Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection possible rootkit


  • Please log in to reply
4 replies to this topic

#1 Shawn Goncalves

Shawn Goncalves

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 10 July 2012 - 01:49 PM

I've contracted something and not sure what and how to remove. I've done a full scan with MBAM and removed what ever it found and also SEP. But SEP is still detecting a Hacktool.Rootkit in my c:\windows\installer directory and past few times I've rebooted my computer I get a blue screen and have to let it launch a system repair. It's a Windows 7 x64 machine. Any help would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:36 AM

Posted 10 July 2012 - 02:44 PM

Hello, Would you post that MBAM log.. Is SEP referring to Sophos?

Can you run these?

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.




Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Shawn Goncalves

Shawn Goncalves
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 10 July 2012 - 03:03 PM

Thanks for the quick reply, I can't seem to upload files so I will pasted the content here and SEP is symantec endpoint protection.

mbam log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.07.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
shawn.goncalves :: SHAWN-OFFICE [administrator]

7/7/2012 11:44:47 PM
mbam-log-2012-07-07 (23-44-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 65940
Time elapsed: 4 minute(s), 24 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\shawn.goncalves\AppData\Local\btvbzuycyh.exe (Trojan.Lameshield) -> Delete on reboot.
C:\Users\shawn.goncalves\Local Settings\btvbzuycyh.exe (Trojan.Lameshield) -> Delete on reboot.
C:\Users\shawn.goncalves\Local Settings\Application Data\btvbzuycyh.exe (Trojan.Lameshield) -> Delete on reboot.

(end)

result.txt contents

MiniToolBox by Farbar Version: 25-06-2012
Ran by shawn.goncalves (administrator) on 10-07-2012 at 15:46:22
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
SonicWALL NetExtender Adapter = Local Area Connection 2 (Connected)
802.11n Wireless LAN Card = Wireless Network Connection (Hardware not present)
SonicWALL Virtual NIC = Local Area Connection 2 (Hardware not present)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Hardware not present)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=192.168.150.253 publish=Yes
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled metric=1 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0
add address name="Local Area Connection" address=192.168.150.115 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : SHAWN-OFFICE
Primary Dns Suffix . . . . . . . : home.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home.local

Ethernet adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter
Physical Address. . . . . . . . . : 00-FF-10-B0-41-11
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : E0-69-95-A6-B5-F2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d47f:8a73:3057:8c0b%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.150.115(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.150.253
DHCPv6 IAID . . . . . . . . . . . : 299919765
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-72-42-96-E0-69-95-A6-B5-F2
DNS Servers . . . . . . . . . . . : 192.168.150.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{ECD07567-B620-4651-9A4A-C7CB86BEA1AB}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A723029B-601A-4CAF-AB45-DDAB1CC493FB}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.150.1

Name: google.com
Addresses: 2607:f8b0:4006:803::1009
173.194.43.37
173.194.43.35
173.194.43.40
173.194.43.34
173.194.43.41
173.194.43.46
173.194.43.36
173.194.43.39
173.194.43.33
173.194.43.38
173.194.43.32


Pinging google.com [173.194.43.37] with 32 bytes of data:
Reply from 173.194.43.37: bytes=32 time=13ms TTL=251
Reply from 173.194.43.37: bytes=32 time=14ms TTL=251

Ping statistics for 173.194.43.37:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 14ms, Average = 13ms
Server: UnKnown
Address: 192.168.150.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=76ms TTL=248
Reply from 209.191.122.70: bytes=32 time=75ms TTL=248

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 75ms, Maximum = 76ms, Average = 75ms
Server: UnKnown
Address: 192.168.150.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
19...00 ff 10 b0 41 11 ......Juniper Network Connect Virtual Adapter
12...e0 69 95 a6 b5 f2 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.150.253 192.168.150.115 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.150.0 255.255.255.0 On-link 192.168.150.115 276
192.168.150.115 255.255.255.255 On-link 192.168.150.115 276
192.168.150.255 255.255.255.255 On-link 192.168.150.115 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.150.115 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.150.115 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.150.253 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 276 fe80::/64 On-link
12 276 fe80::d47f:8a73:3057:8c0b/128
On-link
1 306 ff00::/8 On-link
12 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 10 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 10 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/10/2012 03:45:29 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\SHAWN.GONCALVES\DOWNLOADS\MiniToolBox.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (07/10/2012 03:45:15 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\SHAWN.GONCALVES\DOWNLOADS\MiniToolBox.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (07/10/2012 02:38:07 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Downloader in File: C:\Users\SHAWN.GONCALVES\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\994059b-146ecdd5 by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.

Error: (07/10/2012 02:10:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: NEGui.exe, version: 4.0.138.1, time stamp: 0x4c212f68
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc015000f
Fault offset: 0x00084621
Faulting process id: 0xe8c
Faulting application start time: 0xNEGui.exe0
Faulting application path: NEGui.exe1
Faulting module path: NEGui.exe2
Report Id: NEGui.exe3

Error: (07/10/2012 02:09:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: NEGui.exe, version: 4.0.138.1, time stamp: 0x4c212f68
Faulting module name: NEGui.exe, version: 4.0.138.1, time stamp: 0x4c212f68
Exception code: 0xc0000005
Fault offset: 0x0000a32f
Faulting process id: 0xe8c
Faulting application start time: 0xNEGui.exe0
Faulting application path: NEGui.exe1
Faulting module path: NEGui.exe2
Report Id: NEGui.exe3

Error: (07/10/2012 02:09:07 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (07/10/2012 02:09:07 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (07/10/2012 02:09:07 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (07/10/2012 02:07:03 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Trojan.Zeroaccess in File: C:\Windows\assembly\GAC_32\Desktop.ini by: Auto-Protect scan. Action: Delete succeeded . Action Description: Reboot Processing

Error: (07/10/2012 02:07:02 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Windows\assembly\GAC_64\Desktop.ini by: Auto-Protect scan. Action: Delete succeeded . Action Description: Reboot Processing


System errors:
=============
Error: (07/10/2012 03:08:05 PM) (Source: DCOM) (User: COMPTELNETWORKS)
Description: application-specificLocalLaunch{69486DD6-C19F-42E8-B508-A53F9F8E67B8}{52551A19-B337-498D-AE75-2283E29902DE}COMPTELNETWORKSshawn.goncalvesS-1-5-21-260843078-278039929-3275570884-1142LocalHost (Using LRPC)

Error: (07/10/2012 02:08:10 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (07/10/2012 02:05:24 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (07/10/2012 02:05:19 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (07/10/2012 02:05:11 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/10/2012 01:49:33 PM) (Source: DCOM) (User: COMPTELNETWORKS)
Description: application-specificLocalLaunch{69486DD6-C19F-42E8-B508-A53F9F8E67B8}{52551A19-B337-498D-AE75-2283E29902DE}COMPTELNETWORKSshawn.goncalvesS-1-5-21-260843078-278039929-3275570884-1142LocalHost (Using LRPC)

Error: (07/10/2012 01:47:53 PM) (Source: DCOM) (User: COMPTELNETWORKS)
Description: application-specificLocalLaunch{69486DD6-C19F-42E8-B508-A53F9F8E67B8}{52551A19-B337-498D-AE75-2283E29902DE}COMPTELNETWORKSshawn.goncalvesS-1-5-21-260843078-278039929-3275570884-1142LocalHost (Using LRPC)

Error: (07/10/2012 01:47:53 PM) (Source: DCOM) (User: COMPTELNETWORKS)
Description: application-specificLocalLaunch{69486DD6-C19F-42E8-B508-A53F9F8E67B8}{52551A19-B337-498D-AE75-2283E29902DE}COMPTELNETWORKSshawn.goncalvesS-1-5-21-260843078-278039929-3275570884-1142LocalHost (Using LRPC)

Error: (07/10/2012 01:47:53 PM) (Source: DCOM) (User: COMPTELNETWORKS)
Description: application-specificLocalLaunch{69486DD6-C19F-42E8-B508-A53F9F8E67B8}{52551A19-B337-498D-AE75-2283E29902DE}COMPTELNETWORKSshawn.goncalvesS-1-5-21-260843078-278039929-3275570884-1142LocalHost (Using LRPC)

Error: (07/10/2012 01:47:53 PM) (Source: DCOM) (User: COMPTELNETWORKS)
Description: application-specificLocalLaunch{69486DD6-C19F-42E8-B508-A53F9F8E67B8}{52551A19-B337-498D-AE75-2283E29902DE}COMPTELNETWORKSshawn.goncalvesS-1-5-21-260843078-278039929-3275570884-1142LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (07/10/2012 03:45:29 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\SHAWN.GONCALVES\DOWNLOADS\MiniToolBox.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (07/10/2012 03:45:15 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\SHAWN.GONCALVES\DOWNLOADS\MiniToolBox.exe by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (07/10/2012 02:38:07 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Downloader in File: C:\Users\SHAWN.GONCALVES\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\994059b-146ecdd5 by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.

Error: (07/10/2012 02:10:15 PM) (Source: Application Error)(User: )
Description: NEGui.exe4.0.138.14c212f68ntdll.dll6.1.7601.177254ec49b8fc015000f00084621e8c01cd5ec6ab9e457aC:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exeC:\Windows\SysWOW64\ntdll.dll7f0a270f-caba-11e1-9bac-e06995a6b5f2

Error: (07/10/2012 02:09:52 PM) (Source: Application Error)(User: )
Description: NEGui.exe4.0.138.14c212f68NEGui.exe4.0.138.14c212f68c00000050000a32fe8c01cd5ec6ab9e457aC:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exeC:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe718e637d-caba-11e1-9bac-e06995a6b5f2

Error: (07/10/2012 02:09:07 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (07/10/2012 02:09:07 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (07/10/2012 02:09:07 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (07/10/2012 02:07:03 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Trojan.Zeroaccess in File: C:\Windows\assembly\GAC_32\Desktop.ini by: Auto-Protect scan. Action: Delete succeeded . Action Description: Reboot Processing

Error: (07/10/2012 02:07:02 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Windows\assembly\GAC_64\Desktop.ini by: Auto-Protect scan. Action: Delete succeeded . Action Description: Reboot Processing


=========================== Installed Programs ============================

Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Reader 9.5.1 MUI (Version: 9.5.1)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Agatha Christie - 4:50 from Paddington (Version: 2.2.0.95)
Aimersoft Blu-ray Ripper(Build 3.0.0.3)
Aimersoft DVD Ripper(Build 2.6.1.0)
Android SDK Tools (Version: 1.13)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.2.6
AVI To MP4 Converter 1.0
BeerSmith 2
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Bar (Version: 7.0.610.0)
BitTorrent (Version: 7.6.0)
BitTorrentBar Toolbar (Version: 6.8.2.0)
Bonjour (Version: 3.0.0.10)
Bonjour Browser
Build-a-lot 2 (Version: 2.2.0.95)
CCleaner (Version: 3.17)
Chuzzle Deluxe (Version: 2.2.0.95)
Coupon Printer for Windows (Version: 5.0.0.1)
CrossLoop 2.82 (Version: 2.82)
CyberLink PowerDVD 10 (Version: 10.0.2531.52)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's World Adventure (Version: 2.2.0.95)
eBay Worldwide (Version: 2.1.0901)
Final Drive: Nitro (Version: 2.2.0.95)
Flixster Collections (Version: 1.0.73)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Gateway Games (Version: 1.0.2.4)
Gateway Recovery Management (Version: 5.00.3002)
Gateway Registration (Version: 1.03.3003)
Gateway ScreenSaver (Version: 1.1.0225.2011)
Gateway Updater (Version: 1.02.3005)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
HandBrake 0.9.5 (Version: 0.9.5)
Hotkey Utility (Version: 2.05.3014)
HP Officejet 6500 E710a-f Help (Version: 140.0.2.2)
HP Officejet 6500 E710n-z Basic Device Software (Version: 22.50.231.0)
HP Officejet 6500 E710n-z Help (Version: 140.0.2.2)
HP Update (Version: 5.002.006.003)
I.R.I.S. OCR (Version: 12.3.4.0)
Identity Card (Version: 1.00.3006)
ieSpell (Version: 2.6.4 (build 573))
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Rapid Storage Technology (Version: 10.1.0.1008)
IrfanView (remove only) (Version: 4.32)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 32 (Version: 6.0.320)
Java™ 7 (64-bit) (Version: 7.0.0)
Java™ SE Development Kit 7 (64-bit) (Version: 1.7.0.0)
Jewel Quest Heritage (Version: 2.2.0.95)
join.me (Version: 1.2.1.374)
Juniper Networks Network Connect 6.5.0 (Version: 6.5.0.14951)
Juniper Networks Setup Client (Version: 2.1.2.5973)
Junk Mail filter update (Version: 15.4.3502.0922)
LeapFrog Connect (Version: 3.2.19.13664)
LeapFrog Tag Plugin (Version: 3.2.19.13664)
LogMeIn (Version: 4.1.1890)
LogMeIn Ignition (Version: 1.2.212)
Magical Jelly Bean KeyFinder (Version: 2.0.8.2)
MakeMKV v1.6.16 (Version: v1.6.16)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Interop Forms Redistributable Package 2.0a (Version: 2.0.0)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Visio 2010 (Version: 14.0.6029.1000)
Microsoft Office Visio MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Backward compatibility (Version: 8.05.1054)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Management Objects (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Management Studio (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Native Client (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Policies (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.3.5500.0)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft SQL Server Compact 3.5 SP1 Query Tools English (Version: 3.5.5692.0)
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Professional 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MusicBrainz Picard (Version: 0.16)
Mystery P.I. - Stolen in San Francisco (Version: 2.2.0.95)
Namco All-Stars: PAC-MAN (Version: 2.2.0.95)
Nero Control Center 10 (Version: 10.2.11100.1.1)
Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000)
Nero Core Components 10 (Version: 2.0.18100.8.8)
Nero DiscSpeed 10 (Version: 6.2.10500.2.100)
Nero DiscSpeed 10 Help (CHM) (Version: 10.5.10000)
Nero Express 10 (Version: 10.2.12000.21.100)
Nero Express 10 Help (CHM) (Version: 10.5.10200)
Nero Multimedia Suite 10 Essentials (Version: 10.5.10300)
Nero StartSmart 10 (Version: 10.2.11600.14.100)
Nero StartSmart 10 Help (CHM) (Version: 10.5.10000)
Nero Update (Version: 1.0.0018)
Nessus64 (Version: 4.4.1.15078)
NOOK for PC (Version: 2.5.5.8763)
NVIDIA Control Panel 267.85 (Version: 267.85)
NVIDIA Graphics Driver 267.85 (Version: 267.85)
NVIDIA HD Audio Driver 1.2.22.1 (Version: 1.2.22.1)
NVIDIA Install Application (Version: 2.265.39.0)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6785)
Oracle VM VirtualBox 4.1.8 (Version: 4.1.8)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
QuickBooks (Version: 22.0.4008.2206)
QuickBooks Pro 2012 (Version: 22.0.4008.2206)
QuickTime (Version: 7.71.80.42)
QuickVPN Client (Version: 1.4.2.1)
Realtek Ethernet Controller Driver (Version: 7.41.216.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6257)
Remote Support System
RingCentral Call Controller
RingCentral Voicemail Player (Version: 1.4.31)
Samsung AllShare (Version: 2.1.0.12031_10)
ScreenPop (Version: 1.0.0)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (Version: 10.3.5500.0)
Skype™ 5.0 (Version: 5.0.152)
SMTP Test Tool (Version: 3.00.0003)
SolarWinds TFTP Server (Version: 9.1)
SonicWALL Global VPN Client (Version: 4.6.4)
SonicWALL SSL-VPN NetExtender (Version: 4.0.138)
SupportSoft Assisted Service (Version: 15)
Swag Bucks Toolbar (Version: 6.8.9.0)
swMSM (Version: 12.0.0.1)
Symantec Endpoint Protection (Version: 12.1.1101.401)
SYNC My iTunes v1.1.61 (Version: 1.1.61)
System Requirements Lab (Version: 4.4.26.0)
TCP Test Tool (Version: 3.00.0008)
Tigerpaw 11 (Version: 11.3.7)
Tigerpaw Control Library (Version: 11.3.25)
Tigerpaw Interop (Version: 11.3.14)
Times Reader (Version: 2.055)
Torchlight (Version: 2.2.0.95)
UDP Test Tool (Version: 3.00.0008)
UltraVnc (Version: 1.0.9.6.1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (Version: 3.2.19.13664)
Vertical Wave ViewPoint (Version: 2.5.0.8110)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
VLC media player 1.1.11 (Version: 1.1.11)
Welcome Center (Version: 1.02.3102)
WIDCOMM Bluetooth Software (Version: 6.3.0.2500)
WildTangent Games App (Gateway Games) (Version: 4.0.5.31)
Winamp (Version: 5.623 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (Version: 11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Small Business Server 2008 ClientAgent (Version: 6.0.5601.0)
Windows Small Business Server 2008 Desktop Links Gadget (Version: 6.0.5601.0)
Windows Small Business Server 2008 WMI Provider (Version: 6.0.5601.0)
WinHTTrack Website Copier 3.44-1 (x64) (Version: 3.44.1)
WinPcap 4.1.2 (Version: 4.1.0.2001)
Wireshark 1.6.2 (Version: 1.6.2)
Zuma's Revenge (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 16366.5 MB
Available physical RAM: 11907.44 MB
Total Pagefile: 32731.18 MB
Available Pagefile: 28144.46 MB
Total Virtual: 4095.88 MB
Available Virtual: 3973.07 MB

========================= Partitions: =====================================

1 Drive c: (Gateway) (Fixed) (Total:1383.17 GB) (Free:716.51 GB) NTFS

========================= Users: ========================================

User accounts for \\SHAWN-OFFICE

Administrator Guest Shawn
UpdatusUser


**** End of log ****

tdskiller
15:50:58.0330 4760 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
15:50:58.0542 4760 ============================================================
15:50:58.0542 4760 Current date / time: 2012/07/10 15:50:58.0542
15:50:58.0542 4760 SystemInfo:
15:50:58.0542 4760
15:50:58.0542 4760 OS Version: 6.1.7601 ServicePack: 1.0
15:50:58.0542 4760 Product type: Workstation
15:50:58.0542 4760 ComputerName: SHAWN-OFFICE
15:50:58.0542 4760 UserName: shawn.goncalves
15:50:58.0542 4760 Windows directory: C:\Windows
15:50:58.0542 4760 System windows directory: C:\Windows
15:50:58.0542 4760 Running under WOW64
15:50:58.0542 4760 Processor architecture: Intel x64
15:50:58.0542 4760 Number of processors: 8
15:50:58.0542 4760 Page size: 0x1000
15:50:58.0542 4760 Boot type: Normal boot
15:50:58.0542 4760 ============================================================
15:50:59.0951 4760 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:50:59.0955 4760 Drive \Device\Harddisk1\DR1 - Size: 0x0 (0.00 Gb), SectorSize: 0x200, Cylinders: 0x0, SectorsPerTrack: 0x0, TracksPerCylinder: 0x0, Type 'W'
15:50:59.0987 4760 ============================================================
15:50:59.0987 4760 \Device\Harddisk0\DR0:
15:50:59.0987 4760 MBR partitions:
15:50:59.0987 4760 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
15:50:59.0987 4760 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0xACE54B30
15:50:59.0987 4760 ============================================================
15:51:00.0024 4760 C: <-> \Device\Harddisk0\DR0\Partition1
15:51:00.0024 4760 ============================================================
15:51:00.0024 4760 Initialize success
15:51:00.0024 4760 ============================================================
15:51:11.0326 6524 ============================================================
15:51:11.0326 6524 Scan started
15:51:11.0326 6524 Mode: Manual; TDLFS;
15:51:11.0326 6524 ============================================================
15:51:14.0271 6524 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:51:14.0273 6524 1394ohci - ok
15:51:14.0302 6524 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:51:14.0305 6524 ACPI - ok
15:51:14.0323 6524 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:51:14.0323 6524 AcpiPmi - ok
15:51:14.0417 6524 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:51:14.0419 6524 AdobeFlashPlayerUpdateSvc - ok
15:51:14.0475 6524 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:51:14.0479 6524 adp94xx - ok
15:51:14.0506 6524 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:51:14.0509 6524 adpahci - ok
15:51:14.0523 6524 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:51:14.0524 6524 adpu320 - ok
15:51:14.0541 6524 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:51:14.0543 6524 AeLookupSvc - ok
15:51:14.0596 6524 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:51:14.0601 6524 AFD - ok
15:51:14.0616 6524 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:51:14.0617 6524 agp440 - ok
15:51:14.0635 6524 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:51:14.0636 6524 ALG - ok
15:51:14.0639 6524 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:51:14.0639 6524 aliide - ok
15:51:14.0652 6524 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:51:14.0652 6524 amdide - ok
15:51:14.0659 6524 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:51:14.0660 6524 AmdK8 - ok
15:51:14.0667 6524 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:51:14.0668 6524 AmdPPM - ok
15:51:14.0696 6524 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
15:51:14.0698 6524 amdsata - ok
15:51:14.0717 6524 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:51:14.0718 6524 amdsbs - ok
15:51:14.0729 6524 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
15:51:14.0729 6524 amdxata - ok
15:51:14.0733 6524 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:51:14.0734 6524 AppID - ok
15:51:14.0737 6524 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:51:14.0738 6524 AppIDSvc - ok
15:51:14.0764 6524 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:51:14.0765 6524 Appinfo - ok
15:51:14.0900 6524 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:51:14.0901 6524 Apple Mobile Device - ok
15:51:14.0958 6524 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:51:14.0960 6524 AppMgmt - ok
15:51:14.0965 6524 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:51:14.0966 6524 arc - ok
15:51:14.0985 6524 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:51:14.0986 6524 arcsas - ok
15:51:15.0239 6524 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:51:15.0240 6524 aspnet_state - ok
15:51:15.0245 6524 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:51:15.0245 6524 AsyncMac - ok
15:51:15.0253 6524 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:51:15.0254 6524 atapi - ok
15:51:15.0297 6524 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:51:15.0310 6524 AudioEndpointBuilder - ok
15:51:15.0314 6524 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:51:15.0316 6524 AudioSrv - ok
15:51:15.0357 6524 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:51:15.0358 6524 AxInstSV - ok
15:51:15.0395 6524 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:51:15.0399 6524 b06bdrv - ok
15:51:15.0416 6524 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:51:15.0419 6524 b57nd60a - ok
15:51:15.0455 6524 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:51:15.0456 6524 BBSvc - ok
15:51:15.0461 6524 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:51:15.0462 6524 BDESVC - ok
15:51:15.0474 6524 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:51:15.0474 6524 Beep - ok
15:51:15.0761 6524 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20120620.012\BHDrvx64.sys
15:51:15.0796 6524 BHDrvx64 - ok
15:51:15.0857 6524 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:51:15.0877 6524 BITS - ok
15:51:15.0902 6524 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
15:51:15.0902 6524 blbdrive - ok
15:51:15.0985 6524 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:51:15.0989 6524 Bonjour Service - ok
15:51:16.0019 6524 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:51:16.0020 6524 bowser - ok
15:51:16.0035 6524 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:51:16.0036 6524 BrFiltLo - ok
15:51:16.0037 6524 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:51:16.0038 6524 BrFiltUp - ok
15:51:16.0067 6524 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:51:16.0068 6524 BridgeMP - ok
15:51:16.0082 6524 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:51:16.0084 6524 Browser - ok
15:51:16.0105 6524 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:51:16.0108 6524 Brserid - ok
15:51:16.0111 6524 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:51:16.0112 6524 BrSerWdm - ok
15:51:16.0114 6524 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:51:16.0114 6524 BrUsbMdm - ok
15:51:16.0116 6524 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:51:16.0117 6524 BrUsbSer - ok
15:51:16.0152 6524 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
15:51:16.0153 6524 BthEnum - ok
15:51:16.0166 6524 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:51:16.0167 6524 BTHMODEM - ok
15:51:16.0217 6524 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:51:16.0218 6524 BthPan - ok
15:51:16.0254 6524 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
15:51:16.0259 6524 BTHPORT - ok
15:51:16.0269 6524 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:51:16.0270 6524 bthserv - ok
15:51:16.0282 6524 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
15:51:16.0284 6524 BTHUSB - ok
15:51:16.0358 6524 btwampfl (163668fdc42cc73f397a0b5ef00017fd) C:\Windows\system32\drivers\btwampfl.sys
15:51:16.0362 6524 btwampfl - ok
15:51:16.0411 6524 btwaudio (e37d4f461c912b0b46941f2a2048006f) C:\Windows\system32\drivers\btwaudio.sys
15:51:16.0412 6524 btwaudio - ok
15:51:16.0424 6524 btwavdt (4360cb566324a43a8962730b13c172c6) C:\Windows\system32\DRIVERS\btwavdt.sys
15:51:16.0426 6524 btwavdt - ok
15:51:16.0510 6524 btwdins (756b097ef48254b26218b816fbd20f9f) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:51:16.0539 6524 btwdins - ok
15:51:16.0601 6524 btwl2cap (272108a7da53a6fddaa5dae42e64c9f4) C:\Windows\system32\DRIVERS\btwl2cap.sys
15:51:16.0602 6524 btwl2cap - ok
15:51:16.0655 6524 btwrchid (f55d36511c2c0e423bad6008c3e746fc) C:\Windows\system32\DRIVERS\btwrchid.sys
15:51:16.0655 6524 btwrchid - ok
15:51:16.0657 6524 catchme - ok
15:51:16.0676 6524 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:51:16.0677 6524 cdfs - ok
15:51:16.0703 6524 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:51:16.0705 6524 cdrom - ok
15:51:16.0738 6524 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:51:16.0739 6524 CertPropSvc - ok
15:51:16.0760 6524 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:51:16.0761 6524 circlass - ok
15:51:16.0782 6524 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:51:16.0786 6524 CLFS - ok
15:51:16.0848 6524 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:51:16.0849 6524 clr_optimization_v2.0.50727_32 - ok
15:51:16.0870 6524 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:51:16.0871 6524 clr_optimization_v2.0.50727_64 - ok
15:51:16.0967 6524 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:51:16.0969 6524 clr_optimization_v4.0.30319_32 - ok
15:51:17.0056 6524 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:51:17.0092 6524 clr_optimization_v4.0.30319_64 - ok
15:51:17.0095 6524 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:51:17.0096 6524 CmBatt - ok
15:51:17.0098 6524 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:51:17.0098 6524 cmdide - ok
15:51:17.0146 6524 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:51:17.0150 6524 CNG - ok
15:51:17.0165 6524 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:51:17.0166 6524 Compbatt - ok
15:51:17.0192 6524 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:51:17.0193 6524 CompositeBus - ok
15:51:17.0194 6524 COMSysApp - ok
15:51:17.0209 6524 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:51:17.0209 6524 crcdisk - ok
15:51:17.0389 6524 CrossLoopService (97558f429f8f09446ae51c1aa88c9b9b) C:\Users\shawn.goncalves\AppData\Local\CrossLoop\CrossLoopService.exe
15:51:17.0394 6524 CrossLoopService - ok
15:51:17.0431 6524 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:51:17.0433 6524 CryptSvc - ok
15:51:17.0489 6524 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:51:17.0494 6524 CSC - ok
15:51:17.0559 6524 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:51:17.0572 6524 CscService - ok
15:51:17.0606 6524 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:51:17.0608 6524 DcomLaunch - ok
15:51:17.0632 6524 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:51:17.0635 6524 defragsvc - ok
15:51:17.0678 6524 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:51:17.0679 6524 DfsC - ok
15:51:17.0705 6524 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:51:17.0708 6524 Dhcp - ok
15:51:17.0719 6524 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:51:17.0720 6524 discache - ok
15:51:17.0822 6524 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:51:17.0823 6524 Disk - ok
15:51:17.0866 6524 DNE (599864bdc6d2d769e5ff53e960c6b3bd) C:\Windows\system32\DRIVERS\dnelwf64.sys
15:51:17.0867 6524 DNE - ok
15:51:17.0897 6524 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:51:17.0899 6524 Dnscache - ok
15:51:17.0933 6524 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:51:17.0948 6524 dot3svc - ok
15:51:17.0964 6524 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:51:17.0966 6524 DPS - ok
15:51:17.0973 6524 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:51:17.0973 6524 drmkaud - ok
15:51:18.0026 6524 dsNcAdpt (3eef0b3489edbf725564e17c77cabafd) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
15:51:18.0027 6524 dsNcAdpt - ok
15:51:18.0110 6524 dsNcService (42c22c0d63da380807da2781c6c6d38a) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
15:51:18.0126 6524 dsNcService - ok
15:51:18.0169 6524 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:51:18.0197 6524 DXGKrnl - ok
15:51:18.0209 6524 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:51:18.0211 6524 EapHost - ok
15:51:18.0330 6524 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:51:18.0380 6524 ebdrv - ok
15:51:18.0518 6524 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:51:18.0523 6524 eeCtrl - ok
15:51:18.0625 6524 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:51:18.0626 6524 EFS - ok
15:51:18.0678 6524 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:51:18.0702 6524 ehRecvr - ok
15:51:18.0727 6524 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:51:18.0728 6524 ehSched - ok
15:51:18.0778 6524 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:51:18.0783 6524 elxstor - ok
15:51:18.0793 6524 EraserUtilDrv11210 - ok
15:51:18.0848 6524 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:51:18.0849 6524 EraserUtilRebootDrv - ok
15:51:18.0851 6524 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:51:18.0852 6524 ErrDev - ok
15:51:18.0869 6524 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:51:18.0872 6524 EventSystem - ok
15:51:18.0928 6524 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:51:18.0930 6524 exfat - ok
15:51:18.0940 6524 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:51:18.0942 6524 fastfat - ok
15:51:18.0976 6524 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:51:19.0014 6524 Fax - ok
15:51:19.0032 6524 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:51:19.0033 6524 fdc - ok
15:51:19.0045 6524 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:51:19.0046 6524 fdPHost - ok
15:51:19.0062 6524 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:51:19.0062 6524 FDResPub - ok
15:51:19.0070 6524 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:51:19.0071 6524 FileInfo - ok
15:51:19.0082 6524 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:51:19.0083 6524 Filetrace - ok
15:51:19.0090 6524 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:51:19.0091 6524 flpydisk - ok
15:51:19.0103 6524 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:51:19.0105 6524 FltMgr - ok
15:51:19.0151 6524 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys
15:51:19.0152 6524 FlyUsb - ok
15:51:19.0212 6524 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
15:51:19.0262 6524 FontCache - ok
15:51:19.0554 6524 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:51:19.0618 6524 FontCache3.0.0.0 - ok
15:51:19.0675 6524 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:51:19.0676 6524 FsDepends - ok
15:51:19.0725 6524 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:51:19.0726 6524 Fs_Rec - ok
15:51:19.0745 6524 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:51:19.0747 6524 fvevol - ok
15:51:19.0771 6524 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:51:19.0772 6524 gagp30kx - ok
15:51:19.0832 6524 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
15:51:19.0834 6524 GamesAppService - ok
15:51:19.0890 6524 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:51:19.0891 6524 GEARAspiWDM - ok
15:51:19.0938 6524 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:51:19.0960 6524 gpsvc - ok
15:51:20.0018 6524 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
15:51:20.0019 6524 GREGService - ok
15:51:20.0156 6524 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:51:20.0157 6524 gupdate - ok
15:51:20.0175 6524 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:51:20.0176 6524 gupdatem - ok
15:51:20.0236 6524 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:51:20.0238 6524 gusvc - ok
15:51:20.0241 6524 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:51:20.0242 6524 hcw85cir - ok
15:51:20.0284 6524 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:51:20.0287 6524 HdAudAddService - ok
15:51:20.0297 6524 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:51:20.0298 6524 HDAudBus - ok
15:51:20.0300 6524 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:51:20.0301 6524 HidBatt - ok
15:51:20.0319 6524 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:51:20.0321 6524 HidBth - ok
15:51:20.0339 6524 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:51:20.0340 6524 HidIr - ok
15:51:20.0348 6524 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:51:20.0349 6524 hidserv - ok
15:51:20.0373 6524 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:51:20.0375 6524 HidUsb - ok
15:51:20.0394 6524 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:51:20.0396 6524 hkmsvc - ok
15:51:20.0420 6524 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:51:20.0423 6524 HomeGroupListener - ok
15:51:20.0456 6524 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:51:20.0458 6524 HomeGroupProvider - ok
15:51:20.0473 6524 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:51:20.0474 6524 HpSAMD - ok
15:51:20.0513 6524 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:51:20.0537 6524 HTTP - ok
15:51:20.0549 6524 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:51:20.0550 6524 hwpolicy - ok
15:51:20.0571 6524 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:51:20.0572 6524 i8042prt - ok
15:51:20.0589 6524 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
15:51:20.0590 6524 iaStor - ok
15:51:20.0627 6524 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
15:51:20.0628 6524 IAStorDataMgrSvc - ok
15:51:20.0654 6524 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
15:51:20.0658 6524 iaStorV - ok
15:51:20.0711 6524 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:51:20.0719 6524 idsvc - ok
15:51:20.0990 6524 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20120707.001\IDSvia64.sys
15:51:20.0994 6524 IDSVia64 - ok
15:51:21.0075 6524 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:51:21.0076 6524 iirsp - ok
15:51:21.0129 6524 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:51:21.0137 6524 IKEEXT - ok
15:51:21.0258 6524 IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\Windows\system32\drivers\RTKVHD64.sys
15:51:21.0301 6524 IntcAzAudAddService - ok
15:51:21.0358 6524 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:51:21.0358 6524 intelide - ok
15:51:21.0370 6524 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:51:21.0371 6524 intelppm - ok
15:51:21.0376 6524 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:51:21.0378 6524 IPBusEnum - ok
15:51:21.0390 6524 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:51:21.0391 6524 IpFilterDriver - ok
15:51:21.0404 6524 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:51:21.0405 6524 IPMIDRV - ok
15:51:21.0422 6524 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:51:21.0424 6524 IPNAT - ok
15:51:21.0541 6524 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
15:51:21.0554 6524 iPod Service - ok
15:51:21.0574 6524 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:51:21.0575 6524 IRENUM - ok
15:51:21.0578 6524 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:51:21.0579 6524 isapnp - ok
15:51:21.0604 6524 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:51:21.0607 6524 iScsiPrt - ok
15:51:21.0632 6524 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:51:21.0633 6524 kbdclass - ok
15:51:21.0641 6524 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:51:21.0642 6524 kbdhid - ok
15:51:21.0674 6524 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:51:21.0675 6524 KeyIso - ok
15:51:21.0689 6524 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:51:21.0691 6524 KSecDD - ok
15:51:21.0732 6524 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:51:21.0733 6524 KSecPkg - ok
15:51:21.0747 6524 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:51:21.0748 6524 ksthunk - ok
15:51:21.0773 6524 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:51:21.0777 6524 KtmRm - ok
15:51:21.0816 6524 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:51:21.0819 6524 LanmanServer - ok
15:51:21.0833 6524 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:51:21.0835 6524 LanmanWorkstation - ok
15:51:22.0076 6524 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
15:51:22.0168 6524 LeapFrog Connect Device Service - ok
15:51:22.0253 6524 Live Updater Service (6bcee9c766815bfff89de7d81af34ce1) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
15:51:22.0255 6524 Live Updater Service - ok
15:51:22.0295 6524 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:51:22.0297 6524 lltdio - ok
15:51:22.0329 6524 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:51:22.0332 6524 lltdsvc - ok
15:51:22.0335 6524 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:51:22.0336 6524 lmhosts - ok
15:51:22.0418 6524 LMIGuardianSvc (d55a7d0553c7102f63872936c7a9d9db) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
15:51:22.0421 6524 LMIGuardianSvc - ok
15:51:22.0459 6524 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
15:51:22.0459 6524 LMIInfo - ok
15:51:22.0498 6524 LMIMaint (a7d256c8847df6e88bddb55f87e54f46) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
15:51:22.0500 6524 LMIMaint - ok
15:51:22.0574 6524 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
15:51:22.0574 6524 lmimirr - ok
15:51:22.0576 6524 LMIRfsClientNP - ok
15:51:22.0616 6524 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
15:51:22.0617 6524 LMIRfsDriver - ok
15:51:22.0669 6524 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:51:22.0671 6524 LMS - ok
15:51:22.0712 6524 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
15:51:22.0715 6524 LogMeIn - ok
15:51:22.0739 6524 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:51:22.0740 6524 LSI_FC - ok
15:51:22.0746 6524 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:51:22.0747 6524 LSI_SAS - ok
15:51:22.0756 6524 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:51:22.0757 6524 LSI_SAS2 - ok
15:51:22.0774 6524 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:51:22.0775 6524 LSI_SCSI - ok
15:51:22.0795 6524 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:51:22.0796 6524 luafv - ok
15:51:22.0810 6524 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:51:22.0814 6524 Mcx2Svc - ok
15:51:22.0823 6524 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:51:22.0824 6524 megasas - ok
15:51:22.0852 6524 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:51:22.0855 6524 MegaSR - ok
15:51:22.0863 6524 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
15:51:22.0863 6524 MEIx64 - ok
15:51:22.0912 6524 Microsoft SharePoint Workspace Audit Service - ok
15:51:22.0951 6524 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:51:22.0953 6524 MMCSS - ok
15:51:22.0968 6524 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:51:22.0969 6524 Modem - ok
15:51:22.0972 6524 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:51:22.0973 6524 monitor - ok
15:51:22.0982 6524 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:51:22.0983 6524 mouclass - ok
15:51:23.0005 6524 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:51:23.0005 6524 mouhid - ok
15:51:23.0022 6524 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:51:23.0023 6524 mountmgr - ok
15:51:23.0078 6524 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:51:23.0079 6524 MozillaMaintenance - ok
15:51:23.0098 6524 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:51:23.0099 6524 mpio - ok
15:51:23.0115 6524 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:51:23.0116 6524 mpsdrv - ok
15:51:23.0131 6524 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:51:23.0133 6524 MRxDAV - ok
15:51:23.0149 6524 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:51:23.0151 6524 mrxsmb - ok
15:51:23.0176 6524 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:51:23.0178 6524 mrxsmb10 - ok
15:51:23.0190 6524 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:51:23.0191 6524 mrxsmb20 - ok
15:51:23.0194 6524 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:51:23.0195 6524 msahci - ok
15:51:23.0206 6524 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:51:23.0208 6524 msdsm - ok
15:51:23.0228 6524 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:51:23.0229 6524 MSDTC - ok
15:51:23.0247 6524 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:51:23.0248 6524 Msfs - ok
15:51:23.0252 6524 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:51:23.0253 6524 mshidkmdf - ok
15:51:23.0256 6524 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:51:23.0257 6524 msisadrv - ok
15:51:23.0264 6524 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:51:23.0266 6524 MSiSCSI - ok
15:51:23.0268 6524 msiserver - ok
15:51:23.0270 6524 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:51:23.0271 6524 MSKSSRV - ok
15:51:23.0273 6524 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:51:23.0274 6524 MSPCLOCK - ok
15:51:23.0276 6524 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:51:23.0276 6524 MSPQM - ok
15:51:23.0298 6524 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:51:23.0301 6524 MsRPC - ok
15:51:23.0304 6524 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:51:23.0305 6524 mssmbios - ok
15:51:23.0308 6524 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:51:23.0309 6524 MSTEE - ok
15:51:23.0334 6524 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:51:23.0335 6524 MTConfig - ok
15:51:23.0338 6524 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:51:23.0339 6524 Mup - ok
15:51:23.0376 6524 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:51:23.0381 6524 napagent - ok
15:51:23.0420 6524 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:51:23.0423 6524 NativeWifiP - ok
15:51:23.0491 6524 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
15:51:23.0493 6524 NAUpdate - ok
15:51:23.0773 6524 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20120709.038\ENG64.SYS
15:51:23.0774 6524 NAVENG - ok
15:51:23.0880 6524 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20120709.038\EX64.SYS
15:51:23.0911 6524 NAVEX15 - ok
15:51:24.0066 6524 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:51:24.0074 6524 NDIS - ok
15:51:24.0115 6524 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:51:24.0116 6524 NdisCap - ok
15:51:24.0144 6524 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:51:24.0145 6524 NdisTapi - ok
15:51:24.0155 6524 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:51:24.0156 6524 Ndisuio - ok
15:51:24.0172 6524 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:51:24.0174 6524 NdisWan - ok
15:51:24.0187 6524 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:51:24.0188 6524 NDProxy - ok
15:51:24.0207 6524 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
15:51:24.0208 6524 Netaapl - ok
15:51:24.0211 6524 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:51:24.0212 6524 NetBIOS - ok
15:51:24.0222 6524 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:51:24.0224 6524 NetBT - ok
15:51:24.0254 6524 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:51:24.0255 6524 Netlogon - ok
15:51:24.0288 6524 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:51:24.0292 6524 Netman - ok
15:51:24.0446 6524 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:51:24.0448 6524 NetMsmqActivator - ok
15:51:24.0450 6524 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:51:24.0450 6524 NetPipeActivator - ok
15:51:24.0483 6524 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:51:24.0487 6524 netprofm - ok
15:51:24.0556 6524 netr28x (af5f224a600f50b7d2b77f4ae59c1abe) C:\Windows\system32\DRIVERS\netr28x.sys
15:51:24.0571 6524 netr28x - ok
15:51:24.0583 6524 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:51:24.0584 6524 NetTcpActivator - ok
15:51:24.0586 6524 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:51:24.0586 6524 NetTcpPortSharing - ok
15:51:24.0608 6524 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:51:24.0609 6524 nfrd960 - ok
15:51:24.0634 6524 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:51:24.0637 6524 NlaSvc - ok
15:51:25.0044 6524 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
15:51:25.0045 6524 NPF - ok
15:51:25.0062 6524 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:51:25.0063 6524 Npfs - ok
15:51:25.0068 6524 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:51:25.0069 6524 nsi - ok
15:51:25.0081 6524 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:51:25.0082 6524 nsiproxy - ok
15:51:25.0153 6524 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
15:51:25.0166 6524 Ntfs - ok
15:51:25.0196 6524 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:51:25.0197 6524 Null - ok
15:51:25.0228 6524 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
15:51:25.0230 6524 NVHDA - ok
15:51:25.0608 6524 nvlddmkm (f87fc68f90b09f06ebaaad687e2e83a5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:51:25.0806 6524 nvlddmkm - ok
15:51:25.0885 6524 nvpciflt (8d6a20ba87597cc2dbc3c34755686233) C:\Windows\system32\DRIVERS\nvpciflt.sys
15:51:25.0885 6524 nvpciflt - ok
15:51:25.0911 6524 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
15:51:25.0913 6524 nvraid - ok
15:51:25.0930 6524 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
15:51:25.0932 6524 nvstor - ok
15:51:25.0995 6524 NVSvc (e5afbe55415828ee6230f148425a30e4) C:\Windows\system32\nvvsvc.exe
15:51:26.0000 6524 NVSvc - ok
15:51:26.0045 6524 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:51:26.0047 6524 nv_agp - ok
15:51:26.0085 6524 NxDrv (81ea44152271ec2bb2a0251987d5d13c) C:\Windows\system32\DRIVERS\NxDrv.sys
15:51:26.0090 6524 NxDrv - ok
15:51:26.0106 6524 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:51:26.0107 6524 ohci1394 - ok
15:51:26.0191 6524 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:51:26.0192 6524 ose - ok
15:51:26.0418 6524 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:51:26.0499 6524 osppsvc - ok
15:51:26.0532 6524 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:51:26.0535 6524 p2pimsvc - ok
15:51:26.0563 6524 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:51:26.0567 6524 p2psvc - ok
15:51:26.0586 6524 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:51:26.0587 6524 Parport - ok
15:51:26.0635 6524 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:51:26.0636 6524 partmgr - ok
15:51:26.0652 6524 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:51:26.0654 6524 PcaSvc - ok
15:51:26.0671 6524 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:51:26.0673 6524 pci - ok
15:51:26.0696 6524 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:51:26.0696 6524 pciide - ok
15:51:26.0706 6524 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:51:26.0708 6524 pcmcia - ok
15:51:26.0716 6524 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:51:26.0717 6524 pcw - ok
15:51:26.0755 6524 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:51:26.0760 6524 PEAUTH - ok
15:51:26.0841 6524 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:51:26.0859 6524 PeerDistSvc - ok
15:51:26.0910 6524 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:51:26.0911 6524 PerfHost - ok
15:51:26.0991 6524 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:51:27.0009 6524 pla - ok
15:51:27.0065 6524 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:51:27.0068 6524 PlugPlay - ok
15:51:27.0075 6524 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:51:27.0076 6524 PNRPAutoReg - ok
15:51:27.0089 6524 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:51:27.0091 6524 PNRPsvc - ok
15:51:27.0125 6524 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:51:27.0132 6524 PolicyAgent - ok
15:51:27.0170 6524 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:51:27.0173 6524 Power - ok
15:51:27.0204 6524 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:51:27.0206 6524 PptpMiniport - ok
15:51:27.0220 6524 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:51:27.0221 6524 Processor - ok
15:51:27.0246 6524 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:51:27.0249 6524 ProfSvc - ok
15:51:27.0277 6524 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:51:27.0278 6524 ProtectedStorage - ok
15:51:27.0303 6524 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:51:27.0305 6524 Psched - ok
15:51:27.0341 6524 PSSDK42 (cd33cb6fecf65520466f95ab89cc4af5) C:\Windows\system32\Drivers\pssdk42.sys
15:51:27.0347 6524 PSSDK42 - ok
15:51:27.0415 6524 QBCFMonitorService (933d92f0bd1d7a9835cd8a8b1235a11e) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
15:51:27.0416 6524 QBCFMonitorService - ok
15:51:27.0455 6524 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
15:51:27.0456 6524 QBFCService - ok
15:51:27.0540 6524 QBVSS (0c7b65c8743442a37152fcfac5f7d16a) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
15:51:27.0569 6524 QBVSS - ok
15:51:27.0701 6524 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:51:27.0750 6524 ql2300 - ok
15:51:27.0795 6524 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:51:27.0797 6524 ql40xx - ok
15:51:27.0820 6524 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:51:27.0823 6524 QWAVE - ok
15:51:27.0833 6524 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:51:27.0834 6524 QWAVEdrv - ok
15:51:27.0846 6524 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:51:27.0846 6524 RasAcd - ok
15:51:27.0876 6524 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:51:27.0877 6524 RasAgileVpn - ok
15:51:27.0888 6524 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:51:27.0889 6524 RasAuto - ok
15:51:27.0910 6524 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:51:27.0911 6524 Rasl2tp - ok
15:51:27.0952 6524 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:51:27.0955 6524 RasMan - ok
15:51:27.0974 6524 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:51:27.0975 6524 RasPppoe - ok
15:51:27.0990 6524 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:51:27.0991 6524 RasSstp - ok
15:51:28.0016 6524 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:51:28.0018 6524 rdbss - ok
15:51:28.0023 6524 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:51:28.0024 6524 rdpbus - ok
15:51:28.0035 6524 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:51:28.0036 6524 RDPCDD - ok
15:51:28.0058 6524 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:51:28.0060 6524 RDPDR - ok
15:51:28.0079 6524 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:51:28.0079 6524 RDPENCDD - ok
15:51:28.0082 6524 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:51:28.0082 6524 RDPREFMP - ok
15:51:28.0125 6524 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:51:28.0127 6524 RDPWD - ok
15:51:28.0136 6524 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:51:28.0138 6524 rdyboost - ok
15:51:28.0148 6524 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:51:28.0149 6524 RemoteAccess - ok
15:51:28.0177 6524 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:51:28.0179 6524 RemoteRegistry - ok
15:51:28.0238 6524 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:51:28.0239 6524 RFCOMM - ok
15:51:28.0308 6524 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
15:51:28.0353 6524 rpcapd - ok
15:51:28.0360 6524 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:51:28.0361 6524 RpcEptMapper - ok
15:51:28.0368 6524 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:51:28.0369 6524 RpcLocator - ok
15:51:28.0394 6524 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:51:28.0396 6524 RpcSs - ok
15:51:28.0412 6524 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:51:28.0413 6524 rspndr - ok
15:51:28.0450 6524 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:51:28.0454 6524 RTL8167 - ok
15:51:28.0457 6524 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:51:28.0458 6524 SamSs - ok
15:51:28.0567 6524 SamsungAllShareV2.0 (328100af2efd951eab657384ec361b6f) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
15:51:28.0568 6524 SamsungAllShareV2.0 - ok
15:51:28.0573 6524 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:51:28.0574 6524 sbp2port - ok
15:51:28.0583 6524 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:51:28.0586 6524 SCardSvr - ok
15:51:28.0602 6524 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:51:28.0603 6524 scfilter - ok
15:51:28.0648 6524 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:51:28.0675 6524 Schedule - ok
15:51:28.0693 6524 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:51:28.0693 6524 SCPolicySvc - ok
15:51:28.0713 6524 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:51:28.0715 6524 SDRSVC - ok
15:51:28.0763 6524 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:51:28.0766 6524 SeaPort - ok
15:51:28.0792 6524 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:51:28.0792 6524 secdrv - ok
15:51:28.0796 6524 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:51:28.0797 6524 seclogon - ok
15:51:28.0806 6524 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:51:28.0808 6524 SENS - ok
15:51:28.0817 6524 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:51:28.0818 6524 SensrSvc - ok
15:51:29.0036 6524 SepMasterService (423624f5aee2ea03250c2e79ceff1a76) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
15:51:29.0037 6524 SepMasterService - ok
15:51:29.0059 6524 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:51:29.0059 6524 Serenum - ok
15:51:29.0084 6524 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:51:29.0086 6524 Serial - ok
15:51:29.0102 6524 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:51:29.0102 6524 sermouse - ok
15:51:29.0125 6524 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:51:29.0127 6524 SessionEnv - ok
15:51:29.0135 6524 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:51:29.0136 6524 sffdisk - ok
15:51:29.0139 6524 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:51:29.0140 6524 sffp_mmc - ok
15:51:29.0142 6524 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:51:29.0143 6524 sffp_sd - ok
15:51:29.0146 6524 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:51:29.0147 6524 sfloppy - ok
15:51:29.0170 6524 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:51:29.0174 6524 ShellHWDetection - ok
15:51:29.0207 6524 SimpleSlideShowServer (1980fe1f5a32067dad1d8776b63c2669) C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
15:51:29.0207 6524 SimpleSlideShowServer - ok
15:51:29.0258 6524 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:51:29.0259 6524 SiSRaid2 - ok
15:51:29.0275 6524 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:51:29.0276 6524 SiSRaid4 - ok
15:51:29.0287 6524 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:51:29.0288 6524 Smb - ok
15:51:29.0468 6524 SmcService (e5a45d39adb19fb4120a67f847421cee) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe
15:51:29.0501 6524 SmcService - ok
15:51:29.0605 6524 SMR250 (27f71f20e87fbf177c82ae924f9317f7) C:\Windows\system32\drivers\SMR250.SYS
15:51:29.0610 6524 SMR250 - ok
15:51:29.0666 6524 SNAC (3d0861f150faa6b47cfe776949f24343) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe
15:51:29.0670 6524 SNAC - ok
15:51:29.0685 6524 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:51:29.0687 6524 SNMPTRAP - ok
15:51:29.0754 6524 SolarWinds TFTP Server (faa0205c5e2328bf654d79e1242e632d) C:\Program Files (x86)\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe
15:51:29.0755 6524 SolarWinds TFTP Server - ok
15:51:29.0859 6524 SONICWALL_NetExtender (2c6983e45c4b5ab65422153395559c1f) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
15:51:29.0864 6524 SONICWALL_NetExtender - ok
15:51:29.0879 6524 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:51:29.0880 6524 spldr - ok
15:51:29.0916 6524 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:51:29.0933 6524 Spooler - ok
15:51:30.0043 6524 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:51:30.0197 6524 sppsvc - ok
15:51:30.0384 6524 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:51:30.0386 6524 sppuinotify - ok
15:51:30.0455 6524 SRTSP (0198a89df4ff353b2cb079ed042bcab8) C:\Windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SRTSP64.SYS
15:51:30.0468 6524 SRTSP - ok
15:51:30.0511 6524 SRTSPX (0abd22111e5c78d594f5948f59a3e17a) C:\Windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SRTSPX64.SYS
15:51:30.0512 6524 SRTSPX - ok
15:51:30.0559 6524 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:51:30.0563 6524 srv - ok
15:51:30.0594 6524 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:51:30.0597 6524 srv2 - ok
15:51:30.0624 6524 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:51:30.0626 6524 srvnet - ok
15:51:30.0645 6524 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:51:30.0648 6524 SSDPSRV - ok
15:51:30.0662 6524 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:51:30.0663 6524 SstpSvc - ok
15:51:30.0733 6524 Stereo Service (202cc08ebd701509e9d4991624d53ada) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:51:30.0736 6524 Stereo Service - ok
15:51:30.0749 6524 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:51:30.0749 6524 stexstor - ok
15:51:30.0798 6524 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
15:51:30.0799 6524 StillCam - ok
15:51:30.0830 6524 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:51:30.0852 6524 stisvc - ok
15:51:30.0887 6524 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:51:30.0889 6524 StorSvc - ok
15:51:30.0901 6524 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:51:30.0901 6524 swenum - ok
15:51:30.0982 6524 SWGVCSvc (18aa39f3229d033d83c40e2b86f86757) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
15:51:30.0985 6524 SWGVCSvc - ok
15:51:31.0005 6524 SWIPsec (62eac9fb03c327654608070fa78ba84d) C:\Windows\system32\Drivers\SWIPsec.sys
15:51:31.0010 6524 SWIPsec - ok
15:51:31.0045 6524 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:51:31.0050 6524 swprv - ok
15:51:31.0055 6524 SWVNIC (dcf11e08a8524b19ec47515c22be492e) C:\Windows\system32\DRIVERS\swvnic.sys
15:51:31.0056 6524 SWVNIC - ok
15:51:31.0145 6524 SymDS (f017987b177f7bbc989318d59309d091) C:\Windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SYMDS64.SYS
15:51:31.0149 6524 SymDS - ok
15:51:31.0215 6524 SymEFA (eac78f0cde20a4a143cfd0f3a0663a20) C:\Windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SYMEFA64.SYS
15:51:31.0232 6524 SymEFA - ok
15:51:31.0272 6524 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:51:31.0274 6524 SymEvent - ok
15:51:31.0329 6524 SymIRON (1611fa7a95a48387df22757fa81b46a9) C:\Windows\system32\Drivers\SEP\0C01044D\0191.105\x64\Ironx64.SYS
15:51:31.0331 6524 SymIRON - ok
15:51:31.0405 6524 SYMNETS (a35c8e13acd8e9425448df7c524f9788) C:\Windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SYMNETS.SYS
15:51:31.0408 6524 SYMNETS - ok
15:51:31.0482 6524 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:51:31.0502 6524 SysMain - ok
15:51:31.0536 6524 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:51:31.0538 6524 TabletInputService - ok
15:51:31.0561 6524 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:51:31.0564 6524 TapiSrv - ok
15:51:31.0569 6524 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:51:31.0571 6524 TBS - ok
15:51:31.0676 6524 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:51:31.0714 6524 Tcpip - ok
15:51:31.0814 6524 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:51:31.0821 6524 TCPIP6 - ok
15:51:31.0867 6524 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:51:31.0868 6524 tcpipreg - ok
15:51:31.0895 6524 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:51:31.0896 6524 TDPIPE - ok
15:51:31.0937 6524 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:51:31.0938 6524 TDTCP - ok
15:51:31.0958 6524 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:51:31.0959 6524 tdx - ok
15:51:32.0059 6524 Tenable Nessus (99ddfdbf86993241de07733f8d5cd865) C:\Program Files\Tenable\Nessus\nessus-service.exe
15:51:32.0060 6524 Tenable Nessus - ok
15:51:32.0073 6524 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:51:32.0074 6524 TermDD - ok
15:51:32.0106 6524 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:51:32.0142 6524 TermService - ok
15:51:32.0184 6524 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:51:32.0186 6524 Themes - ok
15:51:32.0215 6524 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:51:32.0216 6524 THREADORDER - ok
15:51:32.0233 6524 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:51:32.0235 6524 TrkWks - ok
15:51:32.0259 6524 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:51:32.0261 6524 TrustedInstaller - ok
15:51:32.0268 6524 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:51:32.0269 6524 tssecsrv - ok
15:51:32.0277 6524 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:51:32.0278 6524 TsUsbFlt - ok
15:51:32.0289 6524 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:51:32.0290 6524 TsUsbGD - ok
15:51:32.0305 6524 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:51:32.0306 6524 tunnel - ok
15:51:32.0432 6524 tvnserver (7694dca064d0b7e0d1a6972bb9c71b39) C:\Users\shawn.goncalves\AppData\Local\CrossLoop\tvnserver.exe
15:51:32.0441 6524 tvnserver - ok
15:51:32.0557 6524 TvWksSvc (e94dcf33c143695a2d6e9e1a4555128c) C:\Program Files (x86)\Common Files\Vertical\Wave\TvWksSvc.exe
15:51:32.0558 6524 TvWksSvc - ok
15:51:32.0565 6524 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:51:32.0567 6524 uagp35 - ok
15:51:32.0587 6524 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:51:32.0590 6524 udfs - ok
15:51:32.0604 6524 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:51:32.0605 6524 UI0Detect - ok
15:51:32.0630 6524 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:51:32.0631 6524 uliagpkx - ok
15:51:32.0655 6524 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:51:32.0656 6524 umbus - ok
15:51:32.0670 6524 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:51:32.0671 6524 UmPass - ok
15:51:32.0697 6524 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:51:32.0700 6524 UmRdpService - ok
15:51:32.0830 6524 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:51:32.0840 6524 UNS - ok
15:51:32.0885 6524 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:51:32.0887 6524 upnphost - ok
15:51:32.0962 6524 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
15:51:32.0964 6524 USBAAPL64 - ok
15:51:33.0024 6524 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:51:33.0025 6524 usbaudio - ok
15:51:33.0034 6524 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
15:51:33.0035 6524 usbccgp - ok
15:51:33.0065 6524 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:51:33.0066 6524 usbcir - ok
15:51:33.0070 6524 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
15:51:33.0071 6524 usbehci - ok
15:51:33.0091 6524 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
15:51:33.0094 6524 usbhub - ok
15:51:33.0100 6524 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
15:51:33.0101 6524 usbohci - ok
15:51:33.0105 6524 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
15:51:33.0106 6524 usbprint - ok
15:51:33.0114 6524 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:51:33.0115 6524 USBSTOR - ok
15:51:33.0122 6524 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
15:51:33.0123 6524 usbuhci - ok
15:51:33.0126 6524 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:51:33.0128 6524 UxSms - ok
15:51:33.0158 6524 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:51:33.0159 6524 VaultSvc - ok
15:51:33.0214 6524 VBoxDrv (c30f3d43ceb6f79ade9b805387e5f63c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
15:51:33.0216 6524 VBoxDrv - ok
15:51:33.0242 6524 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
15:51:33.0244 6524 VBoxNetAdp - ok
15:51:33.0295 6524 VBoxNetFlt (7b657669c53a0e6583f07ebaa303d9ea) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
15:51:33.0296 6524 VBoxNetFlt - ok
15:51:33.0358 6524 VBoxUSBMon (cf3ee68cd9723e9f21e3198a0f690400) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
15:51:33.0360 6524 VBoxUSBMon - ok
15:51:33.0377 6524 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:51:33.0378 6524 vdrvroot - ok
15:51:33.0425 6524 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:51:33.0429 6524 vds - ok
15:51:33.0433 6524 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:51:33.0434 6524 vga - ok
15:51:33.0448 6524 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:51:33.0449 6524 VgaSave - ok
15:51:33.0458 6524 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:51:33.0460 6524 vhdmp - ok
15:51:33.0470 6524 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:51:33.0470 6524 viaide - ok
15:51:33.0554 6524 ViewPointUpgradeService (5c278f2bb2a2f6ed09d0328de31e6b12) C:\Program Files (x86)\Vertical Wave\ViewPoint\ViewPointUpgradeService.exe
15:51:33.0555 6524 ViewPointUpgradeService - ok
15:51:33.0564 6524 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:51:33.0565 6524 volmgr - ok
15:51:33.0578 6524 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:51:33.0581 6524 volmgrx - ok
15:51:33.0617 6524 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:51:33.0618 6524 volsnap - ok
15:51:33.0777 6524 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
15:51:33.0779 6524 vpcbus - ok
15:51:33.0803 6524 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
15:51:33.0804 6524 vpcusb - ok
15:51:33.0829 6524 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:51:33.0830 6524 vsmraid - ok
15:51:33.0900 6524 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:51:33.0923 6524 VSS - ok
15:51:34.0017 6524 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:51:34.0018 6524 vwifibus - ok
15:51:34.0040 6524 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:51:34.0041 6524 vwififlt - ok
15:51:34.0056 6524 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:51:34.0057 6524 vwifimp - ok
15:51:34.0082 6524 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:51:34.0086 6524 W32Time - ok
15:51:34.0119 6524 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:51:34.0120 6524 WacomPen - ok
15:51:34.0132 6524 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:51:34.0133 6524 WANARP - ok
15:51:34.0135 6524 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:51:34.0135 6524 Wanarpv6 - ok
15:51:34.0198 6524 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:51:34.0244 6524 WatAdminSvc - ok
15:51:34.0329 6524 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:51:34.0344 6524 wbengine - ok
15:51:34.0379 6524 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:51:34.0382 6524 WbioSrvc - ok
15:51:34.0397 6524 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:51:34.0401 6524 wcncsvc - ok
15:51:34.0412 6524 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:51:34.0413 6524 WcsPlugInService - ok
15:51:34.0431 6524 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:51:34.0431 6524 Wd - ok
15:51:34.0455 6524 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:51:34.0461 6524 Wdf01000 - ok
15:51:34.0472 6524 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:51:34.0473 6524 WdiServiceHost - ok
15:51:34.0475 6524 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:51:34.0476 6524 WdiSystemHost - ok
15:51:34.0493 6524 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:51:34.0497 6524 WebClient - ok
15:51:34.0518 6524 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:51:34.0521 6524 Wecsvc - ok
15:51:34.0530 6524 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:51:34.0532 6524 wercplsupport - ok
15:51:34.0559 6524 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:51:34.0560 6524 WerSvc - ok
15:51:34.0571 6524 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:51:34.0572 6524 WfpLwf - ok
15:51:34.0582 6524 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:51:34.0583 6524 WIMMount - ok
15:51:34.0586 6524 WinHttpAutoProxySvc - ok
15:51:34.0632 6524 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:51:34.0635 6524 Winmgmt - ok
15:51:34.0719 6524 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:51:34.0735 6524 WinRM - ok
15:51:34.0803 6524 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:51:34.0804 6524 WinUsb - ok
15:51:34.0856 6524 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:51:34.0864 6524 Wlansvc - ok
15:51:34.0912 6524 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:51:34.0913 6524 wlcrasvc - ok
15:51:35.0013 6524 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:51:35.0031 6524 wlidsvc - ok
15:51:35.0061 6524 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:51:35.0062 6524 WmiAcpi - ok
15:51:35.0088 6524 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:51:35.0090 6524 wmiApSrv - ok
15:51:35.0121 6524 WMPNetworkSvc - ok
15:51:35.0124 6524 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:51:35.0126 6524 WPCSvc - ok
15:51:35.0136 6524 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:51:35.0138 6524 WPDBusEnum - ok
15:51:35.0140 6524 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:51:35.0141 6524 ws2ifsl - ok
15:51:35.0142 6524 WSearch - ok
15:51:35.0240 6524 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:51:35.0277 6524 wuauserv - ok
15:51:35.0308 6524 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:51:35.0310 6524 WudfPf - ok
15:51:35.0322 6524 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:51:35.0323 6524 WUDFRd - ok
15:51:35.0336 6524 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:51:35.0338 6524 wudfsvc - ok
15:51:35.0347 6524 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:51:35.0350 6524 WwanSvc - ok
15:51:35.0435 6524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:51:35.0750 6524 \Device\Harddisk0\DR0 - ok
15:51:35.0751 6524 Boot (0x1200) (a671a9da0fe6d0abc2d72d9f3fdcd075) \Device\Harddisk0\DR0\Partition0
15:51:35.0752 6524 \Device\Harddisk0\DR0\Partition0 - ok
15:51:35.0775 6524 Boot (0x1200) (fbc91b763a9c64cc2410b1d6cd3c417a) \Device\Harddisk0\DR0\Partition1
15:51:35.0776 6524 \Device\Harddisk0\DR0\Partition1 - ok
15:51:35.0776 6524 ============================================================
15:51:35.0776 6524 Scan finished
15:51:35.0776 6524 ============================================================
15:51:35.0781 6572 Detected object count: 0
15:51:35.0781 6572 Actual detected object count: 0
15:52:07.0815 7984 Deinitialize success

#4 Shawn Goncalves

Shawn Goncalves
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 10 July 2012 - 03:04 PM

aswmbr.txt
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-10 14:20:56
-----------------------------
14:20:56.919 OS Version: Windows x64 6.1.7601 Service Pack 1
14:20:56.920 Number of processors: 8 586 0x2A07
14:20:56.920 ComputerName: SHAWN-OFFICE UserName:
14:21:01.002 Initialize success
14:21:28.913 AVAST engine defs: 12071000
14:22:01.247 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:22:01.248 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
14:22:01.259 Disk 0 MBR read successfully
14:22:01.260 Disk 0 MBR scan
14:22:01.263 Disk 0 Windows 7 default MBR code
14:22:01.268 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
14:22:01.283 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
14:22:01.298 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1416361 MB offset 29566976
14:22:01.308 Disk 0 scanning C:\Windows\system32\drivers
14:22:12.087 Service scanning
14:22:34.213 Modules scanning
14:22:34.217 Disk 0 trace - called modules:
14:22:34.232 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:22:34.236 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800f65b790]
14:22:34.239 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d803050]
14:22:37.113 AVAST engine scan C:\Windows
14:22:42.431 AVAST engine scan C:\Windows\system32
14:28:43.961 AVAST engine scan C:\Windows\system32\drivers
14:29:39.044 AVAST engine scan C:\Users\shawn.goncalves
14:53:48.285 AVAST engine scan C:\ProgramData
15:42:37.766 Scan finished successfully
15:42:47.988 Disk 0 MBR has been saved successfully to "C:\Users\shawn.goncalves\Desktop\MBR.dat"
15:42:47.991 The log file has been saved successfully to "C:\Users\shawn.goncalves\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-10 16:02:52
-----------------------------
16:02:52.716 OS Version: Windows x64 6.1.7601 Service Pack 1
16:02:52.716 Number of processors: 8 586 0x2A07
16:02:52.717 ComputerName: SHAWN-OFFICE UserName:
16:02:55.503 Initialize success
16:02:58.459 AVAST engine defs: 12071000
16:03:01.756 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:03:01.757 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
16:03:01.780 Disk 0 MBR read successfully
16:03:01.782 Disk 0 MBR scan
16:03:01.784 Disk 0 Windows 7 default MBR code
16:03:01.789 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
16:03:01.805 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
16:03:01.820 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1416361 MB offset 29566976
16:03:01.874 Disk 0 scanning C:\Windows\system32\drivers
16:03:15.591 Service scanning
16:03:34.485 Modules scanning
16:03:34.489 Disk 0 trace - called modules:
16:03:34.504 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:03:34.507 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800f65b790]
16:03:34.510 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d803050]
16:03:34.512 Scan finished successfully
16:03:41.902 Disk 0 MBR has been saved successfully to "C:\Users\shawn.goncalves\Desktop\MBR.dat"
16:03:41.910 The log file has been saved successfully to "C:\Users\shawn.goncalves\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-10 16:02:52
-----------------------------
16:02:52.716 OS Version: Windows x64 6.1.7601 Service Pack 1
16:02:52.716 Number of processors: 8 586 0x2A07
16:02:52.717 ComputerName: SHAWN-OFFICE UserName:
16:02:55.503 Initialize success
16:02:58.459 AVAST engine defs: 12071000
16:03:01.756 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:03:01.757 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3
16:03:01.780 Disk 0 MBR read successfully
16:03:01.782 Disk 0 MBR scan
16:03:01.784 Disk 0 Windows 7 default MBR code
16:03:01.789 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
16:03:01.805 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
16:03:01.820 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1416361 MB offset 29566976
16:03:01.874 Disk 0 scanning C:\Windows\system32\drivers
16:03:15.591 Service scanning
16:03:34.485 Modules scanning
16:03:34.489 Disk 0 trace - called modules:
16:03:34.504 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:03:34.507 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800f65b790]
16:03:34.510 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d803050]
16:03:34.512 Scan finished successfully
16:03:41.902 Disk 0 MBR has been saved successfully to "C:\Users\shawn.goncalves\Desktop\MBR.dat"
16:03:41.910 The log file has been saved successfully to "C:\Users\shawn.goncalves\Desktop\aswMBR.txt"
16:04:03.501 Disk 0 MBR has been saved successfully to "C:\Users\shawn.goncalves\Desktop\MBR.dat"
16:04:03.504 The log file has been saved successfully to "C:\Users\shawn.goncalves\Desktop\aswMBR.txt"

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:36 AM

Posted 10 July 2012 - 08:13 PM

Hello, I was looking long and hard here and am concerned that there still may be hidden rootkit activity looking at the Winsock issues.

I would like you to repost about a possible hidden rootkit.


We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.
Include this link back to this topic....

http://www.bleepingcomputer.com/forums/topic460107.html/page__pid__2758993#entry2758993

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users