Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Olmarik.ak trojan after system complete restore


  • This topic is locked This topic is locked
5 replies to this topic

#1 trhelp

trhelp

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 25 July 2012 - 04:11 PM

Hello again!

After being infected with zeroacces rootkit I decided to restore my system to factory defaults through Gateway Recovery Management. Not being sure that my system was clean I ran TDSSKIller and got an infection result. I've changed the scan options to Delete. Not sure I made the best decision. I'm posting the Log here. I'm currently running Eset Online Scanner which shows 7 infections. Am I still infected? Please help!


14:52:07.0035 3156 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:52:07.0432 3156 ============================================================
14:52:07.0432 3156 Current date / time: 2012/07/25 14:52:07.0432
14:52:07.0432 3156 SystemInfo:
14:52:07.0432 3156
14:52:07.0432 3156 OS Version: 6.1.7601 ServicePack: 1.0
14:52:07.0432 3156 Product type: Workstation
14:52:07.0432 3156 ComputerName: MP-PC
14:52:07.0432 3156 UserName: MP
14:52:07.0432 3156 Windows directory: C:\Windows
14:52:07.0432 3156 System windows directory: C:\Windows
14:52:07.0432 3156 Running under WOW64
14:52:07.0432 3156 Processor architecture: Intel x64
14:52:07.0432 3156 Number of processors: 4
14:52:07.0432 3156 Page size: 0x1000
14:52:07.0432 3156 Boot type: Normal boot
14:52:07.0432 3156 ============================================================
14:52:07.0948 3156 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:52:07.0987 3156 Drive \Device\Harddisk6\DR6 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:52:07.0989 3156 ============================================================
14:52:07.0989 3156 \Device\Harddisk0\DR0:
14:52:07.0989 3156 MBR partitions:
14:52:07.0989 3156 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000
14:52:07.0989 3156 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x726D3DB0
14:52:07.0989 3156 \Device\Harddisk6\DR6:
14:52:07.0990 3156 MBR partitions:
14:52:07.0990 3156 \Device\Harddisk6\DR6\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DD17E0
14:52:07.0990 3156 ============================================================
14:52:08.0012 3156 C: <-> \Device\Harddisk0\DR0\Partition1
14:52:08.0012 3156 ============================================================
14:52:08.0012 3156 Initialize success
14:52:08.0012 3156 ============================================================
14:52:39.0377 3228 ============================================================
14:52:39.0377 3228 Scan started
14:52:39.0377 3228 Mode: Manual; TDLFS;
14:52:39.0377 3228 ============================================================
14:52:39.0870 3228 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:52:39.0874 3228 1394ohci - ok
14:52:39.0903 3228 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:52:39.0907 3228 ACPI - ok
14:52:39.0910 3228 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:52:39.0912 3228 AcpiPmi - ok
14:52:39.0947 3228 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:52:39.0953 3228 adp94xx - ok
14:52:39.0986 3228 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:52:39.0991 3228 adpahci - ok
14:52:40.0006 3228 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:52:40.0010 3228 adpu320 - ok
14:52:40.0037 3228 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:52:40.0038 3228 AeLookupSvc - ok
14:52:40.0090 3228 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:52:40.0121 3228 AFD - ok
14:52:40.0127 3228 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:52:40.0129 3228 agp440 - ok
14:52:40.0157 3228 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:52:40.0159 3228 ALG - ok
14:52:40.0162 3228 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:52:40.0164 3228 aliide - ok
14:52:40.0167 3228 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:52:40.0169 3228 amdide - ok
14:52:40.0175 3228 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:52:40.0177 3228 AmdK8 - ok
14:52:40.0183 3228 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:52:40.0185 3228 AmdPPM - ok
14:52:40.0224 3228 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:52:40.0235 3228 amdsata - ok
14:52:40.0257 3228 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:52:40.0260 3228 amdsbs - ok
14:52:40.0275 3228 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:52:40.0285 3228 amdxata - ok
14:52:40.0291 3228 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:52:40.0293 3228 AppID - ok
14:52:40.0303 3228 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:52:40.0305 3228 AppIDSvc - ok
14:52:40.0311 3228 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:52:40.0312 3228 Appinfo - ok
14:52:40.0320 3228 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:52:40.0322 3228 arc - ok
14:52:40.0329 3228 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:52:40.0331 3228 arcsas - ok
14:52:40.0354 3228 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:52:40.0355 3228 AsyncMac - ok
14:52:40.0375 3228 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:52:40.0376 3228 atapi - ok
14:52:40.0428 3228 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:52:40.0454 3228 AudioEndpointBuilder - ok
14:52:40.0462 3228 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:52:40.0467 3228 AudioSrv - ok
14:52:40.0528 3228 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:52:40.0530 3228 AxInstSV - ok
14:52:40.0571 3228 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:52:40.0615 3228 b06bdrv - ok
14:52:40.0664 3228 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:52:40.0668 3228 b57nd60a - ok
14:52:40.0767 3228 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
14:52:40.0769 3228 BBSvc - ok
14:52:40.0792 3228 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:52:40.0794 3228 BDESVC - ok
14:52:40.0809 3228 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:52:40.0810 3228 Beep - ok
14:52:40.0880 3228 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:52:40.0916 3228 BFE - ok
14:52:41.0280 3228 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
14:52:41.0294 3228 BHDrvx64 - ok
14:52:41.0423 3228 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:52:41.0441 3228 BITS - ok
14:52:41.0489 3228 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
14:52:41.0491 3228 blbdrive - ok
14:52:41.0537 3228 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:52:41.0539 3228 bowser - ok
14:52:41.0564 3228 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:52:41.0565 3228 BrFiltLo - ok
14:52:41.0568 3228 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:52:41.0570 3228 BrFiltUp - ok
14:52:41.0611 3228 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:52:41.0613 3228 Browser - ok
14:52:41.0630 3228 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:52:41.0634 3228 Brserid - ok
14:52:41.0640 3228 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:52:41.0641 3228 BrSerWdm - ok
14:52:41.0645 3228 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:52:41.0646 3228 BrUsbMdm - ok
14:52:41.0649 3228 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:52:41.0650 3228 BrUsbSer - ok
14:52:41.0665 3228 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:52:41.0707 3228 BTHMODEM - ok
14:52:41.0727 3228 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:52:41.0729 3228 bthserv - ok
14:52:41.0788 3228 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
14:52:41.0792 3228 ccSet_N360 - ok
14:52:41.0811 3228 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:52:41.0813 3228 cdfs - ok
14:52:41.0822 3228 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:52:41.0825 3228 cdrom - ok
14:52:41.0846 3228 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:52:41.0847 3228 CertPropSvc - ok
14:52:41.0852 3228 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:52:41.0854 3228 circlass - ok
14:52:41.0881 3228 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:52:41.0896 3228 CLFS - ok
14:52:41.0943 3228 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:52:41.0945 3228 clr_optimization_v2.0.50727_32 - ok
14:52:41.0977 3228 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:52:41.0979 3228 clr_optimization_v2.0.50727_64 - ok
14:52:42.0157 3228 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:52:42.0159 3228 clr_optimization_v4.0.30319_32 - ok
14:52:42.0279 3228 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:52:42.0281 3228 clr_optimization_v4.0.30319_64 - ok
14:52:42.0313 3228 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:52:42.0314 3228 CmBatt - ok
14:52:42.0318 3228 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:52:42.0319 3228 cmdide - ok
14:52:42.0376 3228 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
14:52:42.0400 3228 CNG - ok
14:52:42.0404 3228 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:52:42.0406 3228 Compbatt - ok
14:52:42.0432 3228 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:52:42.0433 3228 CompositeBus - ok
14:52:42.0443 3228 COMSysApp - ok
14:52:42.0534 3228 cphs (f08c6020e57f5e5bf2fd034db10bedfb) C:\Windows\SysWow64\IntelCpHeciSvc.exe
14:52:42.0538 3228 cphs - ok
14:52:42.0543 3228 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:52:42.0545 3228 crcdisk - ok
14:52:42.0602 3228 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:52:42.0605 3228 CryptSvc - ok
14:52:42.0650 3228 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:52:42.0657 3228 DcomLaunch - ok
14:52:42.0709 3228 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:52:42.0712 3228 defragsvc - ok
14:52:42.0731 3228 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:52:42.0733 3228 DfsC - ok
14:52:42.0768 3228 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:52:42.0774 3228 Dhcp - ok
14:52:42.0779 3228 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:52:42.0780 3228 discache - ok
14:52:42.0832 3228 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:52:42.0834 3228 Disk - ok
14:52:42.0859 3228 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:52:42.0862 3228 Dnscache - ok
14:52:42.0877 3228 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:52:42.0880 3228 dot3svc - ok
14:52:42.0901 3228 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:52:42.0904 3228 DPS - ok
14:52:42.0916 3228 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:52:42.0918 3228 drmkaud - ok
14:52:42.0967 3228 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:52:42.0991 3228 DXGKrnl - ok
14:52:43.0015 3228 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:52:43.0017 3228 EapHost - ok
14:52:43.0176 3228 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:52:43.0236 3228 ebdrv - ok
14:52:43.0346 3228 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:52:43.0351 3228 eeCtrl - ok
14:52:43.0456 3228 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:52:43.0457 3228 EFS - ok
14:52:43.0550 3228 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:52:43.0564 3228 ehRecvr - ok
14:52:43.0578 3228 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:52:43.0580 3228 ehSched - ok
14:52:43.0656 3228 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:52:43.0663 3228 elxstor - ok
14:52:43.0714 3228 EraserUtilDrv11210 (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys
14:52:43.0717 3228 EraserUtilDrv11210 - ok
14:52:43.0720 3228 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:52:43.0721 3228 ErrDev - ok
14:52:43.0761 3228 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:52:43.0777 3228 EventSystem - ok
14:52:43.0813 3228 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:52:43.0816 3228 exfat - ok
14:52:43.0830 3228 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:52:43.0833 3228 fastfat - ok
14:52:43.0884 3228 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:52:43.0898 3228 Fax - ok
14:52:43.0903 3228 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:52:43.0904 3228 fdc - ok
14:52:43.0928 3228 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:52:43.0929 3228 fdPHost - ok
14:52:43.0938 3228 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:52:43.0939 3228 FDResPub - ok
14:52:43.0950 3228 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:52:43.0951 3228 FileInfo - ok
14:52:43.0956 3228 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:52:43.0957 3228 Filetrace - ok
14:52:43.0961 3228 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:52:43.0963 3228 flpydisk - ok
14:52:43.0979 3228 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:52:43.0983 3228 FltMgr - ok
14:52:44.0079 3228 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:52:44.0099 3228 FontCache - ok
14:52:44.0150 3228 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:52:44.0151 3228 FontCache3.0.0.0 - ok
14:52:44.0181 3228 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:52:44.0182 3228 FsDepends - ok
14:52:44.0209 3228 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:52:44.0210 3228 Fs_Rec - ok
14:52:44.0224 3228 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:52:44.0227 3228 fvevol - ok
14:52:44.0251 3228 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:52:44.0253 3228 gagp30kx - ok
14:52:44.0346 3228 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:52:44.0349 3228 GamesAppService - ok
14:52:44.0409 3228 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:52:44.0421 3228 gpsvc - ok
14:52:44.0455 3228 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
14:52:44.0456 3228 GREGService - ok
14:52:44.0468 3228 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:52:44.0469 3228 hcw85cir - ok
14:52:44.0513 3228 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:52:44.0520 3228 HdAudAddService - ok
14:52:44.0541 3228 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:52:44.0543 3228 HDAudBus - ok
14:52:44.0547 3228 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:52:44.0549 3228 HidBatt - ok
14:52:44.0557 3228 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:52:44.0558 3228 HidBth - ok
14:52:44.0564 3228 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:52:44.0565 3228 HidIr - ok
14:52:44.0572 3228 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:52:44.0574 3228 hidserv - ok
14:52:44.0578 3228 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:52:44.0580 3228 HidUsb - ok
14:52:44.0598 3228 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:52:44.0599 3228 hkmsvc - ok
14:52:44.0621 3228 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:52:44.0625 3228 HomeGroupListener - ok
14:52:44.0658 3228 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:52:44.0661 3228 HomeGroupProvider - ok
14:52:44.0668 3228 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:52:44.0670 3228 HpSAMD - ok
14:52:44.0705 3228 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:52:44.0713 3228 HTTP - ok
14:52:44.0717 3228 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:52:44.0718 3228 hwpolicy - ok
14:52:44.0726 3228 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:52:44.0728 3228 i8042prt - ok
14:52:44.0756 3228 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
14:52:44.0759 3228 iaStor - ok
14:52:44.0802 3228 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:52:44.0802 3228 IAStorDataMgrSvc - ok
14:52:44.0850 3228 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:52:44.0862 3228 iaStorV - ok
14:52:44.0991 3228 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:52:45.0020 3228 idsvc - ok
14:52:45.0267 3228 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120724.001\IDSvia64.sys
14:52:45.0274 3228 IDSVia64 - ok
14:52:45.0860 3228 igfx (371d7f91c0d2314eb984a4a6cbeabc92) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:52:46.0150 3228 igfx - ok
14:52:46.0232 3228 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:52:46.0234 3228 iirsp - ok
14:52:46.0294 3228 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:52:46.0315 3228 IKEEXT - ok
14:52:46.0471 3228 IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\Windows\system32\drivers\RTKVHD64.sys
14:52:46.0615 3228 IntcAzAudAddService - ok
14:52:46.0722 3228 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
14:52:46.0735 3228 IntcDAud - ok
14:52:46.0764 3228 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:52:46.0766 3228 intelide - ok
14:52:46.0784 3228 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:52:46.0785 3228 intelppm - ok
14:52:46.0817 3228 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:52:46.0820 3228 IPBusEnum - ok
14:52:46.0835 3228 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:52:46.0837 3228 IpFilterDriver - ok
14:52:46.0866 3228 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:52:46.0873 3228 iphlpsvc - ok
14:52:46.0881 3228 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:52:46.0883 3228 IPMIDRV - ok
14:52:46.0891 3228 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:52:46.0893 3228 IPNAT - ok
14:52:46.0897 3228 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:52:46.0898 3228 IRENUM - ok
14:52:46.0901 3228 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:52:46.0902 3228 isapnp - ok
14:52:46.0926 3228 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:52:46.0929 3228 iScsiPrt - ok
14:52:46.0933 3228 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:52:46.0935 3228 kbdclass - ok
14:52:46.0938 3228 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:52:46.0939 3228 kbdhid - ok
14:52:46.0977 3228 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:46.0978 3228 KeyIso - ok
14:52:46.0986 3228 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
14:52:46.0988 3228 KSecDD - ok
14:52:47.0013 3228 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
14:52:47.0015 3228 KSecPkg - ok
14:52:47.0019 3228 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:52:47.0021 3228 ksthunk - ok
14:52:47.0051 3228 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:52:47.0056 3228 KtmRm - ok
14:52:47.0095 3228 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:52:47.0099 3228 LanmanServer - ok
14:52:47.0130 3228 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:52:47.0133 3228 LanmanWorkstation - ok
14:52:47.0255 3228 Live Updater Service (6bcee9c766815bfff89de7d81af34ce1) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
14:52:47.0258 3228 Live Updater Service - ok
14:52:47.0277 3228 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:52:47.0279 3228 lltdio - ok
14:52:47.0307 3228 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:52:47.0312 3228 lltdsvc - ok
14:52:47.0333 3228 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:52:47.0335 3228 lmhosts - ok
14:52:47.0407 3228 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:52:47.0414 3228 LMS - ok
14:52:47.0446 3228 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:52:47.0449 3228 LSI_FC - ok
14:52:47.0468 3228 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:52:47.0470 3228 LSI_SAS - ok
14:52:47.0476 3228 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:52:47.0478 3228 LSI_SAS2 - ok
14:52:47.0486 3228 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:52:47.0488 3228 LSI_SCSI - ok
14:52:47.0515 3228 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:52:47.0579 3228 luafv - ok
14:52:47.0630 3228 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
14:52:47.0632 3228 MBAMProtector - ok
14:52:47.0710 3228 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:52:47.0724 3228 MBAMService - ok
14:52:47.0749 3228 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:52:47.0751 3228 Mcx2Svc - ok
14:52:47.0756 3228 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:52:47.0757 3228 megasas - ok
14:52:47.0773 3228 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:52:47.0777 3228 MegaSR - ok
14:52:47.0792 3228 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
14:52:47.0794 3228 MEIx64 - ok
14:52:47.0813 3228 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:52:47.0814 3228 MMCSS - ok
14:52:47.0819 3228 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:52:47.0820 3228 Modem - ok
14:52:47.0846 3228 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:52:47.0846 3228 monitor - ok
14:52:47.0862 3228 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:52:47.0863 3228 mouclass - ok
14:52:47.0869 3228 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:52:47.0870 3228 mouhid - ok
14:52:47.0882 3228 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:52:47.0884 3228 mountmgr - ok
14:52:47.0903 3228 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:52:47.0906 3228 mpio - ok
14:52:47.0913 3228 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:52:47.0915 3228 mpsdrv - ok
14:52:47.0969 3228 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:52:47.0989 3228 MpsSvc - ok
14:52:47.0999 3228 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:52:48.0002 3228 MRxDAV - ok
14:52:48.0023 3228 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:52:48.0026 3228 mrxsmb - ok
14:52:48.0043 3228 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:52:48.0047 3228 mrxsmb10 - ok
14:52:48.0063 3228 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:52:48.0066 3228 mrxsmb20 - ok
14:52:48.0070 3228 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:52:48.0071 3228 msahci - ok
14:52:48.0080 3228 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:52:48.0083 3228 msdsm - ok
14:52:48.0105 3228 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:52:48.0108 3228 MSDTC - ok
14:52:48.0130 3228 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:52:48.0131 3228 Msfs - ok
14:52:48.0134 3228 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:52:48.0135 3228 mshidkmdf - ok
14:52:48.0139 3228 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:52:48.0140 3228 msisadrv - ok
14:52:48.0167 3228 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:52:48.0170 3228 MSiSCSI - ok
14:52:48.0173 3228 msiserver - ok
14:52:48.0183 3228 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:52:48.0184 3228 MSKSSRV - ok
14:52:48.0187 3228 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:52:48.0188 3228 MSPCLOCK - ok
14:52:48.0192 3228 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:52:48.0193 3228 MSPQM - ok
14:52:48.0213 3228 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:52:48.0217 3228 MsRPC - ok
14:52:48.0224 3228 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:52:48.0225 3228 mssmbios - ok
14:52:48.0228 3228 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:52:48.0230 3228 MSTEE - ok
14:52:48.0233 3228 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:52:48.0234 3228 MTConfig - ok
14:52:48.0240 3228 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:52:48.0241 3228 Mup - ok
14:52:48.0411 3228 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
14:52:48.0413 3228 N360 - ok
14:52:48.0466 3228 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:52:48.0478 3228 napagent - ok
14:52:48.0519 3228 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:52:48.0523 3228 NativeWifiP - ok
14:52:48.0607 3228 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
14:52:48.0611 3228 NAUpdate - ok
14:52:48.0750 3228 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120725.003\ENG64.SYS
14:52:48.0753 3228 NAVENG - ok
14:52:48.0881 3228 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120725.003\EX64.SYS
14:52:48.0918 3228 NAVEX15 - ok
14:52:49.0051 3228 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:52:49.0060 3228 NDIS - ok
14:52:49.0087 3228 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:52:49.0089 3228 NdisCap - ok
14:52:49.0104 3228 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:52:49.0106 3228 NdisTapi - ok
14:52:49.0112 3228 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:52:49.0114 3228 Ndisuio - ok
14:52:49.0124 3228 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:52:49.0127 3228 NdisWan - ok
14:52:49.0145 3228 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:52:49.0147 3228 NDProxy - ok
14:52:49.0152 3228 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:52:49.0154 3228 NetBIOS - ok
14:52:49.0168 3228 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:52:49.0172 3228 NetBT - ok
14:52:49.0211 3228 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:49.0212 3228 Netlogon - ok
14:52:49.0252 3228 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:52:49.0268 3228 Netman - ok
14:52:49.0292 3228 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:52:49.0299 3228 netprofm - ok
14:52:49.0386 3228 netr28x (af5f224a600f50b7d2b77f4ae59c1abe) C:\Windows\system32\DRIVERS\netr28x.sys
14:52:49.0399 3228 netr28x - ok
14:52:49.0446 3228 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:52:49.0448 3228 NetTcpPortSharing - ok
14:52:49.0472 3228 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:52:49.0474 3228 nfrd960 - ok
14:52:49.0512 3228 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:52:49.0517 3228 NlaSvc - ok
14:52:49.0703 3228 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
14:52:49.0754 3228 NOBU - ok
14:52:49.0846 3228 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:52:49.0847 3228 Npfs - ok
14:52:49.0859 3228 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:52:49.0861 3228 nsi - ok
14:52:49.0865 3228 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:52:49.0866 3228 nsiproxy - ok
14:52:49.0974 3228 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:52:49.0996 3228 Ntfs - ok
14:52:50.0038 3228 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:52:50.0039 3228 Null - ok
14:52:50.0067 3228 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:52:50.0070 3228 nvraid - ok
14:52:50.0095 3228 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:52:50.0098 3228 nvstor - ok
14:52:50.0128 3228 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:52:50.0130 3228 nv_agp - ok
14:52:50.0137 3228 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:52:50.0139 3228 ohci1394 - ok
14:52:50.0167 3228 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:52:50.0172 3228 p2pimsvc - ok
14:52:50.0210 3228 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:52:50.0223 3228 p2psvc - ok
14:52:50.0231 3228 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:52:50.0233 3228 Parport - ok
14:52:50.0255 3228 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:52:50.0256 3228 partmgr - ok
14:52:50.0268 3228 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:52:50.0271 3228 PcaSvc - ok
14:52:50.0298 3228 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:52:50.0301 3228 pci - ok
14:52:50.0308 3228 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:52:50.0309 3228 pciide - ok
14:52:50.0323 3228 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:52:50.0327 3228 pcmcia - ok
14:52:50.0333 3228 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:52:50.0334 3228 pcw - ok
14:52:50.0367 3228 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:52:50.0374 3228 PEAUTH - ok
14:52:50.0459 3228 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:52:50.0462 3228 PerfHost - ok
14:52:50.0550 3228 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:52:50.0583 3228 pla - ok
14:52:50.0650 3228 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:52:50.0665 3228 PlugPlay - ok
14:52:50.0683 3228 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:52:50.0685 3228 PNRPAutoReg - ok
14:52:50.0708 3228 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:52:50.0712 3228 PNRPsvc - ok
14:52:50.0788 3228 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:52:50.0810 3228 PolicyAgent - ok
14:52:50.0875 3228 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:52:50.0879 3228 Power - ok
14:52:50.0930 3228 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:52:50.0932 3228 PptpMiniport - ok
14:52:50.0944 3228 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:52:50.0946 3228 Processor - ok
14:52:50.0991 3228 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:52:50.0995 3228 ProfSvc - ok
14:52:51.0033 3228 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:51.0034 3228 ProtectedStorage - ok
14:52:51.0060 3228 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:52:51.0062 3228 Psched - ok
14:52:51.0151 3228 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:52:51.0167 3228 ql2300 - ok
14:52:51.0231 3228 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:52:51.0234 3228 ql40xx - ok
14:52:51.0263 3228 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:52:51.0267 3228 QWAVE - ok
14:52:51.0278 3228 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:52:51.0280 3228 QWAVEdrv - ok
14:52:51.0283 3228 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:52:51.0285 3228 RasAcd - ok
14:52:51.0309 3228 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:52:51.0311 3228 RasAgileVpn - ok
14:52:51.0320 3228 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:52:51.0323 3228 RasAuto - ok
14:52:51.0333 3228 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:52:51.0336 3228 Rasl2tp - ok
14:52:51.0367 3228 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:52:51.0383 3228 RasMan - ok
14:52:51.0392 3228 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:52:51.0394 3228 RasPppoe - ok
14:52:51.0401 3228 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:52:51.0403 3228 RasSstp - ok
14:52:51.0420 3228 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:52:51.0424 3228 rdbss - ok
14:52:51.0442 3228 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:52:51.0443 3228 rdpbus - ok
14:52:51.0446 3228 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:52:51.0448 3228 RDPCDD - ok
14:52:51.0453 3228 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:52:51.0455 3228 RDPENCDD - ok
14:52:51.0459 3228 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:52:51.0461 3228 RDPREFMP - ok
14:52:51.0489 3228 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:52:51.0492 3228 RDPWD - ok
14:52:51.0505 3228 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:52:51.0508 3228 rdyboost - ok
14:52:51.0531 3228 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:52:51.0534 3228 RemoteAccess - ok
14:52:51.0545 3228 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:52:51.0548 3228 RemoteRegistry - ok
14:52:51.0555 3228 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:52:51.0558 3228 RpcEptMapper - ok
14:52:51.0580 3228 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:52:51.0582 3228 RpcLocator - ok
14:52:51.0617 3228 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:52:51.0622 3228 RpcSs - ok
14:52:51.0632 3228 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:52:51.0634 3228 rspndr - ok
14:52:51.0670 3228 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:52:51.0684 3228 RTL8167 - ok
14:52:51.0722 3228 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:51.0723 3228 SamSs - ok
14:52:51.0732 3228 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:52:51.0734 3228 sbp2port - ok
14:52:51.0747 3228 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:52:51.0751 3228 SCardSvr - ok
14:52:51.0756 3228 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:52:51.0757 3228 scfilter - ok
14:52:51.0818 3228 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:52:51.0841 3228 Schedule - ok
14:52:51.0858 3228 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:52:51.0859 3228 SCPolicySvc - ok
14:52:51.0870 3228 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:52:51.0874 3228 SDRSVC - ok
14:52:51.0951 3228 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
14:52:51.0954 3228 SeaPort - ok
14:52:51.0990 3228 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:52:51.0991 3228 secdrv - ok
14:52:52.0002 3228 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:52:52.0004 3228 seclogon - ok
14:52:52.0023 3228 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:52:52.0025 3228 SENS - ok
14:52:52.0030 3228 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:52:52.0032 3228 SensrSvc - ok
14:52:52.0046 3228 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:52:52.0047 3228 Serenum - ok
14:52:52.0056 3228 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:52:52.0058 3228 Serial - ok
14:52:52.0063 3228 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:52:52.0064 3228 sermouse - ok
14:52:52.0079 3228 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:52:52.0081 3228 SessionEnv - ok
14:52:52.0085 3228 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:52:52.0086 3228 sffdisk - ok
14:52:52.0088 3228 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:52:52.0089 3228 sffp_mmc - ok
14:52:52.0091 3228 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:52:52.0092 3228 sffp_sd - ok
14:52:52.0095 3228 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:52:52.0096 3228 sfloppy - ok
14:52:52.0126 3228 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:52:52.0130 3228 SharedAccess - ok
14:52:52.0158 3228 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:52:52.0173 3228 ShellHWDetection - ok
14:52:52.0185 3228 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:52:52.0187 3228 SiSRaid2 - ok
14:52:52.0193 3228 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:52:52.0194 3228 SiSRaid4 - ok
14:52:52.0214 3228 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:52:52.0215 3228 Smb - ok
14:52:52.0227 3228 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:52:52.0229 3228 SNMPTRAP - ok
14:52:52.0232 3228 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:52:52.0233 3228 spldr - ok
14:52:52.0270 3228 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:52:52.0286 3228 Spooler - ok
14:52:52.0420 3228 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:52:52.0480 3228 sppsvc - ok
14:52:52.0554 3228 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:52:52.0556 3228 sppuinotify - ok
14:52:52.0678 3228 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSP64.SYS
14:52:52.0699 3228 SRTSP - ok
14:52:52.0715 3228 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
14:52:52.0717 3228 SRTSPX - ok
14:52:52.0786 3228 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:52:52.0820 3228 srv - ok
14:52:52.0843 3228 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:52:52.0882 3228 srv2 - ok
14:52:52.0910 3228 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:52:52.0913 3228 srvnet - ok
14:52:52.0940 3228 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:52:52.0944 3228 SSDPSRV - ok
14:52:52.0951 3228 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:52:52.0954 3228 SstpSvc - ok
14:52:52.0984 3228 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:52:52.0985 3228 stexstor - ok
14:52:53.0035 3228 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:52:53.0055 3228 stisvc - ok
14:52:53.0069 3228 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:52:53.0070 3228 swenum - ok
14:52:53.0104 3228 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:52:53.0114 3228 swprv - ok
14:52:53.0200 3228 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
14:52:53.0206 3228 SymDS - ok
14:52:53.0343 3228 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
14:52:53.0384 3228 SymEFA - ok
14:52:53.0427 3228 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:52:53.0430 3228 SymEvent - ok
14:52:53.0475 3228 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS
14:52:53.0478 3228 SymIRON - ok
14:52:53.0544 3228 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\system32\drivers\N360x64\0602010.005\SYMNETS.SYS
14:52:53.0549 3228 SymNetS - ok
14:52:53.0646 3228 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:52:53.0669 3228 SysMain - ok
14:52:53.0732 3228 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:52:53.0735 3228 TabletInputService - ok
14:52:53.0753 3228 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:52:53.0759 3228 TapiSrv - ok
14:52:53.0775 3228 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:52:53.0778 3228 TBS - ok
14:52:53.0914 3228 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:52:53.0941 3228 Tcpip - ok
14:52:54.0072 3228 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:52:54.0086 3228 TCPIP6 - ok
14:52:54.0137 3228 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:52:54.0138 3228 tcpipreg - ok
14:52:54.0157 3228 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:52:54.0159 3228 TDPIPE - ok
14:52:54.0172 3228 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:52:54.0174 3228 TDTCP - ok
14:52:54.0183 3228 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:52:54.0185 3228 tdx - ok
14:52:54.0191 3228 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:52:54.0193 3228 TermDD - ok
14:52:54.0226 3228 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:52:54.0234 3228 TermService - ok
14:52:54.0239 3228 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:52:54.0242 3228 Themes - ok
14:52:54.0268 3228 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:52:54.0269 3228 THREADORDER - ok
14:52:54.0291 3228 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:52:54.0294 3228 TrkWks - ok
14:52:54.0331 3228 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:52:54.0332 3228 TrustedInstaller - ok
14:52:54.0340 3228 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:52:54.0341 3228 tssecsrv - ok
14:52:54.0355 3228 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:52:54.0357 3228 TsUsbFlt - ok
14:52:54.0361 3228 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:52:54.0363 3228 TsUsbGD - ok
14:52:54.0391 3228 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:52:54.0393 3228 tunnel - ok
14:52:54.0413 3228 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:52:54.0415 3228 uagp35 - ok
14:52:54.0437 3228 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:52:54.0442 3228 udfs - ok
14:52:54.0451 3228 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:52:54.0454 3228 UI0Detect - ok
14:52:54.0469 3228 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:52:54.0471 3228 uliagpkx - ok
14:52:54.0483 3228 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:52:54.0485 3228 umbus - ok
14:52:54.0497 3228 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:52:54.0498 3228 UmPass - ok
14:52:54.0694 3228 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:52:54.0706 3228 UNS - ok
14:52:54.0862 3228 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:52:54.0875 3228 upnphost - ok
14:52:54.0945 3228 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:52:54.0948 3228 usbccgp - ok
14:52:54.0956 3228 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:52:54.0958 3228 usbcir - ok
14:52:54.0980 3228 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:52:54.0982 3228 usbehci - ok
14:52:55.0027 3228 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:52:55.0033 3228 usbhub - ok
14:52:55.0045 3228 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:52:55.0047 3228 usbohci - ok
14:52:55.0063 3228 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
14:52:55.0065 3228 usbprint - ok
14:52:55.0077 3228 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:52:55.0079 3228 USBSTOR - ok
14:52:55.0089 3228 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:52:55.0090 3228 usbuhci - ok
14:52:55.0101 3228 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:52:55.0103 3228 UxSms - ok
14:52:55.0144 3228 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:55.0145 3228 VaultSvc - ok
14:52:55.0161 3228 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:52:55.0163 3228 vdrvroot - ok
14:52:55.0209 3228 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:52:55.0228 3228 vds - ok
14:52:55.0276 3228 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:52:55.0277 3228 vga - ok
14:52:55.0281 3228 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:52:55.0283 3228 VgaSave - ok
14:52:55.0305 3228 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:52:55.0309 3228 vhdmp - ok
14:52:55.0313 3228 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:52:55.0314 3228 viaide - ok
14:52:55.0335 3228 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:52:55.0336 3228 volmgr - ok
14:52:55.0355 3228 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:52:55.0360 3228 volmgrx - ok
14:52:55.0377 3228 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:52:55.0381 3228 volsnap - ok
14:52:55.0393 3228 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:52:55.0395 3228 vsmraid - ok
14:52:55.0478 3228 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:52:55.0504 3228 VSS - ok
14:52:55.0588 3228 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:52:55.0590 3228 vwifibus - ok
14:52:55.0596 3228 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:52:55.0598 3228 vwififlt - ok
14:52:55.0630 3228 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:52:55.0636 3228 W32Time - ok
14:52:55.0643 3228 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:52:55.0644 3228 WacomPen - ok
14:52:55.0657 3228 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:52:55.0659 3228 WANARP - ok
14:52:55.0663 3228 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:52:55.0664 3228 Wanarpv6 - ok
14:52:55.0783 3228 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:52:55.0797 3228 WatAdminSvc - ok
14:52:55.0896 3228 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:52:55.0916 3228 wbengine - ok
14:52:56.0008 3228 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:52:56.0012 3228 WbioSrvc - ok
14:52:56.0033 3228 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:52:56.0039 3228 wcncsvc - ok
14:52:56.0044 3228 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:52:56.0047 3228 WcsPlugInService - ok
14:52:56.0062 3228 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:52:56.0064 3228 Wd - ok
14:52:56.0105 3228 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:52:56.0113 3228 Wdf01000 - ok
14:52:56.0121 3228 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:52:56.0124 3228 WdiServiceHost - ok
14:52:56.0127 3228 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:52:56.0129 3228 WdiSystemHost - ok
14:52:56.0144 3228 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:52:56.0147 3228 WebClient - ok
14:52:56.0166 3228 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:52:56.0189 3228 Wecsvc - ok
14:52:56.0196 3228 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:52:56.0198 3228 wercplsupport - ok
14:52:56.0218 3228 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:52:56.0220 3228 WerSvc - ok
14:52:56.0255 3228 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:52:56.0257 3228 WfpLwf - ok
14:52:56.0261 3228 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:52:56.0263 3228 WIMMount - ok
14:52:56.0301 3228 WinDefend - ok
14:52:56.0306 3228 WinHttpAutoProxySvc - ok
14:52:56.0338 3228 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:52:56.0342 3228 Winmgmt - ok
14:52:56.0443 3228 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:52:56.0466 3228 WinRM - ok
14:52:56.0577 3228 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:52:56.0598 3228 Wlansvc - ok
14:52:56.0650 3228 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:52:56.0652 3228 wlcrasvc - ok
14:52:56.0830 3228 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:52:56.0877 3228 wlidsvc - ok
14:52:56.0955 3228 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:52:56.0956 3228 WmiAcpi - ok
14:52:57.0009 3228 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:52:57.0012 3228 wmiApSrv - ok
14:52:57.0029 3228 WMPNetworkSvc - ok
14:52:57.0057 3228 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:52:57.0060 3228 WPCSvc - ok
14:52:57.0071 3228 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:52:57.0074 3228 WPDBusEnum - ok
14:52:57.0078 3228 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:52:57.0080 3228 ws2ifsl - ok
14:52:57.0087 3228 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:52:57.0090 3228 wscsvc - ok
14:52:57.0093 3228 WSearch - ok
14:52:57.0248 3228 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:52:57.0301 3228 wuauserv - ok
14:52:57.0359 3228 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:52:57.0362 3228 WudfPf - ok
14:52:57.0374 3228 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:52:57.0378 3228 WUDFRd - ok
14:52:57.0393 3228 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:52:57.0396 3228 wudfsvc - ok
14:52:57.0414 3228 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:52:57.0419 3228 WwanSvc - ok
14:52:57.0449 3228 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:52:58.0123 3228 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:52:58.0123 3228 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:52:58.0128 3228 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR6
14:52:58.0222 3228 \Device\Harddisk6\DR6 - ok
14:52:58.0225 3228 Boot (0x1200) (5016db220c335a4bec6af07193c24d8d) \Device\Harddisk0\DR0\Partition0
14:52:58.0226 3228 \Device\Harddisk0\DR0\Partition0 - ok
14:52:58.0244 3228 Boot (0x1200) (ce80f5e53416bdc54bc263e1ea0f8314) \Device\Harddisk0\DR0\Partition1
14:52:58.0247 3228 \Device\Harddisk0\DR0\Partition1 - ok
14:52:58.0251 3228 Boot (0x1200) (29ee5409e69f43488b850e44d54510fe) \Device\Harddisk6\DR6\Partition0
14:52:58.0252 3228 \Device\Harddisk6\DR6\Partition0 - ok
14:52:58.0253 3228 ============================================================
14:52:58.0253 3228 Scan finished
14:52:58.0253 3228 ============================================================
14:52:58.0262 3136 Detected object count: 1
14:52:58.0262 3136 Actual detected object count: 1
14:53:16.0885 3136 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:53:16.0887 3136 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:53:16.0892 3136 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:53:16.0897 3136 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:53:16.0974 3136 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:53:16.0982 3136 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:53:16.0983 3136 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:53:16.0985 3136 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:53:16.0988 3136 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:53:16.0991 3136 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:53:16.0994 3136 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:53:16.0996 3136 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:53:16.0998 3136 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:53:16.0999 3136 \Device\Harddisk0\DR0\TDLFS - deleted
14:53:16.0999 3136 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
14:53:30.0894 0972 Deinitialize success

BC AdBot (Login to Remove)

 


#2 trhelp

trhelp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 26 July 2012 - 10:52 AM

Is the recovery partition infected? If it is are these dvd's/cd's enough to do a clean install?

"eRecovery CD

-RCDs are generally maintained for 3 years after the date of production of the unit.

-RCDs are generated for a specific unit.

-RCDs will contain a Recovery DVD, System CD, & Language Disk* (win7)*

Note: Recovering your unit, will bring your unit back to the original factory settings, including all original software, applications, drivers, and Operating System."

Thank you and please somebody answer! I need to know what to do next.

#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:57 PM

Posted 26 July 2012 - 08:48 PM

Here: http://www.bleepingcomputer.com/forums/topic462175.html/page__p__2777293__fromsearch__1#entry2777293 you're asked to create new topic in malware removal forum not in this forum.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 trhelp

trhelp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 26 July 2012 - 08:53 PM

Thank you very much for your reply! I will do that! I thought that the message was for Brian C.

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,725 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:57 PM

Posted 26 July 2012 - 08:57 PM

Oh, I see....however it'll be a good idea for you as well.
We are not allowed to deal with rootkits with this particular forum.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,995 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:57 PM

Posted 27 July 2012 - 08:21 AM

And this confusion amply demonstrates why folks shouldn't post their help topics in someone else's topic.

Hello trhelp,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic462447.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users