Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Dropper.BCMiner?


  • Please log in to reply
76 replies to this topic

#1 nekkidnorman

nekkidnorman

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 26 June 2012 - 11:43 AM

Hi!

I'm running Vista (64-bit) and there seems to be a trojan on the computer (MWB found it, attempted to remove it, but it never goes away?). It's causing browser redirection and pop-ups.

Can someone please help? I don't know where to even start!

Thanks!

BC AdBot (Login to Remove)

 


#2 nekkidnorman

nekkidnorman
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 26 June 2012 - 12:31 PM

I forgot to mention, I use IE. Any other questions that would help? Just ask! (sorry, I'm not too sure what info would be helpful!)

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:08 PM

Posted 26 June 2012 - 01:02 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#4 nekkidnorman

nekkidnorman
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 26 June 2012 - 01:17 PM

Thanks Narenxp! I'll run them right now!

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:08 PM

Posted 26 June 2012 - 01:32 PM

:thumbup2:

#6 nekkidnorman

nekkidnorman
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 26 June 2012 - 01:53 PM

TDSSkiller log:

13:15:43.0398 2380 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
13:15:43.0664 2380 ============================================================
13:15:43.0664 2380 Current date / time: 2012/06/26 13:15:43.0664
13:15:43.0664 2380 SystemInfo:
13:15:43.0664 2380
13:15:43.0664 2380 OS Version: 6.0.6002 ServicePack: 2.0
13:15:43.0664 2380 Product type: Workstation
13:15:43.0664 2380 ComputerName: MICHAEL-PC
13:15:43.0664 2380 UserName: michael
13:15:43.0664 2380 Windows directory: C:\Windows
13:15:43.0664 2380 System windows directory: C:\Windows
13:15:43.0664 2380 Running under WOW64
13:15:43.0664 2380 Processor architecture: Intel x64
13:15:43.0664 2380 Number of processors: 4
13:15:43.0664 2380 Page size: 0x1000
13:15:43.0664 2380 Boot type: Normal boot
13:15:43.0664 2380 ============================================================
13:15:44.0397 2380 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:15:52.0540 2380 Drive \Device\Harddisk5\DR5 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:15:52.0571 2380 ============================================================
13:15:52.0571 2380 \Device\Harddisk0\DR0:
13:15:52.0571 2380 MBR partitions:
13:15:52.0571 2380 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
13:15:52.0571 2380 ============================================================
13:15:52.0602 2380 C: <-> \Device\Harddisk0\DR0\Partition0
13:15:52.0602 2380 ============================================================
13:15:52.0602 2380 Initialize success
13:15:52.0602 2380 ============================================================
13:16:06.0658 3108 ============================================================
13:16:06.0658 3108 Scan started
13:16:06.0658 3108 Mode: Manual; TDLFS;
13:16:06.0658 3108 ============================================================
13:16:07.0188 3108 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
13:16:07.0188 3108 ACPI - ok
13:16:07.0266 3108 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:16:07.0266 3108 AdobeARMservice - ok
13:16:07.0298 3108 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
13:16:07.0298 3108 adp94xx - ok
13:16:07.0313 3108 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
13:16:07.0313 3108 adpahci - ok
13:16:07.0329 3108 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
13:16:07.0329 3108 adpu160m - ok
13:16:07.0329 3108 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
13:16:07.0344 3108 adpu320 - ok
13:16:07.0376 3108 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
13:16:07.0376 3108 AeLookupSvc - ok
13:16:07.0422 3108 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
13:16:07.0422 3108 AFD - ok
13:16:07.0438 3108 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
13:16:07.0438 3108 agp440 - ok
13:16:07.0454 3108 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
13:16:07.0454 3108 aic78xx - ok
13:16:07.0469 3108 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
13:16:07.0469 3108 ALG - ok
13:16:07.0485 3108 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
13:16:07.0485 3108 aliide - ok
13:16:07.0516 3108 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
13:16:07.0516 3108 AMD External Events Utility - ok
13:16:07.0516 3108 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
13:16:07.0516 3108 amdide - ok
13:16:07.0532 3108 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
13:16:07.0532 3108 AmdK8 - ok
13:16:07.0766 3108 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
13:16:07.0875 3108 amdkmdag - ok
13:16:07.0922 3108 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
13:16:07.0922 3108 amdkmdap - ok
13:16:07.0937 3108 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
13:16:07.0937 3108 Appinfo - ok
13:16:07.0937 3108 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
13:16:07.0937 3108 arc - ok
13:16:07.0953 3108 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
13:16:07.0968 3108 arcsas - ok
13:16:08.0031 3108 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:16:08.0046 3108 aspnet_state - ok
13:16:08.0046 3108 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
13:16:08.0046 3108 AsyncMac - ok
13:16:08.0062 3108 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
13:16:08.0062 3108 atapi - ok
13:16:08.0109 3108 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
13:16:08.0109 3108 AudioEndpointBuilder - ok
13:16:08.0124 3108 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
13:16:08.0124 3108 AudioSrv - ok
13:16:08.0156 3108 Autodesk Content Service (f431dc5d94f4b2fdbc927655d8a9b10e) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
13:16:08.0156 3108 Autodesk Content Service - ok
13:16:08.0218 3108 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
13:16:08.0234 3108 BITS - ok
13:16:08.0390 3108 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
13:16:08.0390 3108 blbdrive - ok
13:16:08.0421 3108 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
13:16:08.0421 3108 bowser - ok
13:16:08.0452 3108 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
13:16:08.0452 3108 BrFiltLo - ok
13:16:08.0452 3108 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
13:16:08.0452 3108 BrFiltUp - ok
13:16:08.0468 3108 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
13:16:08.0468 3108 Browser - ok
13:16:08.0483 3108 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
13:16:08.0483 3108 Brserid - ok
13:16:08.0483 3108 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
13:16:08.0483 3108 BrSerWdm - ok
13:16:08.0483 3108 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
13:16:08.0483 3108 BrUsbMdm - ok
13:16:08.0499 3108 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
13:16:08.0499 3108 BrUsbSer - ok
13:16:08.0499 3108 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
13:16:08.0499 3108 BTHMODEM - ok
13:16:08.0530 3108 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
13:16:08.0530 3108 cdfs - ok
13:16:08.0561 3108 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
13:16:08.0561 3108 cdrom - ok
13:16:08.0592 3108 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
13:16:08.0592 3108 CertPropSvc - ok
13:16:08.0608 3108 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
13:16:08.0608 3108 circlass - ok
13:16:08.0639 3108 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
13:16:08.0655 3108 CLFS - ok
13:16:08.0686 3108 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:16:08.0686 3108 clr_optimization_v2.0.50727_32 - ok
13:16:08.0733 3108 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:16:08.0733 3108 clr_optimization_v2.0.50727_64 - ok
13:16:08.0780 3108 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:16:08.0780 3108 clr_optimization_v4.0.30319_32 - ok
13:16:08.0795 3108 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:16:08.0795 3108 clr_optimization_v4.0.30319_64 - ok
13:16:08.0795 3108 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
13:16:08.0795 3108 cmdide - ok
13:16:08.0811 3108 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
13:16:08.0811 3108 Compbatt - ok
13:16:08.0811 3108 COMSysApp - ok
13:16:08.0826 3108 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
13:16:08.0826 3108 crcdisk - ok
13:16:08.0873 3108 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
13:16:08.0873 3108 CryptSvc - ok
13:16:08.0920 3108 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
13:16:08.0936 3108 DcomLaunch - ok
13:16:08.0967 3108 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
13:16:08.0967 3108 DfsC - ok
13:16:09.0060 3108 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
13:16:09.0107 3108 DFSR - ok
13:16:09.0216 3108 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
13:16:09.0232 3108 Dhcp - ok
13:16:09.0248 3108 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
13:16:09.0248 3108 disk - ok
13:16:09.0263 3108 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
13:16:09.0263 3108 Dnscache - ok
13:16:09.0294 3108 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
13:16:09.0310 3108 dot3svc - ok
13:16:09.0357 3108 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
13:16:09.0357 3108 DPS - ok
13:16:09.0388 3108 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
13:16:09.0388 3108 drmkaud - ok
13:16:09.0450 3108 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
13:16:09.0450 3108 DXGKrnl - ok
13:16:09.0466 3108 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
13:16:09.0466 3108 E1G60 - ok
13:16:09.0482 3108 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
13:16:09.0482 3108 EapHost - ok
13:16:09.0513 3108 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
13:16:09.0513 3108 Ecache - ok
13:16:09.0544 3108 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
13:16:09.0544 3108 ehRecvr - ok
13:16:09.0560 3108 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
13:16:09.0560 3108 ehSched - ok
13:16:09.0560 3108 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
13:16:09.0560 3108 ehstart - ok
13:16:09.0591 3108 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
13:16:09.0591 3108 elxstor - ok
13:16:09.0638 3108 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
13:16:09.0638 3108 EMDMgmt - ok
13:16:09.0638 3108 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
13:16:09.0638 3108 ErrDev - ok
13:16:09.0700 3108 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
13:16:09.0700 3108 EventSystem - ok
13:16:09.0716 3108 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
13:16:09.0716 3108 exfat - ok
13:16:09.0747 3108 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
13:16:09.0762 3108 fastfat - ok
13:16:09.0762 3108 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
13:16:09.0762 3108 fdc - ok
13:16:09.0778 3108 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
13:16:09.0778 3108 fdPHost - ok
13:16:09.0794 3108 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
13:16:09.0794 3108 FDResPub - ok
13:16:09.0950 3108 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
13:16:09.0965 3108 FileInfo - ok
13:16:09.0965 3108 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
13:16:09.0965 3108 Filetrace - ok
13:16:10.0074 3108 FLEXnet Licensing Service 64 (64ab6f28047744b9b19c97459c2ab31b) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
13:16:10.0074 3108 FLEXnet Licensing Service 64 - ok
13:16:10.0277 3108 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:16:10.0277 3108 flpydisk - ok
13:16:10.0308 3108 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
13:16:10.0324 3108 FltMgr - ok
13:16:10.0371 3108 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
13:16:10.0386 3108 FontCache - ok
13:16:10.0433 3108 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:16:10.0433 3108 FontCache3.0.0.0 - ok
13:16:10.0449 3108 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
13:16:10.0449 3108 Fs_Rec - ok
13:16:10.0464 3108 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
13:16:10.0480 3108 gagp30kx - ok
13:16:10.0527 3108 GIDv2 (9ba22aee7f531ef9ce085cc2e1112bc4) C:\Windows\system32\drivers\GIDv2.sys
13:16:10.0527 3108 GIDv2 - ok
13:16:10.0558 3108 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
13:16:10.0558 3108 gpsvc - ok
13:16:10.0605 3108 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
13:16:10.0605 3108 HdAudAddService - ok
13:16:10.0667 3108 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:16:10.0667 3108 HDAudBus - ok
13:16:10.0698 3108 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
13:16:10.0698 3108 HidBth - ok
13:16:10.0698 3108 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
13:16:10.0698 3108 HidIr - ok
13:16:10.0714 3108 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
13:16:10.0730 3108 hidserv - ok
13:16:10.0745 3108 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
13:16:10.0745 3108 HidUsb - ok
13:16:10.0761 3108 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
13:16:10.0761 3108 hkmsvc - ok
13:16:10.0761 3108 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
13:16:10.0761 3108 HpCISSs - ok
13:16:10.0808 3108 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
13:16:10.0808 3108 HTTP - ok
13:16:10.0823 3108 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
13:16:10.0823 3108 i2omp - ok
13:16:10.0839 3108 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
13:16:10.0839 3108 i8042prt - ok
13:16:10.0870 3108 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
13:16:10.0870 3108 iaStorV - ok
13:16:10.0917 3108 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:16:10.0917 3108 idsvc - ok
13:16:11.0010 3108 IDVaultSvc (ebed410c201b7050c0f7cbbb0306656a) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
13:16:11.0010 3108 IDVaultSvc - ok
13:16:11.0010 3108 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
13:16:11.0010 3108 iirsp - ok
13:16:11.0057 3108 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
13:16:11.0073 3108 IKEEXT - ok
13:16:11.0073 3108 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
13:16:11.0073 3108 intelide - ok
13:16:11.0088 3108 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
13:16:11.0088 3108 intelppm - ok
13:16:11.0104 3108 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
13:16:11.0104 3108 IPBusEnum - ok
13:16:11.0135 3108 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:16:11.0135 3108 IpFilterDriver - ok
13:16:11.0135 3108 IpInIp - ok
13:16:11.0151 3108 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
13:16:11.0151 3108 IPMIDRV - ok
13:16:11.0151 3108 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
13:16:11.0151 3108 IPNAT - ok
13:16:11.0166 3108 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
13:16:11.0166 3108 IRENUM - ok
13:16:11.0182 3108 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
13:16:11.0182 3108 isapnp - ok
13:16:11.0213 3108 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
13:16:11.0213 3108 iScsiPrt - ok
13:16:11.0229 3108 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
13:16:11.0229 3108 iteatapi - ok
13:16:11.0244 3108 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
13:16:11.0260 3108 iteraid - ok
13:16:11.0260 3108 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
13:16:11.0260 3108 kbdclass - ok
13:16:11.0291 3108 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
13:16:11.0291 3108 kbdhid - ok
13:16:11.0307 3108 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:16:11.0307 3108 KeyIso - ok
13:16:11.0322 3108 KMService - ok
13:16:11.0354 3108 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
13:16:11.0369 3108 KSecDD - ok
13:16:11.0416 3108 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
13:16:11.0416 3108 ksthunk - ok
13:16:11.0447 3108 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
13:16:11.0447 3108 KtmRm - ok
13:16:11.0463 3108 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
13:16:11.0478 3108 LanmanServer - ok
13:16:11.0494 3108 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
13:16:11.0510 3108 LanmanWorkstation - ok
13:16:11.0525 3108 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
13:16:11.0525 3108 lltdio - ok
13:16:11.0541 3108 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
13:16:11.0556 3108 lltdsvc - ok
13:16:11.0556 3108 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
13:16:11.0556 3108 lmhosts - ok
13:16:11.0572 3108 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
13:16:11.0572 3108 LSI_FC - ok
13:16:11.0588 3108 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
13:16:11.0588 3108 LSI_SAS - ok
13:16:11.0588 3108 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
13:16:11.0588 3108 LSI_SCSI - ok
13:16:11.0603 3108 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
13:16:11.0603 3108 luafv - ok
13:16:11.0619 3108 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
13:16:11.0619 3108 Mcx2Svc - ok
13:16:11.0619 3108 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
13:16:11.0619 3108 megasas - ok
13:16:11.0650 3108 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
13:16:11.0650 3108 MegaSR - ok
13:16:11.0712 3108 Microsoft SharePoint Workspace Audit Service - ok
13:16:11.0728 3108 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
13:16:11.0728 3108 MMCSS - ok
13:16:11.0744 3108 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
13:16:11.0744 3108 Modem - ok
13:16:11.0744 3108 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
13:16:11.0759 3108 monitor - ok
13:16:11.0759 3108 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
13:16:11.0759 3108 mouclass - ok
13:16:11.0759 3108 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
13:16:11.0759 3108 mouhid - ok
13:16:11.0775 3108 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
13:16:11.0775 3108 MountMgr - ok
13:16:11.0790 3108 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
13:16:11.0790 3108 mpio - ok
13:16:11.0790 3108 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
13:16:11.0806 3108 mpsdrv - ok
13:16:11.0806 3108 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
13:16:11.0806 3108 Mraid35x - ok
13:16:11.0853 3108 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
13:16:11.0853 3108 MRxDAV - ok
13:16:11.0884 3108 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:16:11.0900 3108 mrxsmb - ok
13:16:11.0915 3108 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:16:11.0915 3108 mrxsmb10 - ok
13:16:11.0915 3108 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:16:11.0915 3108 mrxsmb20 - ok
13:16:11.0946 3108 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
13:16:11.0946 3108 msahci - ok
13:16:11.0946 3108 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
13:16:11.0946 3108 msdsm - ok
13:16:11.0962 3108 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
13:16:11.0962 3108 MSDTC - ok
13:16:11.0978 3108 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
13:16:11.0978 3108 Msfs - ok
13:16:11.0993 3108 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
13:16:12.0009 3108 msisadrv - ok
13:16:12.0024 3108 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
13:16:12.0024 3108 MSiSCSI - ok
13:16:12.0024 3108 msiserver - ok
13:16:12.0024 3108 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
13:16:12.0024 3108 MSKSSRV - ok
13:16:12.0040 3108 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
13:16:12.0040 3108 MSPCLOCK - ok
13:16:12.0056 3108 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
13:16:12.0056 3108 MSPQM - ok
13:16:12.0087 3108 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
13:16:12.0087 3108 MsRPC - ok
13:16:12.0118 3108 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
13:16:12.0118 3108 mssmbios - ok
13:16:12.0118 3108 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
13:16:12.0118 3108 MSTEE - ok
13:16:12.0149 3108 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
13:16:12.0149 3108 Mup - ok
13:16:12.0165 3108 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
13:16:12.0180 3108 napagent - ok
13:16:12.0227 3108 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
13:16:12.0227 3108 NativeWifiP - ok
13:16:12.0290 3108 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
13:16:12.0290 3108 NDIS - ok
13:16:12.0321 3108 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
13:16:12.0321 3108 NdisTapi - ok
13:16:12.0336 3108 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
13:16:12.0336 3108 Ndisuio - ok
13:16:12.0368 3108 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
13:16:12.0368 3108 NdisWan - ok
13:16:12.0368 3108 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
13:16:12.0383 3108 NDProxy - ok
13:16:12.0383 3108 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
13:16:12.0383 3108 NetBIOS - ok
13:16:12.0430 3108 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
13:16:12.0430 3108 netbt - ok
13:16:12.0461 3108 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:16:12.0461 3108 Netlogon - ok
13:16:12.0492 3108 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
13:16:12.0492 3108 Netman - ok
13:16:12.0539 3108 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:16:12.0539 3108 NetMsmqActivator - ok
13:16:12.0555 3108 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:16:12.0555 3108 NetPipeActivator - ok
13:16:12.0570 3108 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
13:16:12.0586 3108 netprofm - ok
13:16:12.0586 3108 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:16:12.0586 3108 NetTcpActivator - ok
13:16:12.0586 3108 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:16:12.0586 3108 NetTcpPortSharing - ok
13:16:12.0617 3108 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
13:16:12.0617 3108 nfrd960 - ok
13:16:13.0054 3108 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
13:16:13.0054 3108 NlaSvc - ok
13:16:13.0085 3108 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
13:16:13.0085 3108 Npfs - ok
13:16:13.0101 3108 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
13:16:13.0101 3108 nsi - ok
13:16:13.0116 3108 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
13:16:13.0116 3108 nsiproxy - ok
13:16:13.0163 3108 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
13:16:13.0194 3108 Ntfs - ok
13:16:13.0304 3108 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
13:16:13.0304 3108 Null - ok
13:16:13.0319 3108 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
13:16:13.0319 3108 nvraid - ok
13:16:13.0319 3108 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
13:16:13.0335 3108 nvstor - ok
13:16:13.0335 3108 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
13:16:13.0335 3108 nv_agp - ok
13:16:13.0335 3108 NwlnkFlt - ok
13:16:13.0350 3108 NwlnkFwd - ok
13:16:13.0382 3108 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
13:16:13.0382 3108 ohci1394 - ok
13:16:13.0428 3108 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:16:13.0428 3108 ose - ok
13:16:13.0616 3108 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:16:13.0647 3108 osppsvc - ok
13:16:13.0709 3108 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:16:13.0725 3108 p2pimsvc - ok
13:16:13.0725 3108 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:16:13.0725 3108 p2psvc - ok
13:16:13.0740 3108 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
13:16:13.0740 3108 Parport - ok
13:16:13.0772 3108 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
13:16:13.0772 3108 partmgr - ok
13:16:13.0803 3108 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
13:16:13.0803 3108 PcaSvc - ok
13:16:13.0818 3108 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
13:16:13.0818 3108 pci - ok
13:16:13.0834 3108 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
13:16:13.0834 3108 pciide - ok
13:16:13.0865 3108 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
13:16:13.0865 3108 pcmcia - ok
13:16:13.0896 3108 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
13:16:13.0896 3108 PEAUTH - ok
13:16:14.0692 3108 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
13:16:14.0692 3108 PerfHost - ok
13:16:14.0754 3108 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
13:16:14.0770 3108 pla - ok
13:16:14.0801 3108 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
13:16:14.0817 3108 PlugPlay - ok
13:16:14.0848 3108 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:16:14.0848 3108 PNRPAutoReg - ok
13:16:14.0864 3108 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:16:14.0864 3108 PNRPsvc - ok
13:16:14.0910 3108 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
13:16:14.0926 3108 PolicyAgent - ok
13:16:14.0942 3108 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
13:16:14.0942 3108 PptpMiniport - ok
13:16:14.0942 3108 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
13:16:14.0942 3108 Processor - ok
13:16:14.0988 3108 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
13:16:14.0988 3108 ProfSvc - ok
13:16:15.0020 3108 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:16:15.0020 3108 ProtectedStorage - ok
13:16:15.0035 3108 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
13:16:15.0035 3108 PSched - ok
13:16:15.0082 3108 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
13:16:15.0113 3108 ql2300 - ok
13:16:15.0129 3108 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
13:16:15.0129 3108 ql40xx - ok
13:16:15.0144 3108 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
13:16:15.0144 3108 QWAVE - ok
13:16:15.0160 3108 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
13:16:15.0160 3108 QWAVEdrv - ok
13:16:15.0176 3108 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
13:16:15.0176 3108 RasAcd - ok
13:16:15.0191 3108 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
13:16:15.0207 3108 RasAuto - ok
13:16:15.0222 3108 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:16:15.0222 3108 Rasl2tp - ok
13:16:15.0238 3108 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
13:16:15.0238 3108 RasMan - ok
13:16:15.0285 3108 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
13:16:15.0300 3108 RasPppoe - ok
13:16:15.0316 3108 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
13:16:15.0316 3108 RasSstp - ok
13:16:15.0332 3108 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
13:16:15.0332 3108 rdbss - ok
13:16:15.0363 3108 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:16:15.0363 3108 RDPCDD - ok
13:16:15.0378 3108 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
13:16:15.0378 3108 rdpdr - ok
13:16:15.0378 3108 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
13:16:15.0378 3108 RDPENCDD - ok
13:16:15.0425 3108 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
13:16:15.0425 3108 RDPWD - ok
13:16:15.0441 3108 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
13:16:15.0441 3108 RemoteAccess - ok
13:16:15.0472 3108 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
13:16:15.0488 3108 RemoteRegistry - ok
13:16:15.0503 3108 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
13:16:15.0503 3108 RpcLocator - ok
13:16:15.0550 3108 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
13:16:15.0566 3108 RpcSs - ok
13:16:15.0581 3108 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
13:16:15.0581 3108 rspndr - ok
13:16:15.0612 3108 RTL8169 (f49d8df8895d809cb0a4deb44113de6f) C:\Windows\system32\DRIVERS\Rtlh64.sys
13:16:15.0612 3108 RTL8169 - ok
13:16:15.0628 3108 RtNdPt60 (5532c4bf15173270757a75b46baeb960) C:\Windows\system32\DRIVERS\RtNdPt60.sys
13:16:15.0628 3108 RtNdPt60 - ok
13:16:15.0628 3108 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:16:15.0628 3108 SamSs - ok
13:16:15.0644 3108 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
13:16:15.0644 3108 sbp2port - ok
13:16:15.0659 3108 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
13:16:15.0659 3108 SCardSvr - ok
13:16:15.0722 3108 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
13:16:15.0737 3108 Schedule - ok
13:16:15.0784 3108 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
13:16:15.0784 3108 SCPolicySvc - ok
13:16:15.0815 3108 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
13:16:15.0815 3108 SDRSVC - ok
13:16:15.0831 3108 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:16:15.0831 3108 secdrv - ok
13:16:15.0846 3108 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
13:16:15.0846 3108 seclogon - ok
13:16:15.0862 3108 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
13:16:15.0862 3108 SENS - ok
13:16:15.0878 3108 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
13:16:15.0878 3108 Serenum - ok
13:16:15.0893 3108 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
13:16:15.0893 3108 Serial - ok
13:16:15.0893 3108 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
13:16:15.0893 3108 sermouse - ok
13:16:15.0909 3108 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
13:16:15.0909 3108 SessionEnv - ok
13:16:15.0924 3108 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
13:16:15.0924 3108 sffdisk - ok
13:16:15.0924 3108 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
13:16:15.0924 3108 sffp_mmc - ok
13:16:15.0924 3108 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
13:16:15.0940 3108 sffp_sd - ok
13:16:15.0940 3108 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
13:16:15.0940 3108 sfloppy - ok
13:16:16.0002 3108 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
13:16:16.0002 3108 ShellHWDetection - ok
13:16:16.0002 3108 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
13:16:16.0002 3108 SiSRaid2 - ok
13:16:16.0018 3108 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
13:16:16.0018 3108 SiSRaid4 - ok
13:16:16.0112 3108 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
13:16:16.0158 3108 slsvc - ok
13:16:16.0268 3108 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
13:16:16.0268 3108 SLUINotify - ok
13:16:16.0314 3108 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
13:16:16.0314 3108 Smb - ok
13:16:16.0346 3108 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
13:16:16.0346 3108 SNMPTRAP - ok
13:16:16.0361 3108 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
13:16:16.0377 3108 spldr - ok
13:16:16.0408 3108 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
13:16:16.0408 3108 Spooler - ok
13:16:16.0455 3108 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
13:16:16.0470 3108 srv - ok
13:16:16.0502 3108 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
13:16:16.0502 3108 srv2 - ok
13:16:16.0517 3108 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
13:16:16.0517 3108 srvnet - ok
13:16:16.0548 3108 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
13:16:16.0548 3108 SSDPSRV - ok
13:16:16.0580 3108 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
13:16:16.0580 3108 SstpSvc - ok
13:16:16.0611 3108 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
13:16:16.0626 3108 stisvc - ok
13:16:16.0642 3108 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
13:16:16.0642 3108 swenum - ok
13:16:16.0689 3108 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
13:16:16.0689 3108 swprv - ok
13:16:16.0720 3108 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
13:16:16.0720 3108 Symc8xx - ok
13:16:16.0720 3108 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
13:16:16.0720 3108 Sym_hi - ok
13:16:16.0736 3108 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
13:16:16.0736 3108 Sym_u3 - ok
13:16:16.0767 3108 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
13:16:16.0782 3108 SysMain - ok
13:16:16.0814 3108 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
13:16:16.0814 3108 TabletInputService - ok
13:16:16.0845 3108 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
13:16:16.0845 3108 TapiSrv - ok
13:16:16.0860 3108 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
13:16:16.0860 3108 TBS - ok
13:16:16.0938 3108 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
13:16:16.0970 3108 Tcpip - ok
13:16:16.0970 3108 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
13:16:16.0985 3108 Tcpip6 - ok
13:16:17.0016 3108 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
13:16:17.0016 3108 tcpipreg - ok
13:16:17.0032 3108 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
13:16:17.0032 3108 TDPIPE - ok
13:16:17.0048 3108 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
13:16:17.0048 3108 TDTCP - ok
13:16:17.0063 3108 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
13:16:17.0063 3108 tdx - ok
13:16:17.0094 3108 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
13:16:17.0094 3108 TermDD - ok
13:16:17.0126 3108 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
13:16:17.0126 3108 TermService - ok
13:16:17.0172 3108 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
13:16:17.0172 3108 Themes - ok
13:16:17.0204 3108 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
13:16:17.0204 3108 THREADORDER - ok
13:16:17.0235 3108 TPM (270308efb59976157755c768b8544b5f) C:\Windows\system32\drivers\tpm.sys
13:16:17.0235 3108 TPM - ok
13:16:17.0250 3108 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
13:16:17.0250 3108 TrkWks - ok
13:16:17.0313 3108 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
13:16:17.0313 3108 TrustedInstaller - ok
13:16:17.0313 3108 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:16:17.0313 3108 tssecsrv - ok
13:16:17.0328 3108 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
13:16:17.0328 3108 tunmp - ok
13:16:17.0360 3108 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
13:16:17.0360 3108 tunnel - ok
13:16:17.0360 3108 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
13:16:17.0360 3108 uagp35 - ok
13:16:17.0375 3108 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
13:16:17.0391 3108 udfs - ok
13:16:17.0422 3108 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
13:16:17.0422 3108 UI0Detect - ok
13:16:17.0438 3108 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
13:16:17.0438 3108 uliagpkx - ok
13:16:17.0438 3108 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
13:16:17.0453 3108 uliahci - ok
13:16:17.0453 3108 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
13:16:17.0453 3108 UlSata - ok
13:16:17.0469 3108 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
13:16:17.0469 3108 ulsata2 - ok
13:16:17.0469 3108 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
13:16:17.0469 3108 umbus - ok
13:16:17.0500 3108 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
13:16:17.0500 3108 upnphost - ok
13:16:17.0531 3108 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
13:16:17.0531 3108 usbccgp - ok
13:16:17.0531 3108 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
13:16:17.0547 3108 usbcir - ok
13:16:17.0578 3108 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
13:16:17.0578 3108 usbehci - ok
13:16:17.0594 3108 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
13:16:17.0609 3108 usbhub - ok
13:16:17.0609 3108 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
13:16:17.0609 3108 usbohci - ok
13:16:17.0625 3108 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
13:16:17.0625 3108 usbprint - ok
13:16:17.0656 3108 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
13:16:17.0656 3108 usbscan - ok
13:16:17.0672 3108 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:16:17.0672 3108 USBSTOR - ok
13:16:17.0703 3108 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
13:16:17.0703 3108 usbuhci - ok
13:16:17.0718 3108 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
13:16:17.0734 3108 UxSms - ok
13:16:17.0781 3108 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
13:16:17.0781 3108 vds - ok
13:16:17.0828 3108 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
13:16:17.0828 3108 vga - ok
13:16:17.0828 3108 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
13:16:17.0828 3108 VgaSave - ok
13:16:17.0843 3108 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
13:16:17.0843 3108 viaide - ok
13:16:17.0859 3108 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
13:16:17.0859 3108 volmgr - ok
13:16:17.0906 3108 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
13:16:17.0906 3108 volmgrx - ok
13:16:17.0921 3108 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
13:16:17.0921 3108 volsnap - ok
13:16:17.0952 3108 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
13:16:17.0952 3108 vsmraid - ok
13:16:18.0015 3108 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
13:16:18.0046 3108 VSS - ok
13:16:18.0218 3108 VST64HWBS2 (23de6f86133361c8dd5410e08a32bb3e) C:\Windows\system32\DRIVERS\VSTBS26.SYS
13:16:18.0218 3108 VST64HWBS2 - ok
13:16:18.0264 3108 VST64_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:16:18.0296 3108 VST64_DPV - ok
13:16:18.0405 3108 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
13:16:18.0420 3108 W32Time - ok
13:16:18.0420 3108 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
13:16:18.0420 3108 WacomPen - ok
13:16:18.0467 3108 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:16:18.0467 3108 Wanarp - ok
13:16:18.0467 3108 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:16:18.0467 3108 Wanarpv6 - ok
13:16:18.0498 3108 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
13:16:18.0498 3108 wcncsvc - ok
13:16:18.0530 3108 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
13:16:18.0530 3108 WcsPlugInService - ok
13:16:18.0545 3108 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
13:16:18.0545 3108 Wd - ok
13:16:18.0576 3108 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
13:16:18.0576 3108 Wdf01000 - ok
13:16:18.0592 3108 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
13:16:18.0592 3108 WdiServiceHost - ok
13:16:18.0608 3108 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
13:16:18.0608 3108 WdiSystemHost - ok
13:16:18.0608 3108 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
13:16:18.0623 3108 WebClient - ok
13:16:18.0701 3108 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
13:16:18.0701 3108 Wecsvc - ok
13:16:18.0717 3108 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
13:16:18.0717 3108 wercplsupport - ok
13:16:18.0732 3108 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
13:16:18.0732 3108 WerSvc - ok
13:16:18.0779 3108 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
13:16:18.0795 3108 winachsf - ok
13:16:18.0795 3108 WinHttpAutoProxySvc - ok
13:16:18.0826 3108 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
13:16:18.0842 3108 Winmgmt - ok
13:16:18.0920 3108 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
13:16:18.0951 3108 WinRM - ok
13:16:19.0013 3108 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
13:16:19.0013 3108 Wlansvc - ok
13:16:19.0044 3108 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
13:16:19.0044 3108 WmiAcpi - ok
13:16:19.0060 3108 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
13:16:19.0076 3108 wmiApSrv - ok
13:16:19.0107 3108 WMPNetworkSvc - ok
13:16:19.0138 3108 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
13:16:19.0138 3108 WPCSvc - ok
13:16:19.0185 3108 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
13:16:19.0185 3108 WPDBusEnum - ok
13:16:19.0216 3108 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
13:16:19.0216 3108 WpdUsb - ok
13:16:19.0310 3108 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:16:19.0325 3108 WPFFontCache_v0400 - ok
13:16:19.0325 3108 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
13:16:19.0325 3108 ws2ifsl - ok
13:16:19.0356 3108 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
13:16:19.0356 3108 wscsvc - ok
13:16:19.0356 3108 WSearch - ok
13:16:19.0450 3108 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:16:19.0481 3108 wuauserv - ok
13:16:19.0668 3108 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:16:19.0668 3108 WUDFRd - ok
13:16:19.0684 3108 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
13:16:19.0684 3108 wudfsvc - ok
13:16:19.0700 3108 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:16:20.0074 3108 \Device\Harddisk0\DR0 - ok
13:16:20.0074 3108 Boot (0x1200) (24cfb439ed9d819089e261e26edc1bb3) \Device\Harddisk0\DR0\Partition0
13:16:20.0074 3108 \Device\Harddisk0\DR0\Partition0 - ok
13:16:20.0074 3108 ============================================================
13:16:20.0074 3108 Scan finished
13:16:20.0074 3108 ============================================================
13:16:20.0090 4744 Detected object count: 0
13:16:20.0090 4744 Actual detected object count: 0
13:16:31.0618 4820 Deinitialize success

#7 nekkidnorman

nekkidnorman
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 26 June 2012 - 01:54 PM

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-26 13:16:55
-----------------------------
13:16:55.545 OS Version: Windows x64 6.0.6002 Service Pack 2
13:16:55.545 Number of processors: 4 586 0x1707
13:16:55.545 ComputerName: MICHAEL-PC UserName: michael
13:17:00.022 Initialize success
13:19:41.957 AVAST engine defs: 12062600
13:19:49.601 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:19:49.617 Disk 0 Vendor: ST2000DM001-9YN164 CC4C Size: 1907729MB BusType: 3
13:19:49.617 Disk 5 \Device\Harddisk5\DR5 -> \Device\Ide\IdeDeviceP1T0L0-8
13:19:49.617 Disk 5 Vendor: ST3750630AS DE12 Size: 715404MB BusType: 3
13:19:49.633 Disk 0 MBR read successfully
13:19:49.633 Disk 0 MBR scan
13:19:49.648 Disk 0 Windows VISTA default MBR code
13:19:49.648 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1907727 MB offset 2048
13:19:49.664 Disk 0 scanning C:\Windows\system32\drivers
13:19:57.058 Service scanning
13:20:12.019 Modules scanning
13:20:12.019 Disk 0 trace - called modules:
13:20:12.034 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:20:12.549 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80074144b0]
13:20:12.549 3 CLASSPNP.SYS[fffffa6000fcec33] -> nt!IofCallDriver -> [0xfffffa8006141930]
13:20:12.549 5 acpi.sys[fffffa60008fbfde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006144940]
13:20:14.530 AVAST engine scan C:\Windows
13:20:23.672 AVAST engine scan C:\Windows\system32
13:22:01.983 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:22:04.370 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:23:41.355 AVAST engine scan C:\Windows\system32\drivers
13:24:36.392 AVAST engine scan C:\Users\michael
13:29:19.603 AVAST engine scan C:\ProgramData
13:32:31.733 Scan finished successfully
13:51:22.358 Disk 0 MBR has been saved successfully to "C:\Users\michael\Desktop\MBR.dat"
13:51:22.358 The log file has been saved successfully to "C:\Users\michael\Desktop\aswMBR.txt"

#8 nekkidnorman

nekkidnorman
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 26 June 2012 - 01:56 PM

ESET is running now, I'll post once it's finished.

#9 nekkidnorman

nekkidnorman
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 26 June 2012 - 04:16 PM

ESET list:

Operating memory a variant of Win32/Sirefef.EZ trojan

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:08 PM

Posted 26 June 2012 - 04:22 PM

Is this the complete log?


Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Post the log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#11 nekkidnorman

nekkidnorman
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 26 June 2012 - 04:25 PM

Yes, thet's all that's ESET lists for "Scan Results"

Running MWB now...

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:08 PM

Posted 26 June 2012 - 04:28 PM

Also

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


launch FSS again and type

services.exe in search BOX,click on search files

Post the generated log

good luck

#13 nekkidnorman

nekkidnorman
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 26 June 2012 - 05:04 PM

FSS Scan (first time run):

Farbar Service Scanner Version: 25-06-2012 01
Ran by michael (administrator) on 26-06-2012 at 17:02:35
Running from "C:\Users\michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2QB5WG8"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc: "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted".
The ServiceDll of wscsvc: ""C:\Windows\system32\wscsvc.dll"".


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll
[2008-01-20 21:49] - [2008-01-20 21:49] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2012-06-24 21:32] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-06-26 01:29] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-06-26 01:43] - [2012-03-30 07:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2012-06-24 18:48] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2012-06-24 21:33] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2012-06-24 21:32] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2008-01-20 21:47] - [2008-01-20 21:47] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018

C:\Windows\System32\vssvc.exe
[2012-06-24 21:33] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2012-06-24 21:31] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2012-06-24 21:32] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2012-06-24 21:33] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2012-06-24 21:33] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-26 01:29] - [2012-04-23 11:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll
[2008-01-20 21:47] - [2008-01-20 21:47] - 0383544 ____A (Microsoft Corporation) 7D2A43E8FDF725A1133F6C6056A72CDC

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2012-06-24 21:33] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****



FSS (Services search):

Farbar Service Scanner Version: 25-06-2012 01
Ran by michael (administrator) on 26-06-2012 at 17:03:27
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)

************************************************
======== Search: "services.exe" =========

C:\Windows\System32\services.exe
[2012-06-24 21:33] - [2009-04-11 02:10] - 0381952 ____A (Microsoft Corporation) B8844F93D2C5F1DCDB179AAA9AF134B7

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2012-06-24 21:32] - [2009-04-11 01:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 21:50] - [2008-01-20 21:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2012-06-24 21:33] - [2009-04-11 02:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[2008-01-20 21:49] - [2008-01-20 21:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

C:\Windows\SysWOW64\services.exe
[2012-06-24 21:32] - [2009-04-11 01:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

====== End Of Search ======

#14 nekkidnorman

nekkidnorman
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 26 June 2012 - 05:08 PM

Just an FYI, MiniToolBox is still running (should it take this long?)

It did give an error popup (did it 3 times?) early on that read "The ordinal 1108 could not be located in the dynamic link library WSOCK32.dll" then said "nslookup has stopped working"

It gets to Listing Installed Programs and seems to hang there? (least it doesn't appear to be doing anything)

Edited by nekkidnorman, 26 June 2012 - 05:09 PM.


#15 nekkidnorman

nekkidnorman
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 26 June 2012 - 05:26 PM

MniToolBox finished! (see above post though listing the errors during the running of it):

MiniToolBox by Farbar Version: 25-06-2012
Ran by michael (administrator) on 26-06-2012 at 17:10:51
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = Local Area Connection (Connected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.

Windows IP Configuration

Host Name . . . . . . . . . . . . : michael-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.mn.comcast.net.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.mn.comcast.net.
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-21-70-3A-B8-A4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7c79:36a4:a5f6:27c0%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, June 26, 2012 4:08:00 AM
Lease Expires . . . . . . . . . . : Wednesday, June 27, 2012 11:14:13 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 167780720
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-79-6A-B6-00-21-70-3A-B8-A4
DNS Servers . . . . . . . . . . . : 75.75.76.76
75.75.75.75
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.hsd1.mn.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Pinging google.com [173.194.43.36] with 32 bytes of data:

Reply from 173.194.43.36: bytes=32 time=45ms TTL=53

Reply from 173.194.43.36: bytes=32 time=44ms TTL=53



Ping statistics for 173.194.43.36:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 44ms, Maximum = 45ms, Average = 44ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=41ms TTL=51

Reply from 209.191.122.70: bytes=32 time=39ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 39ms, Maximum = 41ms, Average = 40ms



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
10 ...00 21 70 3a b8 a4 ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.hsd1.mn.comcast.net.
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.100 276
192.168.1.100 255.255.255.255 On-link 192.168.1.100 276
192.168.1.255 255.255.255.255 On-link 192.168.1.100 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.100 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.100 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::7c79:36a4:a5f6:27c0/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/26/2012 05:11:04 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0x146c, application start time 0xnslookup.exe0.

Error: (06/26/2012 05:11:01 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0x14a8, application start time 0xnslookup.exe0.

Error: (06/26/2012 05:10:58 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0x1668, application start time 0xnslookup.exe0.

Error: (06/26/2012 05:07:44 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0x14a8, application start time 0xnslookup.exe0.

Error: (06/26/2012 05:07:33 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0x110c, application start time 0xnslookup.exe0.

Error: (06/26/2012 05:07:12 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0x11e4, application start time 0xnslookup.exe0.

Error: (06/26/2012 04:27:50 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0x1818, application start time 0xnslookup.exe0.

Error: (06/26/2012 04:27:42 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0x1ba4, application start time 0xnslookup.exe0.

Error: (06/26/2012 04:27:34 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0x1ad8, application start time 0xnslookup.exe0.

Error: (06/26/2012 02:58:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.


System errors:
=============
Error: (06/26/2012 11:17:56 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume D: were aborted during detection.

Error: (06/26/2012 04:08:38 AM) (Source: Service Control Manager) (User: )
Description: Security Center%%2

Error: (06/26/2012 04:08:38 AM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (06/26/2012 04:08:38 AM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (06/26/2012 04:08:38 AM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (06/26/2012 04:07:21 AM) (Source: TPM) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (06/26/2012 04:07:21 AM) (Source: TPM) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (06/26/2012 04:07:21 AM) (Source: TPM) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (06/26/2012 04:07:21 AM) (Source: TPM) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (06/26/2012 04:05:17 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (06/26/2012 05:11:04 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.185414ec3e39fc00001380006f52f146c01cd53e893b18840

Error: (06/26/2012 05:11:01 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.185414ec3e39fc00001380006f52f14a801cd53e891b4cde0

Error: (06/26/2012 05:10:58 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.185414ec3e39fc00001380006f52f166801cd53e88fa54ed0

Error: (06/26/2012 05:07:44 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.185414ec3e39fc00001380006f52f14a801cd53e81c2e2260

Error: (06/26/2012 05:07:33 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.185414ec3e39fc00001380006f52f110c01cd53e815633e20

Error: (06/26/2012 05:07:12 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.185414ec3e39fc00001380006f52f11e401cd53e7e9e8df20

Error: (06/26/2012 04:27:50 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.185414ec3e39fc00001380006f52f181801cd53e28906e080

Error: (06/26/2012 04:27:42 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.185414ec3e39fc00001380006f52f1ba401cd53e2842b2210

Error: (06/26/2012 04:27:34 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.185414ec3e39fc00001380006f52f1ad801cd53e27a2f4930

Error: (06/26/2012 02:58:39 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\michael\Downloads\esetsmartinstaller_enu.exe


========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 6142.26 MB
Available physical RAM: 3601.52 MB
Total Pagefile: 12473.57 MB
Available Pagefile: 9660.17 MB
Total Virtual: 4095.88 MB
Available Virtual: 3996.83 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:1863.01 GB) (Free:1785.56 GB) NTFS
4 Drive f: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.96 GB) NTFS
5 Drive g: (HP DeskJet1220C) (CDROM) (Total:0.1 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\MICHAEL-PC

Administrator Guest michael


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users