Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Infected: ZeroAccess Rootkit Activity 4 & Tidserv Activity 2


  • This topic is locked This topic is locked
33 replies to this topic

#1 dalead

dalead

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 17 May 2012 - 12:49 PM

So norton keeps giving me pop ups of 2 things than require manual removal, but nothing I do works. I also seem to have what others say is the re-direct virus which I'm assuming is related to the Rootkit and tidserv activity. I have tried everything I know of but nothing has worked so far. I've tried Power eraser, malwarebytes, spybot, ad-aware, TDSSKiller, followed symantec's recommended directions, but so far nada.

I have tried cleaning in safe mode and have had windows crash on me a few times, leading me to have to use the OS disk to repair.

Not sure if you need this, but tossing it in here anyway. My norton is up to date and every so often is being hit with the below. 28 attempts yesterday and 17 attempts so far today.

5/17/2012 1:28 PM,High,00000002.@ (Trojan.Gen.2) detected by Auto-Protect,Blocked,Resolved - No Action Required
5/16/2012 4:51 PM,High,80000064.@ (Trojan.Gen.2) detected by Auto-Protect,Blocked,Resolved - No Action Required
5/16/2012 2:38 AM,High,80000032.@ (Trojan.Gen.2) detected by Auto-Protect,Quarantined,Resolved - No Action Required,c:\windows\assembly\temp\u\80000032.@

As a side note, I also had the Norton error 5013, 3 but have subsequently fixed that.

Reading through thr forums I saw someone with my exact problem, but I figured I'd create my own thread in case something is different.

Okay, back on track now. I followed the instructions from the Preparation guide and results are below. I'm running 64-bit so skipped GMER Log.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by Aedren at 13:21:24 on 2012-05-17
.
============== Running Processes ===============
.
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe
C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\ping.exe
C:\Users\Aedren\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101102214541.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [lxddmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe"
mRun: [lxddamon] "C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4085D78F-4E6F-4CA1-B29E-D777DADF2A63} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4085D78F-4E6F-4CA1-B29E-D777DADF2A63}\14273686960756C61676F6 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4085D78F-4E6F-4CA1-B29E-D777DADF2A63}\2375942554239303 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4085D78F-4E6F-4CA1-B29E-D777DADF2A63}\2456C6B696E6F574F505C65737F5D494D4F4F5031313547313 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4085D78F-4E6F-4CA1-B29E-D777DADF2A63}\27F657475663637657563747 : DhcpNameServer = 64.94.1.1 64.94.1.33
TCP: Interfaces\{4085D78F-4E6F-4CA1-B29E-D777DADF2A63}\357796E67602E4564777F627B6 : DhcpNameServer = 192.168.1.2 68.87.68.166 68.87.74.166
TCP: Interfaces\{4085D78F-4E6F-4CA1-B29E-D777DADF2A63}\35F62727F677D20534D275962756C6563737 : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101102214541.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [lxddmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe"
mRun-x64: [lxddamon] "C:\Program Files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Aedren\AppData\Roaming\Mozilla\Firefox\Profiles\1zdf12l3.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Aedren\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Aedren\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: C:\Users\Aedren\AppData\Roaming\Mozilla\plugins\npCtxCAO.dll
FF - plugin: C:\Users\Aedren\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? BBSvc;Bing Bar Update Service
R? cfwids;McAfee Inc. cfwids
R? McComponentHostService;McAfee Security Scan Component Host Service
R? McShield;McShield
R? mferkdet;McAfee Inc. mferkdet
R? MozillaMaintenance;Mozilla Maintenance Service
R? SBSDWSCService;SBSD Security Center Service
R? SkypeUpdate;Skype Updater
R? TsUsbFlt;TsUsbFlt
R? WatAdminSvc;Windows Activation Technologies Service
S? BHDrvx64;BHDrvx64
S? CtClsFlt;Creative Camera Class Upper Filter Driver
S? DockLoginService;Dock Login Service
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? IDSVia64;IDSVia64
S? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
S? Lbd;Lbd
S? mfeavfk;McAfee Inc. mfeavfk
S? mfefire;McAfee Firewall Core Service
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfenlfk;McAfee NDIS Light Filter
S? mfevtp;McAfee Validation Trust Protection Service
S? mfewfpk;McAfee Inc. mfewfpk
S? N360;Norton Security Suite
S? NMgamingmsFltr;USB Optical Mouse
S? PxHlpa64;PxHlpa64
S? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
S? SftService;SoftThinks Agent Service
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
S? SymNetS;Symantec Network Security WFP Driver
S? vwififlt;Virtual WiFi Filter Driver
S? vwifimp;Microsoft Virtual WiFi Miniport Service
S? yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller
.
=============== Created Last 30 ================
.
2012-05-17 04:07:05 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symefa64.sys
2012-05-17 04:07:05 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\srtsp64.sys
2012-05-17 04:07:05 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symds64.sys
2012-05-17 04:07:05 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\srtspx64.sys
2012-05-17 04:07:05 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0502000.00D\symnets.sys
2012-05-17 04:07:04 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0502000.00D\ironx64.sys
2012-05-17 04:06:37 -------- d-----w- C:\Windows\System32\drivers\N360x64\0502000.00D
2012-05-16 06:23:58 -------- d-----w- C:\Windows\System32\drivers\N360x64
2012-05-16 05:52:47 -------- d-----w- C:\Users\Aedren\AppData\Roaming\Ad-Aware Antivirus
2012-05-14 00:17:54 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-05-14 00:17:49 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-05-14 00:17:49 -------- d-----w- C:\Program Files\Symantec
2012-05-14 00:17:49 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-05-14 00:17:18 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-05-14 00:17:18 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-05-13 22:13:23 -------- d-----w- C:\ProgramData\HitmanPro
2012-05-13 18:30:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-13 16:15:12 -------- d-----w- C:\Users\Aedren\AppData\Roaming\DriverCure
2012-05-13 16:15:11 -------- d-----w- C:\Users\Aedren\AppData\Roaming\SpeedMaxPc
2012-05-13 16:14:56 -------- d-----w- C:\ProgramData\SpeedMaxPc
2012-05-09 04:20:45 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-09 04:20:45 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-09 04:19:42 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-09 04:19:41 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-09 04:19:39 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-09 04:19:39 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-09 04:19:34 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-09 04:19:34 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 04:19:33 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 04:19:33 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-09 04:19:33 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-09 04:19:28 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-09 04:18:29 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-09 04:10:08 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-09 04:10:06 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-09 04:10:06 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-05 01:32:06 -------- d-----w- C:\ProgramData\6399
2012-05-05 00:20:21 -------- d-----w- C:\Users\Aedren\AppData\Roaming\MusicNet
2012-05-05 00:20:11 -------- d-----w- C:\Users\Aedren\AppData\Local\iMesh
2012-05-05 00:17:58 -------- d-----w- C:\ProgramData\iMesh
2012-05-05 00:17:58 -------- d-----w- C:\Program Files (x86)\iMesh Applications
2012-05-05 00:17:34 -------- dc-h--w- C:\ProgramData\{4965EFCE-6978-4137-B293-4130A6875DB9}
2012-05-05 00:13:13 -------- d-----w- C:\Users\Aedren\AppData\Local\PackageAware
.
==================== Find3M ====================
.
2012-05-17 17:12:04 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-05-09 04:59:21 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 04:59:21 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-09 04:59:08 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 13:22:25.87 ===============

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:30 PM

Posted 17 May 2012 - 03:19 PM

Good evening. :)

When you ran DDS it should have created a second log, Attach.txt, which i'd like to see the contents of. If you didn't save a copy you'll need to run DDS again.
Also, when you ran TDSSKiller it should have created a log, which i'd also like to see. It will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.. Please check that you get the one with the right date and time as I want to see what, if anything, the tool actually detected and removed.

So long, and thanks for all the fish.

 

 


#3 dalead

dalead
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 17 May 2012 - 03:45 PM

Yes thank you. The instructions had said don't paste the attach file unless specifically asked. See below.

.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Photoshop 7.0
Adobe Reader 9.5.1
Advanced Audio FX Engine
Amazon MP3 Downloader 1.0.12
Banctec Service Agreement
Bing Bar
Canon MP Navigator EX 2.1
Canon MX320 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix Endpoint Analysis Plugin
Citrix XenApp Web Plugin
Click to Call with Skype
Compatibility Pack for the 2007 Office system
DC Universe Online Live
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Webcam Central
Dungeon Siege
EverQuest
EverQuest II
EverQuest Platinum
GoToAssist 8.0.0.514
GoToMeeting 4.5.0.457
Java Auto Updater
Java™ 6 Update 30
Junk Mail filter update
Lexmark 2500 Series
Live! Cam Avatar Creator
LoJack Factory Installer
Magelo Sync (uninstall only)
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Move Media Player
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Norton Security Suite
PowerDVD DX
Roxio Burn
Roxio Update Manager
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 5.8
Spybot - Search & Destroy
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Ventrilo Client
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== End Of File ===========================



and the TDSSKiller Log from today.

12:50:32.0413 3192 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
12:50:33.0987 3192 ============================================================
12:50:33.0987 3192 Current date / time: 2012/05/17 12:50:33.0987
12:50:33.0987 3192 SystemInfo:
12:50:33.0987 3192
12:50:33.0987 3192 OS Version: 6.1.7601 ServicePack: 1.0
12:50:33.0987 3192 Product type: Workstation
12:50:33.0987 3192 ComputerName: EQ-MONSTER3
12:50:33.0988 3192 UserName: Aedren
12:50:33.0988 3192 Windows directory: C:\Windows
12:50:33.0988 3192 System windows directory: C:\Windows
12:50:33.0988 3192 Running under WOW64
12:50:33.0988 3192 Processor architecture: Intel x64
12:50:33.0988 3192 Number of processors: 2
12:50:33.0988 3192 Page size: 0x1000
12:50:33.0988 3192 Boot type: Normal boot
12:50:33.0988 3192 ============================================================
12:50:34.0762 3192 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:50:34.0772 3192 ============================================================
12:50:34.0772 3192 \Device\Harddisk0\DR0:
12:50:34.0773 3192 MBR partitions:
12:50:34.0773 3192 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
12:50:34.0773 3192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
12:50:34.0773 3192 ============================================================
12:50:34.0804 3192 C: <-> \Device\Harddisk0\DR0\Partition1
12:50:34.0804 3192 ============================================================
12:50:34.0804 3192 Initialize success
12:50:34.0804 3192 ============================================================
12:50:47.0313 1776 ============================================================
12:50:47.0313 1776 Scan started
12:50:47.0313 1776 Mode: Manual;
12:50:47.0313 1776 ============================================================
12:50:50.0439 1776 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:50:50.0454 1776 1394ohci - ok
12:50:50.0528 1776 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:50:50.0544 1776 ACPI - ok
12:50:50.0597 1776 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:50:50.0600 1776 AcpiPmi - ok
12:50:50.0795 1776 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:50:50.0847 1776 AdobeFlashPlayerUpdateSvc - ok
12:50:50.0939 1776 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:50:50.0962 1776 adp94xx - ok
12:50:51.0036 1776 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:50:51.0060 1776 adpahci - ok
12:50:51.0084 1776 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:50:51.0100 1776 adpu320 - ok
12:50:51.0139 1776 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:50:51.0143 1776 AeLookupSvc - ok
12:50:51.0263 1776 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:50:51.0287 1776 AFD - ok
12:50:51.0342 1776 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:50:51.0348 1776 agp440 - ok
12:50:51.0412 1776 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:50:51.0417 1776 ALG - ok
12:50:51.0474 1776 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:50:51.0477 1776 aliide - ok
12:50:51.0486 1776 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:50:51.0490 1776 amdide - ok
12:50:51.0519 1776 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:50:51.0525 1776 AmdK8 - ok
12:50:51.0543 1776 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:50:51.0547 1776 AmdPPM - ok
12:50:51.0619 1776 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:50:51.0625 1776 amdsata - ok
12:50:51.0646 1776 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:50:51.0662 1776 amdsbs - ok
12:50:51.0679 1776 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:50:51.0682 1776 amdxata - ok
12:50:51.0756 1776 ApfiltrService (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys
12:50:51.0771 1776 ApfiltrService - ok
12:50:51.0839 1776 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:50:51.0845 1776 AppID - ok
12:50:51.0873 1776 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:50:51.0877 1776 AppIDSvc - ok
12:50:51.0938 1776 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:50:51.0943 1776 Appinfo - ok
12:50:52.0011 1776 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:50:52.0015 1776 arc - ok
12:50:52.0033 1776 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:50:52.0038 1776 arcsas - ok
12:50:52.0079 1776 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:50:52.0093 1776 AsyncMac - ok
12:50:52.0149 1776 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:50:52.0154 1776 atapi - ok
12:50:52.0256 1776 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:50:52.0278 1776 AudioEndpointBuilder - ok
12:50:52.0291 1776 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:50:52.0298 1776 AudioSrv - ok
12:50:52.0387 1776 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:50:52.0393 1776 AxInstSV - ok
12:50:52.0465 1776 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:50:52.0490 1776 b06bdrv - ok
12:50:52.0549 1776 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:50:52.0570 1776 b57nd60a - ok
12:50:52.0699 1776 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
12:50:52.0716 1776 BBSvc - ok
12:50:52.0744 1776 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
12:50:52.0746 1776 BCM42RLY - ok
12:50:52.0943 1776 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
12:50:53.0037 1776 BCM43XX - ok
12:50:53.0164 1776 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:50:53.0169 1776 BDESVC - ok
12:50:53.0242 1776 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:50:53.0246 1776 Beep - ok
12:50:53.0410 1776 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:50:53.0443 1776 BFE - ok
12:50:53.0908 1776 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120507.001\BHDrvx64.sys
12:50:54.0029 1776 BHDrvx64 - ok
12:50:54.0191 1776 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
12:50:54.0249 1776 BITS - ok
12:50:54.0326 1776 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:50:54.0329 1776 blbdrive - ok
12:50:54.0400 1776 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:50:54.0405 1776 bowser - ok
12:50:54.0456 1776 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:50:54.0461 1776 BrFiltLo - ok
12:50:54.0478 1776 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:50:54.0493 1776 BrFiltUp - ok
12:50:54.0537 1776 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:50:54.0541 1776 Browser - ok
12:50:54.0567 1776 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:50:54.0592 1776 Brserid - ok
12:50:54.0617 1776 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:50:54.0623 1776 BrSerWdm - ok
12:50:54.0671 1776 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:50:54.0675 1776 BrUsbMdm - ok
12:50:54.0729 1776 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:50:54.0734 1776 BrUsbSer - ok
12:50:54.0935 1776 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:50:54.0977 1776 BTHMODEM - ok
12:50:55.0044 1776 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:50:55.0051 1776 bthserv - ok
12:50:55.0072 1776 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:50:55.0076 1776 cdfs - ok
12:50:55.0138 1776 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:50:55.0163 1776 cdrom - ok
12:50:55.0250 1776 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:50:55.0262 1776 CertPropSvc - ok
12:50:55.0335 1776 cfwids (e02c9cdb15f13de4eb2ff67660e62317) C:\Windows\system32\drivers\cfwids.sys
12:50:55.0341 1776 cfwids - ok
12:50:55.0409 1776 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:50:55.0412 1776 circlass - ok
12:50:55.0460 1776 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:50:55.0482 1776 CLFS - ok
12:50:55.0579 1776 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:50:55.0585 1776 clr_optimization_v2.0.50727_32 - ok
12:50:55.0642 1776 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:50:55.0650 1776 clr_optimization_v2.0.50727_64 - ok
12:50:55.0700 1776 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:50:55.0705 1776 CmBatt - ok
12:50:55.0758 1776 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:50:55.0763 1776 cmdide - ok
12:50:55.0830 1776 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:50:55.0860 1776 CNG - ok
12:50:55.0917 1776 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:50:55.0923 1776 Compbatt - ok
12:50:55.0997 1776 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:50:56.0002 1776 CompositeBus - ok
12:50:56.0027 1776 COMSysApp - ok
12:50:56.0066 1776 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:50:56.0070 1776 crcdisk - ok
12:50:56.0143 1776 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:50:56.0160 1776 CryptSvc - ok
12:50:56.0232 1776 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
12:50:56.0249 1776 CtClsFlt - ok
12:50:56.0328 1776 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:50:56.0368 1776 DcomLaunch - ok
12:50:56.0418 1776 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:50:56.0444 1776 defragsvc - ok
12:50:56.0481 1776 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:50:56.0486 1776 DfsC - ok
12:50:56.0582 1776 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:50:56.0604 1776 Dhcp - ok
12:50:56.0663 1776 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:50:56.0668 1776 discache - ok
12:50:56.0723 1776 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:50:56.0727 1776 Disk - ok
12:50:56.0801 1776 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:50:56.0806 1776 Dnscache - ok
12:50:56.0938 1776 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
12:50:56.0943 1776 DockLoginService - ok
12:50:56.0995 1776 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:50:57.0017 1776 dot3svc - ok
12:50:57.0067 1776 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:50:57.0074 1776 DPS - ok
12:50:57.0144 1776 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:50:57.0150 1776 drmkaud - ok
12:50:57.0323 1776 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:50:57.0400 1776 DXGKrnl - ok
12:50:57.0460 1776 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:50:57.0465 1776 EapHost - ok
12:50:57.0652 1776 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:50:57.0743 1776 ebdrv - ok
12:50:57.0891 1776 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:50:57.0914 1776 eeCtrl - ok
12:50:58.0011 1776 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:50:58.0016 1776 EFS - ok
12:50:58.0125 1776 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:50:58.0174 1776 ehRecvr - ok
12:50:58.0204 1776 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:50:58.0209 1776 ehSched - ok
12:50:58.0332 1776 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:50:58.0361 1776 elxstor - ok
12:50:58.0516 1776 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:50:58.0539 1776 EraserUtilRebootDrv - ok
12:50:58.0589 1776 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:50:58.0592 1776 ErrDev - ok
12:50:58.0664 1776 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:50:58.0681 1776 EventSystem - ok
12:50:58.0707 1776 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:50:58.0713 1776 exfat - ok
12:50:58.0735 1776 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:50:58.0751 1776 fastfat - ok
12:50:58.0841 1776 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:50:58.0883 1776 Fax - ok
12:50:58.0931 1776 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:50:58.0936 1776 fdc - ok
12:50:59.0002 1776 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:50:59.0004 1776 fdPHost - ok
12:50:59.0025 1776 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:50:59.0030 1776 FDResPub - ok
12:50:59.0065 1776 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:50:59.0070 1776 FileInfo - ok
12:50:59.0086 1776 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:50:59.0091 1776 Filetrace - ok
12:50:59.0140 1776 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:50:59.0145 1776 flpydisk - ok
12:50:59.0191 1776 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:50:59.0216 1776 FltMgr - ok
12:50:59.0312 1776 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:50:59.0364 1776 FontCache - ok
12:50:59.0433 1776 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:50:59.0439 1776 FontCache3.0.0.0 - ok
12:50:59.0501 1776 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:50:59.0506 1776 FsDepends - ok
12:50:59.0556 1776 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:50:59.0562 1776 Fs_Rec - ok
12:50:59.0661 1776 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:50:59.0667 1776 fvevol - ok
12:50:59.0686 1776 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:50:59.0690 1776 gagp30kx - ok
12:50:59.0826 1776 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
12:50:59.0842 1776 GameConsoleService - ok
12:50:59.0911 1776 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:50:59.0916 1776 GEARAspiWDM - ok
12:50:59.0982 1776 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
12:50:59.0987 1776 GoToAssist - ok
12:51:00.0064 1776 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:51:00.0107 1776 gpsvc - ok
12:51:00.0142 1776 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:51:00.0148 1776 hcw85cir - ok
12:51:00.0217 1776 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:51:00.0221 1776 HDAudBus - ok
12:51:00.0238 1776 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:51:00.0242 1776 HidBatt - ok
12:51:00.0258 1776 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:51:00.0262 1776 HidBth - ok
12:51:00.0280 1776 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:51:00.0284 1776 HidIr - ok
12:51:00.0307 1776 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
12:51:00.0311 1776 hidserv - ok
12:51:00.0387 1776 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
12:51:00.0394 1776 HidUsb - ok
12:51:00.0434 1776 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:51:00.0439 1776 hkmsvc - ok
12:51:00.0489 1776 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:51:00.0504 1776 HomeGroupListener - ok
12:51:00.0560 1776 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:51:00.0575 1776 HomeGroupProvider - ok
12:51:00.0654 1776 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:51:00.0659 1776 HpSAMD - ok
12:51:00.0757 1776 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:51:00.0805 1776 HTTP - ok
12:51:00.0850 1776 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:51:00.0855 1776 hwpolicy - ok
12:51:00.0877 1776 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:51:00.0882 1776 i8042prt - ok
12:51:00.0976 1776 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:51:00.0990 1776 IAANTMON - ok
12:51:01.0067 1776 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
12:51:01.0073 1776 iaStor - ok
12:51:01.0152 1776 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:51:01.0173 1776 iaStorV - ok
12:51:01.0457 1776 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:51:01.0508 1776 idsvc - ok
12:51:01.0812 1776 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120516.001\IDSvia64.sys
12:51:01.0836 1776 IDSVia64 - ok
12:51:02.0275 1776 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:51:02.0462 1776 igfx - ok
12:51:02.0624 1776 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:51:02.0628 1776 iirsp - ok
12:51:02.0725 1776 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:51:02.0775 1776 IKEEXT - ok
12:51:02.0829 1776 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:51:02.0834 1776 intelide - ok
12:51:02.0893 1776 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:51:02.0898 1776 intelppm - ok
12:51:02.0944 1776 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:51:02.0949 1776 IPBusEnum - ok
12:51:03.0005 1776 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:51:03.0011 1776 IpFilterDriver - ok
12:51:03.0060 1776 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:51:03.0064 1776 IPMIDRV - ok
12:51:03.0125 1776 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:51:03.0131 1776 IPNAT - ok
12:51:03.0174 1776 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:51:03.0179 1776 IRENUM - ok
12:51:03.0199 1776 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:51:03.0204 1776 isapnp - ok
12:51:03.0238 1776 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:51:03.0254 1776 iScsiPrt - ok
12:51:03.0271 1776 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:51:03.0275 1776 kbdclass - ok
12:51:03.0330 1776 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:51:03.0337 1776 kbdhid - ok
12:51:03.0392 1776 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:51:03.0396 1776 KeyIso - ok
12:51:03.0420 1776 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:51:03.0427 1776 KSecDD - ok
12:51:03.0489 1776 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:51:03.0496 1776 KSecPkg - ok
12:51:03.0537 1776 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:51:03.0542 1776 ksthunk - ok
12:51:03.0631 1776 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:51:03.0684 1776 KtmRm - ok
12:51:03.0745 1776 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
12:51:03.0760 1776 LanmanServer - ok
12:51:03.0813 1776 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:51:03.0822 1776 LanmanWorkstation - ok
12:51:04.0010 1776 Lavasoft Ad-Aware Service (6df2be94d712753fb8d87495469b5262) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
12:51:04.0019 1776 Lavasoft Ad-Aware Service - ok
12:51:04.0226 1776 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
12:51:04.0231 1776 Lbd - ok
12:51:04.0314 1776 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:51:04.0319 1776 lltdio - ok
12:51:04.0407 1776 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:51:04.0431 1776 lltdsvc - ok
12:51:04.0451 1776 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:51:04.0454 1776 lmhosts - ok
12:51:04.0525 1776 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:51:04.0531 1776 LSI_FC - ok
12:51:04.0563 1776 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:51:04.0568 1776 LSI_SAS - ok
12:51:04.0586 1776 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:51:04.0590 1776 LSI_SAS2 - ok
12:51:04.0607 1776 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:51:04.0612 1776 LSI_SCSI - ok
12:51:04.0654 1776 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:51:04.0659 1776 luafv - ok
12:51:04.0827 1776 McComponentHostService (7f18c3912c6824a6f57a2fc6ae0a6a5f) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
12:51:04.0846 1776 McComponentHostService - ok
12:51:05.0012 1776 McShield (5dfc345d8636b8ad75c52b1edcc9b57c) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
12:51:05.0034 1776 McShield - ok
12:51:05.0094 1776 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:51:05.0104 1776 Mcx2Svc - ok
12:51:05.0124 1776 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:51:05.0127 1776 megasas - ok
12:51:05.0164 1776 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:51:05.0180 1776 MegaSR - ok
12:51:05.0249 1776 mfeapfk (c1556ca9695fcd6bbd23d75d402fd43d) C:\Windows\system32\drivers\mfeapfk.sys
12:51:05.0255 1776 mfeapfk - ok
12:51:05.0275 1776 mfeavfk (8857ee8b49f3338fc1fad476bfcca146) C:\Windows\system32\drivers\mfeavfk.sys
12:51:05.0291 1776 mfeavfk - ok
12:51:05.0366 1776 mfefire (dd92e94e265864306377f091b100d0d0) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
12:51:05.0379 1776 mfefire - ok
12:51:05.0460 1776 mfefirek (19c44295f6bf085c83352d48397f7870) C:\Windows\system32\drivers\mfefirek.sys
12:51:05.0476 1776 mfefirek - ok
12:51:05.0582 1776 mfehidk (5f915e20ab56121c41c6bf9a91a83bda) C:\Windows\system32\drivers\mfehidk.sys
12:51:05.0611 1776 mfehidk - ok
12:51:05.0675 1776 mfenlfk (23ae332e32ff615ca5e5224c8d91af11) C:\Windows\system32\DRIVERS\mfenlfk.sys
12:51:05.0681 1776 mfenlfk - ok
12:51:05.0704 1776 mferkdet (9c7a9273e345f8d653394b5c542bf86a) C:\Windows\system32\drivers\mferkdet.sys
12:51:05.0710 1776 mferkdet - ok
12:51:05.0870 1776 mfevtp (aecd0c9abdfdc61be31163b624c4170f) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
12:51:05.0875 1776 mfevtp - ok
12:51:05.0941 1776 mfewfpk (3140b2c56d7119ba314f68fc785683f0) C:\Windows\system32\drivers\mfewfpk.sys
12:51:05.0963 1776 mfewfpk - ok
12:51:05.0995 1776 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:51:05.0999 1776 MMCSS - ok
12:51:06.0023 1776 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:51:06.0028 1776 Modem - ok
12:51:06.0073 1776 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:51:06.0076 1776 monitor - ok
12:51:06.0157 1776 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:51:06.0162 1776 mouclass - ok
12:51:06.0176 1776 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:51:06.0181 1776 mouhid - ok
12:51:06.0232 1776 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:51:06.0236 1776 mountmgr - ok
12:51:06.0328 1776 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:51:06.0334 1776 MozillaMaintenance - ok
12:51:06.0390 1776 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:51:06.0398 1776 mpio - ok
12:51:06.0448 1776 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:51:06.0452 1776 mpsdrv - ok
12:51:06.0505 1776 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:51:06.0512 1776 MRxDAV - ok
12:51:06.0568 1776 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:51:06.0575 1776 mrxsmb - ok
12:51:06.0632 1776 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:51:06.0655 1776 mrxsmb10 - ok
12:51:06.0680 1776 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:51:06.0685 1776 mrxsmb20 - ok
12:51:06.0754 1776 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:51:06.0758 1776 msahci - ok
12:51:06.0780 1776 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:51:06.0788 1776 msdsm - ok
12:51:06.0822 1776 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:51:06.0832 1776 MSDTC - ok
12:51:06.0869 1776 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:51:06.0873 1776 Msfs - ok
12:51:06.0884 1776 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:51:06.0888 1776 mshidkmdf - ok
12:51:06.0933 1776 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:51:06.0937 1776 msisadrv - ok
12:51:07.0009 1776 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:51:07.0027 1776 MSiSCSI - ok
12:51:07.0033 1776 msiserver - ok
12:51:07.0099 1776 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:51:07.0104 1776 MSKSSRV - ok
12:51:07.0125 1776 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:51:07.0130 1776 MSPCLOCK - ok
12:51:07.0149 1776 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:51:07.0154 1776 MSPQM - ok
12:51:07.0222 1776 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:51:07.0247 1776 MsRPC - ok
12:51:07.0304 1776 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:51:07.0306 1776 mssmbios - ok
12:51:07.0331 1776 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:51:07.0336 1776 MSTEE - ok
12:51:07.0354 1776 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:51:07.0359 1776 MTConfig - ok
12:51:07.0413 1776 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:51:07.0418 1776 Mup - ok
12:51:07.0701 1776 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
12:51:07.0707 1776 N360 - ok
12:51:07.0774 1776 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:51:07.0791 1776 napagent - ok
12:51:07.0882 1776 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:51:07.0906 1776 NativeWifiP - ok
12:51:08.0144 1776 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120516.017\ENG64.SYS
12:51:08.0164 1776 NAVENG - ok
12:51:08.0380 1776 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120516.017\EX64.SYS
12:51:08.0503 1776 NAVEX15 - ok
12:51:08.0697 1776 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:51:08.0760 1776 NDIS - ok
12:51:08.0824 1776 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:51:08.0828 1776 NdisCap - ok
12:51:08.0879 1776 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:51:08.0885 1776 NdisTapi - ok
12:51:08.0947 1776 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:51:08.0953 1776 Ndisuio - ok
12:51:08.0999 1776 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:51:09.0006 1776 NdisWan - ok
12:51:09.0061 1776 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:51:09.0066 1776 NDProxy - ok
12:51:09.0129 1776 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:51:09.0134 1776 NetBIOS - ok
12:51:09.0191 1776 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:51:09.0207 1776 NetBT - ok
12:51:09.0257 1776 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:51:09.0259 1776 Netlogon - ok
12:51:09.0345 1776 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:51:09.0366 1776 Netman - ok
12:51:09.0404 1776 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:51:09.0425 1776 netprofm - ok
12:51:09.0500 1776 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:51:09.0507 1776 NetTcpPortSharing - ok
12:51:09.0565 1776 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:51:09.0570 1776 nfrd960 - ok
12:51:09.0650 1776 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:51:09.0674 1776 NlaSvc - ok
12:51:09.0745 1776 NMgamingmsFltr (fbca3fd51604147770eb4fb53d6144a8) C:\Windows\system32\drivers\NMgamingms.sys
12:51:09.0750 1776 NMgamingmsFltr - ok
12:51:09.0785 1776 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:51:09.0791 1776 Npfs - ok
12:51:09.0822 1776 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:51:09.0827 1776 nsi - ok
12:51:09.0850 1776 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:51:09.0854 1776 nsiproxy - ok
12:51:09.0976 1776 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:51:10.0080 1776 Ntfs - ok
12:51:10.0185 1776 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:51:10.0190 1776 Null - ok
12:51:10.0263 1776 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:51:10.0269 1776 nvraid - ok
12:51:10.0299 1776 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:51:10.0307 1776 nvstor - ok
12:51:10.0351 1776 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:51:10.0357 1776 nv_agp - ok
12:51:10.0497 1776 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:51:10.0515 1776 odserv - ok
12:51:10.0565 1776 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:51:10.0569 1776 ohci1394 - ok
12:51:10.0633 1776 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:51:10.0640 1776 ose - ok
12:51:10.0679 1776 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:51:10.0694 1776 p2pimsvc - ok
12:51:10.0729 1776 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:51:10.0753 1776 p2psvc - ok
12:51:10.0785 1776 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:51:10.0789 1776 Parport - ok
12:51:10.0820 1776 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:51:10.0825 1776 partmgr - ok
12:51:10.0858 1776 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:51:10.0874 1776 PcaSvc - ok
12:51:10.0919 1776 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:51:10.0925 1776 pci - ok
12:51:10.0946 1776 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:51:10.0951 1776 pciide - ok
12:51:10.0997 1776 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:51:11.0017 1776 pcmcia - ok
12:51:11.0034 1776 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:51:11.0040 1776 pcw - ok
12:51:11.0082 1776 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:51:11.0100 1776 PEAUTH - ok
12:51:11.0175 1776 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:51:11.0181 1776 PerfHost - ok
12:51:11.0301 1776 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:51:11.0363 1776 pla - ok
12:51:11.0421 1776 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:51:11.0441 1776 PlugPlay - ok
12:51:11.0473 1776 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:51:11.0480 1776 PNRPAutoReg - ok
12:51:11.0516 1776 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:51:11.0520 1776 PNRPsvc - ok
12:51:11.0577 1776 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:51:11.0601 1776 PolicyAgent - ok
12:51:11.0702 1776 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:51:11.0710 1776 Power - ok
12:51:11.0805 1776 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:51:11.0811 1776 PptpMiniport - ok
12:51:11.0839 1776 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:51:11.0844 1776 Processor - ok
12:51:11.0905 1776 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:51:11.0912 1776 ProfSvc - ok
12:51:11.0963 1776 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:51:11.0967 1776 ProtectedStorage - ok
12:51:12.0040 1776 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:51:12.0047 1776 Psched - ok
12:51:12.0122 1776 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:51:12.0127 1776 PxHlpa64 - ok
12:51:12.0259 1776 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:51:12.0322 1776 ql2300 - ok
12:51:12.0430 1776 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:51:12.0435 1776 ql40xx - ok
12:51:12.0471 1776 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:51:12.0478 1776 QWAVE - ok
12:51:12.0489 1776 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:51:12.0493 1776 QWAVEdrv - ok
12:51:12.0509 1776 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:51:12.0513 1776 RasAcd - ok
12:51:12.0534 1776 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:51:12.0538 1776 RasAgileVpn - ok
12:51:12.0561 1776 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:51:12.0567 1776 RasAuto - ok
12:51:12.0608 1776 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:51:12.0615 1776 Rasl2tp - ok
12:51:12.0684 1776 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:51:12.0708 1776 RasMan - ok
12:51:12.0748 1776 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:51:12.0754 1776 RasPppoe - ok
12:51:12.0772 1776 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:51:12.0777 1776 RasSstp - ok
12:51:12.0831 1776 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:51:12.0854 1776 rdbss - ok
12:51:12.0876 1776 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:51:12.0880 1776 rdpbus - ok
12:51:12.0895 1776 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:51:12.0898 1776 RDPCDD - ok
12:51:12.0944 1776 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:51:12.0949 1776 RDPENCDD - ok
12:51:12.0977 1776 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:51:12.0980 1776 RDPREFMP - ok
12:51:13.0015 1776 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:51:13.0028 1776 RDPWD - ok
12:51:13.0104 1776 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:51:13.0120 1776 rdyboost - ok
12:51:13.0192 1776 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:51:13.0200 1776 RemoteAccess - ok
12:51:13.0233 1776 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:51:13.0250 1776 RemoteRegistry - ok
12:51:13.0319 1776 roammgr (5f22132c9153639762708909f156b33d) C:\Windows\system32\tpkd.dll
12:51:13.0328 1776 roammgr ( Backdoor.Multi.ZAccess.gen ) - infected
12:51:13.0328 1776 roammgr - detected Backdoor.Multi.ZAccess.gen (0)
12:51:13.0351 1776 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:51:13.0357 1776 RpcEptMapper - ok
12:51:13.0376 1776 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:51:13.0381 1776 RpcLocator - ok
12:51:13.0445 1776 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:51:13.0455 1776 RpcSs - ok
12:51:13.0516 1776 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:51:13.0521 1776 rspndr - ok
12:51:13.0555 1776 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
12:51:13.0560 1776 RSUSBSTOR - ok
12:51:13.0607 1776 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:51:13.0610 1776 SamSs - ok
12:51:13.0657 1776 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:51:13.0664 1776 sbp2port - ok
12:51:13.0855 1776 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
12:51:13.0905 1776 SBSDWSCService - ok
12:51:13.0934 1776 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:51:13.0952 1776 SCardSvr - ok
12:51:14.0030 1776 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:51:14.0037 1776 scfilter - ok
12:51:14.0140 1776 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:51:14.0196 1776 Schedule - ok
12:51:14.0247 1776 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:51:14.0249 1776 SCPolicySvc - ok
12:51:14.0287 1776 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:51:14.0294 1776 SDRSVC - ok
12:51:14.0433 1776 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
12:51:14.0447 1776 SeaPort - ok
12:51:14.0533 1776 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:51:14.0539 1776 secdrv - ok
12:51:14.0585 1776 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:51:14.0596 1776 seclogon - ok
12:51:14.0620 1776 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
12:51:14.0625 1776 SENS - ok
12:51:14.0643 1776 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:51:14.0648 1776 SensrSvc - ok
12:51:14.0696 1776 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:51:14.0699 1776 Serenum - ok
12:51:14.0749 1776 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:51:14.0756 1776 Serial - ok
12:51:14.0799 1776 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:51:14.0806 1776 sermouse - ok
12:51:14.0888 1776 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:51:14.0897 1776 SessionEnv - ok
12:51:14.0949 1776 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:51:14.0954 1776 sffdisk - ok
12:51:14.0969 1776 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:51:14.0973 1776 sffp_mmc - ok
12:51:14.0983 1776 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:51:14.0987 1776 sffp_sd - ok
12:51:15.0052 1776 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:51:15.0056 1776 sfloppy - ok
12:51:15.0248 1776 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
12:51:15.0322 1776 SftService - ok
12:51:15.0476 1776 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:51:15.0497 1776 SharedAccess - ok
12:51:15.0555 1776 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:51:15.0575 1776 ShellHWDetection - ok
12:51:15.0657 1776 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:51:15.0662 1776 SiSRaid2 - ok
12:51:15.0679 1776 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:51:15.0686 1776 SiSRaid4 - ok
12:51:15.0833 1776 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:51:15.0840 1776 SkypeUpdate - ok
12:51:15.0896 1776 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:51:15.0902 1776 Smb - ok
12:51:15.0983 1776 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:51:15.0990 1776 SNMPTRAP - ok
12:51:16.0020 1776 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:51:16.0025 1776 spldr - ok
12:51:16.0091 1776 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:51:16.0122 1776 Spooler - ok
12:51:16.0417 1776 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:51:16.0495 1776 sppsvc - ok
12:51:16.0586 1776 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:51:16.0591 1776 sppuinotify - ok
12:51:16.0713 1776 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
12:51:16.0720 1776 sprtsvc_DellSupportCenter - ok
12:51:16.0908 1776 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS
12:51:16.0976 1776 SRTSP - ok
12:51:17.0025 1776 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS
12:51:17.0029 1776 SRTSPX - ok
12:51:17.0106 1776 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:51:17.0125 1776 srv - ok
12:51:17.0157 1776 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:51:17.0176 1776 srv2 - ok
12:51:17.0195 1776 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:51:17.0214 1776 srvnet - ok
12:51:17.0291 1776 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:51:17.0308 1776 SSDPSRV - ok
12:51:17.0329 1776 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:51:17.0338 1776 SstpSvc - ok
12:51:17.0474 1776 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
12:51:17.0481 1776 STacSV - ok
12:51:17.0512 1776 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:51:17.0518 1776 stexstor - ok
12:51:17.0571 1776 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
12:51:17.0595 1776 STHDA - ok
12:51:17.0676 1776 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:51:17.0701 1776 stisvc - ok
12:51:17.0740 1776 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:51:17.0745 1776 swenum - ok
12:51:17.0809 1776 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:51:17.0841 1776 swprv - ok
12:51:17.0973 1776 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS
12:51:17.0995 1776 SymDS - ok
12:51:18.0103 1776 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS
12:51:18.0147 1776 SymEFA - ok
12:51:18.0210 1776 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:51:18.0228 1776 SymEvent - ok
12:51:18.0309 1776 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS
12:51:18.0324 1776 SymIRON - ok
12:51:18.0391 1776 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS
12:51:18.0432 1776 SymNetS - ok
12:51:18.0533 1776 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:51:18.0596 1776 SysMain - ok
12:51:18.0740 1776 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:51:18.0751 1776 TabletInputService - ok
12:51:18.0808 1776 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:51:18.0832 1776 TapiSrv - ok
12:51:18.0872 1776 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:51:18.0879 1776 TBS - ok
12:51:19.0037 1776 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:51:19.0120 1776 Tcpip - ok
12:51:19.0337 1776 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:51:19.0356 1776 TCPIP6 - ok
12:51:19.0447 1776 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:51:19.0451 1776 tcpipreg - ok
12:51:19.0492 1776 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:51:19.0498 1776 TDPIPE - ok
12:51:19.0529 1776 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:51:19.0535 1776 TDTCP - ok
12:51:19.0584 1776 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:51:19.0590 1776 tdx - ok
12:51:19.0634 1776 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:51:19.0638 1776 TermDD - ok
12:51:19.0680 1776 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:51:19.0707 1776 TermService - ok
12:51:19.0737 1776 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:51:19.0744 1776 Themes - ok
12:51:19.0772 1776 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:51:19.0776 1776 THREADORDER - ok
12:51:19.0802 1776 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:51:19.0811 1776 TrkWks - ok
12:51:19.0900 1776 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:51:19.0906 1776 TrustedInstaller - ok
12:51:19.0956 1776 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:51:19.0960 1776 tssecsrv - ok
12:51:20.0032 1776 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:51:20.0037 1776 TsUsbFlt - ok
12:51:20.0114 1776 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:51:20.0120 1776 tunnel - ok
12:51:20.0149 1776 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:51:20.0153 1776 uagp35 - ok
12:51:20.0218 1776 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:51:20.0241 1776 udfs - ok
12:51:20.0289 1776 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:51:20.0295 1776 UI0Detect - ok
12:51:20.0331 1776 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:51:20.0335 1776 uliagpkx - ok
12:51:20.0387 1776 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:51:20.0393 1776 umbus - ok
12:51:20.0456 1776 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:51:20.0462 1776 UmPass - ok
12:51:20.0511 1776 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:51:20.0527 1776 upnphost - ok
12:51:20.0573 1776 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:51:20.0581 1776 usbccgp - ok
12:51:20.0632 1776 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:51:20.0636 1776 usbcir - ok
12:51:20.0684 1776 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:51:20.0690 1776 usbehci - ok
12:51:20.0754 1776 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:51:20.0778 1776 usbhub - ok
12:51:20.0796 1776 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:51:20.0801 1776 usbohci - ok
12:51:20.0863 1776 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:51:20.0867 1776 usbprint - ok
12:51:20.0940 1776 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:51:20.0946 1776 usbscan - ok
12:51:20.0989 1776 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:51:20.0993 1776 USBSTOR - ok
12:51:21.0008 1776 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
12:51:21.0013 1776 usbuhci - ok
12:51:21.0086 1776 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:51:21.0102 1776 usbvideo - ok
12:51:21.0128 1776 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:51:21.0135 1776 UxSms - ok
12:51:21.0186 1776 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:51:21.0189 1776 VaultSvc - ok
12:51:21.0244 1776 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:51:21.0249 1776 vdrvroot - ok
12:51:21.0329 1776 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:51:21.0338 1776 vds - ok
12:51:21.0397 1776 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:51:21.0402 1776 vga - ok
12:51:21.0441 1776 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:51:21.0446 1776 VgaSave - ok
12:51:21.0506 1776 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:51:21.0512 1776 vhdmp - ok
12:51:21.0528 1776 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:51:21.0533 1776 viaide - ok
12:51:21.0555 1776 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:51:21.0560 1776 volmgr - ok
12:51:21.0621 1776 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:51:21.0640 1776 volmgrx - ok
12:51:21.0669 1776 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:51:21.0684 1776 volsnap - ok
12:51:21.0751 1776 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:51:21.0759 1776 vsmraid - ok
12:51:21.0875 1776 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:51:21.0928 1776 VSS - ok
12:51:22.0035 1776 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:51:22.0038 1776 vwifibus - ok
12:51:22.0056 1776 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:51:22.0061 1776 vwififlt - ok
12:51:22.0109 1776 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:51:22.0112 1776 vwifimp - ok
12:51:22.0165 1776 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:51:22.0190 1776 W32Time - ok
12:51:22.0213 1776 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:51:22.0219 1776 WacomPen - ok
12:51:22.0279 1776 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:51:22.0283 1776 WANARP - ok
12:51:22.0288 1776 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:51:22.0290 1776 Wanarpv6 - ok
12:51:22.0425 1776 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:51:22.0495 1776 WatAdminSvc - ok
12:51:22.0604 1776 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:51:22.0674 1776 wbengine - ok
12:51:22.0786 1776 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:51:22.0810 1776 WbioSrvc - ok
12:51:22.0857 1776 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:51:22.0884 1776 wcncsvc - ok
12:51:22.0915 1776 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:51:22.0922 1776 WcsPlugInService - ok
12:51:22.0967 1776 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:51:22.0972 1776 Wd - ok
12:51:23.0018 1776 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:51:23.0047 1776 Wdf01000 - ok
12:51:23.0080 1776 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:51:23.0088 1776 WdiServiceHost - ok
12:51:23.0095 1776 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:51:23.0101 1776 WdiSystemHost - ok
12:51:23.0180 1776 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:51:23.0205 1776 WebClient - ok
12:51:23.0276 1776 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:51:23.0302 1776 Wecsvc - ok
12:51:23.0327 1776 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:51:23.0340 1776 wercplsupport - ok
12:51:23.0397 1776 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:51:23.0403 1776 WerSvc - ok
12:51:23.0484 1776 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:51:23.0488 1776 WfpLwf - ok
12:51:23.0560 1776 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
12:51:23.0565 1776 WimFltr - ok
12:51:23.0584 1776 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:51:23.0588 1776 WIMMount - ok
12:51:23.0597 1776 WinHttpAutoProxySvc - ok
12:51:23.0675 1776 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:51:23.0690 1776 Winmgmt - ok
12:51:23.0837 1776 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:51:23.0895 1776 WinRM - ok
12:51:24.0067 1776 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:51:24.0073 1776 WinUsb - ok
12:51:24.0155 1776 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:51:24.0219 1776 Wlansvc - ok
12:51:25.0104 1776 wlidsvc (98f138897ef4246381d197cb81846d62) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:51:25.0168 1776 wlidsvc - ok
12:51:25.0224 1776 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
12:51:25.0227 1776 wltrysvc - ok
12:51:25.0380 1776 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:51:25.0383 1776 WmiAcpi - ok
12:51:25.0460 1776 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:51:25.0476 1776 wmiApSrv - ok
12:51:25.0540 1776 WMPNetworkSvc - ok
12:51:25.0565 1776 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:51:25.0573 1776 WPCSvc - ok
12:51:25.0632 1776 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:51:25.0637 1776 WPDBusEnum - ok
12:51:25.0665 1776 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:51:25.0671 1776 ws2ifsl - ok
12:51:25.0679 1776 WSearch - ok
12:51:25.0825 1776 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:51:25.0908 1776 wuauserv - ok
12:51:26.0042 1776 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:51:26.0048 1776 WudfPf - ok
12:51:26.0090 1776 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:51:26.0095 1776 WUDFRd - ok
12:51:26.0141 1776 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:51:26.0149 1776 wudfsvc - ok
12:51:26.0194 1776 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:51:26.0240 1776 WwanSvc - ok
12:51:26.0335 1776 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
12:51:26.0355 1776 yukonw7 - ok
12:51:26.0382 1776 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
12:51:26.0712 1776 \Device\Harddisk0\DR0 - ok
12:51:26.0725 1776 Boot (0x1200) (a5a47f88a08d4a60ab8861a5e6c4609c) \Device\Harddisk0\DR0\Partition0
12:51:26.0727 1776 \Device\Harddisk0\DR0\Partition0 - ok
12:51:26.0764 1776 Boot (0x1200) (79b02ecf1d22474ee115a7b454f2bc68) \Device\Harddisk0\DR0\Partition1
12:51:26.0767 1776 \Device\Harddisk0\DR0\Partition1 - ok
12:51:26.0768 1776 ============================================================
12:51:26.0768 1776 Scan finished
12:51:26.0768 1776 ============================================================
12:51:26.0790 6660 Detected object count: 1
12:51:26.0790 6660 Actual detected object count: 1
13:07:42.0744 6660 C:\Windows\system32\tpkd.dll - copied to quarantine
13:07:42.0789 6660 HKLM\SYSTEM\ControlSet001\services\roammgr - will be deleted on reboot
13:07:42.0810 6660 HKLM\SYSTEM\ControlSet002\services\roammgr - will be deleted on reboot
13:07:43.0004 6660 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
13:07:43.0084 6660 C:\Windows\system32\tpkd.dll - will be deleted on reboot
13:07:43.0084 6660 roammgr ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
13:07:47.0929 5912 Deinitialize success

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:30 PM

Posted 17 May 2012 - 04:08 PM

Do you have a flashdrive of at least 128 Mb that you can lay your hands on for a scanning tool?

So long, and thanks for all the fish.

 

 


#5 dalead

dalead
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 17 May 2012 - 04:19 PM

Yes I do.

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:30 PM

Posted 17 May 2012 - 04:23 PM

Grand. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive. Plug the flashdrive into the infected PC and then enter System Recovery Options.

  • To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

  • Select Command Prompt.
  • In the Command Window type in notepad and hit <ENTER>.
  • When a notepad window opens, under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and hit <ENTER>.

    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • A log, called FRST.txt, will be created on the flash drive - please copy and paste the contents in your reply.

So long, and thanks for all the fish.

 

 


#7 dalead

dalead
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 17 May 2012 - 04:48 PM

When I try to enter the System Recovery Options, it bypasses and boots right up. Once I select Repair your computer it just boots up normally.

It acts as if I selected the "Start Windows Normally" option.

I suppose I can try from the disc to get into that option, but I'll wait until you tell me.

Edited by dalead, 17 May 2012 - 04:59 PM.


#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:30 PM

Posted 19 May 2012 - 04:44 PM

Good evening. :)

Booting from the disk is a good call.

So long, and thanks for all the fish.

 

 


#9 dalead

dalead
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 20 May 2012 - 03:03 PM

Well, didn't work. I still can't boot up in "Repair you Computer" mode. Would it be okay to boot in "Safe mode with command Prompt" and run it from there?

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:30 PM

Posted 20 May 2012 - 04:02 PM

Give it a go and see.

So long, and thanks for all the fish.

 

 


#11 dalead

dalead
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 20 May 2012 - 04:21 PM

Thanks. Got it to run.


========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3032.36 MB
Available physical RAM: 2542.12 MB
Total Pagefile: 6062.92 MB
Available Pagefile: 5616.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:123.68 GB) NTFS
2 Drive d: (WIN_7_HOMEPREMIUM) (CDROM) (Total:5.75 GB) (Free:0 GB) UDF
3 Drive e: () (Removable) (Total:1.88 GB) (Free:0.99 GB) FAT

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 1928 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 218 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 RECOVERY NTFS Partition 14 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 218 GB Healthy Boot

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1927 MB 31 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FAT Removable 1927 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-05-12 01:55

======================= End Of Log ==========================

#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:30 PM

Posted 20 May 2012 - 04:47 PM

Is that the whole of the log?

So long, and thanks for all the fish.

 

 


#13 dalead

dalead
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 20 May 2012 - 05:29 PM

Yes, that's all of it.

#14 dalead

dalead
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 20 May 2012 - 05:35 PM

It seems the OS has crashed now and won't even boot up anymore, in repair mode or normally. I'm repairing via disk at the moment.

#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:30 PM

Posted 21 May 2012 - 02:25 PM

Good evening. :)

Let me know when you get the PC back up and running again.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users