Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Rootkit


  • Please log in to reply
3 replies to this topic

#1 iamill

iamill

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 07 May 2012 - 01:00 PM

I have windows XP, AVG anti-virus free edition, Walwarebytes, Spy-bot search & destroy, Crap-cleaner and Super Anti-spyware. A while back I checked the AVG log and noticed that it detected a Root-kit but the scan was not completed and the Root kit was not removed. It has not showed up again but I suspect that it was responsible for stopping the scan.
On restarting the computer and opening Mozilla Firefox it first flashed in full screen then jumps to the top left of the screen and about a 1/4 window size. Everything seems to run very slow. AVG runs daily and has since then found and fixed a few warnings. I run Super Anti-spyware every day and it always fines and removes a lot of stuff. Walwarebytes and Spy-bot never find anything. Crap-cleaner fines a few things if I run it first. Thanks

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:24 AM

Posted 07 May 2012 - 01:06 PM

Hello, lets take another look here.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Next:


Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 iamill

iamill
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 07 May 2012 - 04:11 PM

No reboot occurred .

13:23:36.0078 0376 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18

13:23:38.0078 0376 ============================================================

13:23:38.0093 0376 Current date / time: 2012/05/07 13:23:38.0078

13:23:38.0093 0376 SystemInfo:

13:23:38.0093 0376

13:23:38.0093 0376 OS Version: 5.1.2600 ServicePack: 3.0

13:23:38.0093 0376 Product type: Workstation

13:23:38.0093 0376 ComputerName: JR1

13:23:38.0125 0376 UserName: pmfjr

13:23:38.0125 0376 Windows directory: C:\WINDOWS

13:23:38.0125 0376 System windows directory: C:\WINDOWS

13:23:38.0125 0376 Processor architecture: Intel x86

13:23:38.0125 0376 Number of processors: 1

13:23:38.0156 0376 Page size: 0x1000

13:23:38.0156 0376 Boot type: Normal boot

13:23:38.0156 0376 ============================================================

13:23:47.0390 0376 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

13:23:47.0421 0376 ============================================================

13:23:47.0421 0376 \Device\Harddisk0\DR0:

13:23:47.0421 0376 MBR partitions:

13:23:47.0421 0376 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x439863C

13:23:47.0421 0376 ============================================================

13:23:47.0593 0376 C: <-> \Device\Harddisk0\DR0\Partition0

13:23:47.0593 0376 ============================================================

13:23:47.0593 0376 Initialize success

13:23:47.0593 0376 ============================================================

13:25:40.0906 5560 ============================================================

13:25:40.0906 5560 Scan started

13:25:40.0906 5560 Mode: Manual; TDLFS;

13:25:40.0906 5560 ============================================================

13:25:41.0671 5560 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

13:25:41.0687 5560 !SASCORE - ok

13:25:41.0843 5560 6to4 (c07d5197410aab28d0d93f943f59656d) C:\WINDOWS\System32\6to4svc.dll

13:25:41.0859 5560 6to4 - ok

13:25:41.0921 5560 Abiosdsk - ok

13:25:41.0984 5560 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

13:25:42.0031 5560 abp480n5 - ok

13:25:42.0203 5560 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:25:42.0218 5560 ACPI - ok

13:25:42.0296 5560 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

13:25:42.0296 5560 ACPIEC - ok

13:25:42.0390 5560 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

13:25:42.0406 5560 AdobeFlashPlayerUpdateSvc - ok

13:25:42.0453 5560 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

13:25:42.0468 5560 adpu160m - ok

13:25:42.0500 5560 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

13:25:42.0515 5560 aec - ok

13:25:42.0609 5560 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

13:25:42.0671 5560 AFD - ok

13:25:42.0734 5560 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

13:25:42.0750 5560 agp440 - ok

13:25:42.0765 5560 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

13:25:42.0765 5560 agpCPQ - ok

13:25:42.0796 5560 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

13:25:42.0796 5560 Aha154x - ok

13:25:42.0812 5560 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

13:25:42.0828 5560 aic78u2 - ok

13:25:42.0843 5560 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

13:25:42.0843 5560 aic78xx - ok

13:25:42.0906 5560 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

13:25:42.0906 5560 Alerter - ok

13:25:42.0921 5560 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

13:25:42.0937 5560 ALG - ok

13:25:42.0984 5560 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

13:25:42.0984 5560 AliIde - ok

13:25:43.0000 5560 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

13:25:43.0015 5560 alim1541 - ok

13:25:43.0031 5560 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

13:25:43.0031 5560 amdagp - ok

13:25:43.0046 5560 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

13:25:43.0046 5560 amsint - ok

13:25:43.0093 5560 Application Updater - ok

13:25:43.0109 5560 AppMgmt - ok

13:25:43.0125 5560 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

13:25:43.0140 5560 asc - ok

13:25:43.0156 5560 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

13:25:43.0156 5560 asc3350p - ok

13:25:43.0171 5560 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

13:25:43.0171 5560 asc3550 - ok

13:25:43.0296 5560 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

13:25:43.0375 5560 aspnet_state - ok

13:25:43.0453 5560 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:25:43.0468 5560 AsyncMac - ok

13:25:43.0515 5560 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

13:25:43.0515 5560 atapi - ok

13:25:43.0531 5560 Atdisk - ok

13:25:43.0562 5560 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:25:43.0562 5560 Atmarpc - ok

13:25:43.0609 5560 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

13:25:43.0609 5560 AudioSrv - ok

13:25:43.0687 5560 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:25:43.0687 5560 audstub - ok

13:25:44.0281 5560 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

13:25:44.0828 5560 AVGIDSAgent - ok

13:25:45.0031 5560 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

13:25:45.0062 5560 AVGIDSDriver - ok

13:25:45.0125 5560 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

13:25:45.0156 5560 AVGIDSEH - ok

13:25:45.0187 5560 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

13:25:45.0187 5560 AVGIDSFilter - ok

13:25:45.0234 5560 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

13:25:45.0250 5560 AVGIDSShim - ok

13:25:45.0343 5560 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

13:25:45.0359 5560 Avgldx86 - ok

13:25:45.0390 5560 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

13:25:45.0390 5560 Avgmfx86 - ok

13:25:45.0437 5560 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

13:25:45.0437 5560 Avgrkx86 - ok

13:25:45.0500 5560 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

13:25:45.0515 5560 Avgtdix - ok

13:25:45.0703 5560 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG\AVG10\avgwdsvc.exe

13:25:45.0718 5560 avgwd - ok

13:25:45.0765 5560 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

13:25:45.0781 5560 Beep - ok

13:25:46.0031 5560 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120413.001\BHDrvx86.sys

13:25:46.0109 5560 BHDrvx86 - ok

13:25:46.0171 5560 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

13:25:46.0250 5560 BITS - ok

13:25:46.0312 5560 brmfrmps (bb192385661daf7f3d48b586f6e1d166) C:\WINDOWS\SYSTEM32\Brmfrmps.exe

13:25:46.0312 5560 brmfrmps - ok

13:25:46.0375 5560 Brother XP spl Service (d3facb34fff5db91adb70987838f8ba7) C:\WINDOWS\system32\brsvc01a.exe

13:25:46.0375 5560 Brother XP spl Service - ok

13:25:46.0421 5560 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

13:25:46.0421 5560 Browser - ok

13:25:46.0531 5560 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys

13:25:46.0531 5560 BrScnUsb - ok

13:25:46.0578 5560 BrSerIf (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys

13:25:46.0578 5560 BrSerIf - ok

13:25:46.0625 5560 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys

13:25:46.0625 5560 BrUsbSer - ok

13:25:46.0687 5560 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

13:25:46.0796 5560 cbidf - ok

13:25:46.0812 5560 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:25:46.0812 5560 cbidf2k - ok

13:25:46.0828 5560 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

13:25:46.0843 5560 cd20xrnt - ok

13:25:46.0859 5560 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:25:46.0875 5560 Cdaudio - ok

13:25:46.0953 5560 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

13:25:46.0968 5560 Cdfs - ok

13:25:46.0984 5560 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:25:47.0000 5560 Cdrom - ok

13:25:47.0015 5560 Changer - ok

13:25:47.0062 5560 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

13:25:47.0062 5560 CiSvc - ok

13:25:47.0093 5560 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

13:25:47.0093 5560 ClipSrv - ok

13:25:47.0203 5560 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:25:47.0281 5560 clr_optimization_v2.0.50727_32 - ok

13:25:47.0359 5560 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

13:25:47.0375 5560 CmdIde - ok

13:25:47.0390 5560 COMSysApp - ok

13:25:47.0406 5560 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

13:25:47.0421 5560 Cpqarray - ok

13:25:47.0453 5560 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

13:25:47.0453 5560 CryptSvc - ok

13:25:47.0531 5560 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

13:25:47.0578 5560 dac2w2k - ok

13:25:47.0593 5560 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

13:25:47.0593 5560 dac960nt - ok

13:25:47.0671 5560 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

13:25:47.0718 5560 DcomLaunch - ok

13:25:47.0765 5560 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

13:25:47.0781 5560 Dhcp - ok

13:25:47.0812 5560 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

13:25:47.0812 5560 Disk - ok

13:25:47.0828 5560 dmadmin - ok

13:25:47.0890 5560 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

13:25:47.0937 5560 dmboot - ok

13:25:47.0968 5560 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

13:25:47.0984 5560 dmio - ok

13:25:48.0015 5560 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:25:48.0031 5560 dmload - ok

13:25:48.0093 5560 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

13:25:48.0093 5560 dmserver - ok

13:25:48.0125 5560 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

13:25:48.0140 5560 DMusic - ok

13:25:48.0171 5560 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

13:25:48.0187 5560 Dnscache - ok

13:25:48.0234 5560 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

13:25:48.0250 5560 Dot3svc - ok

13:25:48.0328 5560 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

13:25:48.0328 5560 dpti2o - ok

13:25:48.0390 5560 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

13:25:48.0390 5560 drmkaud - ok

13:25:48.0515 5560 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe

13:25:48.0531 5560 DSBrokerService - ok

13:25:48.0609 5560 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

13:25:48.0609 5560 DSproct - ok

13:25:48.0687 5560 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys

13:25:48.0703 5560 dsunidrv - ok

13:25:48.0765 5560 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys

13:25:48.0781 5560 E100B - ok

13:25:48.0843 5560 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

13:25:48.0843 5560 EapHost - ok

13:25:49.0031 5560 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

13:25:49.0046 5560 eeCtrl - ok

13:25:49.0078 5560 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

13:25:49.0093 5560 EraserUtilRebootDrv - ok

13:25:49.0125 5560 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

13:25:49.0125 5560 ERSvc - ok

13:25:49.0203 5560 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

13:25:49.0218 5560 Eventlog - ok

13:25:49.0312 5560 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

13:25:49.0359 5560 EventSystem - ok

13:25:49.0406 5560 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

13:25:49.0421 5560 Fastfat - ok

13:25:49.0656 5560 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

13:25:49.0859 5560 FastUserSwitchingCompatibility - ok

13:25:50.0109 5560 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe

13:25:50.0125 5560 Fax - ok

13:25:50.0171 5560 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

13:25:50.0203 5560 Fdc - ok

13:25:50.0218 5560 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

13:25:50.0234 5560 Fips - ok

13:25:50.0359 5560 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

13:25:50.0437 5560 Flpydisk - ok

13:25:50.0468 5560 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

13:25:50.0484 5560 FltMgr - ok

13:25:50.0578 5560 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

13:25:50.0578 5560 FontCache3.0.0.0 - ok

13:25:50.0625 5560 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:25:50.0640 5560 Fs_Rec - ok

13:25:50.0671 5560 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:25:50.0687 5560 Ftdisk - ok

13:25:50.0750 5560 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

13:25:50.0890 5560 GEARAspiWDM - ok

13:25:50.0937 5560 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:\WINDOWS\system32\drivers\GIDv2.sys

13:25:51.0078 5560 GIDv2 - ok

13:25:51.0187 5560 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:25:51.0359 5560 Gpc - ok

13:25:51.0671 5560 gupdate1ca350392bb59ea (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

13:25:51.0687 5560 gupdate1ca350392bb59ea - ok

13:25:51.0687 5560 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

13:25:51.0687 5560 gupdatem - ok

13:25:51.0812 5560 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

13:25:51.0828 5560 gusvc - ok

13:25:51.0921 5560 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

13:25:51.0937 5560 helpsvc - ok

13:25:51.0937 5560 HidServ - ok

13:25:51.0984 5560 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

13:25:52.0000 5560 hkmsvc - ok

13:25:52.0031 5560 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

13:25:52.0046 5560 hpn - ok

13:25:52.0093 5560 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

13:25:52.0234 5560 HTTP - ok

13:25:52.0281 5560 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

13:25:52.0281 5560 HTTPFilter - ok

13:25:52.0328 5560 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

13:25:52.0328 5560 i2omgmt - ok

13:25:52.0359 5560 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

13:25:52.0359 5560 i2omp - ok

13:25:52.0375 5560 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:25:52.0390 5560 i8042prt - ok

13:25:52.0515 5560 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

13:25:52.0593 5560 ialm - ok

13:25:53.0125 5560 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:25:53.0187 5560 idsvc - ok

13:25:53.0546 5560 IDSxpx86 (c924bf6d42b3d9292268ff1998596bd1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120505.001\IDSxpx86.sys

13:25:53.0609 5560 IDSxpx86 - ok

13:25:53.0812 5560 IDVaultSvc (9eb85e7ee5d408fbd7968e695d088570) C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe

13:25:53.0843 5560 IDVaultSvc - ok

13:25:53.0984 5560 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:25:53.0984 5560 Imapi - ok

13:25:54.0031 5560 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

13:25:54.0046 5560 ImapiService - ok

13:25:54.0109 5560 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

13:25:54.0109 5560 ini910u - ok

13:25:54.0187 5560 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys

13:25:54.0250 5560 IntelC51 - ok

13:25:54.0296 5560 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys

13:25:54.0328 5560 IntelC52 - ok

13:25:54.0375 5560 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys

13:25:54.0375 5560 IntelC53 - ok

13:25:54.0406 5560 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

13:25:54.0421 5560 IntelIde - ok

13:25:54.0437 5560 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

13:25:54.0453 5560 intelppm - ok

13:25:54.0468 5560 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

13:25:54.0468 5560 Ip6Fw - ok

13:25:54.0515 5560 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:25:54.0515 5560 IpFilterDriver - ok

13:25:54.0546 5560 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:25:54.0546 5560 IpInIp - ok

13:25:54.0593 5560 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:25:54.0609 5560 IpNat - ok

13:25:54.0671 5560 Iprip (f08d74ec300b8ba60ca953c58a24d19e) C:\WINDOWS\System32\iprip.dll

13:25:54.0671 5560 Iprip - ok

13:25:54.0734 5560 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:25:54.0734 5560 IPSec - ok

13:25:54.0781 5560 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:25:54.0781 5560 IRENUM - ok

13:25:54.0812 5560 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:25:54.0812 5560 isapnp - ok

13:25:55.0015 5560 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe

13:25:55.0031 5560 JavaQuickStarterService - ok

13:25:55.0046 5560 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:25:55.0062 5560 Kbdclass - ok

13:25:55.0093 5560 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

13:25:55.0125 5560 kmixer - ok

13:25:55.0187 5560 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

13:25:55.0187 5560 KSecDD - ok

13:25:55.0250 5560 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

13:25:55.0265 5560 lanmanserver - ok

13:25:55.0312 5560 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

13:25:55.0328 5560 lanmanworkstation - ok

13:25:55.0343 5560 lbrtfdc - ok

13:25:55.0406 5560 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

13:25:55.0406 5560 LmHosts - ok

13:25:55.0468 5560 LPDSVC (32933b07fc16d9f778bee12545fa1b1a) C:\WINDOWS\system32\tcpsvcs.exe

13:25:55.0484 5560 LPDSVC - ok

13:25:55.0531 5560 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

13:25:55.0531 5560 Messenger - ok

13:25:55.0578 5560 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:25:55.0578 5560 mnmdd - ok

13:25:55.0625 5560 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

13:25:55.0625 5560 mnmsrvc - ok

13:25:55.0687 5560 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

13:25:55.0687 5560 Modem - ok

13:25:55.0750 5560 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

13:25:55.0750 5560 MODEMCSA - ok

13:25:55.0812 5560 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys

13:25:55.0812 5560 mohfilt - ok

13:25:55.0828 5560 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:25:55.0843 5560 Mouclass - ok

13:25:55.0859 5560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

13:25:55.0859 5560 MountMgr - ok

13:25:55.0921 5560 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

13:25:56.0000 5560 MozillaMaintenance - ok

13:25:56.0046 5560 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

13:25:56.0046 5560 mraid35x - ok

13:25:56.0062 5560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:25:56.0078 5560 MRxDAV - ok

13:25:56.0156 5560 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:25:56.0218 5560 MRxSmb - ok

13:25:56.0265 5560 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

13:25:56.0281 5560 MSDTC - ok

13:25:56.0328 5560 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

13:25:56.0328 5560 Msfs - ok

13:25:56.0343 5560 MSIServer - ok

13:25:56.0375 5560 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:25:56.0375 5560 MSKSSRV - ok

13:25:56.0390 5560 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:25:56.0406 5560 MSPCLOCK - ok

13:25:56.0421 5560 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

13:25:56.0421 5560 MSPQM - ok

13:25:56.0468 5560 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:25:56.0468 5560 mssmbios - ok

13:25:56.0531 5560 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

13:25:56.0546 5560 Mup - ok

13:25:56.0781 5560 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe

13:25:56.0781 5560 N360 - ok

13:25:56.0859 5560 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

13:25:56.0875 5560 napagent - ok

13:25:57.0203 5560 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120507.002\NAVENG.SYS

13:25:57.0281 5560 NAVENG - ok

13:25:57.0390 5560 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120507.002\NAVEX15.SYS

13:25:57.0421 5560 NAVEX15 - ok

13:25:57.0593 5560 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

13:25:57.0609 5560 NDIS - ok

13:25:57.0687 5560 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:25:57.0687 5560 NdisTapi - ok

13:25:57.0750 5560 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:25:57.0750 5560 Ndisuio - ok

13:25:57.0796 5560 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:25:57.0796 5560 NdisWan - ok

13:25:57.0890 5560 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

13:25:57.0921 5560 NDProxy - ok

13:25:58.0000 5560 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

13:25:58.0015 5560 NetBIOS - ok

13:25:58.0031 5560 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

13:25:58.0046 5560 NetBT - ok

13:25:58.0093 5560 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

13:25:58.0109 5560 NetDDE - ok

13:25:58.0125 5560 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

13:25:58.0125 5560 NetDDEdsdm - ok

13:25:58.0171 5560 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

13:25:58.0171 5560 Netlogon - ok

13:25:58.0218 5560 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

13:25:58.0234 5560 Netman - ok

13:25:58.0421 5560 NetSvc (02d0798f376fcbd0210eda58476d0b1b) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

13:25:58.0468 5560 NetSvc - ok

13:25:58.0578 5560 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:25:58.0593 5560 NetTcpPortSharing - ok

13:25:58.0687 5560 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

13:25:58.0687 5560 Nla - ok

13:25:58.0781 5560 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\WINDOWS\system32\drivers\ccdcmb.sys

13:25:58.0781 5560 nmwcd - ok

13:25:58.0812 5560 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\WINDOWS\system32\drivers\ccdcmbo.sys

13:25:58.0812 5560 nmwcdc - ok

13:25:58.0859 5560 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

13:25:58.0859 5560 Npfs - ok

13:25:58.0937 5560 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

13:25:59.0000 5560 Ntfs - ok

13:25:59.0078 5560 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

13:25:59.0078 5560 NtLmSsp - ok

13:25:59.0140 5560 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

13:25:59.0156 5560 NtmsSvc - ok

13:25:59.0203 5560 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

13:25:59.0203 5560 Null - ok

13:25:59.0328 5560 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

13:25:59.0390 5560 nv - ok

13:25:59.0531 5560 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:25:59.0546 5560 NwlnkFlt - ok

13:25:59.0562 5560 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:25:59.0578 5560 NwlnkFwd - ok

13:25:59.0640 5560 p2pgasvc (937a02981f11b2ce96b1d493c95aed2b) C:\WINDOWS\system32\p2pgasvc.dll

13:25:59.0640 5560 p2pgasvc - ok

13:25:59.0703 5560 p2pimsvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll

13:25:59.0718 5560 p2pimsvc - ok

13:25:59.0750 5560 p2psvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll

13:25:59.0750 5560 p2psvc - ok

13:25:59.0796 5560 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

13:25:59.0812 5560 Parport - ok

13:25:59.0859 5560 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

13:25:59.0859 5560 PartMgr - ok

13:25:59.0906 5560 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

13:25:59.0906 5560 ParVdm - ok

13:25:59.0921 5560 pccsmcfd - ok

13:25:59.0953 5560 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

13:25:59.0953 5560 PCI - ok

13:25:59.0968 5560 PCIDump - ok

13:26:00.0015 5560 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

13:26:00.0031 5560 PCIIde - ok

13:26:00.0062 5560 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

13:26:00.0078 5560 Pcmcia - ok

13:26:00.0093 5560 PDCOMP - ok

13:26:00.0109 5560 PDFRAME - ok

13:26:00.0125 5560 PDRELI - ok

13:26:00.0140 5560 PDRFRAME - ok

13:26:00.0203 5560 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

13:26:00.0203 5560 perc2 - ok

13:26:00.0218 5560 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

13:26:00.0234 5560 perc2hib - ok

13:26:00.0312 5560 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

13:26:00.0312 5560 PlugPlay - ok

13:26:00.0328 5560 PNRPSvc (4a1035cb8f0d57be41873b5183d96cf4) C:\WINDOWS\system32\p2psvc.dll

13:26:00.0343 5560 PNRPSvc - ok

13:26:00.0375 5560 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

13:26:00.0375 5560 PolicyAgent - ok

13:26:00.0390 5560 ppa3 (c740d0cb238670629af1b740414a8f3c) C:\WINDOWS\system32\DRIVERS\ppa3.sys

13:26:00.0406 5560 ppa3 - ok

13:26:00.0437 5560 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:26:00.0437 5560 PptpMiniport - ok

13:26:00.0453 5560 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

13:26:00.0453 5560 ProtectedStorage - ok

13:26:00.0484 5560 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

13:26:00.0515 5560 PSched - ok

13:26:00.0562 5560 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:26:00.0578 5560 Ptilink - ok

13:26:00.0656 5560 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys

13:26:00.0671 5560 PxHelp20 - ok

13:26:00.0703 5560 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

13:26:00.0703 5560 ql1080 - ok

13:26:00.0718 5560 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

13:26:00.0718 5560 Ql10wnt - ok

13:26:00.0734 5560 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

13:26:00.0750 5560 ql12160 - ok

13:26:00.0781 5560 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

13:26:00.0796 5560 ql1240 - ok

13:26:00.0812 5560 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

13:26:00.0812 5560 ql1280 - ok

13:26:00.0843 5560 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:26:00.0859 5560 RasAcd - ok

13:26:00.0906 5560 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

13:26:00.0906 5560 RasAuto - ok

13:26:00.0953 5560 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:26:00.0953 5560 Rasl2tp - ok

13:26:01.0000 5560 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

13:26:01.0015 5560 RasMan - ok

13:26:01.0046 5560 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:26:01.0062 5560 RasPppoe - ok

13:26:01.0078 5560 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

13:26:01.0078 5560 Raspti - ok

13:26:01.0125 5560 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:26:01.0140 5560 Rdbss - ok

13:26:01.0156 5560 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:26:01.0156 5560 RDPCDD - ok

13:26:01.0203 5560 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

13:26:01.0218 5560 rdpdr - ok

13:26:01.0281 5560 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

13:26:01.0296 5560 RDPWD - ok

13:26:01.0359 5560 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

13:26:01.0375 5560 RDSessMgr - ok

13:26:01.0406 5560 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

13:26:01.0421 5560 redbook - ok

13:26:01.0468 5560 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

13:26:01.0468 5560 RemoteAccess - ok

13:26:01.0515 5560 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

13:26:01.0531 5560 RpcLocator - ok

13:26:01.0609 5560 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

13:26:01.0609 5560 RpcSs - ok

13:26:01.0656 5560 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

13:26:01.0687 5560 RSVP - ok

13:26:01.0765 5560 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

13:26:01.0796 5560 SamSs - ok

13:26:01.0953 5560 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

13:26:02.0078 5560 SASDIFSV - ok

13:26:02.0203 5560 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

13:26:02.0234 5560 SASKUTIL - ok

13:26:02.0281 5560 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

13:26:02.0296 5560 SCardSvr - ok

13:26:02.0437 5560 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

13:26:02.0546 5560 Schedule - ok

13:26:02.0625 5560 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:26:02.0828 5560 Secdrv - ok

13:26:02.0875 5560 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

13:26:02.0875 5560 seclogon - ok

13:26:02.0968 5560 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

13:26:03.0000 5560 senfilt - ok

13:26:03.0046 5560 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

13:26:03.0046 5560 SENS - ok

13:26:03.0078 5560 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

13:26:03.0078 5560 serenum - ok

13:26:03.0109 5560 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

13:26:03.0109 5560 Serial - ok

13:26:03.0171 5560 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

13:26:03.0171 5560 Sfloppy - ok

13:26:03.0234 5560 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

13:26:03.0250 5560 SharedAccess - ok

13:26:03.0281 5560 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

13:26:03.0296 5560 ShellHWDetection - ok

13:26:03.0296 5560 Simbad - ok

13:26:03.0359 5560 SimpTcp (32933b07fc16d9f778bee12545fa1b1a) C:\WINDOWS\system32\tcpsvcs.exe

13:26:03.0375 5560 SimpTcp - ok

13:26:03.0406 5560 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

13:26:03.0406 5560 sisagp - ok

13:26:03.0484 5560 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys

13:26:03.0500 5560 smwdm - ok

13:26:03.0546 5560 SNMP (60c377be6b3cc83f6a8584934b181d2e) C:\WINDOWS\System32\snmp.exe

13:26:03.0546 5560 SNMP - ok

13:26:03.0578 5560 SNMPTRAP (80a050795a107a76c2b1cd4cfbe010e6) C:\WINDOWS\System32\snmptrap.exe

13:26:03.0593 5560 SNMPTRAP - ok

13:26:03.0656 5560 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

13:26:03.0656 5560 Sparrow - ok

13:26:03.0703 5560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

13:26:03.0703 5560 splitter - ok

13:26:03.0765 5560 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

13:26:03.0765 5560 Spooler - ok

13:26:03.0875 5560 sprtsvc_dellsupportcenter - ok

13:26:03.0890 5560 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

13:26:03.0906 5560 sr - ok

13:26:03.0953 5560 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

13:26:03.0968 5560 srservice - ok

13:26:04.0093 5560 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502010.003\SRTSP.SYS

13:26:04.0156 5560 SRTSP - ok

13:26:04.0218 5560 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502010.003\SRTSPX.SYS

13:26:04.0234 5560 SRTSPX - ok

13:26:04.0296 5560 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

13:26:04.0312 5560 Srv - ok

13:26:04.0375 5560 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

13:26:04.0375 5560 SSDPSRV - ok

13:26:04.0421 5560 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

13:26:04.0437 5560 StillCam - ok

13:26:04.0515 5560 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

13:26:04.0546 5560 stisvc - ok

13:26:04.0578 5560 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

13:26:04.0578 5560 swenum - ok

13:26:04.0625 5560 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

13:26:04.0640 5560 swmidi - ok

13:26:04.0656 5560 SwPrv - ok

13:26:04.0734 5560 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

13:26:04.0734 5560 symc810 - ok

13:26:04.0781 5560 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

13:26:04.0781 5560 symc8xx - ok

13:26:04.0859 5560 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502010.003\SYMDS.SYS

13:26:04.0875 5560 SymDS - ok

13:26:04.0921 5560 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502010.003\SYMEFA.SYS

13:26:04.0968 5560 SymEFA - ok

13:26:05.0015 5560 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

13:26:05.0031 5560 SymEvent - ok

13:26:05.0093 5560 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502010.003\Ironx86.SYS

13:26:05.0109 5560 SymIRON - ok

13:26:05.0140 5560 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502010.003\SYMTDI.SYS

13:26:05.0156 5560 SYMTDI - ok

13:26:05.0218 5560 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

13:26:05.0218 5560 sym_hi - ok

13:26:05.0234 5560 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

13:26:05.0234 5560 sym_u3 - ok

13:26:05.0281 5560 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

13:26:05.0281 5560 sysaudio - ok

13:26:05.0359 5560 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

13:26:05.0375 5560 SysmonLog - ok

13:26:05.0421 5560 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

13:26:05.0437 5560 TapiSrv - ok

13:26:05.0500 5560 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:26:05.0515 5560 Tcpip - ok

13:26:05.0578 5560 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

13:26:05.0625 5560 Tcpip6 - ok

13:26:05.0687 5560 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

13:26:05.0687 5560 TDPIPE - ok

13:26:05.0718 5560 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

13:26:05.0718 5560 TDTCP - ok

13:26:05.0765 5560 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

13:26:05.0765 5560 TermDD - ok

13:26:05.0843 5560 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

13:26:05.0859 5560 TermService - ok

13:26:05.0906 5560 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

13:26:05.0921 5560 Themes - ok

13:26:05.0968 5560 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

13:26:05.0968 5560 TosIde - ok

13:26:06.0015 5560 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

13:26:06.0015 5560 TrkWks - ok

13:26:06.0062 5560 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

13:26:06.0062 5560 tunmp - ok

13:26:06.0093 5560 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

13:26:06.0109 5560 Udfs - ok

13:26:06.0140 5560 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

13:26:06.0156 5560 ultra - ok

13:26:06.0203 5560 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

13:26:06.0234 5560 Update - ok

13:26:06.0281 5560 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

13:26:06.0296 5560 upnphost - ok

13:26:06.0359 5560 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

13:26:06.0375 5560 UPS - ok

13:26:06.0437 5560 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

13:26:06.0437 5560 usbccgp - ok

13:26:06.0484 5560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

13:26:06.0484 5560 usbehci - ok

13:26:06.0531 5560 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:26:06.0531 5560 usbhub - ok

13:26:06.0578 5560 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

13:26:06.0593 5560 usbprint - ok

13:26:06.0656 5560 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

13:26:06.0656 5560 usbscan - ok

13:26:06.0687 5560 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys

13:26:06.0703 5560 usbser - ok

13:26:06.0781 5560 UsbserFilt (6f3e3c6811b930d2414552a2e4a40f36) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys

13:26:06.0796 5560 UsbserFilt - ok

13:26:06.0843 5560 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:26:06.0859 5560 USBSTOR - ok

13:26:06.0890 5560 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

13:26:06.0906 5560 usbuhci - ok

13:26:06.0937 5560 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

13:26:06.0953 5560 VgaSave - ok

13:26:07.0093 5560 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

13:26:07.0109 5560 viaagp - ok

13:26:07.0140 5560 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

13:26:07.0156 5560 ViaIde - ok

13:26:07.0234 5560 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

13:26:07.0312 5560 VolSnap - ok

13:26:07.0828 5560 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

13:26:07.0859 5560 VSS - ok

13:26:07.0921 5560 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

13:26:07.0937 5560 w32time - ok

13:26:07.0968 5560 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:26:07.0968 5560 Wanarp - ok

13:26:07.0984 5560 wanatw - ok

13:26:08.0062 5560 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

13:26:08.0078 5560 Wdf01000 - ok

13:26:08.0093 5560 WDICA - ok

13:26:08.0125 5560 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

13:26:08.0140 5560 wdmaud - ok

13:26:08.0171 5560 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

13:26:08.0187 5560 WebClient - ok

13:26:08.0312 5560 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe

13:26:08.0328 5560 WinDefend - ok

13:26:08.0406 5560 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

13:26:08.0421 5560 winmgmt - ok

13:26:08.0515 5560 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

13:26:08.0515 5560 WmdmPmSN - ok

13:26:08.0578 5560 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

13:26:08.0593 5560 WmiApSrv - ok

13:26:08.0734 5560 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

13:26:08.0796 5560 WMPNetworkSvc - ok

13:26:08.0859 5560 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

13:26:08.0890 5560 wscsvc - ok

13:26:08.0984 5560 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

13:26:09.0000 5560 wuauserv - ok

13:26:09.0093 5560 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

13:26:09.0125 5560 WudfPf - ok

13:26:09.0187 5560 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

13:26:09.0203 5560 WudfRd - ok

13:26:09.0234 5560 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll

13:26:09.0250 5560 WudfSvc - ok

13:26:09.0343 5560 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

13:26:09.0390 5560 WZCSVC - ok

13:26:09.0453 5560 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

13:26:09.0468 5560 xmlprov - ok

13:26:09.0515 5560 MBR (0x1B8) (a03e065717cb65f3034ad33ad58b6bba) \Device\Harddisk0\DR0

13:26:09.0546 5560 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

13:26:09.0546 5560 \Device\Harddisk0\DR0 - detected TDSS File System (1)

13:26:09.0578 5560 Boot (0x1200) (f98db8aa579e9b17618dad3dc933aaa0) \Device\Harddisk0\DR0\Partition0

13:26:09.0578 5560 \Device\Harddisk0\DR0\Partition0 - ok

13:26:09.0578 5560 ============================================================

13:26:09.0578 5560 Scan finished

13:26:09.0578 5560 ============================================================

13:26:09.0609 5396 Detected object count: 1

13:26:09.0609 5396 Actual detected object count: 1

13:27:33.0562 5396 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

13:27:33.0562 5396 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

14:03:12.0203 4948 Deinitialize success



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-05-07 13:32:10

-----------------------------

13:32:10.031 OS Version: Windows 5.1.2600 Service Pack 3

13:32:10.031 Number of processors: 1 586 0x401

13:32:10.031 ComputerName: JR1 UserName:

13:32:18.578 Initialize success

13:35:42.375 AVAST engine defs: 12050701

13:36:18.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

13:36:18.000 Disk 0 Vendor: Size: 0MB BusType: 0

13:36:18.015 Disk 0 MBR read successfully

13:36:18.015 Disk 0 MBR scan

13:36:18.046 Disk 0 unknown MBR code

13:36:18.046 Disk 0 MBR hidden

13:36:18.046 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 39 MB offset 63

13:36:18.078 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 34608 MB offset 80325

13:36:18.093 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3490 MB offset 70959105

13:36:18.156 Disk 0 scanning C:\WINDOWS\system32\drivers

13:36:42.812 Service scanning

13:37:35.937 Modules scanning

13:38:05.609 Disk 0 trace - called modules:

13:38:05.984 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS

13:38:05.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6b2ab8]

13:38:06.000 3 CLASSPNP.SYS[f76b7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a6ccb00]

13:38:07.359 AVAST engine scan C:\WINDOWS

13:38:19.781 AVAST engine scan C:\WINDOWS\system32

13:43:21.093 AVAST engine scan C:\WINDOWS\system32\drivers

13:43:50.078 AVAST engine scan C:\Documents and Settings\pmfjr

13:52:29.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\pmfjr\Desktop\MBR.dat"

13:52:29.734 The log file has been saved successfully to "C:\Documents and Settings\pmfjr\Desktop\aswMBR.txt"




Hope this gives you the information you need. Thanks








#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:24 AM

Posted 07 May 2012 - 09:34 PM

Hello, thank you,,

As it skipped a tdss file lets run ...

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.



Also a system look.....

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Edited by boopme, 07 May 2012 - 09:37 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users