:47:30.0091 3740 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:47:30.0091 3740 USBSTOR - ok
10:47:30.0106 3740 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
10:47:30.0106 3740 usbuhci - ok
10:47:30.0153 3740 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
10:47:30.0153 3740 usbvideo - ok
10:47:30.0200 3740 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
10:47:30.0215 3740 UxSms - ok
10:47:30.0309 3740 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
10:47:30.0325 3740 vds - ok
10:47:30.0387 3740 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
10:47:30.0387 3740 vga - ok
10:47:30.0418 3740 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
10:47:30.0418 3740 VgaSave - ok
10:47:30.0449 3740 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
10:47:30.0449 3740 viaide - ok
10:47:30.0512 3740 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
10:47:30.0512 3740 volmgr - ok
10:47:30.0590 3740 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
10:47:30.0605 3740 volmgrx - ok
10:47:30.0683 3740 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
10:47:30.0683 3740 volsnap - ok
10:47:30.0730 3740 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
10:47:30.0746 3740 vsmraid - ok
10:47:30.0949 3740 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
10:47:30.0995 3740 VSS - ok
10:47:31.0183 3740 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
10:47:31.0198 3740 W32Time - ok
10:47:31.0245 3740 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
10:47:31.0245 3740 WacomPen - ok
10:47:31.0323 3740 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:47:31.0323 3740 Wanarp - ok
10:47:31.0323 3740 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:47:31.0323 3740 Wanarpv6 - ok
10:47:31.0417 3740 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
10:47:31.0432 3740 wcncsvc - ok
10:47:31.0463 3740 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
10:47:31.0463 3740 WcsPlugInService - ok
10:47:31.0479 3740 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
10:47:31.0479 3740 Wd - ok
10:47:31.0588 3740 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
10:47:31.0604 3740 Wdf01000 - ok
10:47:31.0619 3740 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
10:47:31.0619 3740 WdiServiceHost - ok
10:47:31.0635 3740 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
10:47:31.0635 3740 WdiSystemHost - ok
10:47:31.0697 3740 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
10:47:31.0713 3740 WebClient - ok
10:47:31.0760 3740 Wecsvc (bd9a749f36710ffa02e0e530f7451936) C:\Windows\system32\wecsvc.dll
10:47:31.0760 3740 Wecsvc - ok
10:47:31.0775 3740 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
10:47:31.0791 3740 wercplsupport - ok
10:47:31.0807 3740 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
10:47:31.0822 3740 WerSvc - ok
10:47:31.0853 3740 WinDefend - ok
10:47:31.0869 3740 WinHttpAutoProxySvc - ok
10:47:31.0947 3740 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
10:47:31.0947 3740 Winmgmt - ok
10:47:32.0119 3740 WinRM (42717db2be3a075d0f0cd5c927c27a43) C:\Windows\system32\WsmSvc.dll
10:47:32.0134 3740 WinRM - ok
10:47:32.0275 3740 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
10:47:32.0290 3740 Wlansvc - ok
10:47:32.0353 3740 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:47:32.0353 3740 WmiAcpi - ok
10:47:32.0446 3740 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
10:47:32.0462 3740 wmiApSrv - ok
10:47:32.0509 3740 WMPNetworkSvc - ok
10:47:32.0571 3740 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
10:47:32.0571 3740 WPCSvc - ok
10:47:32.0602 3740 WPDBusEnum (a27c8f92d84e2ddc151978e4692c978e) C:\Windows\system32\wpdbusenum.dll
10:47:32.0602 3740 WPDBusEnum - ok
10:47:32.0680 3740 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
10:47:32.0680 3740 WpdUsb - ok
10:47:32.0977 3740 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:47:32.0992 3740 WPFFontCache_v0400 - ok
10:47:33.0023 3740 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
10:47:33.0023 3740 ws2ifsl - ok
10:47:33.0086 3740 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
10:47:33.0086 3740 wscsvc - ok
10:47:33.0148 3740 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
10:47:33.0148 3740 WSDPrintDevice - ok
10:47:33.0148 3740 WSearch - ok
10:47:33.0476 3740 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
10:47:33.0523 3740 wuauserv - ok
10:47:33.0663 3740 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
10:47:33.0663 3740 wudfsvc - ok
10:47:33.0772 3740 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
10:47:33.0772 3740 yukonx64 - ok
10:47:33.0928 3740 {B154377D-700F-42cc-9474-23858FBDF4BD} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
10:47:33.0928 3740 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
10:47:33.0959 3740 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
10:47:34.0006 3740 \Device\Harddisk0\DR0 - ok
10:47:34.0006 3740 Boot (0x1200) (5083a0cb94df7d89203f68b7620059ca) \Device\Harddisk0\DR0\Partition0
10:47:34.0006 3740 \Device\Harddisk0\DR0\Partition0 - ok
10:47:34.0022 3740 Boot (0x1200) (b3f3ac884d27a751e21957e91cd09d2e) \Device\Harddisk0\DR0\Partition1
10:47:34.0037 3740 \Device\Harddisk0\DR0\Partition1 - ok
10:47:34.0037 3740 ============================================================
10:47:34.0037 3740 Scan finished
10:47:34.0037 3740 ============================================================
10:47:34.0053 3780 Detected object count: 0
10:47:34.0053 3780 Actual detected object count: 0

10:46:03.0760 3748 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
10:46:04.0291 3748 ============================================================
10:46:04.0291 3748 Current date / time: 2012/05/03 10:46:04.0291
10:46:04.0291 3748 SystemInfo:
10:46:04.0291 3748
10:46:04.0291 3748 OS Version: 6.0.6002 ServicePack: 2.0
10:46:04.0291 3748 Product type: Workstation
10:46:04.0291 3748 ComputerName: JAG2-PC
10:46:04.0291 3748 UserName: JAG2
10:46:04.0291 3748 Windows directory: C:\Windows
10:46:04.0291 3748 System windows directory: C:\Windows
10:46:04.0291 3748 Running under WOW64
10:46:04.0291 3748 Processor architecture: Intel x64
10:46:04.0291 3748 Number of processors: 2
10:46:04.0291 3748 Page size: 0x1000
10:46:04.0291 3748 Boot type: Normal boot
10:46:04.0291 3748 ============================================================
10:46:06.0428 3748 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:46:06.0443 3748 ============================================================
10:46:06.0443 3748 \Device\Harddisk0\DR0:
10:46:06.0443 3748 MBR partitions:
10:46:06.0443 3748 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x238377C1
10:46:06.0443 3748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23837800, BlocksNum 0x1BF5800
10:46:06.0443 3748 ============================================================
10:46:06.0553 3748 C: <-> \Device\Harddisk0\DR0\Partition0
10:46:06.0709 3748 D: <-> \Device\Harddisk0\DR0\Partition1
10:46:06.0724 3748 ============================================================
10:46:06.0724 3748 Initialize success
10:46:06.0724 3748 ============================================================
10:46:08.0737 3740 ============================================================
10:46:08.0737 3740 Scan started
10:46:08.0737 3740 Mode: Manual;
10:46:08.0737 3740 ============================================================
10:46:09.0641 3740 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
10:46:09.0641 3740 Accelerometer - ok
10:46:09.0751 3740 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
10:46:09.0751 3740 ACPI - ok
10:46:09.0938 3740 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:46:09.0938 3740 AdobeFlashPlayerUpdateSvc - ok
10:46:10.0063 3740 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
10:46:10.0063 3740 adp94xx - ok
10:46:10.0125 3740 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
10:46:10.0125 3740 adpahci - ok
10:46:10.0172 3740 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
10:46:10.0172 3740 adpu160m - ok
10:46:10.0234 3740 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
10:46:10.0234 3740 adpu320 - ok
10:46:10.0297 3740 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
10:46:10.0297 3740 AeLookupSvc - ok
10:46:10.0406 3740 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
10:46:10.0421 3740 AFD - ok
10:46:10.0484 3740 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe
10:46:10.0484 3740 AgereModemAudio - ok
10:46:10.0702 3740 AgereSoftModem (70e15cda25e151dfc60636ef73f5a7be) C:\Windows\system32\DRIVERS\agrsm64.sys
10:46:10.0718 3740 AgereSoftModem - ok
10:46:10.0765 3740 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
10:46:10.0765 3740 agp440 - ok
10:46:10.0811 3740 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
10:46:10.0811 3740 aic78xx - ok
10:46:10.0843 3740 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
10:46:10.0843 3740 ALG - ok
10:46:10.0905 3740 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
10:46:10.0921 3740 aliide - ok
10:46:10.0921 3740 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
10:46:10.0921 3740 amdide - ok
10:46:10.0952 3740 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
10:46:10.0952 3740 AmdK8 - ok
10:46:10.0999 3740 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
10:46:10.0999 3740 Appinfo - ok
10:46:11.0170 3740 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:46:11.0170 3740 Apple Mobile Device - ok
10:46:11.0248 3740 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
10:46:11.0248 3740 arc - ok
10:46:11.0279 3740 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
10:46:11.0279 3740 arcsas - ok
10:46:11.0482 3740 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:46:11.0498 3740 aspnet_state - ok
10:46:11.0529 3740 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
10:46:11.0545 3740 AsyncMac - ok
10:46:11.0591 3740 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
10:46:11.0607 3740 atapi - ok
10:46:11.0685 3740 atksgt (09149d03629a44f4773e621c432d1d89) C:\Windows\system32\DRIVERS\atksgt.sys
10:46:11.0685 3740 atksgt - ok
10:46:11.0825 3740 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
10:46:11.0825 3740 AudioEndpointBuilder - ok
10:46:11.0825 3740 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
10:46:11.0841 3740 AudioSrv - ok
10:46:11.0888 3740 Beep - ok
10:46:12.0013 3740 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
10:46:12.0013 3740 BFE - ok
10:46:12.0309 3740 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys
10:46:12.0325 3740 BHDrvx64 - ok
10:46:15.0398 3740 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
10:46:15.0413 3740 BITS - ok
10:46:15.0741 3740 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
10:46:15.0741 3740 blbdrive - ok
10:46:16.0193 3740 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:46:16.0193 3740 Bonjour Service - ok
10:46:16.0381 3740 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
10:46:16.0381 3740 bowser - ok
10:46:16.0443 3740 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
10:46:16.0443 3740 BrFiltLo - ok
10:46:16.0490 3740 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
10:46:16.0490 3740 BrFiltUp - ok
10:46:16.0552 3740 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
10:46:16.0552 3740 Browser - ok
10:46:16.0615 3740 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
10:46:16.0615 3740 Brserid - ok
10:46:16.0677 3740 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
10:46:16.0677 3740 BrSerWdm - ok
10:46:16.0724 3740 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
10:46:16.0724 3740 BrUsbMdm - ok
10:46:16.0771 3740 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
10:46:16.0771 3740 BrUsbSer - ok
10:46:16.0802 3740 BthEnum (471ff09330a53177bbe9fd6ddf8a8259) C:\Windows\system32\DRIVERS\BthEnum.sys
10:46:16.0817 3740 BthEnum - ok
10:46:16.0864 3740 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
10:46:16.0864 3740 BTHMODEM - ok
10:46:16.0958 3740 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
10:46:16.0958 3740 BthPan - ok
10:46:17.0207 3740 BTHPORT (7d104f22c04a76f0d2f96f789ac07fcb) C:\Windows\system32\Drivers\BTHport.sys
10:46:17.0223 3740 BTHPORT - ok
10:46:17.0301 3740 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
10:46:17.0301 3740 BthServ - ok
10:46:17.0379 3740 BTHUSB (d9324f0c142267961ce900bfc3798bb1) C:\Windows\system32\Drivers\BTHUSB.sys
10:46:17.0379 3740 BTHUSB - ok
10:46:17.0395 3740 catchme - ok
10:46:17.0426 3740 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
10:46:17.0441 3740 cdfs - ok
10:46:17.0519 3740 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
10:46:17.0519 3740 cdrom - ok
10:46:17.0613 3740 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
10:46:17.0613 3740 CertPropSvc - ok
10:46:17.0644 3740 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
10:46:17.0644 3740 circlass - ok
10:46:17.0722 3740 CISVC (2c0f16506bcbc80097d58099bc6be4c0) C:\Windows\system32\CISVC.EXE
10:46:17.0722 3740 CISVC - ok
10:46:17.0878 3740 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
10:46:17.0878 3740 CLFS - ok
10:46:18.0175 3740 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:46:18.0175 3740 clr_optimization_v2.0.50727_32 - ok
10:46:18.0393 3740 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:46:18.0393 3740 clr_optimization_v2.0.50727_64 - ok
10:46:18.0689 3740 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:46:18.0689 3740 clr_optimization_v4.0.30319_32 - ok
10:46:19.0189 3740 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:46:19.0189 3740 clr_optimization_v4.0.30319_64 - ok
10:46:19.0251 3740 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
10:46:19.0251 3740 CmBatt - ok
10:46:19.0267 3740 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
10:46:19.0267 3740 cmdide - ok
10:46:19.0423 3740 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
10:46:19.0423 3740 Com4QLBEx - ok
10:46:19.0423 3740 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
10:46:19.0423 3740 Compbatt - ok
10:46:19.0438 3740 COMSysApp - ok
10:46:19.0516 3740 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
10:46:19.0516 3740 crcdisk - ok
10:46:19.0688 3740 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
10:46:19.0688 3740 CryptSvc - ok
10:46:20.0093 3740 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
10:46:20.0109 3740 DcomLaunch - ok
10:46:20.0156 3740 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
10:46:20.0171 3740 DfsC - ok
10:46:20.0265 3740 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
10:46:20.0265 3740 Dhcp - ok
10:46:20.0327 3740 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
10:46:20.0327 3740 disk - ok
10:46:20.0405 3740 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
10:46:20.0405 3740 Dnscache - ok
10:46:20.0468 3740 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
10:46:20.0468 3740 dot3svc - ok
10:46:20.0530 3740 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
10:46:20.0530 3740 DPS - ok
10:46:20.0593 3740 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
10:46:20.0593 3740 drmkaud - ok
10:46:21.0263 3740 DXGKrnl (e828cdca431d1f98d33501dfc390079a) C:\Windows\System32\drivers\dxgkrnl.sys
10:46:21.0279 3740 DXGKrnl - ok
10:46:21.0419 3740 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
10:46:21.0435 3740 E1G60 - ok
10:46:21.0513 3740 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
10:46:21.0513 3740 EapHost - ok
10:46:21.0638 3740 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
10:46:21.0638 3740 Ecache - ok
10:46:22.0137 3740 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:46:22.0153 3740 eeCtrl - ok
10:46:22.0293 3740 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
10:46:22.0293 3740 ehRecvr - ok
10:46:22.0340 3740 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
10:46:22.0340 3740 ehSched - ok
10:46:22.0371 3740 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
10:46:22.0371 3740 ehstart - ok
10:46:22.0496 3740 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
10:46:22.0496 3740 elxstor - ok
10:46:22.0870 3740 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
10:46:22.0886 3740 EMDMgmt - ok
10:46:22.0948 3740 enecir (0e3f3301052673cf16813e65d5de98ad) C:\Windows\system32\DRIVERS\enecir.sys
10:46:22.0948 3740 enecir - ok
10:46:23.0089 3740 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:46:23.0089 3740 EraserUtilRebootDrv - ok
10:46:23.0167 3740 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
10:46:23.0167 3740 ErrDev - ok
10:46:23.0291 3740 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
10:46:23.0307 3740 EventSystem - ok
10:46:23.0447 3740 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
10:46:23.0463 3740 exfat - ok
10:46:23.0666 3740 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
10:46:23.0666 3740 fastfat - ok
10:46:23.0728 3740 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
10:46:23.0728 3740 fdc - ok
10:46:23.0806 3740 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
10:46:23.0806 3740 fdPHost - ok
10:46:23.0853 3740 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
10:46:23.0853 3740 FDResPub - ok
10:46:24.0009 3740 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
10:46:24.0009 3740 FileInfo - ok
10:46:24.0040 3740 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
10:46:24.0040 3740 Filetrace - ok
10:46:24.0071 3740 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:46:24.0071 3740 flpydisk - ok
10:46:24.0259 3740 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
10:46:24.0274 3740 FltMgr - ok
10:46:24.0383 3740 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:46:24.0399 3740 FontCache3.0.0.0 - ok
10:46:24.0415 3740 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
10:46:24.0415 3740 Fs_Rec - ok
10:46:24.0508 3740 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
10:46:24.0508 3740 gagp30kx - ok
10:46:24.0571 3740 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:46:24.0571 3740 GEARAspiWDM - ok
10:46:25.0085 3740 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
10:46:25.0117 3740 gpsvc - ok
10:46:25.0210 3740 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
10:46:25.0226 3740 HdAudAddService - ok
10:46:25.0522 3740 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:46:25.0569 3740 HDAudBus - ok
10:46:25.0585 3740 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
10:46:25.0585 3740 HidBth - ok
10:46:25.0616 3740 HidIr (1d4e03e5c5ba4c3679c38cb6b4c60d5f) C:\Windows\system32\DRIVERS\hidir.sys
10:46:25.0616 3740 HidIr - ok
10:46:25.0663 3740 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
10:46:25.0663 3740 hidserv - ok
10:46:25.0756 3740 HidUsb (59a7b5e13356c20d67983868242167c5) C:\Windows\system32\DRIVERS\hidusb.sys
10:46:25.0756 3740 HidUsb - ok
10:46:25.0803 3740 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
10:46:25.0803 3740 hkmsvc - ok
10:46:25.0990 3740 HP Health Check Service (89f9e1984c1cd9e5f4fe39642d886e11) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
10:46:25.0990 3740 HP Health Check Service - ok
10:46:26.0053 3740 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
10:46:26.0053 3740 HpCISSs - ok
10:46:26.0131 3740 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
10:46:26.0131 3740 hpdskflt - ok
10:46:26.0177 3740 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
10:46:26.0209 3740 HpqKbFiltr - ok
10:46:26.0287 3740 hpqwmiex (1665c7121a026df10c903db9bc5e9d43) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
10:46:26.0287 3740 hpqwmiex - ok
10:46:26.0333 3740 hpsrv (6bf024ea61d7894bf4af0b10a90b546e) C:\Windows\system32\Hpservice.exe
10:46:26.0333 3740 hpsrv - ok
10:46:26.0567 3740 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
10:46:26.0599 3740 HTTP - ok
10:46:26.0630 3740 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
10:46:26.0630 3740 i2omp - ok
10:46:26.0677 3740 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
10:46:26.0677 3740 i8042prt - ok
10:46:26.0817 3740 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
10:46:26.0833 3740 iaStorV - ok
10:46:26.0973 3740 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:46:26.0989 3740 IDriverT - ok
10:46:27.0394 3740 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:46:27.0441 3740 idsvc - ok
10:46:27.0815 3740 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120427.001\IDSvia64.sys
10:46:27.0831 3740 IDSVia64 - ok
10:46:28.0502 3740 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
10:46:28.0517 3740 iirsp - ok
10:46:28.0892 3740 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
10:46:28.0923 3740 IKEEXT - ok
10:46:28.0985 3740 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
10:46:28.0985 3740 intelide - ok
10:46:29.0001 3740 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
10:46:29.0001 3740 intelppm - ok
10:46:29.0079 3740 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
10:46:29.0126 3740 IPBusEnum - ok
10:46:29.0173 3740 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:46:29.0173 3740 IpFilterDriver - ok
10:46:29.0251 3740 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
10:46:29.0251 3740 iphlpsvc - ok
10:46:29.0251 3740 IpInIp - ok
10:46:29.0282 3740 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
10:46:29.0297 3740 IPMIDRV - ok
10:46:29.0329 3740 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
10:46:29.0329 3740 IPNAT - ok
10:46:29.0594 3740 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
10:46:29.0625 3740 iPod Service - ok
10:46:29.0656 3740 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
10:46:29.0656 3740 IRENUM - ok
10:46:29.0703 3740 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
10:46:29.0703 3740 isapnp - ok
10:46:29.0890 3740 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
10:46:29.0890 3740 iScsiPrt - ok
10:46:29.0937 3740 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
10:46:29.0937 3740 iteatapi - ok
10:46:29.0984 3740 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
10:46:29.0984 3740 iteraid - ok
10:46:30.0046 3740 JMCR (15371306d1adbbf35e475c8da516a956) C:\Windows\system32\DRIVERS\jmcr.sys
10:46:30.0046 3740 JMCR - ok
10:46:30.0124 3740 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
10:46:30.0124 3740 kbdclass - ok
10:46:30.0187 3740 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
10:46:30.0202 3740 kbdhid - ok
10:46:30.0233 3740 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:46:30.0233 3740 KeyIso - ok
10:46:30.0311 3740 KeyScrambler (e3cf421210ebddacb4590ae67a0226dc) C:\Windows\system32\drivers\keyscrambler.sys
10:46:30.0311 3740 KeyScrambler - ok
10:46:30.0421 3740 KjsUpdateService2 (0c1672984c5d608740bdfacf483b01f1) C:\Program Files (x86)\Common Files\AppLifeUpdateService2\kjsausvc.exe
10:46:30.0421 3740 KjsUpdateService2 - ok
10:46:30.0592 3740 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
10:46:30.0592 3740 KSecDD - ok
10:46:30.0623 3740 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
10:46:30.0623 3740 ksthunk - ok
10:46:30.0733 3740 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
10:46:30.0748 3740 KtmRm - ok
10:46:30.0826 3740 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
10:46:30.0826 3740 LanmanServer - ok
10:46:30.0935 3740 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
10:46:30.0951 3740 LanmanWorkstation - ok
10:46:34.0009 3740 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
10:46:34.0165 3740 LeapFrog Connect Device Service - ok
10:46:34.0383 3740 LightScribeService (0ee66bdf485c6828aa65c0ef5d591133) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:46:34.0383 3740 LightScribeService - ok
10:46:34.0867 3740 lirsgt (5ea407821bb3104c31a705175ab4f309) C:\Windows\system32\DRIVERS\lirsgt.sys
10:46:34.0867 3740 lirsgt - ok
10:46:34.0929 3740 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
10:46:34.0929 3740 lltdio - ok
10:46:35.0054 3740 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
10:46:35.0069 3740 lltdsvc - ok
10:46:35.0116 3740 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
10:46:35.0116 3740 lmhosts - ok
10:46:35.0210 3740 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
10:46:35.0225 3740 LSI_FC - ok
10:46:35.0241 3740 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
10:46:35.0241 3740 LSI_SAS - ok
10:46:35.0288 3740 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
10:46:35.0288 3740 LSI_SCSI - ok
10:46:35.0303 3740 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
10:46:35.0319 3740 luafv - ok
10:46:35.0428 3740 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
10:46:35.0428 3740 MarvinBus - ok
10:46:35.0522 3740 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
10:46:35.0537 3740 Mcx2Svc - ok
10:46:35.0553 3740 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
10:46:35.0569 3740 megasas - ok
10:46:35.0631 3740 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
10:46:35.0647 3740 MegaSR - ok
10:46:35.0662 3740 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
10:46:35.0678 3740 MMCSS - ok
10:46:35.0693 3740 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
10:46:35.0693 3740 Modem - ok
10:46:35.0740 3740 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
10:46:35.0740 3740 monitor - ok
10:46:35.0756 3740 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
10:46:35.0756 3740 mouclass - ok
10:46:35.0818 3740 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
10:46:35.0818 3740 mouhid - ok
10:46:35.0834 3740 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
10:46:35.0834 3740 MountMgr - ok
10:46:35.0943 3740 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:46:35.0943 3740 MozillaMaintenance - ok
10:46:36.0005 3740 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
10:46:36.0037 3740 mpio - ok
10:46:36.0099 3740 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
10:46:36.0099 3740 mpsdrv - ok
10:46:36.0505 3740 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
10:46:36.0536 3740 MpsSvc - ok
10:46:36.0551 3740 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
10:46:36.0551 3740 Mraid35x - ok
10:46:36.0645 3740 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
10:46:36.0661 3740 MRxDAV - ok
10:46:36.0801 3740 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:46:36.0801 3740 mrxsmb - ok
10:46:36.0863 3740 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:46:36.0863 3740 mrxsmb10 - ok
10:46:36.0895 3740 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:46:36.0910 3740 mrxsmb20 - ok
10:46:36.0973 3740 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
10:46:36.0973 3740 msahci - ok
10:46:37.0191 3740 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
10:46:37.0191 3740 msdsm - ok
10:46:37.0238 3740 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
10:46:37.0238 3740 MSDTC - ok
10:46:37.0285 3740 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
10:46:37.0285 3740 Msfs - ok
10:46:37.0347 3740 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
10:46:37.0363 3740 msisadrv - ok
10:46:37.0394 3740 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
10:46:37.0409 3740 MSiSCSI - ok
10:46:37.0409 3740 msiserver - ok
10:46:37.0456 3740 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
10:46:37.0456 3740 MSKSSRV - ok
10:46:37.0487 3740 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
10:46:37.0487 3740 MSPCLOCK - ok
10:46:37.0519 3740 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
10:46:37.0519 3740 MSPQM - ok
10:46:37.0690 3740 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
10:46:37.0690 3740 MsRPC - ok
10:46:37.0862 3740 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
10:46:37.0877 3740 mssmbios - ok
10:46:37.0924 3740 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
10:46:37.0924 3740 MSTEE - ok
10:46:38.0236 3740 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
10:46:38.0267 3740 Mup - ok
10:46:38.0517 3740 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
10:46:38.0517 3740 N360 - ok
10:46:38.0767 3740 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
10:46:38.0767 3740 napagent - ok
10:46:39.0032 3740 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
10:46:39.0047 3740 NativeWifiP - ok
10:46:39.0328 3740 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120429.009\ENG64.SYS
10:46:39.0328 3740 NAVENG - ok
10:46:40.0358 3740 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120429.009\EX64.SYS
10:46:40.0373 3740 NAVEX15 - ok
10:46:41.0606 3740 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
10:46:41.0637 3740 NDIS - ok
10:46:41.0653 3740 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
10:46:41.0653 3740 NdisTapi - ok
10:46:41.0668 3740 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
10:46:41.0668 3740 Ndisuio - ok
10:46:41.0746 3740 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
10:46:41.0746 3740 NdisWan - ok
10:46:41.0762 3740 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
10:46:41.0762 3740 NDProxy - ok
10:46:41.0793 3740 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
10:46:41.0793 3740 NetBIOS - ok
10:46:41.0933 3740 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
10:46:41.0933 3740 netbt - ok
10:46:41.0965 3740 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:46:41.0965 3740 Netlogon - ok
10:46:42.0027 3740 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
10:46:42.0043 3740 Netman - ok
10:46:42.0323 3740 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:46:42.0323 3740 NetMsmqActivator - ok
10:46:42.0339 3740 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:46:42.0339 3740 NetPipeActivator - ok
10:46:42.0386 3740 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
10:46:42.0386 3740 netprofm - ok
10:46:42.0386 3740 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:46:42.0386 3740 NetTcpActivator - ok
10:46:42.0401 3740 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:46:42.0401 3740 NetTcpPortSharing - ok
10:46:44.0819 3740 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
10:46:44.0929 3740 NETw3v64 - ok
10:46:52.0651 3740 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys
10:46:52.0791 3740 NETw5v64 - ok
10:46:54.0242 3740 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
10:46:54.0273 3740 nfrd960 - ok
10:46:54.0772 3740 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
10:46:54.0835 3740 NlaSvc - ok
10:46:55.0115 3740 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
10:46:55.0131 3740 Npfs - ok
10:46:55.0178 3740 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
10:46:55.0178 3740 nsi - ok
10:46:55.0318 3740 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
10:46:55.0349 3740 nsiproxy - ok
10:46:57.0533 3740 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
10:46:57.0596 3740 Ntfs - ok
10:46:58.0329 3740 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
10:46:58.0376 3740 Null - ok
10:46:58.0735 3740 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
10:46:58.0750 3740 NVHDA - ok
10:47:11.0807 3740 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:47:11.0917 3740 nvlddmkm - ok
10:47:12.0291 3740 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
10:47:12.0291 3740 nvraid - ok
10:47:12.0322 3740 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
10:47:12.0322 3740 nvstor - ok
10:47:13.0648 3740 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
10:47:13.0711 3740 nvsvc - ok
10:47:16.0191 3740 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
10:47:16.0253 3740 nvUpdatusService - ok
10:47:17.0252 3740 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
10:47:17.0252 3740 nv_agp - ok
10:47:17.0267 3740 NwlnkFlt - ok
10:47:17.0267 3740 NwlnkFwd - ok
10:47:17.0408 3740 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
10:47:17.0408 3740 ohci1394 - ok
10:47:17.0720 3740 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:47:17.0767 3740 p2pimsvc - ok
10:47:17.0782 3740 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:47:17.0782 3740 p2psvc - ok
10:47:17.0923 3740 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
10:47:17.0938 3740 Parport - ok
10:47:17.0985 3740 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
10:47:17.0985 3740 partmgr - ok
10:47:18.0032 3740 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
10:47:18.0032 3740 PcaSvc - ok
10:47:18.0235 3740 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
10:47:18.0235 3740 pci - ok
10:47:18.0281 3740 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys
10:47:18.0281 3740 pciide - ok
10:47:18.0640 3740 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
10:47:18.0640 3740 pcmcia - ok
10:47:19.0046 3740 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
10:47:19.0077 3740 PEAUTH - ok
10:47:19.0280 3740 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
10:47:19.0280 3740 PerfHost - ok
10:47:20.0933 3740 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
10:47:20.0996 3740 pla - ok
10:47:21.0121 3740 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
10:47:21.0121 3740 PlugPlay - ok
10:47:21.0542 3740 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:47:21.0557 3740 PNRPAutoReg - ok
10:47:21.0573 3740 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:47:21.0589 3740 PNRPsvc - ok
10:47:21.0698 3740 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
10:47:21.0713 3740 PolicyAgent - ok
10:47:21.0807 3740 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
10:47:21.0807 3740 PptpMiniport - ok
10:47:21.0838 3740 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
10:47:21.0838 3740 Processor - ok
10:47:21.0916 3740 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
10:47:21.0916 3740 ProfSvc - ok
10:47:21.0947 3740 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:47:21.0947 3740 ProtectedStorage - ok
10:47:22.0010 3740 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
10:47:22.0010 3740 PSched - ok
10:47:22.0166 3740 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
10:47:22.0197 3740 ql2300 - ok
10:47:22.0228 3740 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
10:47:22.0244 3740 ql40xx - ok
10:47:22.0291 3740 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
10:47:22.0306 3740 QWAVE - ok
10:47:22.0337 3740 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
10:47:22.0337 3740 QWAVEdrv - ok
10:47:22.0353 3740 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
10:47:22.0353 3740 RasAcd - ok
10:47:22.0384 3740 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
10:47:22.0384 3740 RasAuto - ok
10:47:22.0447 3740 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:47:22.0462 3740 Rasl2tp - ok
10:47:22.0509 3740 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
10:47:22.0509 3740 RasMan - ok
10:47:22.0556 3740 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
10:47:22.0571 3740 RasPppoe - ok
10:47:22.0634 3740 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
10:47:22.0649 3740 RasSstp - ok
10:47:22.0727 3740 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
10:47:22.0727 3740 rdbss - ok
10:47:22.0759 3740 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:47:22.0759 3740 RDPCDD - ok
10:47:22.0821 3740 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
10:47:22.0837 3740 rdpdr - ok
10:47:22.0837 3740 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
10:47:22.0837 3740 RDPENCDD - ok
10:47:22.0899 3740 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
10:47:22.0899 3740 RDPWD - ok
10:47:23.0008 3740 Recovery Service for Windows (d5f08cc3d19b1c7f49619b9dad43c0ce) C:\Program Files (x86)\SMINST\BLService.exe
10:47:23.0024 3740 Recovery Service for Windows - ok
10:47:23.0055 3740 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
10:47:23.0055 3740 RemoteAccess - ok
10:47:23.0117 3740 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
10:47:23.0133 3740 RemoteRegistry - ok
10:47:23.0180 3740 RFCOMM (72c35598ba591abddc37fce7d26fe1c4) C:\Windows\system32\DRIVERS\rfcomm.sys
10:47:23.0180 3740 RFCOMM - ok
10:47:23.0305 3740 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
10:47:23.0320 3740 RichVideo - ok
10:47:23.0336 3740 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
10:47:23.0351 3740 RpcLocator - ok
10:47:23.0476 3740 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
10:47:23.0492 3740 RpcSs - ok
10:47:23.0523 3740 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
10:47:23.0523 3740 rspndr - ok
10:47:23.0585 3740 RTL8169 (dfadcae64aebe2c67da9cd2ae74ccde5) C:\Windows\system32\DRIVERS\Rtlh64.sys
10:47:23.0601 3740 RTL8169 - ok
10:47:23.0617 3740 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:47:23.0617 3740 SamSs - ok
10:47:23.0679 3740 sbp2port (8c8862dc7417d89b375492c981c491f7) C:\Windows\system32\drivers\sbp2port.sys
10:47:23.0695 3740 sbp2port - ok
10:47:23.0929 3740 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
10:47:23.0960 3740 SBSDWSCService - ok
10:47:24.0022 3740 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
10:47:24.0038 3740 SCardSvr - ok
10:47:24.0194 3740 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
10:47:24.0209 3740 Schedule - ok
10:47:24.0256 3740 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
10:47:24.0256 3740 SCPolicySvc - ok
10:47:24.0350 3740 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
10:47:24.0350 3740 sdbus - ok
10:47:24.0397 3740 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
10:47:24.0397 3740 SDRSVC - ok
10:47:24.0412 3740 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:47:24.0412 3740 secdrv - ok
10:47:24.0412 3740 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
10:47:24.0428 3740 seclogon - ok
10:47:24.0443 3740 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
10:47:24.0443 3740 SENS - ok
10:47:24.0459 3740 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
10:47:24.0459 3740 Serenum - ok
10:47:24.0490 3740 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
10:47:24.0490 3740 Serial - ok
10:47:24.0506 3740 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
10:47:24.0506 3740 sermouse - ok
10:47:24.0553 3740 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
10:47:24.0553 3740 SessionEnv - ok
10:47:24.0584 3740 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
10:47:24.0584 3740 sffdisk - ok
10:47:24.0599 3740 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
10:47:24.0599 3740 sffp_mmc - ok
10:47:24.0631 3740 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
10:47:24.0631 3740 sffp_sd - ok
10:47:24.0646 3740 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
10:47:24.0646 3740 sfloppy - ok
10:47:24.0709 3740 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
10:47:24.0724 3740 SharedAccess - ok
10:47:24.0802 3740 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
10:47:24.0818 3740 ShellHWDetection - ok
10:47:24.0833 3740 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
10:47:24.0833 3740 SiSRaid2 - ok
10:47:24.0849 3740 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
10:47:24.0849 3740 SiSRaid4 - ok
10:47:25.0208 3740 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
10:47:25.0255 3740 slsvc - ok
10:47:25.0426 3740 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
10:47:25.0442 3740 SLUINotify - ok
10:47:25.0504 3740 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
10:47:25.0520 3740 Smb - ok
10:47:25.0551 3740 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
10:47:25.0551 3740 SNMPTRAP - ok
10:47:25.0582 3740 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
10:47:25.0598 3740 spldr - ok
10:47:25.0676 3740 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
10:47:25.0676 3740 Spooler - ok
10:47:25.0832 3740 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502010.003\SRTSP64.SYS
10:47:25.0847 3740 SRTSP - ok
10:47:25.0863 3740 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502010.003\SRTSPX64.SYS
10:47:25.0863 3740 SRTSPX - ok
10:47:25.0957 3740 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
10:47:25.0972 3740 srv - ok
10:47:26.0035 3740 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
10:47:26.0035 3740 srv2 - ok
10:47:26.0066 3740 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
10:47:26.0066 3740 srvnet - ok
10:47:26.0128 3740 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
10:47:26.0128 3740 SSDPSRV - ok
10:47:26.0191 3740 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
10:47:26.0191 3740 SstpSvc - ok
10:47:26.0378 3740 STacSV (810199dcc3bdc38304d7d649992ea7bc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
10:47:26.0393 3740 STacSV - ok
10:47:26.0503 3740 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
10:47:26.0518 3740 STHDA - ok
10:47:26.0627 3740 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
10:47:26.0643 3740 stisvc - ok
10:47:26.0674 3740 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
10:47:26.0674 3740 swenum - ok
10:47:26.0768 3740 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
10:47:26.0783 3740 swprv - ok
10:47:26.0799 3740 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
10:47:26.0799 3740 Symc8xx - ok
10:47:26.0908 3740 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS
10:47:26.0924 3740 SymDS - ok
10:47:27.0080 3740 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS
10:47:27.0111 3740 SymEFA - ok
10:47:27.0189 3740 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:47:27.0189 3740 SymEvent - ok
10:47:27.0251 3740 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS
10:47:27.0251 3740 SymIRON - ok
10:47:27.0314 3740 SYMTDIv (61d06be74fa23ebb7d816e4468edd19e) C:\Windows\System32\Drivers\N360x64\0502010.003\SYMTDIV.SYS
10:47:27.0314 3740 SYMTDIv - ok
10:47:27.0345 3740 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
10:47:27.0361 3740 Sym_hi - ok
10:47:27.0392 3740 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
10:47:27.0407 3740 Sym_u3 - ok
10:47:27.0501 3740 SynTP (c52b05821884f9a0ebee38c45dbd73cd) C:\Windows\system32\DRIVERS\SynTP.sys
10:47:27.0501 3740 SynTP - ok
10:47:27.0657 3740 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
10:47:27.0673 3740 SysMain - ok
10:47:27.0719 3740 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
10:47:27.0719 3740 TabletInputService - ok
10:47:27.0813 3740 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
10:47:27.0813 3740 TapiSrv - ok
10:47:27.0829 3740 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
10:47:27.0844 3740 TBS - ok
10:47:28.0078 3740 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
10:47:28.0109 3740 Tcpip - ok
10:47:28.0468 3740 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
10:47:28.0484 3740 Tcpip6 - ok
10:47:28.0593 3740 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
10:47:28.0593 3740 tcpipreg - ok
10:47:28.0624 3740 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
10:47:28.0624 3740 TDPIPE - ok
10:47:28.0655 3740 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
10:47:28.0655 3740 TDTCP - ok
10:47:28.0718 3740 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
10:47:28.0718 3740 tdx - ok
10:47:28.0780 3740 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
10:47:28.0780 3740 TermDD - ok
10:47:28.0889 3740 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
10:47:28.0905 3740 TermService - ok
10:47:28.0999 3740 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
10:47:28.0999 3740 Themes - ok
10:47:29.0030 3740 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
10:47:29.0030 3740 THREADORDER - ok
10:47:29.0077 3740 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
10:47:29.0077 3740 TrkWks - ok
10:47:29.0155 3740 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
10:47:29.0155 3740 TrustedInstaller - ok
10:47:29.0186 3740 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:47:29.0186 3740 tssecsrv - ok
10:47:29.0233 3740 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
10:47:29.0233 3740 tunmp - ok
10:47:29.0295 3740 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
10:47:29.0295 3740 tunnel - ok
10:47:29.0326 3740 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
10:47:29.0326 3740 uagp35 - ok
10:47:29.0404 3740 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
10:47:29.0404 3740 udfs - ok
10:47:29.0451 3740 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
10:47:29.0451 3740 UI0Detect - ok
10:47:29.0498 3740 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
10:47:29.0498 3740 uliagpkx - ok
10:47:29.0560 3740 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
10:47:29.0560 3740 uliahci - ok
10:47:29.0591 3740 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
10:47:29.0591 3740 UlSata - ok
10:47:29.0623 3740 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
10:47:29.0638 3740 ulsata2 - ok
10:47:29.0638 3740 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
10:47:29.0638 3740 umbus - ok
10:47:29.0685 3740 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
10:47:29.0701 3740 upnphost - ok
10:47:29.0763 3740 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
10:47:29.0763 3740 USBAAPL64 - ok
10:47:29.0810 3740 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
10:47:29.0810 3740 usbccgp - ok
10:47:29.0841 3740 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
10:47:29.0841 3740 usbcir - ok
10:47:29.0919 3740 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
10:47:29.0919 3740 usbehci - ok
10:47:29.0966 3740 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
10:47:29.0966 3740 usbhub - ok
10:47:29.0997 3740 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
10:47:30.0013 3740 usbohci - ok
10:47:30.0028 3740 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
10:47:30.0028 3740 usbprint - ok
10:47:30.0091 3740 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:47:30.0091 3740 USBSTOR - ok
10:47:30.0106 3740 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
10:47:30.0106 3740 usbuhci - ok
10:47:30.0153 3740 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
10:47:30.0153 3740 usbvideo - ok
10:47:30.0200 3740 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
10:47:30.0215 3740 UxSms - ok
10:47:30.0309 3740 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
10:47:30.0325 3740 vds - ok
10:47:30.0387 3740 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
10:47:30.0387 3740 vga - ok
10:47:30.0418 3740 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
10:47:30.0418 3740 VgaSave - ok
10:47:30.0449 3740 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
10:47:30.0449 3740 viaide - ok
10:47:30.0512 3740 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
10:47:30.0512 3740 volmgr - ok
10:47:30.0590 3740 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
10:47:30.0605 3740 volmgrx - ok
10:47:30.0683 3740 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
10:47:30.0683 3740 volsnap - ok
10:47:30.0730 3740 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
10:47:30.0746 3740 vsmraid - ok
10:47:30.0949 3740 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
10:47:30.0995 3740 VSS - ok
10:47:31.0183 3740 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
10:47:31.0198 3740 W32Time - ok
10:47:31.0245 3740 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
10:47:31.0245 3740 WacomPen - ok
10:47:31.0323 3740 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:47:31.0323 3740 Wanarp - ok
10:47:31.0323 3740 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:47:31.0323 3740 Wanarpv6 - ok
10:47:31.0417 3740 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
10:47:31.0432 3740 wcncsvc - ok
10:47:31.0463 3740 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
10:47:31.0463 3740 WcsPlugInService - ok
10:47:31.0479 3740 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
10:47:31.0479 3740 Wd - ok
10:47:31.0588 3740 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
10:47:31.0604 3740 Wdf01000 - ok
10:47:31.0619 3740 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
10:47:31.0619 3740 WdiServiceHost - ok
10:47:31.0635 3740 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
10:47:31.0635 3740 WdiSystemHost - ok
10:47:31.0697 3740 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
10:47:31.0713 3740 WebClient - ok
10:47:31.0760 3740 Wecsvc (bd9a749f36710ffa02e0e530f7451936) C:\Windows\system32\wecsvc.dll
10:47:31.0760 3740 Wecsvc - ok
10:47:31.0775 3740 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
10:47:31.0791 3740 wercplsupport - ok
10:47:31.0807 3740 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
10:47:31.0822 3740 WerSvc - ok
10:47:31.0853 3740 WinDefend - ok
10:47:31.0869 3740 WinHttpAutoProxySvc - ok
10:47:31.0947 3740 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
10:47:31.0947 3740 Winmgmt - ok
10:47:32.0119 3740 WinRM (42717db2be3a075d0f0cd5c927c27a43) C:\Windows\system32\WsmSvc.dll
10:47:32.0134 3740 WinRM - ok
10:47:32.0275 3740 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
10:47:32.0290 3740 Wlansvc - ok
10:47:32.0353 3740 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:47:32.0353 3740 WmiAcpi - ok
10:47:32.0446 3740 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
10:47:32.0462 3740 wmiApSrv - ok
10:47:32.0509 3740 WMPNetworkSvc - ok
10:47:32.0571 3740 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
10:47:32.0571 3740 WPCSvc - ok
10:47:32.0602 3740 WPDBusEnum (a27c8f92d84e2ddc151978e4692c978e) C:\Windows\system32\wpdbusenum.dll
10:47:32.0602 3740 WPDBusEnum - ok
10:47:32.0680 3740 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
10:47:32.0680 3740 WpdUsb - ok
10:47:32.0977 3740 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:47:32.0992 3740 WPFFontCache_v0400 - ok
10:47:33.0023 3740 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
10:47:33.0023 3740 ws2ifsl - ok
10:47:33.0086 3740 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
10:47:33.0086 3740 wscsvc - ok
10:47:33.0148 3740 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
10:47:33.0148 3740 WSDPrintDevice - ok
10:47:33.0148 3740 WSearch - ok
10:47:33.0476 3740 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
10:47:33.0523 3740 wuauserv - ok
10:47:33.0663 3740 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
10:47:33.0663 3740 wudfsvc - ok
10:47:33.0772 3740 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
10:47:33.0772 3740 yukonx64 - ok
10:47:33.0928 3740 {B154377D-700F-42cc-9474-23858FBDF4BD} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
10:47:33.0928 3740 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
10:47:33.0959 3740 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
10:47:34.0006 3740 \Device\Harddisk0\DR0 - ok
10:47:34.0006 3740 Boot (0x1200) (5083a0cb94df7d89203f68b7620059ca) \Device\Harddisk0\DR0\Partition0
10:47:34.0006 3740 \Device\Harddisk0\DR0\Partition0 - ok
10:47:34.0022 3740 Boot (0x1200) (b3f3ac884d27a751e21957e91cd09d2e) \Device\Harddisk0\DR0\Partition1
10:47:34.0037 3740 \Device\Harddisk0\DR0\Partition1 - ok
10:47:34.0037 3740 ============================================================
10:47:34.0037 3740 Scan finished
10:47:34.0037 3740 ============================================================
10:47:34.0053 3780 Detected object count: 0
10:47:34.0053 3780 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:17 AM

Posted 03 May 2012 - 12:55 PM

Hello


when you are uninstalling firefox are you removing everything?


let me have the aswMBR report when it is ready


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 dagiz

dagiz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 03 May 2012 - 05:34 PM

Yes, I am, at least everything that it is asking. I haven't dug deep into the user/local/app/ menus to dig out there yet, that may work...haven't tried. but will once I get the chance. My apologies, thought I did post the other report as well...oops. For now, I Dl'd chrome and that works without a problem. So it definitely seems to be just firefox. But I'll see what else I can do. Once I get home I will go ahead and get the other report for you.

#10 dagiz

dagiz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 03 May 2012 - 07:51 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-02 22:21:52
-----------------------------
22:21:52.182 OS Version: Windows x64 6.0.6002 Service Pack 2
22:21:52.182 Number of processors: 2 586 0x170A
22:21:52.182 ComputerName: JAG2-PC UserName: JAG2
22:21:54.803 Initialize success
22:22:55.331 AVAST engine defs: 12050201
22:23:03.958 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:23:03.958 Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40F Size: 305245MB BusType: 3
22:23:04.020 Disk 0 MBR read successfully
22:23:04.036 Disk 0 MBR scan
22:23:04.036 Disk 0 unknown MBR code
22:23:04.052 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 290926 MB offset 63
22:23:04.098 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14315 MB offset 595818496
22:23:04.270 Disk 0 scanning C:\Windows\system32\drivers
22:23:44.425 Service scanning
22:24:23.519 Modules scanning
22:24:23.519 Disk 0 trace - called modules:
22:24:23.581 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:24:23.597 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004fed790]
22:24:23.597 3 CLASSPNP.SYS[fffffa6000a4ac33] -> nt!IofCallDriver -> [0xfffffa8004fe85b0]
22:24:23.613 5 hpdskflt.sys[fffffa6001bf30ee] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004cc1590]
22:24:25.687 AVAST engine scan C:\Windows
22:25:06.327 AVAST engine scan C:\Windows\system32
22:35:47.500 AVAST engine scan C:\Windows\system32\drivers
22:38:04.892 AVAST engine scan C:\Users\JAG2
08:40:31.714 AVAST engine scan C:\ProgramData
08:51:41.518 Scan finished successfully
10:32:24.444 Disk 0 MBR has been saved successfully to "C:\Users\JAG2\Desktop\MBR.dat"
10:32:24.444 The log file has been saved successfully to "C:\Users\JAG2\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:17 AM

Posted 04 May 2012 - 02:38 AM

Hello


I want you to go here and see how to run firefox in what they call safe mode - http://support.mozilla.org/en-US/kb/Safe%20Mode


see if it still has the same problem

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 dagiz

dagiz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 04 May 2012 - 09:58 AM

hi,

it works in safe mode no problem, when i am out of safe mode, it starts up and freezes immediately without anything loading - get a white screen or a 'see through' screen.

other issue that popped up that may or may not be related is the ability to preview pictures with ms preview no longer functions - nothing happens. Only when trying to preview the pictures though. slide show and the actual gallery work ok.



edit: I should add that I went and checked everything off in the dialog box for safe mode and restarted it normally and still have the issue

Edited by dagiz, 04 May 2012 - 10:01 AM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:17 AM

Posted 04 May 2012 - 01:08 PM

Hello


go here to see how to disable addons and disable them all and start firefox and see if it still does the same thing


http://support.mozilla.org/en-US/kb/Uninstalling%20add-ons



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 dagiz

dagiz
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 05 May 2012 - 11:06 PM

Yep, did all that...and restarted and everything. It loads up and then freezes after 10 or 15 seconds. Has me completely baffled since Chrome works just fine as does IE. Seems to be only Firefox (and also the ability to preview pictures. Would a system restore to an earlier date work at this point? and then try and go through the steps again?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:17 AM

Posted 05 May 2012 - 11:18 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users