Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.Zeroaccess - need help removing


  • Please log in to reply
14 replies to this topic

#1 Albin

Albin

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 29 July 2012 - 06:58 AM

Hello

Unfortunately my computer has been infected with Trojan.Zeroaccess

When scanning with Norton Internet Security it have found several Trojan.Zeroaccess, though some have been deleted with the Norton Power Eraser, and then also downloaded a FixZeroAccess from Norton and also have used Malwarebytes.
Though I can't get rid of it fully and Norton blocks some Trojan.Zeroaccess automatically.

What I had left on the last quick scan with nortn was Trojan.Zeroaccess!kmem and it is in c:\windows\system32\ntos

Hoping that someone might be able to help me!

Thanks

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:58 AM

Posted 29 July 2012 - 07:03 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Albin

Albin
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 29 July 2012 - 08:27 AM

14:05:01.0537 5456 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:05:01.0930 5456 ============================================================
14:05:01.0930 5456 Current date / time: 2012/07/29 14:05:01.0930
14:05:01.0930 5456 SystemInfo:
14:05:01.0930 5456
14:05:01.0930 5456 OS Version: 6.0.6002 ServicePack: 2.0
14:05:01.0930 5456 Product type: Workstation
14:05:01.0930 5456 ComputerName: ALBIN-DATOR2
14:05:01.0931 5456 UserName: Albin
14:05:01.0931 5456 Windows directory: C:\Windows
14:05:01.0931 5456 System windows directory: C:\Windows
14:05:01.0931 5456 Processor architecture: Intel x86
14:05:01.0931 5456 Number of processors: 2
14:05:01.0931 5456 Page size: 0x1000
14:05:01.0931 5456 Boot type: Normal boot
14:05:01.0931 5456 ============================================================
14:05:03.0172 5456 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:05:03.0185 5456 ============================================================
14:05:03.0185 5456 \Device\Harddisk0\DR0:
14:05:03.0186 5456 MBR partitions:
14:05:03.0186 5456 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x48E57000
14:05:03.0186 5456 ============================================================
14:05:03.0215 5456 C: <-> \Device\Harddisk0\DR0\Partition0
14:05:03.0215 5456 ============================================================
14:05:03.0215 5456 Initialize success
14:05:03.0215 5456 ============================================================
14:05:46.0469 1492 ============================================================
14:05:46.0469 1492 Scan started
14:05:46.0469 1492 Mode: Manual; TDLFS;
14:05:46.0469 1492 ============================================================
14:05:47.0665 1492 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:05:47.0667 1492 ACPI - ok
14:05:47.0991 1492 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:05:47.0993 1492 AdobeARMservice - ok
14:05:48.0116 1492 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:05:48.0119 1492 adp94xx - ok
14:05:48.0153 1492 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:05:48.0155 1492 adpahci - ok
14:05:48.0184 1492 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:05:48.0185 1492 adpu160m - ok
14:05:48.0204 1492 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:05:48.0206 1492 adpu320 - ok
14:05:48.0241 1492 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:05:48.0241 1492 AeLookupSvc - ok
14:05:48.0288 1492 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:05:48.0290 1492 AFD - ok
14:05:48.0314 1492 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:05:48.0316 1492 agp440 - ok
14:05:48.0340 1492 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:05:48.0342 1492 aic78xx - ok
14:05:48.0358 1492 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:05:48.0362 1492 ALG - ok
14:05:48.0378 1492 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:05:48.0379 1492 aliide - ok
14:05:48.0393 1492 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:05:48.0394 1492 amdagp - ok
14:05:48.0409 1492 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:05:48.0410 1492 amdide - ok
14:05:48.0424 1492 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:05:48.0425 1492 AmdK7 - ok
14:05:48.0435 1492 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:05:48.0436 1492 AmdK8 - ok
14:05:48.0453 1492 AMService - ok
14:05:48.0486 1492 Angel2 - ok
14:05:48.0507 1492 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:05:48.0509 1492 Appinfo - ok
14:05:48.0597 1492 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:05:48.0600 1492 Apple Mobile Device - ok
14:05:48.0615 1492 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:05:48.0616 1492 arc - ok
14:05:48.0637 1492 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:05:48.0638 1492 arcsas - ok
14:05:48.0772 1492 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:05:48.0774 1492 aspnet_state - ok
14:05:48.0800 1492 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:05:48.0801 1492 AsyncMac - ok
14:05:48.0821 1492 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:05:48.0823 1492 atapi - ok
14:05:48.0828 1492 atiavpci - ok
14:05:48.0902 1492 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:05:48.0904 1492 AudioEndpointBuilder - ok
14:05:48.0909 1492 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:05:48.0912 1492 Audiosrv - ok
14:05:48.0973 1492 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:05:48.0974 1492 Beep - ok
14:05:49.0316 1492 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
14:05:49.0322 1492 BHDrvx86 - ok
14:05:49.0404 1492 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
14:05:49.0422 1492 BITS - ok
14:05:49.0466 1492 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:05:49.0468 1492 blbdrive - ok
14:05:49.0541 1492 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:05:49.0556 1492 Bonjour Service - ok
14:05:49.0588 1492 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:05:49.0589 1492 bowser - ok
14:05:49.0611 1492 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:05:49.0612 1492 BrFiltLo - ok
14:05:49.0626 1492 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:05:49.0627 1492 BrFiltUp - ok
14:05:49.0654 1492 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:05:49.0655 1492 Browser - ok
14:05:49.0683 1492 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:05:49.0710 1492 Brserid - ok
14:05:49.0742 1492 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:05:49.0744 1492 BrSerWdm - ok
14:05:49.0771 1492 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:05:49.0771 1492 BrUsbMdm - ok
14:05:49.0781 1492 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:05:49.0783 1492 BrUsbSer - ok
14:05:49.0802 1492 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:05:49.0803 1492 BTHMODEM - ok
14:05:49.0835 1492 cacheserver - ok
14:05:49.0843 1492 Cam5603C - ok
14:05:49.0970 1492 ccSet_NIS (086f4d4d2be939a5704e44dabef4b2c9) C:\Windows\system32\drivers\NIS\1300000.080\ccSetx86.sys
14:05:49.0972 1492 ccSet_NIS - ok
14:05:49.0988 1492 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:05:49.0989 1492 cdfs - ok
14:05:50.0022 1492 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:05:50.0023 1492 cdrom - ok
14:05:50.0046 1492 CE3 - ok
14:05:50.0096 1492 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:05:50.0098 1492 CertPropSvc - ok
14:05:50.0131 1492 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:05:50.0133 1492 circlass - ok
14:05:50.0176 1492 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:05:50.0179 1492 CLFS - ok
14:05:50.0235 1492 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:05:50.0267 1492 clr_optimization_v2.0.50727_32 - ok
14:05:50.0351 1492 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:05:50.0355 1492 clr_optimization_v4.0.30319_32 - ok
14:05:50.0369 1492 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:05:50.0370 1492 cmdide - ok
14:05:50.0381 1492 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
14:05:50.0382 1492 Compbatt - ok
14:05:50.0389 1492 COMSysApp - ok
14:05:50.0413 1492 cpqvcagent - ok
14:05:50.0430 1492 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:05:50.0431 1492 crcdisk - ok
14:05:50.0453 1492 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:05:50.0454 1492 Crusoe - ok
14:05:50.0498 1492 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
14:05:50.0499 1492 CryptSvc - ok
14:05:50.0560 1492 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:05:50.0566 1492 DcomLaunch - ok
14:05:50.0582 1492 DELL_A02 - ok
14:05:50.0612 1492 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:05:50.0613 1492 DfsC - ok
14:05:50.0771 1492 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
14:05:50.0786 1492 DFSR - ok
14:05:51.0012 1492 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
14:05:51.0014 1492 Dhcp - ok
14:05:51.0068 1492 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:05:51.0069 1492 disk - ok
14:05:51.0108 1492 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
14:05:51.0109 1492 Dnscache - ok
14:05:51.0146 1492 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
14:05:51.0148 1492 dot3svc - ok
14:05:51.0188 1492 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:05:51.0190 1492 DPS - ok
14:05:51.0221 1492 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:05:51.0222 1492 drmkaud - ok
14:05:51.0280 1492 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:05:51.0284 1492 DXGKrnl - ok
14:05:51.0310 1492 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:05:51.0312 1492 E1G60 - ok
14:05:51.0338 1492 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:05:51.0340 1492 EapHost - ok
14:05:51.0380 1492 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:05:51.0381 1492 Ecache - ok
14:05:51.0469 1492 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:05:51.0472 1492 eeCtrl - ok
14:05:51.0537 1492 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
14:05:51.0549 1492 ehRecvr - ok
14:05:51.0564 1492 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
14:05:51.0568 1492 ehSched - ok
14:05:51.0581 1492 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
14:05:51.0583 1492 ehstart - ok
14:05:51.0602 1492 el90xbc - ok
14:05:51.0645 1492 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:05:51.0648 1492 elxstor - ok
14:05:51.0733 1492 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
14:05:51.0739 1492 EMDMgmt - ok
14:05:51.0769 1492 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:05:51.0770 1492 EraserUtilRebootDrv - ok
14:05:51.0796 1492 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:05:51.0797 1492 ErrDev - ok
14:05:51.0817 1492 etoksrv - ok
14:05:51.0894 1492 ETService (23112102bc2a8fe44b8ac44a05bdf4c3) C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
14:05:51.0895 1492 ETService - ok
14:05:51.0970 1492 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
14:05:51.0972 1492 EventSystem - ok
14:05:52.0018 1492 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:05:52.0019 1492 exfat - ok
14:05:52.0052 1492 ezSharedSvc (42f721c52eef2d6df9372a53813a83ef) C:\Windows\System32\ezsvc7.dll
14:05:52.0053 1492 ezSharedSvc - ok
14:05:52.0086 1492 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:05:52.0088 1492 fastfat - ok
14:05:52.0106 1492 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:05:52.0107 1492 fdc - ok
14:05:52.0123 1492 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:05:52.0125 1492 fdPHost - ok
14:05:52.0141 1492 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:05:52.0142 1492 FDResPub - ok
14:05:52.0153 1492 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:05:52.0154 1492 FileInfo - ok
14:05:52.0168 1492 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:05:52.0169 1492 Filetrace - ok
14:05:52.0249 1492 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:05:52.0268 1492 FLEXnet Licensing Service - ok
14:05:52.0298 1492 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:05:52.0299 1492 flpydisk - ok
14:05:52.0331 1492 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:05:52.0333 1492 FltMgr - ok
14:05:52.0393 1492 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
14:05:52.0398 1492 FontCache - ok
14:05:52.0445 1492 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:05:52.0448 1492 FontCache3.0.0.0 - ok
14:05:52.0466 1492 fsaua - ok
14:05:52.0486 1492 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
14:05:52.0487 1492 Fs_Rec - ok
14:05:52.0500 1492 ftrtsvc - ok
14:05:52.0528 1492 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:05:52.0529 1492 gagp30kx - ok
14:05:52.0555 1492 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:05:52.0556 1492 GEARAspiWDM - ok
14:05:52.0569 1492 GenericHidService - ok
14:05:52.0577 1492 GoBack2K - ok
14:05:52.0668 1492 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
14:05:52.0669 1492 GoogleDesktopManager-051210-111108 - ok
14:05:52.0756 1492 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
14:05:52.0760 1492 gpsvc - ok
14:05:52.0784 1492 gupdate - ok
14:05:52.0821 1492 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:05:52.0825 1492 gusvc - ok
14:05:52.0878 1492 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:05:52.0880 1492 HdAudAddService - ok
14:05:52.0963 1492 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:05:52.0966 1492 HDAudBus - ok
14:05:52.0980 1492 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:05:52.0982 1492 HidBth - ok
14:05:52.0995 1492 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:05:52.0996 1492 HidIr - ok
14:05:53.0025 1492 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
14:05:53.0026 1492 hidserv - ok
14:05:53.0065 1492 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:05:53.0066 1492 HidUsb - ok
14:05:53.0086 1492 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:05:53.0090 1492 hkmsvc - ok
14:05:53.0181 1492 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:05:53.0182 1492 HpCISSs - ok
14:05:53.0558 1492 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:05:53.0561 1492 HTTP - ok
14:05:53.0594 1492 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:05:53.0595 1492 i2omp - ok
14:05:53.0632 1492 i8042prt (eedf678dd636e0dfe335ab6e5c272a00) C:\Windows\system32\DRIVERS\i8042prt.sys
14:05:53.0634 1492 i8042prt ( Virus.Win32.ZAccess.k ) - infected
14:05:53.0634 1492 i8042prt - detected Virus.Win32.ZAccess.k (0)
14:05:53.0661 1492 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:05:53.0663 1492 iaStorV - ok
14:05:53.0821 1492 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:05:53.0843 1492 idsvc - ok
14:05:54.0181 1492 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120727.001\IDSvix86.sys
14:05:54.0184 1492 IDSVix86 - ok
14:05:54.0278 1492 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:05:54.0279 1492 iirsp - ok
14:05:54.0326 1492 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
14:05:54.0338 1492 IKEEXT - ok
14:05:54.0365 1492 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
14:05:54.0366 1492 int15 - ok
14:05:54.0564 1492 IntcAzAudAddService (23ebcee9aaa4d6c88728791fab462456) C:\Windows\system32\drivers\RTKVHDA.sys
14:05:54.0579 1492 IntcAzAudAddService - ok
14:05:54.0652 1492 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:05:54.0653 1492 intelide - ok
14:05:54.0662 1492 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:05:54.0663 1492 intelppm - ok
14:05:54.0696 1492 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:05:54.0698 1492 IPBusEnum - ok
14:05:54.0763 1492 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:05:54.0765 1492 IpFilterDriver - ok
14:05:54.0790 1492 IpInIp - ok
14:05:54.0823 1492 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:05:54.0824 1492 IPMIDRV - ok
14:05:54.0850 1492 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:05:54.0851 1492 IPNAT - ok
14:05:54.0980 1492 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
14:05:54.0985 1492 iPod Service - ok
14:05:55.0000 1492 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:05:55.0001 1492 IRENUM - ok
14:05:55.0021 1492 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:05:55.0023 1492 isapnp - ok
14:05:55.0077 1492 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:05:55.0078 1492 iScsiPrt - ok
14:05:55.0083 1492 issm - ok
14:05:55.0105 1492 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:05:55.0106 1492 iteatapi - ok
14:05:55.0113 1492 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:05:55.0115 1492 iteraid - ok
14:05:55.0120 1492 jconfigd - ok
14:05:55.0128 1492 k56 - ok
14:05:55.0147 1492 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:05:55.0148 1492 kbdclass - ok
14:05:55.0163 1492 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
14:05:55.0164 1492 kbdhid - ok
14:05:55.0194 1492 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:05:55.0196 1492 KeyIso - ok
14:05:55.0262 1492 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
14:05:55.0265 1492 KSecDD - ok
14:05:55.0311 1492 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:05:55.0312 1492 KtmRm - ok
14:05:55.0340 1492 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
14:05:55.0343 1492 LanmanServer - ok
14:05:55.0380 1492 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
14:05:55.0383 1492 LanmanWorkstation - ok
14:05:55.0401 1492 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:05:55.0403 1492 lltdio - ok
14:05:55.0437 1492 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:05:55.0450 1492 lltdsvc - ok
14:05:55.0465 1492 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:05:55.0467 1492 lmhosts - ok
14:05:55.0509 1492 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:05:55.0510 1492 LSI_FC - ok
14:05:55.0539 1492 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:05:55.0540 1492 LSI_SAS - ok
14:05:55.0573 1492 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:05:55.0574 1492 LSI_SCSI - ok
14:05:55.0594 1492 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:05:55.0596 1492 luafv - ok
14:05:55.0602 1492 mcp - ok
14:05:55.0612 1492 mcproxy - ok
14:05:55.0643 1492 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
14:05:55.0646 1492 Mcx2Svc - ok
14:05:55.0663 1492 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:05:55.0664 1492 megasas - ok
14:05:55.0781 1492 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:05:55.0784 1492 MegaSR - ok
14:05:55.0812 1492 mhn - ok
14:05:55.0834 1492 mi-raysat_3dsmax9_32 - ok
14:05:55.0970 1492 Microsoft SharePoint Workspace Audit Service - ok
14:05:55.0989 1492 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:05:55.0992 1492 MMCSS - ok
14:05:55.0997 1492 mnmsrvc - ok
14:05:56.0016 1492 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:05:56.0017 1492 Modem - ok
14:05:56.0063 1492 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:05:56.0064 1492 monitor - ok
14:05:56.0101 1492 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:05:56.0102 1492 mouclass - ok
14:05:56.0132 1492 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
14:05:56.0132 1492 mouhid - ok
14:05:56.0185 1492 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:05:56.0188 1492 MountMgr - ok
14:05:56.0224 1492 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:05:56.0226 1492 mpio - ok
14:05:56.0260 1492 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:05:56.0261 1492 mpsdrv - ok
14:05:56.0279 1492 mqdmbus - ok
14:05:56.0295 1492 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:05:56.0296 1492 Mraid35x - ok
14:05:56.0346 1492 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:05:56.0346 1492 MRxDAV - ok
14:05:56.0361 1492 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:05:56.0362 1492 mrxsmb - ok
14:05:56.0385 1492 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:05:56.0386 1492 mrxsmb10 - ok
14:05:56.0397 1492 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:05:56.0398 1492 mrxsmb20 - ok
14:05:56.0416 1492 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
14:05:56.0417 1492 msahci - ok
14:05:56.0437 1492 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:05:56.0438 1492 msdsm - ok
14:05:56.0482 1492 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:05:56.0486 1492 MSDTC - ok
14:05:56.0519 1492 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:05:56.0519 1492 Msfs - ok
14:05:56.0533 1492 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:05:56.0535 1492 msisadrv - ok
14:05:56.0566 1492 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:05:56.0568 1492 MSiSCSI - ok
14:05:56.0573 1492 msiserver - ok
14:05:56.0587 1492 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:05:56.0588 1492 MSKSSRV - ok
14:05:56.0613 1492 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:05:56.0614 1492 MSPCLOCK - ok
14:05:56.0624 1492 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:05:56.0625 1492 MSPQM - ok
14:05:56.0692 1492 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:05:56.0694 1492 MsRPC - ok
14:05:56.0816 1492 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:05:56.0818 1492 mssmbios - ok
14:05:56.0975 1492 MSSQL$VISMA - ok
14:05:57.0009 1492 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:05:57.0010 1492 MSSQLServerADHelper - ok
14:05:57.0017 1492 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:05:57.0018 1492 MSTEE - ok
14:05:57.0029 1492 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:05:57.0030 1492 Mup - ok
14:05:57.0073 1492 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
14:05:57.0077 1492 napagent - ok
14:05:57.0123 1492 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:05:57.0126 1492 NativeWifiP - ok
14:05:57.0325 1492 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120728.009\NAVENG.SYS
14:05:57.0328 1492 NAVENG - ok
14:05:57.0415 1492 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120728.009\NAVEX15.SYS
14:05:57.0446 1492 NAVEX15 - ok
14:05:57.0604 1492 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:05:57.0608 1492 NDIS - ok
14:05:57.0634 1492 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:05:57.0635 1492 NdisTapi - ok
14:05:57.0644 1492 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:05:57.0645 1492 Ndisuio - ok
14:05:57.0687 1492 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:05:57.0689 1492 NdisWan - ok
14:05:57.0719 1492 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:05:57.0723 1492 NDProxy - ok
14:05:57.0764 1492 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:05:57.0766 1492 NetBIOS - ok
14:05:57.0798 1492 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:05:57.0800 1492 netbt - ok
14:05:57.0817 1492 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:05:57.0819 1492 Netlogon - ok
14:05:57.0854 1492 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:05:57.0857 1492 Netman - ok
14:05:58.0009 1492 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:05:58.0013 1492 NetMsmqActivator - ok
14:05:58.0018 1492 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:05:58.0020 1492 NetPipeActivator - ok
14:05:58.0054 1492 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:05:58.0057 1492 netprofm - ok
14:05:58.0065 1492 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:05:58.0067 1492 NetTcpActivator - ok
14:05:58.0072 1492 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:05:58.0074 1492 NetTcpPortSharing - ok
14:05:58.0081 1492 NETw4v32 - ok
14:05:58.0108 1492 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:05:58.0110 1492 nfrd960 - ok
14:05:58.0312 1492 NIS (efbfe525e03c7444187262c85d776532) C:\Program Files\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe
14:05:58.0314 1492 NIS - ok
14:05:58.0383 1492 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:05:58.0383 1492 NlaSvc - ok
14:05:58.0414 1492 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:05:58.0414 1492 Npfs - ok
14:05:58.0415 1492 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:05:58.0415 1492 nsi - ok
14:05:58.0418 1492 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:05:58.0419 1492 nsiproxy - ok
14:05:58.0483 1492 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:05:58.0490 1492 Ntfs - ok
14:05:58.0509 1492 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:05:58.0510 1492 ntrigdigi - ok
14:05:58.0534 1492 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:05:58.0535 1492 Null - ok
14:05:58.0607 1492 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:05:58.0615 1492 NVENETFD - ok
14:05:59.0102 1492 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:05:59.0176 1492 nvlddmkm - ok
14:05:59.0269 1492 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:05:59.0270 1492 nvraid - ok
14:05:59.0283 1492 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:05:59.0284 1492 nvstor - ok
14:05:59.0298 1492 nvstor32 (4876e7c3184bdf50ede043fef616b867) C:\Windows\system32\DRIVERS\nvstor32.sys
14:05:59.0299 1492 nvstor32 - ok
14:05:59.0315 1492 nvsvc (4ed813efd77a9b7e57e341cdc1c5cbc4) C:\Windows\system32\nvvsvc.exe
14:05:59.0318 1492 nvsvc - ok
14:05:59.0334 1492 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:05:59.0337 1492 nv_agp - ok
14:05:59.0342 1492 NwlnkFlt - ok
14:05:59.0350 1492 NwlnkFwd - ok
14:05:59.0380 1492 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
14:05:59.0381 1492 ohci1394 - ok
14:05:59.0468 1492 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:05:59.0472 1492 ose - ok
14:05:59.0668 1492 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:05:59.0784 1492 osppsvc - ok
14:05:59.0972 1492 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:05:59.0978 1492 p2pimsvc - ok
14:05:59.0987 1492 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:05:59.0992 1492 p2psvc - ok
14:06:00.0038 1492 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:06:00.0039 1492 Parport - ok
14:06:00.0068 1492 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
14:06:00.0069 1492 partmgr - ok
14:06:00.0087 1492 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:06:00.0088 1492 Parvdm - ok
14:06:00.0093 1492 pcampr5 - ok
14:06:00.0112 1492 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:06:00.0115 1492 PcaSvc - ok
14:06:00.0145 1492 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:06:00.0149 1492 pci - ok
14:06:00.0174 1492 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
14:06:00.0175 1492 pciide - ok
14:06:00.0200 1492 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:06:00.0202 1492 pcmcia - ok
14:06:00.0246 1492 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:06:00.0253 1492 PEAUTH - ok
14:06:00.0273 1492 PGPdisk - ok
14:06:00.0338 1492 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:06:00.0348 1492 pla - ok
14:06:00.0446 1492 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
14:06:00.0457 1492 PlugPlay - ok
14:06:00.0521 1492 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:06:00.0527 1492 PNRPAutoReg - ok
14:06:00.0537 1492 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:06:00.0543 1492 PNRPsvc - ok
14:06:00.0555 1492 PolarUSB - ok
14:06:00.0594 1492 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
14:06:00.0610 1492 PolicyAgent - ok
14:06:00.0711 1492 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:06:00.0712 1492 PptpMiniport - ok
14:06:00.0739 1492 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:06:00.0740 1492 Processor - ok
14:06:00.0842 1492 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
14:06:00.0846 1492 ProfSvc - ok
14:06:00.0890 1492 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:06:00.0897 1492 ProtectedStorage - ok
14:06:00.0975 1492 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:06:00.0976 1492 PSched - ok
14:06:01.0038 1492 QCDonner (b1ad87b4c97b6b59fcd075001e76865f) C:\Windows\system32\DRIVERS\LVCD.sys
14:06:01.0041 1492 QCDonner - ok
14:06:01.0166 1492 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:06:01.0214 1492 ql2300 - ok
14:06:01.0236 1492 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:06:01.0238 1492 ql40xx - ok
14:06:01.0275 1492 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:06:01.0278 1492 QWAVE - ok
14:06:01.0289 1492 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:06:01.0292 1492 QWAVEdrv - ok
14:06:01.0305 1492 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:06:01.0306 1492 RasAcd - ok
14:06:01.0318 1492 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:06:01.0321 1492 RasAuto - ok
14:06:01.0333 1492 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:06:01.0334 1492 Rasl2tp - ok
14:06:01.0381 1492 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
14:06:01.0385 1492 RasMan - ok
14:06:01.0397 1492 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:06:01.0399 1492 RasPppoe - ok
14:06:01.0430 1492 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:06:01.0431 1492 RasSstp - ok
14:06:01.0463 1492 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:06:01.0465 1492 rdbss - ok
14:06:01.0500 1492 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:06:01.0500 1492 RDPCDD - ok
14:06:01.0517 1492 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:06:01.0517 1492 rdpdr - ok
14:06:01.0517 1492 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:06:01.0517 1492 RDPENCDD - ok
14:06:01.0560 1492 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
14:06:01.0561 1492 RDPWD - ok
14:06:01.0597 1492 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:06:01.0600 1492 RemoteAccess - ok
14:06:01.0615 1492 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
14:06:01.0618 1492 RemoteRegistry - ok
14:06:01.0639 1492 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:06:01.0641 1492 RpcLocator - ok
14:06:01.0715 1492 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:06:01.0721 1492 RpcSs - ok
14:06:01.0790 1492 rrpiejbz - ok
14:06:01.0807 1492 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:06:01.0808 1492 rspndr - ok
14:06:01.0812 1492 RTHDMIAzAudService - ok
14:06:01.0856 1492 RTL85n86 (4b8d84bdbf429ab47523a354480fbb15) C:\Windows\system32\DRIVERS\RTL85n86.sys
14:06:01.0858 1492 RTL85n86 - ok
14:06:01.0873 1492 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:06:01.0875 1492 SamSs - ok
14:06:01.0901 1492 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:06:01.0903 1492 sbp2port - ok
14:06:01.0924 1492 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
14:06:01.0927 1492 SCardSvr - ok
14:06:01.0979 1492 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
14:06:01.0985 1492 Schedule - ok
14:06:01.0993 1492 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:06:01.0994 1492 SCPolicySvc - ok
14:06:02.0022 1492 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:06:02.0025 1492 SDRSVC - ok
14:06:02.0042 1492 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:06:02.0043 1492 secdrv - ok
14:06:02.0053 1492 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:06:02.0055 1492 seclogon - ok
14:06:02.0069 1492 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
14:06:02.0073 1492 SENS - ok
14:06:02.0087 1492 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:06:02.0088 1492 Serenum - ok
14:06:02.0106 1492 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:06:02.0107 1492 Serial - ok
14:06:02.0123 1492 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:06:02.0124 1492 sermouse - ok
14:06:02.0152 1492 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:06:02.0154 1492 SessionEnv - ok
14:06:02.0168 1492 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:06:02.0169 1492 sffdisk - ok
14:06:02.0180 1492 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:06:02.0181 1492 sffp_mmc - ok
14:06:02.0187 1492 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:06:02.0188 1492 sffp_sd - ok
14:06:02.0203 1492 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:06:02.0203 1492 sfloppy - ok
14:06:02.0234 1492 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:06:02.0237 1492 SharedAccess - ok
14:06:02.0273 1492 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
14:06:02.0277 1492 ShellHWDetection - ok
14:06:02.0294 1492 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:06:02.0296 1492 sisagp - ok
14:06:02.0315 1492 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:06:02.0316 1492 SiSRaid2 - ok
14:06:02.0333 1492 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:06:02.0334 1492 SiSRaid4 - ok
14:06:02.0420 1492 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe
14:06:02.0423 1492 SkypeUpdate - ok
14:06:02.0578 1492 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
14:06:02.0600 1492 slsvc - ok
14:06:02.0803 1492 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
14:06:02.0805 1492 SLUINotify - ok
14:06:02.0868 1492 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:06:02.0870 1492 Smb - ok
14:06:02.0902 1492 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:06:02.0905 1492 SNMPTRAP - ok
14:06:02.0910 1492 spcsutilityservice - ok
14:06:02.0933 1492 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:06:02.0934 1492 spldr - ok
14:06:02.0966 1492 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
14:06:02.0969 1492 Spooler - ok
14:06:03.0043 1492 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
14:06:03.0043 1492 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
14:06:03.0046 1492 sptd ( LockedFile.Multi.Generic ) - warning
14:06:03.0046 1492 sptd - detected LockedFile.Multi.Generic (1)
14:06:03.0111 1492 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:06:03.0122 1492 SQLBrowser - ok
14:06:03.0148 1492 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:06:03.0150 1492 SQLWriter - ok
14:06:03.0285 1492 SRTSP (fbc0c86a2189957a0ff4da18472d0cb4) C:\Windows\system32\drivers\NIS\1300000.080\SRTSP.SYS
14:06:03.0294 1492 SRTSP - ok
14:06:03.0324 1492 SRTSPX (c76b70dbeaeb9c645939f18872e2bd4f) C:\Windows\system32\drivers\NIS\1300000.080\SRTSPX.SYS
14:06:03.0325 1492 SRTSPX - ok
14:06:03.0363 1492 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:06:03.0428 1492 srv - ok
14:06:03.0457 1492 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:06:03.0459 1492 srv2 - ok
14:06:03.0485 1492 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:06:03.0486 1492 srvnet - ok
14:06:03.0518 1492 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:06:03.0522 1492 SSDPSRV - ok
14:06:03.0577 1492 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:06:03.0577 1492 SstpSvc - ok
14:06:03.0609 1492 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
14:06:03.0609 1492 stisvc - ok
14:06:03.0629 1492 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:06:03.0629 1492 swenum - ok
14:06:03.0693 1492 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
14:06:03.0701 1492 swprv - ok
14:06:03.0723 1492 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:06:03.0724 1492 Symc8xx - ok
14:06:03.0878 1492 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1300000.080\SYMDS.SYS
14:06:03.0892 1492 SymDS - ok
14:06:03.0996 1492 SymEFA (d8bc837a8f26997b13178fcc96151b3c) C:\Windows\system32\drivers\NIS\1300000.080\SYMEFA.SYS
14:06:04.0020 1492 SymEFA - ok
14:06:04.0066 1492 SymEvent (98d28d08e68145fb550ee7670b43baf2) C:\Windows\system32\Drivers\SYMEVENT.SYS
14:06:04.0068 1492 SymEvent - ok
14:06:04.0125 1492 SymIRON (0e0a61dd3ef96de46eeb2b2ae13aa034) C:\Windows\system32\drivers\NIS\1300000.080\Ironx86.SYS
14:06:04.0126 1492 SymIRON - ok
14:06:04.0131 1492 symlcbrd - ok
14:06:04.0203 1492 SYMTDIv (bfe1df387971f06c95e9afc787ede585) C:\Windows\system32\drivers\NIS\1300000.080\SYMTDIV.SYS
14:06:04.0206 1492 SYMTDIv - ok
14:06:04.0233 1492 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:06:04.0234 1492 Sym_hi - ok
14:06:04.0260 1492 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:06:04.0261 1492 Sym_u3 - ok
14:06:04.0319 1492 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
14:06:04.0325 1492 SysMain - ok
14:06:04.0352 1492 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:06:04.0355 1492 TabletInputService - ok
14:06:04.0402 1492 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
14:06:04.0405 1492 TapiSrv - ok
14:06:04.0423 1492 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:06:04.0426 1492 TBS - ok
14:06:04.0487 1492 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
14:06:04.0494 1492 Tcpip - ok
14:06:04.0506 1492 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
14:06:04.0512 1492 Tcpip6 - ok
14:06:04.0548 1492 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
14:06:04.0549 1492 tcpipreg - ok
14:06:04.0570 1492 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:06:04.0571 1492 TDPIPE - ok
14:06:04.0584 1492 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:06:04.0586 1492 TDTCP - ok
14:06:04.0633 1492 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:06:04.0633 1492 tdx - ok
14:06:04.0650 1492 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:06:04.0650 1492 TermDD - ok
14:06:04.0700 1492 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
14:06:04.0705 1492 TermService - ok
14:06:04.0751 1492 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
14:06:04.0754 1492 Themes - ok
14:06:04.0792 1492 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:06:04.0795 1492 THREADORDER - ok
14:06:04.0808 1492 TPwSav - ok
14:06:04.0836 1492 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:06:04.0839 1492 TrkWks - ok
14:06:04.0889 1492 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
14:06:04.0889 1492 TrustedInstaller - ok
14:06:04.0916 1492 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:06:04.0917 1492 tssecsrv - ok
14:06:04.0937 1492 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:06:04.0938 1492 tunmp - ok
14:06:04.0957 1492 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:06:04.0959 1492 tunnel - ok
14:06:04.0973 1492 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:06:04.0975 1492 uagp35 - ok
14:06:04.0997 1492 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:06:05.0010 1492 udfs - ok
14:06:05.0069 1492 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:06:05.0071 1492 UI0Detect - ok
14:06:05.0187 1492 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:06:05.0189 1492 uliagpkx - ok
14:06:05.0257 1492 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:06:05.0259 1492 uliahci - ok
14:06:05.0288 1492 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:06:05.0289 1492 UlSata - ok
14:06:05.0318 1492 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:06:05.0319 1492 ulsata2 - ok
14:06:05.0337 1492 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:06:05.0338 1492 umbus - ok
14:06:05.0363 1492 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:06:05.0366 1492 upnphost - ok
14:06:05.0409 1492 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
14:06:05.0410 1492 USBAAPL - ok
14:06:05.0447 1492 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:06:05.0448 1492 usbccgp - ok
14:06:05.0470 1492 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:06:05.0471 1492 usbcir - ok
14:06:05.0505 1492 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:06:05.0506 1492 usbehci - ok
14:06:05.0538 1492 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:06:05.0540 1492 usbhub - ok
14:06:05.0553 1492 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
14:06:05.0554 1492 usbohci - ok
14:06:05.0582 1492 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:06:05.0583 1492 usbprint - ok
14:06:05.0611 1492 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:06:05.0612 1492 usbscan - ok
14:06:05.0627 1492 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:06:05.0628 1492 USBSTOR - ok
14:06:05.0675 1492 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:06:05.0675 1492 usbuhci - ok
14:06:05.0696 1492 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
14:06:05.0699 1492 UxSms - ok
14:06:05.0704 1492 V0070VID - ok
14:06:05.0775 1492 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
14:06:05.0781 1492 vds - ok
14:06:05.0788 1492 venturi2 - ok
14:06:05.0814 1492 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:06:05.0815 1492 vga - ok
14:06:05.0822 1492 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:06:05.0823 1492 VgaSave - ok
14:06:05.0845 1492 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:06:05.0846 1492 viaagp - ok
14:06:05.0871 1492 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:06:05.0872 1492 ViaC7 - ok
14:06:05.0897 1492 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:06:05.0898 1492 viaide - ok
14:06:05.0921 1492 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:06:05.0922 1492 volmgr - ok
14:06:05.0963 1492 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:06:05.0965 1492 volmgrx - ok
14:06:06.0003 1492 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:06:06.0005 1492 volsnap - ok
14:06:06.0025 1492 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:06:06.0026 1492 vsmraid - ok
14:06:06.0081 1492 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
14:06:06.0090 1492 VSS - ok
14:06:06.0107 1492 vtserver - ok
14:06:06.0138 1492 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
14:06:06.0142 1492 W32Time - ok
14:06:06.0209 1492 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:06:06.0210 1492 WacomPen - ok
14:06:06.0228 1492 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:06:06.0229 1492 Wanarp - ok
14:06:06.0234 1492 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:06:06.0235 1492 Wanarpv6 - ok
14:06:06.0302 1492 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
14:06:06.0307 1492 wcncsvc - ok
14:06:06.0323 1492 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:06:06.0326 1492 WcsPlugInService - ok
14:06:06.0347 1492 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:06:06.0348 1492 Wd - ok
14:06:06.0388 1492 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:06:06.0391 1492 Wdf01000 - ok
14:06:06.0413 1492 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:06:06.0416 1492 WdiServiceHost - ok
14:06:06.0420 1492 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:06:06.0424 1492 WdiSystemHost - ok
14:06:06.0442 1492 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
14:06:06.0454 1492 WebClient - ok
14:06:06.0488 1492 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:06:06.0492 1492 Wecsvc - ok
14:06:06.0511 1492 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:06:06.0514 1492 wercplsupport - ok
14:06:06.0545 1492 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
14:06:06.0548 1492 WerSvc - ok
14:06:06.0559 1492 WinHttpAutoProxySvc - ok
14:06:06.0599 1492 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
14:06:06.0601 1492 Winmgmt - ok
14:06:06.0670 1492 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:06:06.0680 1492 WinRM - ok
14:06:06.0748 1492 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
14:06:06.0754 1492 Wlansvc - ok
14:06:06.0881 1492 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:06:06.0904 1492 wlidsvc - ok
14:06:07.0017 1492 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
14:06:07.0018 1492 WmiAcpi - ok
14:06:07.0082 1492 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
14:06:07.0084 1492 wmiApSrv - ok
14:06:07.0157 1492 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:06:07.0180 1492 WMPNetworkSvc - ok
14:06:07.0197 1492 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
14:06:07.0201 1492 WPCSvc - ok
14:06:07.0233 1492 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
14:06:07.0236 1492 WPDBusEnum - ok
14:06:07.0283 1492 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:06:07.0284 1492 WpdUsb - ok
14:06:07.0410 1492 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:06:07.0426 1492 WPFFontCache_v0400 - ok
14:06:07.0442 1492 wpshelper - ok
14:06:07.0470 1492 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:06:07.0471 1492 ws2ifsl - ok
14:06:07.0476 1492 WSearch - ok
14:06:07.0577 1492 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
14:06:07.0591 1492 wuauserv - ok
14:06:07.0733 1492 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:06:07.0733 1492 WUDFRd - ok
14:06:07.0810 1492 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:06:07.0814 1492 wudfsvc - ok
14:06:07.0831 1492 {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b} - ok
14:06:07.0857 1492 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:06:08.0030 1492 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:06:08.0030 1492 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:06:08.0034 1492 Boot (0x1200) (a0efea945ee6bd30d76509a0b907c173) \Device\Harddisk0\DR0\Partition0
14:06:08.0036 1492 \Device\Harddisk0\DR0\Partition0 - ok
14:06:08.0039 1492 ============================================================
14:06:08.0039 1492 Scan finished
14:06:08.0039 1492 ============================================================
14:06:08.0052 1732 Detected object count: 3
14:06:08.0052 1732 Actual detected object count: 3
14:06:42.0709 1732 C:\Windows\system32\DRIVERS\i8042prt.sys - copied to quarantine
14:06:42.0727 1732 C:\Windows\$NtUninstallKB49970$\2766235603\@ - copied to quarantine
14:06:42.0728 1732 C:\Windows\$NtUninstallKB49970$\2766235603\cfg.ini - copied to quarantine
14:06:42.0732 1732 C:\Windows\$NtUninstallKB49970$\2766235603\Desktop.ini - copied to quarantine
14:06:42.0738 1732 C:\Windows\$NtUninstallKB49970$\2766235603\L\00000004.@ - copied to quarantine
14:06:42.0825 1732 C:\Windows\$NtUninstallKB49970$\2766235603\L\qnbwvoto - copied to quarantine
14:06:42.0852 1732 C:\Windows\$NtUninstallKB49970$\2766235603\twl.dll - copied to quarantine
14:06:42.0859 1732 C:\Windows\$NtUninstallKB49970$\2766235603\U\00000001.@ - copied to quarantine
14:06:42.0873 1732 C:\Windows\$NtUninstallKB49970$\2766235603\U\00000002.@ - copied to quarantine
14:06:42.0895 1732 C:\Windows\$NtUninstallKB49970$\2766235603\U\00000004.@ - copied to quarantine
14:06:42.0913 1732 C:\Windows\$NtUninstallKB49970$\2766235603\U\80000000.@ - copied to quarantine
14:06:42.0931 1732 C:\Windows\$NtUninstallKB49970$\2766235603\U\80000004.@ - copied to quarantine
14:06:42.0956 1732 C:\Windows\$NtUninstallKB49970$\2766235603\U\80000032.@ - copied to quarantine
14:06:42.0967 1732 C:\Windows\$NtUninstallKB49970$\2766235603\version - copied to quarantine
14:06:42.0979 1732 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\i8042prt.sys) error 1813
14:06:51.0907 1732 Backup copy not found, trying to cure infected file..
14:06:51.0908 1732 Cure success, using it..
14:06:52.0084 1732 C:\Windows\system32\DRIVERS\i8042prt.sys - will be cured on reboot
14:06:56.0134 1732 C:\Windows\System32\C_201008.NLS - will be deleted on reboot
14:06:57.0318 1732 C:\Windows\System32\C_211027.NLS - will be deleted on reboot
14:06:58.0579 1732 C:\Windows\System32\C__10029.NLS - will be deleted on reboot
14:06:58.0604 1732 C:\Windows\System32\C__1254.NLS - will be deleted on reboot
14:06:58.0862 1732 C:\Windows\$NtUninstallKB49970$\1926131042 - will be deleted on reboot
14:06:58.0862 1732 C:\Windows\$NtUninstallKB49970$\2766235603\@ - will be deleted on reboot
14:06:58.0862 1732 C:\Windows\$NtUninstallKB49970$\2766235603\cfg.ini - will be deleted on reboot
14:06:58.0863 1732 C:\Windows\$NtUninstallKB49970$\2766235603\Desktop.ini - will be deleted on reboot
14:06:58.0900 1732 C:\Windows\$NtUninstallKB49970$\2766235603\twl.dll - will be deleted on reboot
14:06:58.0901 1732 C:\Windows\$NtUninstallKB49970$\2766235603\U\00000001.@ - will be deleted on reboot
14:06:58.0901 1732 C:\Windows\$NtUninstallKB49970$\2766235603\U\00000002.@ - will be deleted on reboot
14:06:58.0901 1732 C:\Windows\$NtUninstallKB49970$\2766235603\U\00000004.@ - will be deleted on reboot
14:06:58.0902 1732 C:\Windows\$NtUninstallKB49970$\2766235603\U\80000000.@ - will be deleted on reboot
14:06:58.0902 1732 C:\Windows\$NtUninstallKB49970$\2766235603\U\80000004.@ - will be deleted on reboot
14:06:58.0902 1732 C:\Windows\$NtUninstallKB49970$\2766235603\U\80000032.@ - will be deleted on reboot
14:06:58.0903 1732 C:\Windows\$NtUninstallKB49970$\2766235603\version - will be deleted on reboot
14:06:58.0904 1732 i8042prt ( Virus.Win32.ZAccess.k ) - User select action: Cure
14:06:58.0904 1732 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:06:58.0905 1732 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
14:06:58.0907 1732 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:06:58.0908 1732 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#4 Albin

Albin
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 29 July 2012 - 08:29 AM

Have some problems with the aswMBR, it gets stuck on a file and doesnt move for over 20 minutes so havent finished it.. here are the logs though of what I could get


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-29 14:54:02
-----------------------------
14:54:02.420 OS Version: Windows 6.0.6002 Service Pack 2
14:54:02.420 Number of processors: 2 586 0x1706
14:54:02.420 ComputerName: ALBIN-DATOR2 UserName: Albin
14:54:04.744 Initialize success
14:54:15.992 AVAST engine defs: 12072900
14:54:22.294 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
14:54:22.294 Disk 0 Vendor: ST364062 SD43 Size: 610480MB BusType: 6
14:54:22.341 Disk 0 MBR read successfully
14:54:22.341 Disk 0 MBR scan
14:54:22.341 Disk 0 Windows VISTA default MBR code
14:54:22.357 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
14:54:22.372 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 597166 MB offset 27265024
14:54:22.388 Disk 0 scanning sectors +1250260992
14:54:22.591 Disk 0 scanning C:\Windows\system32\drivers
14:54:43.402 Service scanning
14:55:02.762 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
14:55:08.502 Modules scanning
14:55:28.519 Disk 0 trace - called modules:
14:55:28.535 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x857281f8]<<
14:55:28.535 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864fcac8]
14:55:28.535 3 CLASSPNP.SYS[8ab9f8b3] -> nt!IofCallDriver -> [0x8578f700]
14:55:28.550 5 acpi.sys[807bd6bc] -> nt!IofCallDriver -> \Device\0000005b[0x857c7368]
14:55:28.550 \Driver\nvstor32[0x857aef38] -> IRP_MJ_CREATE -> 0x857281f8
14:55:30.516 AVAST engine scan C:\Windows
14:56:19.397 AVAST engine scan C:\Windows\system32
15:01:39.900 AVAST engine scan C:\Windows\system32\drivers
15:03:01.102 AVAST engine scan C:\Users\Albin
15:25:22.762 Disk 0 MBR has been saved successfully to "C:\Users\Albin\Downloads\MBR.dat"
15:25:22.764 The log file has been saved successfully to "C:\Users\Albin\Downloads\aswMBR2.txt"

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:58 AM

Posted 29 July 2012 - 08:38 AM

I will wait for ESET scanner log

Make sure to run TDSSkiller again and post the new log too.

#6 Albin

Albin
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 29 July 2012 - 10:43 AM

ESET log

C:\Backup\Albin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\6039734b-52b65699 Java/Exploit.CVE-2010-3562.A trojan cleaned by deleting - quarantined
C:\Backup\Albin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\3729ef72-67c7d0ff Java/Exploit.CVE-2009-2843.B trojan cleaned by deleting - quarantined
C:\Backup\Albin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\3c494d3b-6d7ab69c Java/Exploit.CVE-2009-2843.B trojan cleaned by deleting - quarantined
C:\Backup\Albin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\5af370fc-64568ff5 Java/Exploit.CVE-2010-3562.A trojan cleaned by deleting - quarantined
C:\Users\Albin\Downloads\KMS Activator for Microsoft Office 2010 Applications x86 x64 Multilingual-FIXISO~DiBYA\mini-KMS_Activator_v1.053.exe a variant of Win32/HackKMS.A application deleted - quarantined
C:\Windows\Temp\tfsgan\setup.exe a variant of Win32/TrojanProxy.Agent.NIN trojan cleaned by deleting - quarantined

17:40:56.0283 3512 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
17:40:56.0517 3512 ============================================================
17:40:56.0517 3512 Current date / time: 2012/07/29 17:40:56.0517
17:40:56.0517 3512 SystemInfo:
17:40:56.0517 3512
17:40:56.0517 3512 OS Version: 6.0.6002 ServicePack: 2.0
17:40:56.0517 3512 Product type: Workstation
17:40:56.0517 3512 ComputerName: ALBIN-DATOR2
17:40:56.0517 3512 UserName: Albin
17:40:56.0517 3512 Windows directory: C:\Windows
17:40:56.0517 3512 System windows directory: C:\Windows
17:40:56.0517 3512 Processor architecture: Intel x86
17:40:56.0517 3512 Number of processors: 2
17:40:56.0517 3512 Page size: 0x1000
17:40:56.0517 3512 Boot type: Normal boot
17:40:56.0517 3512 ============================================================
17:40:57.0406 3512 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:40:57.0437 3512 ============================================================
17:40:57.0437 3512 \Device\Harddisk0\DR0:
17:40:57.0437 3512 MBR partitions:
17:40:57.0437 3512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x48E57000
17:40:57.0437 3512 ============================================================
17:40:57.0453 3512 C: <-> \Device\Harddisk0\DR0\Partition0
17:40:57.0453 3512 ============================================================
17:40:57.0453 3512 Initialize success
17:40:57.0453 3512 ============================================================
17:41:04.0145 3796 ============================================================
17:41:04.0145 3796 Scan started
17:41:04.0145 3796 Mode: Manual; TDLFS;
17:41:04.0145 3796 ============================================================
17:41:05.0612 3796 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:41:05.0627 3796 ACPI - ok
17:41:05.0690 3796 acprfmgrsvc - ok
17:41:05.0861 3796 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:41:05.0877 3796 AdobeARMservice - ok
17:41:06.0127 3796 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:41:06.0251 3796 adp94xx - ok
17:41:06.0423 3796 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:41:06.0517 3796 adpahci - ok
17:41:06.0548 3796 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:41:06.0563 3796 adpu160m - ok
17:41:06.0641 3796 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:41:06.0657 3796 adpu320 - ok
17:41:06.0751 3796 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
17:41:06.0751 3796 AeLookupSvc - ok
17:41:06.0891 3796 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:41:06.0953 3796 AFD - ok
17:41:07.0187 3796 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
17:41:07.0187 3796 agp440 - ok
17:41:07.0390 3796 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:41:07.0390 3796 aic78xx - ok
17:41:07.0421 3796 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
17:41:07.0421 3796 ALG - ok
17:41:07.0515 3796 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:41:07.0515 3796 aliide - ok
17:41:07.0577 3796 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:41:07.0593 3796 amdagp - ok
17:41:07.0609 3796 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:41:07.0609 3796 amdide - ok
17:41:07.0640 3796 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:41:07.0640 3796 AmdK7 - ok
17:41:07.0702 3796 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
17:41:07.0702 3796 AmdK8 - ok
17:41:07.0780 3796 AMService - ok
17:41:07.0811 3796 Angel2 - ok
17:41:07.0889 3796 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
17:41:07.0889 3796 Appinfo - ok
17:41:08.0170 3796 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:41:08.0170 3796 Apple Mobile Device - ok
17:41:08.0186 3796 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:41:08.0201 3796 arc - ok
17:41:08.0233 3796 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:41:08.0233 3796 arcsas - ok
17:41:08.0467 3796 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:41:08.0529 3796 aspnet_state - ok
17:41:08.0607 3796 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:41:08.0607 3796 AsyncMac - ok
17:41:08.0654 3796 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:41:08.0654 3796 atapi - ok
17:41:08.0685 3796 atiavpci - ok
17:41:08.0997 3796 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:41:09.0028 3796 AudioEndpointBuilder - ok
17:41:09.0028 3796 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:41:09.0028 3796 Audiosrv - ok
17:41:09.0621 3796 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:41:09.0621 3796 Beep - ok
17:41:10.0760 3796 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
17:41:10.0775 3796 BHDrvx86 - ok
17:41:12.0836 3796 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
17:41:13.0002 3796 BITS - ok
17:41:13.0490 3796 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:41:13.0508 3796 blbdrive - ok
17:41:14.0024 3796 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:41:14.0086 3796 Bonjour Service - ok
17:41:14.0335 3796 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:41:14.0339 3796 bowser - ok
17:41:14.0414 3796 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:41:14.0417 3796 BrFiltLo - ok
17:41:14.0428 3796 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:41:14.0432 3796 BrFiltUp - ok
17:41:14.0465 3796 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
17:41:14.0466 3796 Browser - ok
17:41:14.0719 3796 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:41:14.0724 3796 Brserid - ok
17:41:15.0184 3796 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:41:15.0187 3796 BrSerWdm - ok
17:41:15.0378 3796 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:41:15.0380 3796 BrUsbMdm - ok
17:41:15.0484 3796 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:41:15.0485 3796 BrUsbSer - ok
17:41:15.0754 3796 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:41:15.0757 3796 BTHMODEM - ok
17:41:15.0834 3796 cacheserver - ok
17:41:15.0840 3796 Cam5603C - ok
17:41:16.0403 3796 ccSet_NIS (086f4d4d2be939a5704e44dabef4b2c9) C:\Windows\system32\drivers\NIS\1300000.080\ccSetx86.sys
17:41:16.0405 3796 ccSet_NIS - ok
17:41:16.0493 3796 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:41:16.0497 3796 cdfs - ok
17:41:16.0727 3796 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:41:16.0729 3796 cdrom - ok
17:41:17.0003 3796 CE3 - ok
17:41:17.0393 3796 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:41:17.0409 3796 CertPropSvc - ok
17:41:17.0627 3796 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
17:41:17.0627 3796 circlass - ok
17:41:18.0602 3796 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:41:18.0658 3796 CLFS - ok
17:41:18.0944 3796 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:41:18.0969 3796 clr_optimization_v2.0.50727_32 - ok
17:41:19.0938 3796 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:41:20.0142 3796 clr_optimization_v4.0.30319_32 - ok
17:41:20.0265 3796 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:41:20.0286 3796 cmdide - ok
17:41:20.0363 3796 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
17:41:20.0364 3796 Compbatt - ok
17:41:20.0368 3796 COMSysApp - ok
17:41:20.0470 3796 cpqvcagent - ok
17:41:20.0563 3796 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:41:20.0566 3796 crcdisk - ok
17:41:20.0628 3796 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:41:20.0632 3796 Crusoe - ok
17:41:21.0030 3796 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
17:41:21.0033 3796 CryptSvc - ok
17:41:21.0044 3796 CrystalSysInfo - ok
17:41:22.0286 3796 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:41:22.0399 3796 DcomLaunch - ok
17:41:22.0444 3796 DELL_A02 - ok
17:41:22.0597 3796 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:41:22.0599 3796 DfsC - ok
17:41:24.0854 3796 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
17:41:24.0894 3796 DFSR - ok
17:41:25.0250 3796 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
17:41:25.0296 3796 Dhcp - ok
17:41:25.0463 3796 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:41:25.0465 3796 disk - ok
17:41:25.0518 3796 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
17:41:26.0518 3796 Dnscache - ok
17:41:26.0632 3796 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
17:41:26.0639 3796 dot3svc - ok
17:41:27.0017 3796 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
17:41:27.0019 3796 DPS - ok
17:41:27.0094 3796 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:41:27.0098 3796 drmkaud - ok
17:41:28.0368 3796 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:41:28.0373 3796 DXGKrnl - ok
17:41:28.0402 3796 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:41:28.0406 3796 E1G60 - ok
17:41:28.0684 3796 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
17:41:29.0055 3796 EapHost - ok
17:41:29.0935 3796 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:41:29.0979 3796 Ecache - ok
17:41:32.0380 3796 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:41:32.0382 3796 eeCtrl - ok
17:41:33.0111 3796 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
17:41:33.0117 3796 ehRecvr - ok
17:41:34.0022 3796 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
17:41:34.0117 3796 ehSched - ok
17:41:34.0329 3796 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
17:41:34.0332 3796 ehstart - ok
17:41:34.0457 3796 el90xbc - ok
17:41:36.0494 3796 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:41:36.0518 3796 elxstor - ok
17:41:36.0739 3796 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
17:41:36.0758 3796 EMDMgmt - ok
17:41:37.0007 3796 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:41:37.0008 3796 EraserUtilRebootDrv - ok
17:41:37.0051 3796 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
17:41:37.0053 3796 ErrDev - ok
17:41:37.0099 3796 etoksrv - ok
17:41:37.0200 3796 ETService (23112102bc2a8fe44b8ac44a05bdf4c3) C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
17:41:37.0201 3796 ETService - ok
17:41:37.0452 3796 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
17:41:37.0470 3796 EventSystem - ok
17:41:37.0505 3796 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:41:37.0510 3796 exfat - ok
17:41:37.0610 3796 ezSharedSvc (42f721c52eef2d6df9372a53813a83ef) C:\Windows\System32\ezsvc7.dll
17:41:37.0628 3796 ezSharedSvc - ok
17:41:37.0664 3796 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:41:37.0673 3796 fastfat - ok
17:41:37.0753 3796 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:41:37.0755 3796 fdc - ok
17:41:37.0826 3796 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
17:41:37.0827 3796 fdPHost - ok
17:41:37.0909 3796 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
17:41:37.0910 3796 FDResPub - ok
17:41:38.0016 3796 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:41:38.0019 3796 FileInfo - ok
17:41:38.0039 3796 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:41:38.0041 3796 Filetrace - ok
17:41:38.0332 3796 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:41:38.0363 3796 FLEXnet Licensing Service - ok
17:41:38.0406 3796 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:41:38.0407 3796 flpydisk - ok
17:41:38.0443 3796 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:41:38.0446 3796 FltMgr - ok
17:41:38.0687 3796 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
17:41:38.0722 3796 FontCache - ok
17:41:38.0905 3796 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:41:38.0908 3796 FontCache3.0.0.0 - ok
17:41:38.0931 3796 fsaua - ok
17:41:38.0989 3796 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
17:41:39.0012 3796 Fs_Rec - ok
17:41:39.0057 3796 ftrtsvc - ok
17:41:39.0242 3796 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:41:39.0244 3796 gagp30kx - ok
17:41:39.0273 3796 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:41:39.0274 3796 GEARAspiWDM - ok
17:41:39.0299 3796 GenericHidService - ok
17:41:39.0343 3796 GoBack2K - ok
17:41:39.0684 3796 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
17:41:39.0685 3796 GoogleDesktopManager-051210-111108 - ok
17:41:40.0003 3796 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
17:41:40.0090 3796 gpsvc - ok
17:41:40.0125 3796 gupdate - ok
17:41:40.0703 3796 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:41:40.0721 3796 gusvc - ok
17:41:40.0746 3796 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:41:40.0757 3796 HdAudAddService - ok
17:41:40.0828 3796 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:41:40.0839 3796 HDAudBus - ok
17:41:40.0857 3796 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:41:40.0859 3796 HidBth - ok
17:41:40.0906 3796 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:41:40.0908 3796 HidIr - ok
17:41:41.0017 3796 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
17:41:41.0022 3796 hidserv - ok
17:41:41.0076 3796 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:41:41.0077 3796 HidUsb - ok
17:41:41.0269 3796 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
17:41:41.0272 3796 hkmsvc - ok
17:41:41.0300 3796 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:41:41.0302 3796 HpCISSs - ok
17:41:42.0217 3796 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:41:42.0217 3796 HTTP - ok
17:41:42.0264 3796 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:41:42.0264 3796 i2omp - ok
17:41:42.0326 3796 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:41:42.0342 3796 i8042prt - ok
17:41:42.0389 3796 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:41:42.0404 3796 iaStorV - ok
17:41:43.0212 3796 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:41:43.0281 3796 idsvc - ok
17:41:44.0483 3796 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120727.001\IDSvix86.sys
17:41:44.0485 3796 IDSVix86 - ok
17:41:44.0984 3796 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:41:44.0986 3796 iirsp - ok
17:41:45.0215 3796 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
17:41:45.0223 3796 IKEEXT - ok
17:41:45.0303 3796 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
17:41:45.0303 3796 int15 - ok
17:41:46.0810 3796 IntcAzAudAddService (23ebcee9aaa4d6c88728791fab462456) C:\Windows\system32\drivers\RTKVHDA.sys
17:41:46.0824 3796 IntcAzAudAddService - ok
17:41:47.0308 3796 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:41:47.0308 3796 intelide - ok
17:41:47.0323 3796 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:41:47.0323 3796 intelppm - ok
17:41:47.0354 3796 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
17:41:47.0354 3796 IPBusEnum - ok
17:41:47.0363 3796 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:41:47.0364 3796 IpFilterDriver - ok
17:41:47.0388 3796 IpInIp - ok
17:41:47.0436 3796 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:41:47.0438 3796 IPMIDRV - ok
17:41:47.0457 3796 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:41:47.0459 3796 IPNAT - ok
17:41:48.0211 3796 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
17:41:48.0264 3796 iPod Service - ok
17:41:48.0290 3796 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:41:48.0292 3796 IRENUM - ok
17:41:48.0351 3796 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:41:48.0353 3796 isapnp - ok
17:41:48.0400 3796 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:41:48.0401 3796 iScsiPrt - ok
17:41:48.0405 3796 issm - ok
17:41:48.0459 3796 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:41:48.0461 3796 iteatapi - ok
17:41:48.0468 3796 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:41:48.0470 3796 iteraid - ok
17:41:48.0474 3796 jconfigd - ok
17:41:48.0482 3796 k56 - ok
17:41:48.0503 3796 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:41:48.0504 3796 kbdclass - ok
17:41:48.0520 3796 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
17:41:48.0522 3796 kbdhid - ok
17:41:48.0598 3796 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:41:48.0600 3796 KeyIso - ok
17:41:49.0196 3796 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
17:41:49.0220 3796 KSecDD - ok
17:41:49.0265 3796 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
17:41:49.0281 3796 KtmRm - ok
17:41:49.0321 3796 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
17:41:49.0325 3796 LanmanServer - ok
17:41:49.0370 3796 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
17:41:49.0374 3796 LanmanWorkstation - ok
17:41:49.0492 3796 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:41:49.0493 3796 lltdio - ok
17:41:49.0535 3796 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
17:41:49.0548 3796 lltdsvc - ok
17:41:49.0563 3796 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
17:41:49.0565 3796 lmhosts - ok
17:41:49.0644 3796 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:41:49.0647 3796 LSI_FC - ok
17:41:49.0856 3796 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:41:49.0858 3796 LSI_SAS - ok
17:41:49.0911 3796 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:41:49.0914 3796 LSI_SCSI - ok
17:41:49.0968 3796 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:41:49.0969 3796 luafv - ok
17:41:49.0975 3796 mcp - ok
17:41:49.0986 3796 mcproxy - ok
17:41:50.0102 3796 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
17:41:50.0105 3796 Mcx2Svc - ok
17:41:50.0127 3796 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:41:50.0129 3796 megasas - ok
17:41:50.0198 3796 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:41:50.0256 3796 MegaSR - ok
17:41:50.0284 3796 mhn - ok
17:41:50.0306 3796 mi-raysat_3dsmax9_32 - ok
17:41:50.0506 3796 Microsoft SharePoint Workspace Audit Service - ok
17:41:50.0599 3796 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:41:50.0600 3796 MMCSS - ok
17:41:50.0605 3796 mnmsrvc - ok
17:41:50.0741 3796 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:41:50.0743 3796 Modem - ok
17:41:50.0793 3796 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:41:50.0793 3796 monitor - ok
17:41:50.0822 3796 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:41:50.0823 3796 mouclass - ok
17:41:50.0843 3796 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
17:41:50.0845 3796 mouhid - ok
17:41:50.0883 3796 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:41:50.0885 3796 MountMgr - ok
17:41:50.0913 3796 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:41:50.0916 3796 mpio - ok
17:41:50.0980 3796 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:41:50.0996 3796 mpsdrv - ok
17:41:51.0011 3796 mqdmbus - ok
17:41:51.0042 3796 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:41:51.0042 3796 Mraid35x - ok
17:41:51.0089 3796 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:41:51.0089 3796 MRxDAV - ok
17:41:51.0120 3796 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:41:51.0120 3796 mrxsmb - ok
17:41:51.0214 3796 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:41:51.0230 3796 mrxsmb10 - ok
17:41:51.0245 3796 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:41:51.0245 3796 mrxsmb20 - ok
17:41:51.0276 3796 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
17:41:51.0276 3796 msahci - ok
17:41:51.0323 3796 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:41:51.0323 3796 msdsm - ok
17:41:51.0386 3796 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
17:41:51.0401 3796 MSDTC - ok
17:41:51.0448 3796 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:41:51.0448 3796 Msfs - ok
17:41:51.0464 3796 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:41:51.0479 3796 msisadrv - ok
17:41:51.0510 3796 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
17:41:51.0510 3796 MSiSCSI - ok
17:41:51.0510 3796 msiserver - ok
17:41:51.0526 3796 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:41:51.0526 3796 MSKSSRV - ok
17:41:51.0528 3796 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:41:51.0530 3796 MSPCLOCK - ok
17:41:51.0547 3796 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:41:51.0549 3796 MSPQM - ok
17:41:51.0612 3796 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:41:51.0614 3796 MsRPC - ok
17:41:51.0660 3796 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:41:51.0661 3796 mssmbios - ok
17:41:51.0722 3796 MSSQL$VISMA - ok
17:41:51.0880 3796 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:41:51.0882 3796 MSSQLServerADHelper - ok
17:41:51.0887 3796 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:41:51.0888 3796 MSTEE - ok
17:41:51.0913 3796 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:41:51.0915 3796 Mup - ok
17:41:51.0980 3796 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
17:41:51.0991 3796 napagent - ok
17:41:52.0039 3796 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:41:52.0043 3796 NativeWifiP - ok
17:41:52.0278 3796 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120728.009\NAVENG.SYS
17:41:52.0280 3796 NAVENG - ok
17:41:52.0349 3796 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120728.009\NAVEX15.SYS
17:41:52.0377 3796 NAVEX15 - ok
17:41:52.0698 3796 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:41:52.0732 3796 NDIS - ok
17:41:52.0757 3796 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:41:52.0759 3796 NdisTapi - ok
17:41:52.0797 3796 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:41:52.0799 3796 Ndisuio - ok
17:41:52.0909 3796 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:41:52.0944 3796 NdisWan - ok
17:41:52.0955 3796 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:41:52.0956 3796 NDProxy - ok
17:41:53.0004 3796 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:41:53.0005 3796 NetBIOS - ok
17:41:53.0055 3796 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:41:53.0059 3796 netbt - ok
17:41:53.0107 3796 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:41:53.0108 3796 Netlogon - ok
17:41:53.0143 3796 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
17:41:53.0154 3796 Netman - ok
17:41:53.0249 3796 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:41:53.0282 3796 NetMsmqActivator - ok
17:41:53.0286 3796 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:41:53.0288 3796 NetPipeActivator - ok
17:41:53.0312 3796 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
17:41:53.0323 3796 netprofm - ok
17:41:53.0338 3796 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:41:53.0339 3796 NetTcpActivator - ok
17:41:53.0345 3796 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:41:53.0347 3796 NetTcpPortSharing - ok
17:41:53.0356 3796 NETw4v32 - ok
17:41:53.0381 3796 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:41:53.0383 3796 nfrd960 - ok
17:41:53.0648 3796 NIS (efbfe525e03c7444187262c85d776532) C:\Program Files\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe
17:41:53.0650 3796 NIS - ok
17:41:53.0805 3796 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
17:41:53.0809 3796 NlaSvc - ok
17:41:53.0846 3796 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:41:53.0847 3796 Npfs - ok
17:41:53.0896 3796 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
17:41:53.0898 3796 nsi - ok
17:41:53.0907 3796 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:41:53.0908 3796 nsiproxy - ok
17:41:53.0998 3796 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:41:54.0017 3796 Ntfs - ok
17:41:54.0031 3796 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:41:54.0033 3796 ntrigdigi - ok
17:41:54.0095 3796 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:41:54.0111 3796 Null - ok
17:41:54.0173 3796 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
17:41:54.0189 3796 NVENETFD - ok
17:41:59.0793 3796 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:41:59.0859 3796 nvlddmkm - ok
17:42:00.0215 3796 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:42:00.0231 3796 nvraid - ok
17:42:00.0313 3796 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:42:00.0314 3796 nvstor - ok
17:42:00.0358 3796 nvstor32 (4876e7c3184bdf50ede043fef616b867) C:\Windows\system32\DRIVERS\nvstor32.sys
17:42:00.0360 3796 nvstor32 - ok
17:42:00.0409 3796 nvsvc (4ed813efd77a9b7e57e341cdc1c5cbc4) C:\Windows\system32\nvvsvc.exe
17:42:00.0414 3796 nvsvc - ok
17:42:00.0461 3796 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:42:00.0464 3796 nv_agp - ok
17:42:00.0470 3796 NwlnkFlt - ok
17:42:00.0478 3796 NwlnkFwd - ok
17:42:00.0524 3796 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:42:00.0526 3796 ohci1394 - ok
17:42:01.0001 3796 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:42:01.0003 3796 ose - ok
17:42:02.0082 3796 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:42:02.0188 3796 osppsvc - ok
17:42:02.0542 3796 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:42:02.0585 3796 p2pimsvc - ok
17:42:02.0594 3796 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:42:02.0599 3796 p2psvc - ok
17:42:02.0648 3796 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:42:02.0651 3796 Parport - ok
17:42:02.0712 3796 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
17:42:02.0713 3796 partmgr - ok
17:42:02.0731 3796 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:42:02.0731 3796 Parvdm - ok
17:42:02.0736 3796 pcampr5 - ok
17:42:02.0840 3796 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
17:42:02.0842 3796 PcaSvc - ok
17:42:03.0193 3796 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:42:03.0195 3796 pci - ok
17:42:03.0234 3796 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:42:03.0237 3796 pciide - ok
17:42:03.0622 3796 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:42:03.0639 3796 pcmcia - ok
17:42:03.0690 3796 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:42:03.0720 3796 PEAUTH - ok
17:42:03.0738 3796 PGPdisk - ok
17:42:03.0934 3796 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
17:42:03.0971 3796 pla - ok
17:42:04.0398 3796 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
17:42:04.0431 3796 PlugPlay - ok
17:42:04.0480 3796 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:42:04.0486 3796 PNRPAutoReg - ok
17:42:04.0495 3796 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:42:04.0500 3796 PNRPsvc - ok
17:42:04.0531 3796 PolarUSB - ok
17:42:04.0561 3796 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
17:42:04.0577 3796 PolicyAgent - ok
17:42:04.0688 3796 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:42:04.0688 3796 PptpMiniport - ok
17:42:04.0716 3796 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
17:42:04.0719 3796 Processor - ok
17:42:04.0851 3796 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
17:42:04.0865 3796 ProfSvc - ok
17:42:04.0899 3796 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:42:04.0900 3796 ProtectedStorage - ok
17:42:05.0038 3796 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:42:05.0041 3796 PSched - ok
17:42:05.0411 3796 QCDonner (b1ad87b4c97b6b59fcd075001e76865f) C:\Windows\system32\DRIVERS\LVCD.sys
17:42:05.0446 3796 QCDonner - ok
17:42:05.0711 3796 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:42:05.0764 3796 ql2300 - ok
17:42:05.0787 3796 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:42:05.0790 3796 ql40xx - ok
17:42:05.0856 3796 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
17:42:05.0882 3796 QWAVE - ok
17:42:05.0914 3796 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:42:05.0920 3796 QWAVEdrv - ok
17:42:05.0964 3796 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:42:05.0965 3796 RasAcd - ok
17:42:06.0010 3796 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
17:42:06.0014 3796 RasAuto - ok
17:42:06.0134 3796 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:42:06.0137 3796 Rasl2tp - ok
17:42:06.0293 3796 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
17:42:06.0309 3796 RasMan - ok
17:42:06.0330 3796 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:42:06.0332 3796 RasPppoe - ok
17:42:06.0448 3796 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:42:06.0450 3796 RasSstp - ok
17:42:06.0585 3796 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:42:06.0589 3796 rdbss - ok
17:42:06.0671 3796 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:42:06.0671 3796 RDPCDD - ok
17:42:06.0741 3796 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
17:42:06.0745 3796 rdpdr - ok
17:42:06.0750 3796 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:42:06.0751 3796 RDPENCDD - ok
17:42:06.0784 3796 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
17:42:06.0785 3796 RDPWD - ok
17:42:07.0150 3796 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
17:42:07.0155 3796 RemoteAccess - ok
17:42:07.0208 3796 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
17:42:07.0228 3796 RemoteRegistry - ok
17:42:07.0272 3796 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
17:42:07.0274 3796 RpcLocator - ok
17:42:07.0631 3796 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:42:07.0636 3796 RpcSs - ok
17:42:07.0674 3796 rrpiejbz - ok
17:42:07.0705 3796 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:42:07.0707 3796 rspndr - ok
17:42:07.0712 3796 RTHDMIAzAudService - ok
17:42:07.0780 3796 RTL85n86 (4b8d84bdbf429ab47523a354480fbb15) C:\Windows\system32\DRIVERS\RTL85n86.sys
17:42:07.0805 3796 RTL85n86 - ok
17:42:07.0830 3796 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:42:07.0832 3796 SamSs - ok
17:42:07.0858 3796 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:42:07.0861 3796 sbp2port - ok
17:42:08.0164 3796 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
17:42:08.0167 3796 SCardSvr - ok
17:42:08.0230 3796 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
17:42:08.0250 3796 Schedule - ok
17:42:08.0299 3796 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:42:08.0300 3796 SCPolicySvc - ok
17:42:08.0320 3796 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
17:42:08.0324 3796 SDRSVC - ok
17:42:08.0365 3796 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:42:08.0367 3796 secdrv - ok
17:42:08.0442 3796 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
17:42:08.0444 3796 seclogon - ok
17:42:08.0460 3796 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
17:42:08.0462 3796 SENS - ok
17:42:08.0510 3796 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:42:08.0512 3796 Serenum - ok
17:42:08.0546 3796 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:42:08.0549 3796 Serial - ok
17:42:08.0704 3796 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:42:08.0709 3796 sermouse - ok
17:42:08.0742 3796 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
17:42:08.0745 3796 SessionEnv - ok
17:42:08.0785 3796 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
17:42:08.0787 3796 sffdisk - ok
17:42:08.0851 3796 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:42:08.0855 3796 sffp_mmc - ok
17:42:08.0872 3796 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
17:42:08.0873 3796 sffp_sd - ok
17:42:08.0884 3796 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:42:08.0886 3796 sfloppy - ok
17:42:08.0965 3796 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
17:42:08.0970 3796 SharedAccess - ok
17:42:09.0004 3796 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
17:42:09.0017 3796 ShellHWDetection - ok
17:42:09.0034 3796 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
17:42:09.0035 3796 sisagp - ok
17:42:09.0047 3796 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:42:09.0049 3796 SiSRaid2 - ok
17:42:09.0096 3796 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:42:09.0099 3796 SiSRaid4 - ok
17:42:09.0258 3796 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe
17:42:09.0258 3796 SkypeUpdate - ok
17:42:10.0757 3796 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
17:42:10.0848 3796 slsvc - ok
17:42:11.0113 3796 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
17:42:11.0113 3796 SLUINotify - ok
17:42:11.0453 3796 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:42:11.0455 3796 Smb - ok
17:42:11.0487 3796 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
17:42:11.0490 3796 SNMPTRAP - ok
17:42:11.0495 3796 spcsutilityservice - ok
17:42:11.0552 3796 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:42:11.0553 3796 spldr - ok
17:42:11.0773 3796 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
17:42:11.0776 3796 Spooler - ok
17:42:12.0511 3796 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
17:42:12.0511 3796 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
17:42:12.0528 3796 sptd ( LockedFile.Multi.Generic ) - warning
17:42:12.0528 3796 sptd - detected LockedFile.Multi.Generic (1)
17:42:12.0664 3796 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:42:12.0680 3796 SQLBrowser - ok
17:42:13.0089 3796 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:42:13.0089 3796 SQLWriter - ok
17:42:13.0914 3796 SRTSP (fbc0c86a2189957a0ff4da18472d0cb4) C:\Windows\system32\drivers\NIS\1300000.080\SRTSP.SYS
17:42:13.0930 3796 SRTSP - ok
17:42:13.0961 3796 SRTSPX (c76b70dbeaeb9c645939f18872e2bd4f) C:\Windows\system32\drivers\NIS\1300000.080\SRTSPX.SYS
17:42:13.0961 3796 SRTSPX - ok
17:42:14.0258 3796 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:42:14.0273 3796 srv - ok
17:42:14.0304 3796 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:42:14.0304 3796 srv2 - ok
17:42:14.0466 3796 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:42:14.0469 3796 srvnet - ok
17:42:14.0754 3796 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
17:42:14.0756 3796 SSDPSRV - ok
17:42:14.0794 3796 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
17:42:14.0797 3796 SstpSvc - ok
17:42:14.0978 3796 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
17:42:15.0023 3796 stisvc - ok
17:42:15.0052 3796 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:42:15.0053 3796 swenum - ok
17:42:15.0239 3796 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
17:42:15.0247 3796 swprv - ok
17:42:15.0297 3796 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:42:15.0299 3796 Symc8xx - ok
17:42:16.0074 3796 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1300000.080\SYMDS.SYS
17:42:16.0195 3796 SymDS - ok
17:42:16.0505 3796 SymEFA (d8bc837a8f26997b13178fcc96151b3c) C:\Windows\system32\drivers\NIS\1300000.080\SYMEFA.SYS
17:42:16.0523 3796 SymEFA - ok
17:42:16.0689 3796 SymEvent (98d28d08e68145fb550ee7670b43baf2) C:\Windows\system32\Drivers\SYMEVENT.SYS
17:42:16.0691 3796 SymEvent - ok
17:42:16.0803 3796 SymIRON (0e0a61dd3ef96de46eeb2b2ae13aa034) C:\Windows\system32\drivers\NIS\1300000.080\Ironx86.SYS
17:42:16.0804 3796 SymIRON - ok
17:42:16.0809 3796 symlcbrd - ok
17:42:17.0241 3796 SYMTDIv (bfe1df387971f06c95e9afc787ede585) C:\Windows\system32\drivers\NIS\1300000.080\SYMTDIV.SYS
17:42:17.0257 3796 SYMTDIv - ok
17:42:17.0272 3796 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:42:17.0272 3796 Sym_hi - ok
17:42:17.0303 3796 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:42:17.0303 3796 Sym_u3 - ok
17:42:17.0587 3796 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
17:42:17.0610 3796 SysMain - ok
17:42:17.0638 3796 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
17:42:17.0641 3796 TabletInputService - ok
17:42:17.0967 3796 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
17:42:17.0972 3796 TapiSrv - ok
17:42:18.0210 3796 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
17:42:18.0212 3796 TBS - ok
17:42:18.0686 3796 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
17:42:18.0737 3796 Tcpip - ok
17:42:18.0750 3796 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
17:42:18.0756 3796 Tcpip6 - ok
17:42:18.0785 3796 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
17:42:18.0786 3796 tcpipreg - ok
17:42:18.0823 3796 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:42:18.0825 3796 TDPIPE - ok
17:42:18.0879 3796 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:42:18.0879 3796 TDTCP - ok
17:42:18.0926 3796 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:42:18.0926 3796 tdx - ok
17:42:18.0973 3796 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:42:18.0973 3796 TermDD - ok
17:42:19.0238 3796 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
17:42:19.0246 3796 TermService - ok
17:42:19.0646 3796 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
17:42:19.0649 3796 Themes - ok
17:42:19.0739 3796 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:42:19.0741 3796 THREADORDER - ok
17:42:19.0769 3796 TPwSav - ok
17:42:19.0797 3796 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
17:42:19.0800 3796 TrkWks - ok
17:42:19.0955 3796 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
17:42:19.0956 3796 TrustedInstaller - ok
17:42:20.0033 3796 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:42:20.0034 3796 tssecsrv - ok
17:42:20.0074 3796 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:42:20.0074 3796 tunmp - ok
17:42:20.0152 3796 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:42:20.0167 3796 tunnel - ok
17:42:20.0183 3796 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
17:42:20.0199 3796 uagp35 - ok
17:42:20.0230 3796 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:42:20.0245 3796 udfs - ok
17:42:20.0292 3796 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
17:42:20.0308 3796 UI0Detect - ok
17:42:20.0323 3796 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:42:20.0323 3796 uliagpkx - ok
17:42:20.0370 3796 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:42:20.0386 3796 uliahci - ok
17:42:20.0417 3796 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:42:20.0417 3796 UlSata - ok
17:42:20.0679 3796 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:42:20.0717 3796 ulsata2 - ok
17:42:20.0730 3796 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:42:20.0732 3796 umbus - ok
17:42:20.0805 3796 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
17:42:20.0809 3796 upnphost - ok
17:42:20.0938 3796 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
17:42:20.0945 3796 USBAAPL - ok
17:42:21.0091 3796 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:42:21.0095 3796 usbccgp - ok
17:42:21.0213 3796 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:42:21.0215 3796 usbcir - ok
17:42:21.0323 3796 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:42:21.0324 3796 usbehci - ok
17:42:21.0339 3796 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:42:21.0353 3796 usbhub - ok
17:42:21.0362 3796 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
17:42:21.0364 3796 usbohci - ok
17:42:21.0432 3796 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:42:21.0433 3796 usbprint - ok
17:42:21.0461 3796 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:42:21.0463 3796 usbscan - ok
17:42:21.0579 3796 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:42:21.0581 3796 USBSTOR - ok
17:42:21.0628 3796 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:42:21.0628 3796 usbuhci - ok
17:42:21.0706 3796 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
17:42:21.0706 3796 UxSms - ok
17:42:21.0706 3796 V0070VID - ok
17:42:21.0987 3796 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
17:42:22.0034 3796 vds - ok
17:42:22.0034 3796 venturi2 - ok
17:42:22.0096 3796 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:42:22.0096 3796 vga - ok
17:42:22.0112 3796 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:42:22.0128 3796 VgaSave - ok
17:42:22.0160 3796 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:42:22.0160 3796 viaagp - ok
17:42:22.0255 3796 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:42:22.0257 3796 ViaC7 - ok
17:42:22.0282 3796 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:42:22.0283 3796 viaide - ok
17:42:22.0401 3796 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:42:22.0402 3796 volmgr - ok
17:42:22.0447 3796 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:42:22.0458 3796 volmgrx - ok
17:42:22.0501 3796 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:42:22.0513 3796 volsnap - ok
17:42:22.0551 3796 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:42:22.0554 3796 vsmraid - ok
17:42:22.0640 3796 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
17:42:22.0661 3796 VSS - ok
17:42:22.0674 3796 vtserver - ok
17:42:22.0702 3796 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
17:42:22.0715 3796 W32Time - ok
17:42:22.0752 3796 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:42:22.0754 3796 WacomPen - ok
17:42:22.0796 3796 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:42:22.0798 3796 Wanarp - ok
17:42:22.0802 3796 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:42:22.0803 3796 Wanarpv6 - ok
17:42:22.0877 3796 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
17:42:22.0882 3796 wcncsvc - ok
17:42:22.0944 3796 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
17:42:22.0947 3796 WcsPlugInService - ok
17:42:22.0992 3796 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:42:22.0993 3796 Wd - ok
17:42:23.0115 3796 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:42:23.0126 3796 Wdf01000 - ok
17:42:23.0174 3796 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:42:23.0177 3796 WdiServiceHost - ok
17:42:23.0181 3796 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:42:23.0185 3796 WdiSystemHost - ok
17:42:23.0217 3796 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
17:42:23.0247 3796 WebClient - ok
17:42:23.0280 3796 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
17:42:23.0284 3796 Wecsvc - ok
17:42:23.0319 3796 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
17:42:23.0321 3796 wercplsupport - ok
17:42:23.0523 3796 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
17:42:23.0526 3796 WerSvc - ok
17:42:23.0535 3796 WinHttpAutoProxySvc - ok
17:42:23.0582 3796 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
17:42:23.0584 3796 Winmgmt - ok
17:42:24.0318 3796 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
17:42:24.0347 3796 WinRM - ok
17:42:24.0611 3796 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
17:42:24.0633 3796 Wlansvc - ok
17:42:25.0087 3796 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:42:25.0149 3796 wlidsvc - ok
17:42:25.0549 3796 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
17:42:25.0550 3796 WmiAcpi - ok
17:42:25.0916 3796 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
17:42:25.0919 3796 wmiApSrv - ok
17:42:26.0567 3796 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:42:26.0715 3796 WMPNetworkSvc - ok
17:42:26.0796 3796 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
17:42:26.0799 3796 WPCSvc - ok
17:42:26.0823 3796 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
17:42:26.0826 3796 WPDBusEnum - ok
17:42:26.0996 3796 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:42:26.0996 3796 WpdUsb - ok
17:42:27.0599 3796 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:42:27.0657 3796 WPFFontCache_v0400 - ok
17:42:27.0674 3796 wpshelper - ok
17:42:27.0701 3796 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:42:27.0703 3796 ws2ifsl - ok
17:42:27.0708 3796 WSearch - ok
17:42:28.0357 3796 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
17:42:28.0392 3796 wuauserv - ok
17:42:29.0329 3796 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:42:29.0331 3796 WUDFRd - ok
17:42:29.0395 3796 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
17:42:29.0397 3796 wudfsvc - ok
17:42:29.0408 3796 {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b} - ok
17:42:29.0430 3796 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:42:30.0211 3796 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:42:30.0211 3796 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:42:30.0235 3796 Boot (0x1200) (a0efea945ee6bd30d76509a0b907c173) \Device\Harddisk0\DR0\Partition0
17:42:30.0254 3796 \Device\Harddisk0\DR0\Partition0 - ok
17:42:30.0255 3796 ============================================================
17:42:30.0255 3796 Scan finished
17:42:30.0255 3796 ============================================================
17:42:30.0273 0232 Detected object count: 2
17:42:30.0273 0232 Actual detected object count: 2
17:42:54.0479 0232 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:42:54.0479 0232 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:42:54.0479 0232 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:42:54.0479 0232 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:43:00.0639 1056 Deinitialize success

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:58 AM

Posted 29 July 2012 - 12:05 PM

17:42:54.0479 0232 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

Run TDSSkiller and select DELETE


Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#8 Albin

Albin
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 29 July 2012 - 04:34 PM

Deleted this:
17:42:54.0479 0232 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

Malwarebytes Anti-Malware
Full scan - came out with 0 threats


MiniToolBox by Farbar Version: 23-07-2012
Ran by Albin (administrator) on 29-07-2012 at 21:33:01
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

IP-konfiguration f”r Windows

DNS-matcharens cacheminne har rensats.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Anslutning till lokalt nätverk (Connected)
Realtek 8185 Extensible Wireless Device = Trådlös nätverksanslutning (Connected)


# ----------------------------------
# IPv4-konfiguration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# Slut p† IPv4-konfigurationen



IP-konfiguration f”r Windows

V„rddatornamn . . . . . . . . . . : Albin-dator2
Prim„rt DNS-suffix. . . . . . . . :
Nodtyp. . . . . . . . . . . . . . : Hybrid
IP-routning aktiverat . . . . . . : Nej
WINS-proxy aktiverat. . . . . . . : Nej
S”klista f”r DNS-suffix . . . . . : lan

Tr†dl”s anslutning Tr†dl”s n„tverksanslutning:

Anslutningsspecifika DNS-suffix . : lan
Beskrivning . . . . . . . . . . . : Realtek 8185 Extensible Wireless Device
Fysisk adress . . . . . . . . . . : 00-06-4F-7B-1F-6B
DHCP aktiverat. . . . . . . . . . : Ja
Autokonfiguration aktiverat . . . : Ja
L„nklokal IPv6-adress . . . . . . : fe80::747b:7829:b256:ddff%11(Standard)
IPv4-adress . . . . . . . . . . . : 192.168.1.119(Standard)
N„tmask . . . . . . . . . . . . . : 255.255.255.0
L†net erh”lls . . . . . . . . . . : den 29 juli 2012 17:39:30
L†net upph”r. . . . . . . . . . . : den 30 juli 2012 20:32:19
Standard-gateway. . . . . . . . . : 192.168.1.254
DHCP-server . . . . . . . . . . . : 192.168.1.254
IAID f”r DHCPv6 . . . . . . . . . : 184550991
DUID f”r DHCPv6-klient. . . . . . : 00-01-00-01-14-5F-15-E1-00-40-CA-A6-36-EF
DNS-servrar . . . . . . . . . . . : 192.168.1.254
NetBIOS ”ver TCP/IP . . . . . . . : Aktiverat

Ethernet-anslutning Anslutning till lokalt n„tverk:

Anslutningsspecifika DNS-suffix . : lan
Beskrivning . . . . . . . . . . . : NVIDIA nForce Networking Controller
Fysisk adress . . . . . . . . . . : 00-40-CA-A6-36-EF
DHCP aktiverat. . . . . . . . . . : Ja
Autokonfiguration aktiverat . . . : Ja
L„nklokal IPv6-adress . . . . . . : fe80::7d60:b095:7405:3c2b%10(Standard)
IPv4-adress . . . . . . . . . . . : 192.168.1.114(Standard)
N„tmask . . . . . . . . . . . . . : 255.255.255.0
L†net erh”lls . . . . . . . . . . : den 29 juli 2012 17:39:27
L†net upph”r. . . . . . . . . . . : den 30 juli 2012 17:39:27
Standard-gateway. . . . . . . . . : 192.168.1.254
DHCP-server . . . . . . . . . . . : 192.168.1.254
IAID f”r DHCPv6 . . . . . . . . . : 218120394
DUID f”r DHCPv6-klient. . . . . . : 00-01-00-01-14-5F-15-E1-00-40-CA-A6-36-EF
DNS-servrar . . . . . . . . . . . : 192.168.1.254
NetBIOS ”ver TCP/IP . . . . . . . : Aktiverat

Tunnelanslutning: Anslutning till lokalt n„tverk*:

Tillst†nd . . . . . . . . . . . . : Fr†nkopplad
Anslutningsspecifika DNS-suffix . :
Beskrivning . . . . . . . . . . . : isatap.lan
Fysisk adress . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP aktiverat. . . . . . . . . . : Nej
Autokonfiguration aktiverat . . . : Ja

Tunnelanslutning: Anslutning till lokalt n„tverk* 6:

Tillst†nd . . . . . . . . . . . . : Fr†nkopplad
Anslutningsspecifika DNS-suffix . :
Beskrivning . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Fysisk adress . . . . . . . . . . : 02-00-54-55-4E-01
DHCP aktiverat. . . . . . . . . . : Nej
Autokonfiguration aktiverat . . . : Ja
Server: dsldevice.lan
Address: 192.168.1.254

Namn: google.com
Addresses: 2a00:1450:400f:801::1004
173.194.32.41
173.194.32.46
173.194.32.32
173.194.32.33
173.194.32.34
173.194.32.35
173.194.32.36
173.194.32.37
173.194.32.38
173.194.32.39
173.194.32.40



Skickar ping-signal till google.com [173.194.32.8] med 32 byte data:

Svar fr†n 173.194.32.8: byte=32 tid=47ms TTL=54

Svar fr†n 173.194.32.8: byte=32 tid=46ms TTL=54



Ping-statistik f”r 173.194.32.8:

Paket: Skickade = 2, Mottagna = 2, F”rlorade = 0 (0 %),

Ungef„rlig ”verf”ringstid i millisekunder:

L„gsta = 46 ms, H”gsta = 47 ms, Medel = 46 ms

Server: dsldevice.lan
Address: 192.168.1.254

Namn: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24



Skickar ping-signal till yahoo.com [98.139.183.24] med 32 byte data:

Svar fr†n 98.139.183.24: byte=32 tid=219ms TTL=49

Svar fr†n 98.139.183.24: byte=32 tid=226ms TTL=49



Ping-statistik f”r 98.139.183.24:

Paket: Skickade = 2, Mottagna = 2, F”rlorade = 0 (0 %),

Ungef„rlig ”verf”ringstid i millisekunder:

L„gsta = 219 ms, H”gsta = 226 ms, Medel = 222 ms

Server: dsldevice.lan
Address: 192.168.1.254

Namn: bleepingcomputer.com
Address: 208.43.87.2



Skickar ping-signal till bleepingcomputer.com [208.43.87.2] med 32 byte data:

Svar fr†n 208.43.87.2: M†lv„rddatorn kan inte n†s.

Svar fr†n 208.43.87.2: M†lv„rddatorn kan inte n†s.



Ping-statistik f”r 208.43.87.2:

Paket: Skickade = 2, Mottagna = 2, F”rlorade = 0 (0 %),



Skickar ping-signal till 127.0.0.1 med 32 byte data:

Svar fr†n 127.0.0.1: byte=32 tid < 1 ms TTL=128

Svar fr†n 127.0.0.1: byte=32 tid < 1 ms TTL=128



Ping-statistik f”r 127.0.0.1:

Paket: Skickade = 2, Mottagna = 2, F”rlorade = 0 (0 %),

Ungef„rlig ”verf”ringstid i millisekunder:

L„gsta = 0 ms, H”gsta = 0 ms, Medel = 0 ms

===========================================================================
Gr„nssnittslista
11 ...00 06 4f 7b 1f 6b ...... Realtek 8185 Extensible Wireless Device
10 ...00 40 ca a6 36 ef ...... NVIDIA nForce Networking Controller
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.lan
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

V„gtabell f”r IPv4
===========================================================================
Aktiva v„gar:
N„tverksadress N„tmask Gateway-adress Gr„nssnitt M†tt
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.114 20
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.119 25
127.0.0.0 255.0.0.0 Vid lan 127.0.0.1 306
127.0.0.1 255.255.255.255 Vid lan 127.0.0.1 306
127.255.255.255 255.255.255.255 Vid lan 127.0.0.1 306
192.168.1.0 255.255.255.0 Vid lan 192.168.1.114 276
192.168.1.0 255.255.255.0 Vid lan 192.168.1.119 281
192.168.1.114 255.255.255.255 Vid lan 192.168.1.114 276
192.168.1.119 255.255.255.255 Vid lan 192.168.1.119 281
192.168.1.255 255.255.255.255 Vid lan 192.168.1.114 276
192.168.1.255 255.255.255.255 Vid lan 192.168.1.119 281
224.0.0.0 240.0.0.0 Vid lan 127.0.0.1 306
224.0.0.0 240.0.0.0 Vid lan 192.168.1.114 276
224.0.0.0 240.0.0.0 Vid lan 192.168.1.119 281
255.255.255.255 255.255.255.255 Vid lan 127.0.0.1 306
255.255.255.255 255.255.255.255 Vid lan 192.168.1.114 276
255.255.255.255 255.255.255.255 Vid lan 192.168.1.119 281
===========================================================================
Best„ndiga v„gar:
Inga

V„gtabell f”r IPv6
===========================================================================
Aktiva v„gar:
Gr M†tt N„tverk M†l Gateway
1 306 ::1/128 Vid lan
10 276 fe80::/64 Vid lan
11 281 fe80::/64 Vid lan
11 281 fe80::747b:7829:b256:ddff/128
Vid lan
10 276 fe80::7d60:b095:7405:3c2b/128
Vid lan
1 306 ff00::/8 Vid lan
10 276 ff00::/8 Vid lan
11 281 ff00::/8 Vid lan
===========================================================================
Best„ndiga v„gar:
Inga
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/29/2012 05:40:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2012 05:40:01 PM) (Source: MSSQL$VISMA) (User: )
Description: The log scan number (332:472:1) passed to log scan in database 'master' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (07/29/2012 05:39:52 PM) (Source: MSSQL$VISMA) (User: )
Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.

Error: (07/29/2012 05:39:51 PM) (Source: MSSQL$VISMA) (User: )
Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.

Error: (07/29/2012 03:26:14 PM) (Source: Windows Search Service) (User: )
Description: Det går inte att uppdatera posten <C:\USERS\ALBIN\DOWNLOADS\OBEKRÄFTADE 47330.CRDOWNLOAD> i hash-mappningen.

Kontext: program , katalog SystemIndex

Information:
En enhet som är ansluten till datorn fungerar inte. (0x8007001f)

Error: (07/29/2012 02:29:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2012 02:28:28 PM) (Source: MSSQL$VISMA) (User: )
Description: The log scan number (332:472:1) passed to log scan in database 'master' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (07/29/2012 02:28:27 PM) (Source: MSSQL$VISMA) (User: )
Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.

Error: (07/29/2012 02:28:27 PM) (Source: MSSQL$VISMA) (User: )
Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.

Error: (07/29/2012 01:37:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/29/2012 05:47:34 PM) (Source: Service Control Manager) (User: )
Description: 30000SysMain

Error: (07/29/2012 05:47:04 PM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks

Error: (07/29/2012 05:42:01 PM) (Source: Service Control Manager) (User: )
Description: Tjänsten Google Update (gupdate)%%2

Error: (07/29/2012 05:40:24 PM) (Source: Service Control Manager) (User: )
Description: SQL Server (VISMA)3417 (0xD59)

Error: (07/29/2012 05:40:24 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (07/29/2012 05:40:24 PM) (Source: Service Control Manager) (User: )
Description: NIPALK%%126

Error: (07/29/2012 05:40:24 PM) (Source: Service Control Manager) (User: )
Description: Retrowdsvc%%126

Error: (07/29/2012 05:40:24 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (07/29/2012 05:40:24 PM) (Source: Service Control Manager) (User: )
Description: Scan%%126

Error: (07/29/2012 05:40:24 PM) (Source: Service Control Manager) (User: )
Description: Vcommmgr%%126


Microsoft Office Sessions:
=========================
Error: (07/29/2012 05:40:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2012 05:40:01 PM) (Source: MSSQL$VISMA)(User: )
Description: (332:472:1)master

Error: (07/29/2012 05:39:52 PM) (Source: MSSQL$VISMA)(User: )
Description: -1

Error: (07/29/2012 05:39:51 PM) (Source: MSSQL$VISMA)(User: )
Description:

Error: (07/29/2012 03:26:14 PM) (Source: Windows Search Service)(User: )
Description: Kontext: program , katalog SystemIndex

Information:
En enhet som är ansluten till datorn fungerar inte. (0x8007001f)
C:\USERS\ALBIN\DOWNLOADS\OBEKRÄFTADE 47330.CRDOWNLOAD

Error: (07/29/2012 02:29:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2012 02:28:28 PM) (Source: MSSQL$VISMA)(User: )
Description: (332:472:1)master

Error: (07/29/2012 02:28:27 PM) (Source: MSSQL$VISMA)(User: )
Description: -1

Error: (07/29/2012 02:28:27 PM) (Source: MSSQL$VISMA)(User: )
Description:

Error: (07/29/2012 01:37:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

Adobe AIR (Version: 2.0.2.12610)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Reader X (10.1.0) - Svenska (Version: 10.1.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
BankID säkerhetsprogram (Version: 4.19.1)
BitTorrent (Version: 7.1.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.00)
Compatibility Pack för Office 2007-systemet (Version: 12.0.6612.1000)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup (Version: 2.6.0.34)
Epson Easy Photo Print 2 (Version: 2.0.0.0)
EPSON Scan
EPSON Stylus SX100_TX100 Handbok
EPSON SX100 Series Printer Uninstall
ESET Online Scanner v3
Flightradar24 (Version: 1.0)
Google Chrome (Version: 16.0.912.63)
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 6.0.1.2032)
Google Talk (remove only)
Google Update Helper (Version: 1.2.183.39)
GTA San Andreas (Version: 1.00.00001)
Gyazo 1.0
HDRegSW (Version: 2.0.0)
iCloud (Version: 1.1.0.40)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
KVS Availability Tool [7.0.2] (Version: 7.0.2)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 3.5 Language Pack SP1 - sve (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile Language Pack - SVE (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile SVE Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Home and Student
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook Connector (Version: 14.0.6106.5001)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint Viewer 2007 (Swedish) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (VISMA) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft Works 9.0
MSVCRT (Version: 15.4.2862.0708)
Norton Internet Security (Version: 19.0.0.128)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA PhysX (Version: 9.10.0513)
OpenAL
Packard Bell ImageWriter (Version: 1.00.0000)
Packard Bell Recovery Management (Version: 3.1.3005)
Packard Bell Updator (Version: 3.00.0000)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.71.80.42)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.5643)
RealUpgrade 1.1 (Version: 1.1.0)
Segoe UI (Version: 15.4.2271.0615)
Setup My PC (Version: 3.00.0000)
Skype™ 5.10 (Version: 5.10.116)
Spotify (Version: 0.4.8)
Spotify (Version: 0.8.3.222.g317ab79d)
Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
Star Alliance TravelDesk
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
Visma Administration (Version: 5.11.2063)
VLC media player 1.1.4 (Version: 1.1.4)

========================= Memory info: ===================================

Percentage of memory in use: 65%
Total physical RAM: 3069.83 MB
Available physical RAM: 1066.48 MB
Total Pagefile: 6341.89 MB
Available Pagefile: 4339.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.01 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:583.17 GB) (Free:337.6 GB) NTFS
6 Drive h: (GTA_SAN_ANDREAS) (CDROM) (Total:3.93 GB) (Free:0 GB) UDF

========================= Users: ========================================

Anv„ndarkonton f”r \\ALBIN-DATOR2

Administrat”r Albin G„st
Kommandot har utf”rts.


**** End of log ****

Farbar Service Scanner Version: 26-07-2012
Ran by Albin (administrator) on 29-07-2012 at 23:27:25
Running from "C:\Users\Albin\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-21 04:24] - [2008-01-21 04:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


# AdwCleaner v1.703 - Logfile created 07/29/2012 at 23:28:07
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Albin - ALBIN-DATOR2
# Running from : C:\Users\Albin\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Albin\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Wise Solutions

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v16.0.912.63

File : C:\Users\Albin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [283 octets] - [29/07/2012 22:20:16]
AdwCleaner[S2].txt - [1348 octets] - [29/07/2012 23:28:07]

########## EOF - C:\AdwCleaner[S2].txt - [1476 octets] ##########

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:58 AM

Posted 29 July 2012 - 05:40 PM

Download

BFE
Mpssvc
wscsvc
windefend

Launch them ,click YES

restart the PC

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

#10 Albin

Albin
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 30 July 2012 - 11:52 AM

I think its this log


Starting Repairs...
Start (2012-07-30 18:46:22)

Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (2012-07-30 18:46:22)
Done (2012-07-30 18:46:27)

Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (2012-07-30 18:46:27)
Done (2012-07-30 18:46:32)

Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (2012-07-30 18:46:32)
Done (2012-07-30 18:46:37)

Repair WMI
Start (2012-07-30 18:46:37)
Step 01/03 - Deleting WMI Repository...
Det g†r inte att hitta s”kv„gen.
Step 02/03 - Rebuilding WMI Repository...
Step 03/03 - Registering WMI...
Invalid Global Switch.

Done (2012-07-30 18:47:55)

Repair Windows Firewall
Start (2012-07-30 18:47:55)
Tj„nsten Windows Firewall „r inte ig†ng.

Du kan f† mer hj„lp genom att skriva NET HELPMSG 3521.

Tj„nsten Internet Connection Sharing (ICS) „r inte ig†ng.

Du kan f† mer hj„lp genom att skriva NET HELPMSG 3521.

Tj„nsten Base Filtering Engine „r inte ig†ng.

Du kan f† mer hj„lp genom att skriva NET HELPMSG 3521.

Det gick inte att starta tj„nsten Base Filtering Engine.

Ett systemfel har uppst†tt.

Systemfel 5 har uppst†tt.

¸tkomst nekad.

Systemfel 1068 har uppst†tt.

Det g†r inte att starta den ”verordnade tj„nsten eller gruppen.

Systemfel 1068 har uppst†tt.

Det g†r inte att starta den ”verordnade tj„nsten eller gruppen.

Done (2012-07-30 18:48:04)

Repair Hosts File
Start (2012-07-30 18:48:04)
Det g†r inte att hitta filen.
Done (2012-07-30 18:48:06)

Remove Policies Set By Infections
Start (2012-07-30 18:48:06)
Done (2012-07-30 18:48:09)

Repair Winsock & DNS Cache
Start (2012-07-30 18:48:09)
Done (2012-07-30 18:48:15)

Cleaning up empty logs...

All Selected Repairs Done.
Done (2012-07-30 18:48:15)
Total Repair Time: 00:02:07


...YOU MUST RESTART YOUR SYSTEM...

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:58 AM

Posted 30 July 2012 - 07:34 PM

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#12 Albin

Albin
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 31 July 2012 - 07:53 AM

Farbar Service Scanner Version: 26-07-2012
Ran by Albin (administrator) on 31-07-2012 at 14:52:24
Running from "C:\Users\Albin\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-21 04:24] - [2008-01-21 04:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:58 AM

Posted 31 July 2012 - 08:18 AM

Press Windows+ R key and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sharedaccess

Right click on them -permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Press Windows+R key and type

services.msc and click ok

start base filtering engine service and then windows firewall service

Post the new FSS log

Edited by narenxp, 31 July 2012 - 08:18 AM.


#14 Albin

Albin
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 31 July 2012 - 08:35 AM

Did what you said.. I dont know if its any difference

Farbar Service Scanner Version: 26-07-2012
Ran by Albin (administrator) on 31-07-2012 at 15:34:02
Running from "C:\Users\Albin\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-21 04:24] - [2008-01-21 04:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:58 AM

Posted 31 July 2012 - 08:38 AM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows-vista/Turn-System-Restore-on-or-off

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users