Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Gen.2 and/or Trojan.Zeroaccess!gen7 virus


  • Please log in to reply
21 replies to this topic

#1 rubiconl

rubiconl

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 08 June 2012 - 06:30 PM

My computer has apparently been hit by a Trojan.Gen.2 and/or Trojan.Zeroaccess!gen7 virus since yesterday afternoon. I am running Windows 7 64-bit and Norton Internet Security. Currently, I am receiving multiple Norton pop-ups of:
"Auto-Protect blocked security risk Trojan.Gen.2. Your computer is secure."
"Norton blocked an attack by: Web Attack: Blackhole Toolkit Website 3"
"Norton blocked an attack by: Web Attack: Exploit Toolkit Website 4"

I ran numerous full scans since the problem started. The first one or two scans showed nothing other than tracking cookies. The second or third scan quarantined Trojan.Zeroaccess!gen7. I also ran Windows Defender which showed nothing. Problems continued, so I ran the Norton Power Eraser as recommended on the Norton website. It fixed one item but at this point I unfortunately don't remember exactly what it said. I was hesitant about running the Norton Bootable Recovery Tool as recommended on the Norton website, so I did not.

Looking at Norton Security History since the problem started yesterday afternoon:

Resolved Security Risks -
multiple instances of: 80000000.@ (Trojan.Gen.2) detected by Auto-Protect (blocked)
1 instance of: msimg32.dll (Trojan.Zeroaccess!gen7) detected by Virus scanner (quarantined)
1 instance of: wpgr881.exe (Trojan.Zeroaccess!gen7) detected by Auto-Protect (quarantined)

Intrusion Prevention -
multiple instances of: Web Attack: Blackhole Toolkit Website 3
multiple instances of: Web Attack: Exploit Toolkit Website 4
1 instance of: Fake App Attack: Fake AV Redirect 21

I would really appreciate advice as to what I should do. Thanks!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:23 PM

Posted 08 June 2012 - 06:39 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Edited by narenxp, 08 June 2012 - 06:40 PM.


#3 rubiconl

rubiconl
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 08 June 2012 - 07:12 PM

Thanks narenxp, I will give it a try. As a first timer here I have a question before I start, do I post the logs here as a reply and wait for a response or do I post the logs and continue through to the end?

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:23 PM

Posted 08 June 2012 - 07:27 PM

I will reply after i get all the logs :thumbup2:

#5 rubiconl

rubiconl
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 09 June 2012 - 12:35 PM

TDSSkiller log:


21:30:49.0835 4440 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:30:50.0116 4440 ============================================================
21:30:50.0116 4440 Current date / time: 2012/06/08 21:30:50.0116
21:30:50.0116 4440 SystemInfo:
21:30:50.0116 4440
21:30:50.0116 4440 OS Version: 6.1.7601 ServicePack: 1.0
21:30:50.0116 4440 Product type: Workstation
21:30:50.0116 4440 ComputerName: -PC
21:30:50.0116 4440 UserName:
21:30:50.0116 4440 Windows directory: C:\windows
21:30:50.0116 4440 System windows directory: C:\windows
21:30:50.0116 4440 Running under WOW64
21:30:50.0116 4440 Processor architecture: Intel x64
21:30:50.0116 4440 Number of processors: 8
21:30:50.0116 4440 Page size: 0x1000
21:30:50.0116 4440 Boot type: Normal boot
21:30:50.0116 4440 ============================================================
21:30:50.0569 4440 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:30:50.0584 4440 ============================================================
21:30:50.0584 4440 \Device\Harddisk0\DR0:
21:30:50.0584 4440 MBR partitions:
21:30:50.0584 4440 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x55629000
21:30:50.0584 4440 ============================================================
21:30:50.0600 4440 C: <-> \Device\Harddisk0\DR0\Partition0
21:30:50.0600 4440 ============================================================
21:30:50.0600 4440 Initialize success
21:30:50.0600 4440 ============================================================
21:31:46.0495 4000 ============================================================
21:31:46.0495 4000 Scan started
21:31:46.0495 4000 Mode: Manual; TDLFS;
21:31:46.0495 4000 ============================================================
21:31:47.0025 4000 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
21:31:47.0041 4000 1394ohci - ok
21:31:47.0087 4000 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
21:31:47.0087 4000 ACPI - ok
21:31:47.0119 4000 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
21:31:47.0119 4000 AcpiPmi - ok
21:31:47.0212 4000 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:31:47.0212 4000 AdobeARMservice - ok
21:31:47.0290 4000 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
21:31:47.0306 4000 adp94xx - ok
21:31:47.0353 4000 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
21:31:47.0368 4000 adpahci - ok
21:31:47.0415 4000 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
21:31:47.0431 4000 adpu320 - ok
21:31:47.0462 4000 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
21:31:47.0462 4000 AeLookupSvc - ok
21:31:47.0524 4000 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
21:31:47.0540 4000 AFD - ok
21:31:47.0571 4000 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
21:31:47.0571 4000 agp440 - ok
21:31:47.0602 4000 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
21:31:47.0618 4000 ALG - ok
21:31:47.0649 4000 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
21:31:47.0649 4000 aliide - ok
21:31:47.0665 4000 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
21:31:47.0665 4000 amdide - ok
21:31:47.0711 4000 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
21:31:47.0711 4000 AmdK8 - ok
21:31:47.0743 4000 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
21:31:47.0743 4000 AmdPPM - ok
21:31:47.0789 4000 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
21:31:47.0805 4000 amdsata - ok
21:31:47.0852 4000 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
21:31:47.0852 4000 amdsbs - ok
21:31:47.0883 4000 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
21:31:47.0899 4000 amdxata - ok
21:31:47.0930 4000 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
21:31:47.0930 4000 AppID - ok
21:31:47.0961 4000 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
21:31:47.0977 4000 AppIDSvc - ok
21:31:47.0992 4000 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
21:31:47.0992 4000 Appinfo - ok
21:31:48.0023 4000 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
21:31:48.0039 4000 arc - ok
21:31:48.0055 4000 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
21:31:48.0055 4000 arcsas - ok
21:31:48.0101 4000 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
21:31:48.0101 4000 AsyncMac - ok
21:31:48.0148 4000 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
21:31:48.0148 4000 atapi - ok
21:31:48.0226 4000 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:31:48.0242 4000 AudioEndpointBuilder - ok
21:31:48.0257 4000 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:31:48.0257 4000 AudioSrv - ok
21:31:48.0289 4000 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
21:31:48.0289 4000 AxInstSV - ok
21:31:48.0367 4000 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
21:31:48.0382 4000 b06bdrv - ok
21:31:48.0445 4000 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
21:31:48.0445 4000 b57nd60a - ok
21:31:48.0507 4000 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
21:31:48.0507 4000 BDESVC - ok
21:31:48.0538 4000 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
21:31:48.0538 4000 Beep - ok
21:31:48.0616 4000 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
21:31:48.0632 4000 BFE - ok
21:31:48.0835 4000 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120531.001\BHDrvx64.sys
21:31:48.0835 4000 BHDrvx64 - ok
21:31:48.0975 4000 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
21:31:49.0006 4000 BITS - ok
21:31:49.0069 4000 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\drivers\blbdrive.sys
21:31:49.0069 4000 blbdrive - ok
21:31:49.0115 4000 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
21:31:49.0115 4000 bowser - ok
21:31:49.0147 4000 bpenum (3dcb409bcbd02ab0675682f8e42a410f) C:\windows\system32\DRIVERS\bpenum.sys
21:31:49.0147 4000 bpenum - ok
21:31:49.0178 4000 bpmp (6c66eef6669b14df4f426990a1ca5112) C:\windows\system32\DRIVERS\bpmp.sys
21:31:49.0193 4000 bpmp - ok
21:31:49.0209 4000 bpusb (2ee68405bbade51cbe1c973ff3a1a400) C:\windows\system32\Drivers\bpusb.sys
21:31:49.0209 4000 bpusb - ok
21:31:49.0240 4000 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
21:31:49.0240 4000 BrFiltLo - ok
21:31:49.0271 4000 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
21:31:49.0271 4000 BrFiltUp - ok
21:31:49.0318 4000 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
21:31:49.0318 4000 Browser - ok
21:31:49.0365 4000 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
21:31:49.0365 4000 Brserid - ok
21:31:49.0396 4000 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
21:31:49.0396 4000 BrSerWdm - ok
21:31:49.0412 4000 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
21:31:49.0412 4000 BrUsbMdm - ok
21:31:49.0443 4000 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
21:31:49.0443 4000 BrUsbSer - ok
21:31:49.0474 4000 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
21:31:49.0474 4000 BTHMODEM - ok
21:31:49.0521 4000 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
21:31:49.0537 4000 bthserv - ok
21:31:49.0568 4000 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
21:31:49.0583 4000 cdfs - ok
21:31:49.0615 4000 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
21:31:49.0630 4000 cdrom - ok
21:31:49.0677 4000 CeKbFilter (a965b206921c55f2d1481789d609b711) C:\windows\system32\DRIVERS\CeKbFilter.sys
21:31:49.0677 4000 CeKbFilter - ok
21:31:49.0739 4000 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:31:49.0739 4000 CertPropSvc - ok
21:31:49.0786 4000 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
21:31:49.0786 4000 circlass - ok
21:31:49.0817 4000 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
21:31:49.0833 4000 CLFS - ok
21:31:49.0911 4000 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:31:49.0911 4000 clr_optimization_v2.0.50727_32 - ok
21:31:49.0973 4000 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:31:49.0973 4000 clr_optimization_v2.0.50727_64 - ok
21:31:50.0067 4000 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:31:50.0067 4000 clr_optimization_v4.0.30319_32 - ok
21:31:50.0098 4000 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:31:50.0114 4000 clr_optimization_v4.0.30319_64 - ok
21:31:50.0145 4000 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys
21:31:50.0145 4000 CmBatt - ok
21:31:50.0176 4000 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
21:31:50.0176 4000 cmdide - ok
21:31:50.0239 4000 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
21:31:50.0254 4000 CNG - ok
21:31:50.0301 4000 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
21:31:50.0301 4000 Compbatt - ok
21:31:50.0332 4000 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
21:31:50.0332 4000 CompositeBus - ok
21:31:50.0348 4000 COMSysApp - ok
21:31:50.0379 4000 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
21:31:50.0379 4000 crcdisk - ok
21:31:50.0441 4000 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
21:31:50.0441 4000 CryptSvc - ok
21:31:50.0566 4000 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:31:50.0582 4000 cvhsvc - ok
21:31:50.0660 4000 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:31:50.0660 4000 DcomLaunch - ok
21:31:50.0738 4000 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
21:31:50.0738 4000 defragsvc - ok
21:31:50.0831 4000 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
21:31:50.0831 4000 DfsC - ok
21:31:50.0894 4000 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
21:31:50.0894 4000 Dhcp - ok
21:31:50.0925 4000 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
21:31:50.0925 4000 discache - ok
21:31:50.0972 4000 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
21:31:50.0972 4000 Disk - ok
21:31:51.0081 4000 DMAgent (ec9d64cc2dd8a4c6d11550f364890db1) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
21:31:51.0081 4000 DMAgent - ok
21:31:51.0128 4000 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
21:31:51.0128 4000 Dnscache - ok
21:31:51.0159 4000 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
21:31:51.0175 4000 dot3svc - ok
21:31:51.0206 4000 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
21:31:51.0206 4000 DPS - ok
21:31:51.0237 4000 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
21:31:51.0237 4000 drmkaud - ok
21:31:51.0315 4000 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
21:31:51.0331 4000 DXGKrnl - ok
21:31:51.0362 4000 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
21:31:51.0362 4000 EapHost - ok
21:31:51.0533 4000 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
21:31:51.0565 4000 ebdrv - ok
21:31:51.0689 4000 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:31:51.0689 4000 eeCtrl - ok
21:31:51.0814 4000 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
21:31:51.0814 4000 EFS - ok
21:31:51.0923 4000 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
21:31:51.0923 4000 ehRecvr - ok
21:31:51.0939 4000 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
21:31:51.0955 4000 ehSched - ok
21:31:52.0048 4000 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
21:31:52.0048 4000 elxstor - ok
21:31:52.0189 4000 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:31:52.0189 4000 EraserUtilRebootDrv - ok
21:31:52.0204 4000 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
21:31:52.0204 4000 ErrDev - ok
21:31:52.0282 4000 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
21:31:52.0298 4000 EventSystem - ok
21:31:52.0454 4000 EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:31:52.0469 4000 EvtEng - ok
21:31:52.0594 4000 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
21:31:52.0625 4000 exfat - ok
21:31:52.0657 4000 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
21:31:52.0657 4000 fastfat - ok
21:31:52.0735 4000 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
21:31:52.0750 4000 Fax - ok
21:31:52.0781 4000 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
21:31:52.0781 4000 fdc - ok
21:31:52.0813 4000 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
21:31:52.0813 4000 fdPHost - ok
21:31:52.0844 4000 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
21:31:52.0844 4000 FDResPub - ok
21:31:52.0875 4000 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
21:31:52.0875 4000 FileInfo - ok
21:31:52.0891 4000 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
21:31:52.0906 4000 Filetrace - ok
21:31:52.0922 4000 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
21:31:52.0922 4000 flpydisk - ok
21:31:52.0969 4000 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
21:31:52.0969 4000 FltMgr - ok
21:31:53.0062 4000 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
21:31:53.0078 4000 FontCache - ok
21:31:53.0140 4000 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:31:53.0140 4000 FontCache3.0.0.0 - ok
21:31:53.0203 4000 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
21:31:53.0203 4000 FsDepends - ok
21:31:53.0249 4000 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
21:31:53.0249 4000 Fs_Rec - ok
21:31:53.0296 4000 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
21:31:53.0296 4000 fvevol - ok
21:31:53.0343 4000 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
21:31:53.0343 4000 gagp30kx - ok
21:31:53.0405 4000 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
21:31:53.0421 4000 gpsvc - ok
21:31:53.0515 4000 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:31:53.0515 4000 gupdate - ok
21:31:53.0561 4000 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:31:53.0561 4000 gupdatem - ok
21:31:53.0593 4000 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:31:53.0593 4000 gusvc - ok
21:31:53.0639 4000 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
21:31:53.0639 4000 hcw85cir - ok
21:31:53.0686 4000 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
21:31:53.0702 4000 HdAudAddService - ok
21:31:53.0733 4000 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
21:31:53.0749 4000 HDAudBus - ok
21:31:53.0764 4000 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
21:31:53.0764 4000 HidBatt - ok
21:31:53.0795 4000 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
21:31:53.0795 4000 HidBth - ok
21:31:53.0827 4000 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
21:31:53.0827 4000 HidIr - ok
21:31:53.0858 4000 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
21:31:53.0858 4000 hidserv - ok
21:31:53.0905 4000 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
21:31:53.0920 4000 HidUsb - ok
21:31:53.0951 4000 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
21:31:53.0951 4000 hkmsvc - ok
21:31:54.0014 4000 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
21:31:54.0014 4000 HomeGroupListener - ok
21:31:54.0061 4000 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
21:31:54.0061 4000 HomeGroupProvider - ok
21:31:54.0139 4000 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
21:31:54.0139 4000 HpSAMD - ok
21:31:54.0217 4000 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
21:31:54.0232 4000 HTTP - ok
21:31:54.0248 4000 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
21:31:54.0248 4000 hwpolicy - ok
21:31:54.0279 4000 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
21:31:54.0295 4000 i8042prt - ok
21:31:54.0357 4000 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
21:31:54.0373 4000 iaStor - ok
21:31:54.0435 4000 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
21:31:54.0435 4000 iaStorV - ok
21:31:54.0560 4000 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:31:54.0575 4000 idsvc - ok
21:31:54.0763 4000 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120608.001\IDSvia64.sys
21:31:54.0763 4000 IDSVia64 - ok
21:31:55.0574 4000 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
21:31:55.0792 4000 igfx - ok
21:31:55.0933 4000 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
21:31:55.0933 4000 iirsp - ok
21:31:56.0026 4000 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
21:31:56.0042 4000 IKEEXT - ok
21:31:56.0276 4000 IntcAzAudAddService (4b2151f04bb466ec1924aa27315e1118) C:\windows\system32\drivers\RTKVHD64.sys
21:31:56.0291 4000 IntcAzAudAddService - ok
21:31:56.0447 4000 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
21:31:56.0463 4000 IntcDAud - ok
21:31:56.0494 4000 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
21:31:56.0494 4000 intelide - ok
21:31:56.0525 4000 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
21:31:56.0525 4000 intelppm - ok
21:31:56.0557 4000 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
21:31:56.0572 4000 IPBusEnum - ok
21:31:56.0619 4000 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:31:56.0619 4000 IpFilterDriver - ok
21:31:56.0681 4000 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
21:31:56.0697 4000 iphlpsvc - ok
21:31:56.0713 4000 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
21:31:56.0713 4000 IPMIDRV - ok
21:31:56.0728 4000 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
21:31:56.0744 4000 IPNAT - ok
21:31:56.0775 4000 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
21:31:56.0775 4000 IRENUM - ok
21:31:56.0791 4000 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
21:31:56.0791 4000 isapnp - ok
21:31:56.0822 4000 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
21:31:56.0837 4000 iScsiPrt - ok
21:31:56.0931 4000 IviRegMgr (f415a88162d23977b5edae4f0410e903) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:31:56.0931 4000 IviRegMgr - ok
21:31:56.0993 4000 JMCR (935301dd8306ceeaef0b84dd6abffdc6) C:\windows\system32\DRIVERS\jmcr.sys
21:31:56.0993 4000 JMCR - ok
21:31:57.0025 4000 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
21:31:57.0025 4000 kbdclass - ok
21:31:57.0056 4000 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
21:31:57.0071 4000 kbdhid - ok
21:31:57.0103 4000 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:31:57.0118 4000 KeyIso - ok
21:31:57.0134 4000 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
21:31:57.0134 4000 KSecDD - ok
21:31:57.0149 4000 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
21:31:57.0149 4000 KSecPkg - ok
21:31:57.0181 4000 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
21:31:57.0196 4000 ksthunk - ok
21:31:57.0243 4000 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
21:31:57.0274 4000 KtmRm - ok
21:31:57.0321 4000 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
21:31:57.0337 4000 LanmanServer - ok
21:31:57.0368 4000 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
21:31:57.0368 4000 LanmanWorkstation - ok
21:31:57.0415 4000 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
21:31:57.0415 4000 lltdio - ok
21:31:57.0461 4000 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
21:31:57.0477 4000 lltdsvc - ok
21:31:57.0493 4000 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
21:31:57.0508 4000 lmhosts - ok
21:31:57.0617 4000 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:31:57.0633 4000 LMS - ok
21:31:57.0664 4000 LPCFilter (2825a71e7501cb33b3b9f856610c729d) C:\windows\system32\DRIVERS\LPCFilter.sys
21:31:57.0664 4000 LPCFilter - ok
21:31:57.0695 4000 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
21:31:57.0695 4000 LSI_FC - ok
21:31:57.0758 4000 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
21:31:57.0758 4000 LSI_SAS - ok
21:31:57.0773 4000 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
21:31:57.0773 4000 LSI_SAS2 - ok
21:31:57.0789 4000 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
21:31:57.0789 4000 LSI_SCSI - ok
21:31:57.0836 4000 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
21:31:57.0836 4000 luafv - ok
21:31:57.0898 4000 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
21:31:57.0898 4000 Mcx2Svc - ok
21:31:57.0929 4000 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
21:31:57.0929 4000 megasas - ok
21:31:57.0992 4000 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
21:31:58.0007 4000 MegaSR - ok
21:31:58.0039 4000 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
21:31:58.0039 4000 MEIx64 - ok
21:31:58.0101 4000 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:31:58.0101 4000 MMCSS - ok
21:31:58.0132 4000 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
21:31:58.0132 4000 Modem - ok
21:31:58.0163 4000 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
21:31:58.0163 4000 monitor - ok
21:31:58.0195 4000 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
21:31:58.0195 4000 mouclass - ok
21:31:58.0210 4000 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
21:31:58.0210 4000 mouhid - ok
21:31:58.0257 4000 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
21:31:58.0257 4000 mountmgr - ok
21:31:58.0288 4000 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
21:31:58.0288 4000 mpio - ok
21:31:58.0304 4000 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
21:31:58.0319 4000 mpsdrv - ok
21:31:58.0382 4000 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
21:31:58.0397 4000 MpsSvc - ok
21:31:58.0413 4000 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
21:31:58.0413 4000 MRxDAV - ok
21:31:58.0444 4000 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
21:31:58.0444 4000 mrxsmb - ok
21:31:58.0491 4000 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:31:58.0507 4000 mrxsmb10 - ok
21:31:58.0538 4000 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:31:58.0538 4000 mrxsmb20 - ok
21:31:58.0569 4000 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
21:31:58.0569 4000 msahci - ok
21:31:58.0585 4000 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
21:31:58.0585 4000 msdsm - ok
21:31:58.0631 4000 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
21:31:58.0631 4000 MSDTC - ok
21:31:58.0678 4000 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
21:31:58.0678 4000 Msfs - ok
21:31:58.0709 4000 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
21:31:58.0709 4000 mshidkmdf - ok
21:31:58.0741 4000 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
21:31:58.0741 4000 msisadrv - ok
21:31:58.0772 4000 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
21:31:58.0803 4000 MSiSCSI - ok
21:31:58.0803 4000 msiserver - ok
21:31:58.0834 4000 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
21:31:58.0834 4000 MSKSSRV - ok
21:31:58.0850 4000 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
21:31:58.0850 4000 MSPCLOCK - ok
21:31:58.0897 4000 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
21:31:58.0897 4000 MSPQM - ok
21:31:58.0928 4000 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
21:31:58.0943 4000 MsRPC - ok
21:31:58.0959 4000 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
21:31:58.0959 4000 mssmbios - ok
21:31:58.0975 4000 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
21:31:58.0990 4000 MSTEE - ok
21:31:59.0006 4000 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
21:31:59.0006 4000 MTConfig - ok
21:31:59.0037 4000 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
21:31:59.0037 4000 Mup - ok
21:31:59.0146 4000 MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
21:31:59.0162 4000 MyWiFiDHCPDNS - ok
21:31:59.0209 4000 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
21:31:59.0224 4000 napagent - ok
21:31:59.0287 4000 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
21:31:59.0302 4000 NativeWifiP - ok
21:31:59.0427 4000 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120608.018\ENG64.SYS
21:31:59.0427 4000 NAVENG - ok
21:31:59.0552 4000 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120608.018\EX64.SYS
21:31:59.0567 4000 NAVEX15 - ok
21:31:59.0755 4000 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
21:31:59.0770 4000 NDIS - ok
21:31:59.0801 4000 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
21:31:59.0801 4000 NdisCap - ok
21:31:59.0833 4000 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
21:31:59.0833 4000 NdisTapi - ok
21:31:59.0879 4000 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
21:31:59.0895 4000 Ndisuio - ok
21:31:59.0911 4000 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
21:31:59.0926 4000 NdisWan - ok
21:31:59.0957 4000 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
21:31:59.0957 4000 NDProxy - ok
21:31:59.0973 4000 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
21:31:59.0973 4000 NetBIOS - ok
21:32:00.0020 4000 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
21:32:00.0035 4000 NetBT - ok
21:32:00.0067 4000 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:32:00.0067 4000 Netlogon - ok
21:32:00.0145 4000 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
21:32:00.0145 4000 Netman - ok
21:32:00.0176 4000 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
21:32:00.0191 4000 netprofm - ok
21:32:00.0269 4000 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:32:00.0269 4000 NetTcpPortSharing - ok
21:32:00.0722 4000 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\windows\system32\DRIVERS\NETwNs64.sys
21:32:00.0878 4000 NETwNs64 - ok
21:32:01.0003 4000 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
21:32:01.0018 4000 nfrd960 - ok
21:32:01.0127 4000 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
21:32:01.0127 4000 NIS - ok
21:32:01.0190 4000 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
21:32:01.0190 4000 NlaSvc - ok
21:32:01.0221 4000 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
21:32:01.0221 4000 Npfs - ok
21:32:01.0221 4000 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
21:32:01.0237 4000 nsi - ok
21:32:01.0252 4000 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
21:32:01.0268 4000 nsiproxy - ok
21:32:01.0393 4000 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
21:32:01.0408 4000 Ntfs - ok
21:32:01.0533 4000 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
21:32:01.0533 4000 Null - ok
21:32:01.0580 4000 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\windows\system32\DRIVERS\nusb3hub.sys
21:32:01.0580 4000 nusb3hub - ok
21:32:01.0611 4000 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\windows\system32\DRIVERS\nusb3xhc.sys
21:32:01.0611 4000 nusb3xhc - ok
21:32:01.0658 4000 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
21:32:01.0673 4000 nvraid - ok
21:32:01.0705 4000 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
21:32:01.0705 4000 nvstor - ok
21:32:01.0751 4000 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
21:32:01.0751 4000 nv_agp - ok
21:32:01.0783 4000 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
21:32:01.0783 4000 ohci1394 - ok
21:32:01.0892 4000 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:32:01.0892 4000 ose - ok
21:32:02.0251 4000 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:32:02.0266 4000 osppsvc - ok
21:32:02.0391 4000 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:32:02.0407 4000 p2pimsvc - ok
21:32:02.0453 4000 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
21:32:02.0453 4000 p2psvc - ok
21:32:02.0531 4000 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
21:32:02.0531 4000 Parport - ok
21:32:02.0563 4000 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
21:32:02.0563 4000 partmgr - ok
21:32:02.0609 4000 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
21:32:02.0609 4000 PcaSvc - ok
21:32:02.0641 4000 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
21:32:02.0641 4000 pci - ok
21:32:02.0672 4000 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
21:32:02.0672 4000 pciide - ok
21:32:02.0703 4000 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
21:32:02.0719 4000 pcmcia - ok
21:32:02.0750 4000 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
21:32:02.0750 4000 pcw - ok
21:32:02.0828 4000 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
21:32:02.0828 4000 PEAUTH - ok
21:32:02.0953 4000 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
21:32:02.0953 4000 PerfHost - ok
21:32:03.0015 4000 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
21:32:03.0015 4000 PGEffect - ok
21:32:03.0218 4000 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
21:32:03.0249 4000 pla - ok
21:32:03.0311 4000 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
21:32:03.0327 4000 PlugPlay - ok
21:32:03.0358 4000 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
21:32:03.0358 4000 PNRPAutoReg - ok
21:32:03.0389 4000 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:32:03.0389 4000 PNRPsvc - ok
21:32:03.0452 4000 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
21:32:03.0467 4000 PolicyAgent - ok
21:32:03.0514 4000 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
21:32:03.0514 4000 Power - ok
21:32:03.0577 4000 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
21:32:03.0577 4000 PptpMiniport - ok
21:32:03.0608 4000 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
21:32:03.0608 4000 Processor - ok
21:32:03.0639 4000 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
21:32:03.0655 4000 ProfSvc - ok
21:32:03.0686 4000 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:32:03.0686 4000 ProtectedStorage - ok
21:32:03.0733 4000 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
21:32:03.0733 4000 Psched - ok
21:32:03.0826 4000 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
21:32:03.0826 4000 PSI_SVC_2 - ok
21:32:03.0967 4000 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
21:32:03.0982 4000 ql2300 - ok
21:32:04.0138 4000 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
21:32:04.0138 4000 ql40xx - ok
21:32:04.0185 4000 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
21:32:04.0201 4000 QWAVE - ok
21:32:04.0216 4000 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
21:32:04.0216 4000 QWAVEdrv - ok
21:32:04.0232 4000 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
21:32:04.0232 4000 RasAcd - ok
21:32:04.0279 4000 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
21:32:04.0279 4000 RasAgileVpn - ok
21:32:04.0310 4000 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
21:32:04.0325 4000 RasAuto - ok
21:32:04.0357 4000 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
21:32:04.0357 4000 Rasl2tp - ok
21:32:04.0403 4000 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
21:32:04.0403 4000 RasMan - ok
21:32:04.0450 4000 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
21:32:04.0466 4000 RasPppoe - ok
21:32:04.0481 4000 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
21:32:04.0481 4000 RasSstp - ok
21:32:04.0513 4000 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
21:32:04.0513 4000 rdbss - ok
21:32:04.0544 4000 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
21:32:04.0544 4000 rdpbus - ok
21:32:04.0575 4000 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
21:32:04.0575 4000 RDPCDD - ok
21:32:04.0575 4000 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
21:32:04.0591 4000 RDPENCDD - ok
21:32:04.0591 4000 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
21:32:04.0591 4000 RDPREFMP - ok
21:32:04.0637 4000 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
21:32:04.0653 4000 RDPWD - ok
21:32:04.0700 4000 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
21:32:04.0700 4000 rdyboost - ok
21:32:04.0731 4000 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\windows\system32\drivers\regi.sys
21:32:04.0731 4000 regi - ok
21:32:04.0871 4000 RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:32:04.0871 4000 RegSrvc - ok
21:32:04.0918 4000 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
21:32:04.0918 4000 RemoteAccess - ok
21:32:04.0981 4000 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
21:32:04.0996 4000 RemoteRegistry - ok
21:32:05.0012 4000 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
21:32:05.0027 4000 RpcEptMapper - ok
21:32:05.0059 4000 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
21:32:05.0059 4000 RpcLocator - ok
21:32:05.0105 4000 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:32:05.0121 4000 RpcSs - ok
21:32:05.0199 4000 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
21:32:05.0199 4000 rspndr - ok
21:32:05.0261 4000 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\windows\system32\DRIVERS\Rt64win7.sys
21:32:05.0261 4000 RTL8167 - ok
21:32:05.0293 4000 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:32:05.0293 4000 SamSs - ok
21:32:05.0324 4000 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
21:32:05.0324 4000 sbp2port - ok
21:32:05.0371 4000 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
21:32:05.0386 4000 SCardSvr - ok
21:32:05.0449 4000 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
21:32:05.0449 4000 scfilter - ok
21:32:05.0527 4000 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
21:32:05.0542 4000 Schedule - ok
21:32:05.0558 4000 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:32:05.0573 4000 SCPolicySvc - ok
21:32:05.0605 4000 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\DRIVERS\sdbus.sys
21:32:05.0605 4000 sdbus - ok
21:32:05.0651 4000 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
21:32:05.0667 4000 SDRSVC - ok
21:32:05.0698 4000 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
21:32:05.0698 4000 secdrv - ok
21:32:05.0714 4000 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
21:32:05.0714 4000 seclogon - ok
21:32:05.0761 4000 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
21:32:05.0761 4000 SENS - ok
21:32:05.0792 4000 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
21:32:05.0792 4000 SensrSvc - ok
21:32:05.0823 4000 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
21:32:05.0839 4000 Serenum - ok
21:32:05.0870 4000 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
21:32:05.0885 4000 Serial - ok
21:32:05.0901 4000 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
21:32:05.0901 4000 sermouse - ok
21:32:05.0963 4000 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
21:32:05.0963 4000 SessionEnv - ok
21:32:05.0979 4000 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
21:32:05.0979 4000 sffdisk - ok
21:32:05.0995 4000 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
21:32:06.0010 4000 sffp_mmc - ok
21:32:06.0026 4000 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
21:32:06.0026 4000 sffp_sd - ok
21:32:06.0057 4000 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
21:32:06.0057 4000 sfloppy - ok
21:32:06.0166 4000 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
21:32:06.0182 4000 Sftfs - ok
21:32:06.0338 4000 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:32:06.0353 4000 sftlist - ok
21:32:06.0478 4000 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
21:32:06.0478 4000 Sftplay - ok
21:32:06.0509 4000 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
21:32:06.0509 4000 Sftredir - ok
21:32:06.0556 4000 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
21:32:06.0556 4000 Sftvol - ok
21:32:06.0603 4000 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:32:06.0619 4000 sftvsa - ok
21:32:06.0681 4000 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
21:32:06.0697 4000 SharedAccess - ok
21:32:06.0759 4000 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
21:32:06.0759 4000 ShellHWDetection - ok
21:32:06.0806 4000 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
21:32:06.0806 4000 SiSRaid2 - ok
21:32:06.0837 4000 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
21:32:06.0837 4000 SiSRaid4 - ok
21:32:06.0868 4000 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
21:32:06.0868 4000 Smb - ok
21:32:06.0915 4000 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
21:32:06.0931 4000 SNMPTRAP - ok
21:32:06.0962 4000 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
21:32:06.0962 4000 spldr - ok
21:32:07.0024 4000 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
21:32:07.0024 4000 Spooler - ok
21:32:07.0227 4000 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
21:32:07.0274 4000 sppsvc - ok
21:32:07.0367 4000 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
21:32:07.0383 4000 sppuinotify - ok
21:32:07.0508 4000 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1207010.003\SRTSP64.SYS
21:32:07.0508 4000 SRTSP - ok
21:32:07.0539 4000 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1207010.003\SRTSPX64.SYS
21:32:07.0539 4000 SRTSPX - ok
21:32:07.0586 4000 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
21:32:07.0586 4000 srv - ok
21:32:07.0617 4000 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
21:32:07.0633 4000 srv2 - ok
21:32:07.0648 4000 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
21:32:07.0648 4000 srvnet - ok
21:32:07.0695 4000 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
21:32:07.0695 4000 SSDPSRV - ok
21:32:07.0726 4000 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
21:32:07.0726 4000 SstpSvc - ok
21:32:07.0773 4000 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
21:32:07.0773 4000 stexstor - ok
21:32:07.0804 4000 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
21:32:07.0820 4000 StillCam - ok
21:32:07.0882 4000 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
21:32:07.0898 4000 stisvc - ok
21:32:07.0929 4000 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
21:32:07.0929 4000 swenum - ok
21:32:07.0976 4000 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
21:32:07.0991 4000 swprv - ok
21:32:08.0085 4000 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS
21:32:08.0101 4000 SymDS - ok
21:32:08.0163 4000 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS
21:32:08.0179 4000 SymEFA - ok
21:32:08.0225 4000 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
21:32:08.0225 4000 SymEvent - ok
21:32:08.0272 4000 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS
21:32:08.0272 4000 SymIRON - ok
21:32:08.0319 4000 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS
21:32:08.0319 4000 SymNetS - ok
21:32:08.0428 4000 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
21:32:08.0444 4000 SynTP - ok
21:32:08.0615 4000 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
21:32:08.0647 4000 SysMain - ok
21:32:08.0756 4000 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
21:32:08.0771 4000 TabletInputService - ok
21:32:08.0803 4000 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
21:32:08.0803 4000 TapiSrv - ok
21:32:08.0834 4000 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
21:32:08.0834 4000 TBS - ok
21:32:08.0990 4000 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
21:32:09.0021 4000 Tcpip - ok
21:32:09.0224 4000 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
21:32:09.0239 4000 TCPIP6 - ok
21:32:09.0411 4000 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
21:32:09.0411 4000 tcpipreg - ok
21:32:09.0458 4000 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
21:32:09.0458 4000 tdcmdpst - ok
21:32:09.0473 4000 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
21:32:09.0473 4000 TDPIPE - ok
21:32:09.0505 4000 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
21:32:09.0505 4000 TDTCP - ok
21:32:09.0567 4000 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
21:32:09.0567 4000 tdx - ok
21:32:09.0598 4000 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
21:32:09.0598 4000 TermDD - ok
21:32:09.0676 4000 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
21:32:09.0692 4000 TermService - ok
21:32:09.0723 4000 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
21:32:09.0723 4000 Themes - ok
21:32:09.0770 4000 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
21:32:09.0770 4000 Thpdrv - ok
21:32:09.0801 4000 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
21:32:09.0801 4000 Thpevm - ok
21:32:09.0848 4000 Thpsrv (9b032a63a0553a2d872815c64a0288be) C:\windows\system32\ThpSrv.exe
21:32:09.0848 4000 Thpsrv - ok
21:32:09.0895 4000 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:32:09.0895 4000 THREADORDER - ok
21:32:09.0973 4000 TMachInfo (83e91963c4452be6899503cf9ebfd3ed) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
21:32:09.0988 4000 TMachInfo - ok
21:32:10.0035 4000 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
21:32:10.0035 4000 TODDSrv - ok
21:32:10.0175 4000 TosCoSrv (63b379f8885cb1c557771bb8b16162e3) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
21:32:10.0175 4000 TosCoSrv - ok
21:32:10.0269 4000 TOSHIBA eco Utility Service (2ecc833ea37cece0052d4d9adc184177) C:\Program Files\TOSHIBA\TECO\TecoService.exe
21:32:10.0285 4000 TOSHIBA eco Utility Service - ok
21:32:10.0347 4000 TOSHIBA HDD SSD Alert Service (edb4b432db13ea3d1eb2356310d33263) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
21:32:10.0347 4000 TOSHIBA HDD SSD Alert Service - ok
21:32:10.0456 4000 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
21:32:10.0472 4000 tos_sps64 - ok
21:32:10.0565 4000 TPCHSrv (9f8410ccc72b3470c96da415be0cf423) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
21:32:10.0565 4000 TPCHSrv - ok
21:32:10.0690 4000 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
21:32:10.0706 4000 TrkWks - ok
21:32:10.0768 4000 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
21:32:10.0768 4000 TrustedInstaller - ok
21:32:10.0831 4000 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
21:32:10.0831 4000 tssecsrv - ok
21:32:10.0846 4000 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
21:32:10.0846 4000 TsUsbFlt - ok
21:32:10.0877 4000 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
21:32:10.0877 4000 TsUsbGD - ok
21:32:10.0924 4000 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
21:32:10.0940 4000 tunnel - ok
21:32:10.0987 4000 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
21:32:10.0987 4000 TVALZ - ok
21:32:11.0002 4000 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
21:32:11.0018 4000 TVALZFL - ok
21:32:11.0049 4000 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
21:32:11.0049 4000 uagp35 - ok
21:32:11.0096 4000 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
21:32:11.0096 4000 udfs - ok
21:32:11.0143 4000 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
21:32:11.0143 4000 UI0Detect - ok
21:32:11.0189 4000 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
21:32:11.0189 4000 uliagpkx - ok
21:32:11.0221 4000 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
21:32:11.0221 4000 umbus - ok
21:32:11.0267 4000 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
21:32:11.0267 4000 UmPass - ok
21:32:11.0486 4000 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:32:11.0517 4000 UNS - ok
21:32:11.0642 4000 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
21:32:11.0657 4000 upnphost - ok
21:32:11.0704 4000 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
21:32:11.0704 4000 usbccgp - ok
21:32:11.0767 4000 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
21:32:11.0767 4000 usbcir - ok
21:32:11.0798 4000 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
21:32:11.0798 4000 usbehci - ok
21:32:11.0845 4000 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
21:32:11.0860 4000 usbhub - ok
21:32:11.0876 4000 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
21:32:11.0876 4000 usbohci - ok
21:32:11.0923 4000 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
21:32:11.0923 4000 usbprint - ok
21:32:11.0954 4000 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
21:32:11.0969 4000 usbscan - ok
21:32:12.0016 4000 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:32:12.0016 4000 USBSTOR - ok
21:32:12.0047 4000 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
21:32:12.0047 4000 usbuhci - ok
21:32:12.0110 4000 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
21:32:12.0110 4000 usbvideo - ok
21:32:12.0157 4000 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
21:32:12.0157 4000 UxSms - ok
21:32:12.0203 4000 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:32:12.0203 4000 VaultSvc - ok
21:32:12.0250 4000 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
21:32:12.0250 4000 vdrvroot - ok
21:32:12.0344 4000 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
21:32:12.0375 4000 vds - ok
21:32:12.0422 4000 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
21:32:12.0422 4000 vga - ok
21:32:12.0437 4000 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
21:32:12.0437 4000 VgaSave - ok
21:32:12.0469 4000 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
21:32:12.0469 4000 vhdmp - ok
21:32:12.0500 4000 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
21:32:12.0500 4000 viaide - ok
21:32:12.0547 4000 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
21:32:12.0547 4000 volmgr - ok
21:32:12.0578 4000 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
21:32:12.0593 4000 volmgrx - ok
21:32:12.0625 4000 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
21:32:12.0640 4000 volsnap - ok
21:32:12.0687 4000 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
21:32:12.0687 4000 vsmraid - ok
21:32:12.0812 4000 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
21:32:12.0827 4000 VSS - ok
21:32:12.0921 4000 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
21:32:12.0937 4000 vwifibus - ok
21:32:12.0968 4000 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
21:32:12.0968 4000 vwififlt - ok
21:32:12.0983 4000 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
21:32:12.0983 4000 vwifimp - ok
21:32:13.0046 4000 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
21:32:13.0061 4000 W32Time - ok
21:32:13.0077 4000 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
21:32:13.0077 4000 WacomPen - ok
21:32:13.0124 4000 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:32:13.0124 4000 WANARP - ok
21:32:13.0139 4000 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:32:13.0139 4000 Wanarpv6 - ok
21:32:13.0264 4000 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
21:32:13.0280 4000 WatAdminSvc - ok
21:32:13.0389 4000 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
21:32:13.0405 4000 wbengine - ok
21:32:13.0498 4000 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
21:32:13.0498 4000 WbioSrvc - ok
21:32:13.0545 4000 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
21:32:13.0561 4000 wcncsvc - ok
21:32:13.0576 4000 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
21:32:13.0576 4000 WcsPlugInService - ok
21:32:13.0639 4000 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
21:32:13.0639 4000 Wd - ok
21:32:13.0670 4000 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys
21:32:13.0670 4000 WDC_SAM - ok
21:32:13.0732 4000 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
21:32:13.0748 4000 Wdf01000 - ok
21:32:13.0779 4000 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:32:13.0779 4000 WdiServiceHost - ok
21:32:13.0779 4000 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:32:13.0779 4000 WdiSystemHost - ok
21:32:13.0810 4000 wdkmd (5e1640435dd54d00451156ca5340b109) C:\windows\system32\DRIVERS\WDKMD.sys
21:32:13.0810 4000 wdkmd - ok
21:32:13.0857 4000 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
21:32:13.0857 4000 WebClient - ok
21:32:13.0904 4000 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
21:32:13.0904 4000 Wecsvc - ok
21:32:13.0951 4000 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
21:32:13.0951 4000 wercplsupport - ok
21:32:13.0982 4000 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
21:32:13.0982 4000 WerSvc - ok
21:32:14.0044 4000 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
21:32:14.0044 4000 WfpLwf - ok
21:32:14.0231 4000 WiMAXAppSrv (64de79bf805724f0606fe7b3b2f13784) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
21:32:14.0247 4000 WiMAXAppSrv - ok
21:32:14.0263 4000 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
21:32:14.0263 4000 WIMMount - ok
21:32:14.0309 4000 WinDefend - ok
21:32:14.0309 4000 WinHttpAutoProxySvc - ok
21:32:14.0387 4000 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
21:32:14.0387 4000 Winmgmt - ok
21:32:14.0512 4000 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
21:32:14.0543 4000 WinRM - ok
21:32:14.0684 4000 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
21:32:14.0699 4000 WinUsb - ok
21:32:14.0793 4000 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
21:32:14.0809 4000 Wlansvc - ok
21:32:14.0887 4000 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:32:14.0887 4000 wlcrasvc - ok
21:32:15.0058 4000 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:32:15.0074 4000 wlidsvc - ok
21:32:15.0199 4000 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
21:32:15.0199 4000 WmiAcpi - ok
21:32:15.0277 4000 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
21:32:15.0277 4000 wmiApSrv - ok
21:32:15.0355 4000 WMPNetworkSvc - ok
21:32:15.0386 4000 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
21:32:15.0401 4000 WPCSvc - ok
21:32:15.0417 4000 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
21:32:15.0433 4000 WPDBusEnum - ok
21:32:15.0448 4000 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
21:32:15.0464 4000 ws2ifsl - ok
21:32:15.0479 4000 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
21:32:15.0495 4000 wscsvc - ok
21:32:15.0495 4000 WSearch - ok
21:32:15.0651 4000 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
21:32:15.0682 4000 wuauserv - ok
21:32:15.0791 4000 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
21:32:15.0791 4000 WudfPf - ok
21:32:15.0838 4000 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
21:32:15.0838 4000 WUDFRd - ok
21:32:15.0869 4000 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
21:32:15.0869 4000 wudfsvc - ok
21:32:15.0916 4000 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
21:32:15.0916 4000 WwanSvc - ok
21:32:15.0963 4000 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
21:32:17.0039 4000 \Device\Harddisk0\DR0 - ok
21:32:17.0086 4000 Boot (0x1200) (94e97680defc46748b31ad6b9fe363a0) \Device\Harddisk0\DR0\Partition0
21:32:17.0086 4000 \Device\Harddisk0\DR0\Partition0 - ok
21:32:17.0086 4000 ============================================================
21:32:17.0086 4000 Scan finished
21:32:17.0086 4000 ============================================================
21:32:17.0102 4972 Detected object count: 0
21:32:17.0102 4972 Actual detected object count: 0
21:33:00.0844 4196 Deinitialize success

#6 rubiconl

rubiconl
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 09 June 2012 - 12:39 PM

aswMBR log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-08 22:18:22
-----------------------------
22:18:22.873 OS Version: Windows x64 6.1.7601 Service Pack 1
22:18:22.873 Number of processors: 8 586 0x2A07
22:18:22.873 ComputerName: -PC UserName:
22:18:24.683 Initialize success
22:20:09.875 AVAST engine defs: 12060801
22:20:48.127 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:20:48.142 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
22:20:48.158 Disk 0 MBR read successfully
22:20:48.158 Disk 0 MBR scan
22:20:48.173 Disk 0 Windows VISTA default MBR code
22:20:48.189 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:20:48.205 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 699474 MB offset 3074048
22:20:48.251 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14429 MB offset 1435596800
22:20:48.345 Disk 0 scanning C:\windows\system32\drivers
22:20:58.360 Service scanning
22:21:33.398 Modules scanning
22:21:33.413 Disk 0 trace - called modules:
22:21:33.429 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
22:21:33.429 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80062bd790]
22:21:33.445 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8006372710]
22:21:33.445 5 thpdrv.sys[fffff88001dd1cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006036050]
22:21:35.488 AVAST engine scan C:\windows
22:21:38.702 AVAST engine scan C:\windows\system32
22:24:21.769 AVAST engine scan C:\windows\system32\drivers
22:24:35.747 AVAST engine scan C:\Users\*******
22:44:25.732 AVAST engine scan C:\ProgramData
22:50:22.645 Scan finished successfully
22:59:20.253 Disk 0 MBR has been saved successfully to "C:\Users\*******\Documents\MBR.dat"
22:59:20.269 The log file has been saved successfully to "C:\Users\*******\Documents\aswMBR.txt"

#7 rubiconl

rubiconl
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 09 June 2012 - 02:04 PM

I haven't had any Norton pop-ups since I ran the MBAM last evening when it detected one object.

Here is the last log that you requested.

ESET log:

C:\Users\*******\AppData\Local\Temp\ICReinstall\cnet_InternationalPrimoPDF_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\*******\AppData\Local\Temp\is1598539481\zgInstaller.exe multiple threats deleted - quarantined
C:\Users\*******\Downloads\cnet_InternationalPrimoPDF_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:23 PM

Posted 09 June 2012 - 02:05 PM

Please post the MBAM infection log(not the clean one)

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#9 rubiconl

rubiconl
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 09 June 2012 - 02:57 PM

Where would I find the MBAM infection log from yesterday? Nothing obvious popped out at me when I looked for it.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:23 PM

Posted 09 June 2012 - 03:02 PM

Launch malwarebytes

Click on LOGS tab-Open the logs,i need to know infections removed by mbam

#11 rubiconl

rubiconl
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 09 June 2012 - 03:12 PM

Thanks...

MBAM Log:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.08.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
******* :: *******-PC [administrator]

6/8/2012 8:19:27 PM
mbam-log-2012-06-08 (20-19-27).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 357826
Time elapsed: 54 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\*******\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Y0WPWH0\ultimatemediaplayer_2[1].exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

(end)

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:23 PM

Posted 09 June 2012 - 03:20 PM

Do you have other logs in mbam that shows 80000000.@ infection?

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Edited by narenxp, 09 June 2012 - 03:21 PM.


#13 rubiconl

rubiconl
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 09 June 2012 - 03:36 PM

Mini Toolbox log:

MiniToolBox by Farbar Version: 09-06-2012
Ran by ******* (administrator) on 09-06-2012 at 16:16:04
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 6150 = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
Intel® Centrino® WiMAX 6150 = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : *******-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.pa.comcast.net.

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® WiMAX 6150
Physical Address. . . . . . . . . : 64-D4-DA-5B-4B-FC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 40-25-C2-4A-56-6D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 40-25-C2-4A-56-6D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : B8-70-F4-68-5A-41
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.pa.comcast.net.
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 6150
Physical Address. . . . . . . . . : 40-25-C2-4A-56-6C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e02a:86a1:a40:6b8d%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, June 09, 2012 1:28:05 PM
Lease Expires . . . . . . . . . . : Sunday, June 10, 2012 1:28:05 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 239084994
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-97-D3-DA-40-25-C2-4A-56-6C
DNS Servers . . . . . . . . . . . : 192.168.1.1
75.75.76.76
75.75.75.75
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3824:d2e:9d14:b47c(Preferred)
Link-local IPv6 Address . . . . . : fe80::3824:d2e:9d14:b47c%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.hsd1.pa.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.pa.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4006:803::1006
74.125.226.194
74.125.226.199
74.125.226.193
74.125.226.198
74.125.226.200
74.125.226.195
74.125.226.197
74.125.226.192
74.125.226.201
74.125.226.206
74.125.226.196


Pinging google.com [74.125.226.196] with 32 bytes of data:
Reply from 74.125.226.196: bytes=32 time=35ms TTL=53
Reply from 74.125.226.196: bytes=32 time=37ms TTL=53

Ping statistics for 74.125.226.196:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 35ms, Maximum = 37ms, Average = 36ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=189ms TTL=47
Reply from 72.30.38.140: bytes=32 time=133ms TTL=47

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 133ms, Maximum = 189ms, Average = 161ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
16...64 d4 da 5b 4b fc ......Intel® Centrino® WiMAX 6150
15...40 25 c2 4a 56 6d ......Microsoft Virtual WiFi Miniport Adapter #2
14...40 25 c2 4a 56 6d ......Microsoft Virtual WiFi Miniport Adapter
12...b8 70 f4 68 5a 41 ......Realtek PCIe GBE Family Controller
11...40 25 c2 4a 56 6c ......Intel® Centrino® Wireless-N 6150
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.101 281
192.168.1.101 255.255.255.255 On-link 192.168.1.101 281
192.168.1.255 255.255.255.255 On-link 192.168.1.101 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.101 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.101 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
17 58 ::/0 On-link
1 306 ::1/128 On-link
17 58 2001::/32 On-link
17 306 2001:0:4137:9e76:3824:d2e:9d14:b47c/128
On-link
11 281 fe80::/64 On-link
17 306 fe80::/64 On-link
17 306 fe80::3824:d2e:9d14:b47c/128
On-link
11 281 fe80::e02a:86a1:a40:6b8d/128
On-link
1 306 ff00::/8 On-link
17 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/09/2012 01:46:24 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/09/2012 01:41:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/09/2012 01:40:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/09/2012 01:40:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/09/2012 01:28:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2012 09:20:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2012 07:54:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7601.17568, time stamp: 0x4d6c7db2
Faulting module name: mshtml.dll, version: 9.0.8112.16443, time stamp: 0x4f4c81a4
Exception code: 0xc0000005
Fault offset: 0x00000000003f52b5
Faulting process id: 0x1ca0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (06/08/2012 07:13:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7601.17568, time stamp: 0x4d6c7db2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000007308a0b000
Faulting process id: 0xeec
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (06/08/2012 01:09:37 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (06/08/2012 00:59:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/28/2012 11:02:22 AM) (Source: Schannel) (User: SYSTEM)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (05/28/2012 11:02:22 AM) (Source: Schannel) (User: SYSTEM)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (05/28/2012 11:02:21 AM) (Source: Schannel) (User: SYSTEM)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (05/28/2012 11:02:21 AM) (Source: Schannel) (User: SYSTEM)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (05/28/2012 11:00:06 AM) (Source: Schannel) (User: SYSTEM)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (05/28/2012 11:00:06 AM) (Source: Schannel) (User: SYSTEM)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (05/28/2012 11:00:06 AM) (Source: Schannel) (User: SYSTEM)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (05/28/2012 11:00:06 AM) (Source: Schannel) (User: SYSTEM)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (05/28/2012 11:00:06 AM) (Source: Schannel) (User: SYSTEM)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (05/28/2012 11:00:06 AM) (Source: Schannel) (User: SYSTEM)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.


Microsoft Office Sessions:
=========================
Error: (06/09/2012 01:46:24 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\*******\Downloads\esetsmartinstaller_enu.exe

Error: (06/09/2012 01:41:00 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\*******\Downloads\esetsmartinstaller_enu.exe

Error: (06/09/2012 01:40:59 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\*******\Downloads\esetsmartinstaller_enu.exe

Error: (06/09/2012 01:40:32 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\*******\Downloads\esetsmartinstaller_enu.exe

Error: (06/09/2012 01:28:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2012 09:20:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/08/2012 07:54:22 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7601.175684d6c7db2mshtml.dll9.0.8112.164434f4c81a4c000000500000000003f52b51ca001cd45d1e02c4dafC:\windows\system32\svchost.exeC:\windows\system32\mshtml.dll44553f0a-b1c5-11e1-8c19-b870f4685a41

Error: (06/08/2012 07:13:51 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7601.175684d6c7db2unknown0.0.0.000000000c00000050000007308a0b000eec01cd45cc19232f42C:\windows\system32\svchost.exeunknown9b72c0bf-b1bf-11e1-8c19-b870f4685a41

Error: (06/08/2012 01:09:37 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (06/08/2012 00:59:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 10 Plugin (Version: 10.2.152.32)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.235)
Adobe Reader X (10.1.3) MUI (Version: 10.1.3)
Apple Application Support (Version: 1.1.0)
Apple Software Update (Version: 2.1.1.116)
Best Buy pc app (Version: 3.2.0.0)
Best Buy pc app (Version: 3.2.523.2)
Canon MX860 series MP Drivers
Corel WinDVD (Version: 10.0.5.859)
Creative Memories Memory Manager 3 (Version: 3.0)
D3DX10 (Version: 15.4.2368.0902)
ESET Online Scanner v3
Family Tree Maker 2011 (Version: 20.0.368)
FUJIFILM MyFinePix Studio 2.0
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 19.0.1084.52)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
Intel PROSet Wireless
Intel WiMAX Tutorial (Version: 1.5.3.1)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2353)
Intel® PROSet/Wireless WiFi Software (Version: 14.0.2000)
Intel® Rapid Storage Technology (Version: 10.1.2.1004)
Intel® Wireless Display
Intel® Wireless Display (Version: 2.0.29.0)
Intel® PROSet/Wireless WiMAX Software (Version: 6.02.1000)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (Version: 6.0.200)
JMicron Flash Media Controller Driver (Version: 1.0.59.2)
Junk Mail filter update (Version: 15.4.3502.0922)
Label@Once 1.0 (Version: 1.0)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Norton Internet Security (Version: 18.7.1.3)
Personal Ancestral File 5
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
QuickTime (Version: 7.65.17.80)
RAF (Version: 1.00.0001)
RealFlight Basic R/C Simulator
Realtek Ethernet Controller Driver (Version: 7.38.113.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6323)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.34.0)
Synaptics Pointing Device Driver (Version: 15.2.11.1)
TOSHIBA Application Installer (Version: 9.0.1.1)
TOSHIBA Assist (Version: 4.02.02)
Toshiba Book Place (Version: 2.2.6775)
TOSHIBA Bulletin Board (Version: 1.6.08.64)
TOSHIBA Disc Creator (Version: 2.1.0.9 for x64)
TOSHIBA eco Utility (Version: 1.3.2.64)
TOSHIBA Face Recognition (Version: 3.1.9.64)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.12C)
TOSHIBA Hardware Setup (Version: 1.63.1.34C)
TOSHIBA HDD Protection (Version: 2.2.1.13)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.8)
TOSHIBA Media Controller (Version: 1.0.86.2)
TOSHIBA Media Controller Plug-in (Version: 1.0.6.1)
TOSHIBA PC Health Monitor (Version: 1.7.7.64)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.3.5109)
TOSHIBA ReelTime (Version: 1.7.18.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (Version: 1.1.0)
TOSHIBA Service Station (Version: 2.1.52)
TOSHIBA Sleep Utility (Version: 1.4.2.8)
TOSHIBA Supervisor Password (Version: 1.63.51.2C)
TOSHIBA Value Added Package (Version: 1.5.12.64)
TOSHIBA VIDEO PLAYER (Version: 4.00.7.01-A)
TOSHIBA Web Camera Application (Version: 2.0.0.24)
TOSHIBA Wireless Display Monitor (Version: 1.0.1)
TOSHIBA Wireless LAN Indicator (Version: 1.0.4)
ToshibaRegistration (Version: 1.0.4)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Utility Common Driver (Version: 1.0.52.2C)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 6050.69 MB
Available physical RAM: 3663.19 MB
Total Pagefile: 12099.57 MB
Available Pagefile: 9699.82 MB
Total Virtual: 4095.88 MB
Available Virtual: 3966.79 MB

========================= Partitions: =====================================

1 Drive c: (TI106169W0D) (Fixed) (Total:683.08 GB) (Free:575.46 GB) NTFS

========================= Users: ========================================

User accounts for \\*******-PC

Administrator Guest *******


**** End of log ****

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:23 PM

Posted 09 June 2012 - 03:50 PM

That looks good

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp


Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#15 rubiconl

rubiconl
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 09 June 2012 - 03:50 PM

When you asked "Do you have other logs in mbam that shows 80000000.@ infection?" the answer is no. The second MBAM scan I ran as regular as you said, and it showed no infections.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users