Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

variant of win32/Sirefef.EZ Trojan in operating memory


  • Please log in to reply
20 replies to this topic

#1 themostconfusedman

themostconfusedman

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 21 August 2012 - 04:28 PM

Hello! I have been trying to find similar posts about this topic, and there seem to be many, but none that I could find that addressed the EZ variant of the sirefef trojan.
I have had this virus for a while, and kept thinking it was removed when warnings went away, but then it would seem to come back.
It is currently not redirecting me to other websites from searches, but has in the past. I want to try to remove this virus entirely so that my computer is safe again.
I just did an ESET online scan, and the sirefef.ez trojan in operating memory was the only infected file that came up.
My computer is a Windows Vista 64 bit operating system. My main anti-virus is Norton 360, which has detected this zeroaccess virus in the past, most likely related to the sirefef.

What would you suggest I do to safely remove the virus? ESET online had some file that claimed to fix things, but when I downloaded it, norton gave me a warning.

Thank you for any help, and my apologies if this was solved in another post!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:20 PM

Posted 21 August 2012 - 04:31 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 themostconfusedman

themostconfusedman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 21 August 2012 - 04:59 PM

Thanks for the quick response. I ran TDSS killer. The first time it found a problem it had to cure and restart my computer, then ran again. Below are both logs. I cannot open the link to avast you posted, maybe it is outdated now?

1st log

17:35:55.0422 5268 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
17:35:57.0435 5268 ============================================================
17:35:57.0435 5268 Current date / time: 2012/08/21 17:35:57.0435
17:35:57.0435 5268 SystemInfo:
17:35:57.0435 5268
17:35:57.0435 5268 OS Version: 6.0.6002 ServicePack: 2.0
17:35:57.0435 5268 Product type: Workstation
17:35:57.0435 5268 ComputerName: DEFAULT
17:35:57.0435 5268 UserName: XXX
17:35:57.0435 5268 Windows directory: C:\Windows
17:35:57.0435 5268 System windows directory: C:\Windows
17:35:57.0435 5268 Running under WOW64
17:35:57.0435 5268 Processor architecture: Intel x64
17:35:57.0435 5268 Number of processors: 8
17:35:57.0435 5268 Page size: 0x1000
17:35:57.0435 5268 Boot type: Normal boot
17:35:57.0435 5268 ============================================================
17:36:00.0602 5268 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:36:00.0664 5268 ============================================================
17:36:00.0664 5268 \Device\Harddisk0\DR0:
17:36:00.0680 5268 MBR partitions:
17:36:00.0680 5268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
17:36:00.0680 5268 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
17:36:00.0680 5268 ============================================================
17:36:00.0882 5268 C: <-> \Device\Harddisk0\DR0\Partition2
17:36:01.0023 5268 D: <-> \Device\Harddisk0\DR0\Partition1
17:36:01.0023 5268 ============================================================
17:36:01.0023 5268 Initialize success
17:36:01.0023 5268 ============================================================
17:36:14.0690 5548 ============================================================
17:36:14.0690 5548 Scan started
17:36:14.0690 5548 Mode: Manual; TDLFS;
17:36:14.0690 5548 ============================================================
17:36:17.0405 5548 ================ Scan system memory ========================
17:36:17.0405 5548 System memory - ok
17:36:17.0405 5548 ================ Scan services =============================
17:36:18.0044 5548 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
17:36:18.0060 5548 ACPI - ok
17:36:18.0200 5548 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:36:18.0247 5548 adp94xx - ok
17:36:18.0325 5548 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:36:18.0356 5548 adpahci - ok
17:36:18.0356 5548 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
17:36:18.0372 5548 adpu160m - ok
17:36:18.0419 5548 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:36:18.0434 5548 adpu320 - ok
17:36:18.0497 5548 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:36:18.0512 5548 AeLookupSvc - ok
17:36:18.0684 5548 [ 233EE06F203F6FD78CCBB8E0D139A271 ] AERTFilters C:\Windows\system32\AERTSr64.exe
17:36:18.0700 5548 AERTFilters - ok
17:36:18.0856 5548 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
17:36:18.0902 5548 AFD - ok
17:36:18.0980 5548 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:36:18.0996 5548 agp440 - ok
17:36:19.0105 5548 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:36:19.0105 5548 aic78xx - ok
17:36:19.0105 5548 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
17:36:19.0105 5548 ALG - ok
17:36:19.0136 5548 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys
17:36:19.0136 5548 aliide - ok
17:36:19.0214 5548 [ B5E2434FC851698C1F119CF1C3935A50 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:36:19.0214 5548 AMD External Events Utility - ok
17:36:19.0230 5548 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
17:36:19.0230 5548 amdide - ok
17:36:19.0261 5548 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:36:19.0261 5548 AmdK8 - ok
17:36:20.0338 5548 [ 9E3B4946F7E1BCA0B763E19D81EDBF2C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:36:20.0540 5548 amdkmdag - ok
17:36:20.0572 5548 [ B9E1C7B7F1865F99B16FF2E1BB94EDB6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:36:20.0572 5548 amdkmdap - ok
17:36:20.0618 5548 [ F5761675DA9D15D7AE0E40907A8F4404 ] AmdLLD64 C:\Windows\system32\DRIVERS\AmdLLD64.sys
17:36:20.0618 5548 AmdLLD64 - ok
17:36:20.0665 5548 [ 71AFF825B960731E2AE366467BC0D1F3 ] Amfilter C:\Windows\system32\DRIVERS\Amfltx64.sys
17:36:20.0665 5548 Amfilter - ok
17:36:20.0681 5548 [ 8F1DB3D133197AFFA3A721953EB0988C ] Amusbprt C:\Windows\system32\DRIVERS\Amusbx64.sys
17:36:20.0681 5548 Amusbprt - ok
17:36:20.0728 5548 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
17:36:20.0728 5548 Appinfo - ok
17:36:20.0759 5548 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
17:36:20.0759 5548 arc - ok
17:36:20.0790 5548 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:36:20.0790 5548 arcsas - ok
17:36:20.0821 5548 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:36:20.0821 5548 AsyncMac - ok
17:36:20.0852 5548 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
17:36:20.0852 5548 atapi - ok
17:36:20.0946 5548 [ 1A872AB76D00F52643BB0F81792BBF3B ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys
17:36:20.0962 5548 AtiHDAudioService - ok
17:36:22.0553 5548 [ 9E3B4946F7E1BCA0B763E19D81EDBF2C ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:36:25.0080 5548 atikmdag - ok
17:36:25.0314 5548 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:36:25.0330 5548 AudioEndpointBuilder - ok
17:36:25.0345 5548 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:36:25.0361 5548 AudioSrv - ok
17:36:25.0657 5548 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
17:36:25.0688 5548 BcmSqlStartupSvc - ok
17:36:25.0688 5548 Beep - ok
17:36:26.0562 5548 [ E99F59342171101EE2446D0CD1A60A8D ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120811.003\BHDrvx64.sys
17:36:26.0609 5548 BHDrvx64 - ok
17:36:26.0952 5548 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
17:36:27.0170 5548 BITS - ok
17:36:27.0217 5548 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:36:27.0233 5548 blbdrive - ok
17:36:27.0280 5548 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:36:27.0295 5548 bowser - ok
17:36:27.0358 5548 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
17:36:27.0373 5548 BrFiltLo - ok
17:36:27.0389 5548 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
17:36:27.0404 5548 BrFiltUp - ok
17:36:27.0482 5548 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
17:36:27.0498 5548 Browser - ok
17:36:27.0529 5548 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
17:36:27.0545 5548 Brserid - ok
17:36:27.0560 5548 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
17:36:27.0576 5548 BrSerWdm - ok
17:36:27.0607 5548 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
17:36:27.0638 5548 BrUsbMdm - ok
17:36:27.0670 5548 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
17:36:27.0670 5548 BrUsbSer - ok
17:36:27.0748 5548 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:36:27.0763 5548 BTHMODEM - ok
17:36:28.0184 5548 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys
17:36:28.0372 5548 ccSet_N360 - ok
17:36:28.0387 5548 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:36:28.0403 5548 cdfs - ok
17:36:28.0512 5548 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:36:28.0528 5548 cdrom - ok
17:36:28.0652 5548 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
17:36:28.0652 5548 CertPropSvc - ok
17:36:28.0684 5548 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:36:28.0715 5548 circlass - ok
17:36:28.0793 5548 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
17:36:28.0824 5548 CLFS - ok
17:36:28.0902 5548 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:36:28.0918 5548 clr_optimization_v2.0.50727_32 - ok
17:36:28.0964 5548 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:36:28.0964 5548 clr_optimization_v2.0.50727_64 - ok
17:36:29.0042 5548 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:36:29.0074 5548 clr_optimization_v4.0.30319_32 - ok
17:36:29.0183 5548 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:36:29.0214 5548 clr_optimization_v4.0.30319_64 - ok
17:36:29.0230 5548 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:36:29.0230 5548 cmdide - ok
17:36:29.0230 5548 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:36:29.0230 5548 Compbatt - ok
17:36:29.0245 5548 COMSysApp - ok
17:36:29.0245 5548 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:36:29.0245 5548 crcdisk - ok
17:36:29.0308 5548 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:36:29.0323 5548 CryptSvc - ok
17:36:29.0386 5548 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:36:29.0386 5548 DcomLaunch - ok
17:36:29.0448 5548 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:36:29.0448 5548 DfsC - ok
17:36:29.0635 5548 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
17:36:29.0682 5548 DFSR - ok
17:36:29.0744 5548 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
17:36:29.0744 5548 Dhcp - ok
17:36:29.0776 5548 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
17:36:29.0776 5548 disk - ok
17:36:29.0885 5548 [ C27FC910BD278E45AD1EDAB316BD852F ] DlinkUDSMBus C:\Windows\syswow64\Drivers\DlinkUDSMBus.sys
17:36:29.0885 5548 DlinkUDSMBus - ok
17:36:29.0916 5548 [ 73C8D236AC3B3D65B624CE9CCC3C1D4B ] DlinkUDSTcpBus C:\Windows\syswow64\Drivers\DlinkUDSTcpBus.sys
17:36:29.0963 5548 DlinkUDSTcpBus - ok
17:36:30.0010 5548 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:36:30.0010 5548 Dnscache - ok
17:36:30.0056 5548 [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
17:36:30.0056 5548 DockLoginService - ok
17:36:30.0119 5548 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
17:36:30.0119 5548 dot3svc - ok
17:36:30.0166 5548 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
17:36:30.0166 5548 Dot4 - ok
17:36:30.0212 5548 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:36:30.0228 5548 Dot4Print - ok
17:36:30.0244 5548 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
17:36:30.0259 5548 dot4usb - ok
17:36:30.0275 5548 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
17:36:30.0275 5548 DPS - ok
17:36:30.0306 5548 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:36:30.0306 5548 drmkaud - ok
17:36:30.0384 5548 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:36:30.0400 5548 DXGKrnl - ok
17:36:30.0446 5548 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
17:36:30.0446 5548 e1express - ok
17:36:30.0478 5548 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
17:36:30.0478 5548 E1G60 - ok
17:36:30.0509 5548 [ B37F6853D6E0C6F5F8EFDE33E831B5F8 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
17:36:30.0509 5548 e1yexpress - ok
17:36:30.0540 5548 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
17:36:30.0540 5548 EapHost - ok
17:36:30.0571 5548 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
17:36:30.0571 5548 Ecache - ok
17:36:30.0758 5548 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
17:36:30.0774 5548 eeCtrl - ok
17:36:30.0821 5548 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:36:30.0821 5548 ehRecvr - ok
17:36:30.0836 5548 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
17:36:30.0836 5548 ehSched - ok
17:36:30.0868 5548 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
17:36:30.0868 5548 ehstart - ok
17:36:30.0883 5548 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:36:30.0883 5548 elxstor - ok
17:36:30.0992 5548 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
17:36:31.0008 5548 EMDMgmt - ok
17:36:31.0039 5548 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:36:31.0039 5548 EraserUtilRebootDrv - ok
17:36:31.0070 5548 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:36:31.0070 5548 ErrDev - ok
17:36:31.0117 5548 [ 3184759434D6BA5031AC221DF6765B86 ] EuMusDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\vrtaucbl.sys
17:36:31.0117 5548 EuMusDesignVirtualAudioCableWdm - ok
17:36:31.0164 5548 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
17:36:31.0180 5548 EventSystem - ok
17:36:31.0211 5548 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
17:36:31.0211 5548 exfat - ok
17:36:31.0258 5548 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:36:31.0258 5548 fastfat - ok
17:36:31.0273 5548 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:36:31.0273 5548 fdc - ok
17:36:31.0289 5548 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
17:36:31.0289 5548 fdPHost - ok
17:36:31.0304 5548 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
17:36:31.0304 5548 FDResPub - ok
17:36:31.0320 5548 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:36:31.0320 5548 FileInfo - ok
17:36:31.0336 5548 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:36:31.0336 5548 Filetrace - ok
17:36:31.0382 5548 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:36:31.0398 5548 FLEXnet Licensing Service - ok
17:36:31.0429 5548 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:36:31.0429 5548 flpydisk - ok
17:36:31.0476 5548 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:36:31.0476 5548 FltMgr - ok
17:36:31.0538 5548 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
17:36:31.0570 5548 FontCache - ok
17:36:31.0616 5548 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:36:31.0632 5548 FontCache3.0.0.0 - ok
17:36:31.0663 5548 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:36:31.0663 5548 Fs_Rec - ok
17:36:31.0679 5548 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:36:31.0679 5548 gagp30kx - ok
17:36:31.0741 5548 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
17:36:31.0757 5548 gpsvc - ok
17:36:31.0835 5548 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:36:31.0835 5548 gupdate - ok
17:36:31.0866 5548 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:36:31.0866 5548 gupdatem - ok
17:36:31.0944 5548 [ 98405343D7DCD330FE1B08C8F4C3900C ] HCW85BDA C:\Windows\system32\drivers\HCW85BDA.sys
17:36:31.0975 5548 HCW85BDA - ok
17:36:32.0022 5548 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:36:32.0022 5548 HdAudAddService - ok
17:36:32.0084 5548 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:36:32.0100 5548 HDAudBus - ok
17:36:32.0131 5548 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:36:32.0147 5548 HidBth - ok
17:36:32.0162 5548 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:36:32.0162 5548 HidIr - ok
17:36:32.0194 5548 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
17:36:32.0209 5548 hidserv - ok
17:36:32.0240 5548 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:36:32.0240 5548 HidUsb - ok
17:36:32.0256 5548 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
17:36:32.0256 5548 hkmsvc - ok
17:36:32.0287 5548 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
17:36:32.0287 5548 HpCISSs - ok
17:36:32.0334 5548 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:36:32.0350 5548 HTTP - ok
17:36:32.0350 5548 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
17:36:32.0365 5548 i2omp - ok
17:36:32.0381 5548 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:36:32.0381 5548 i8042prt - ok
17:36:32.0412 5548 [ FC28E90F2204D8FD147FA9BFA8A51C01 ] iaStor C:\Windows\system32\drivers\iastor.sys
17:36:32.0428 5548 iaStor - ok
17:36:32.0428 5548 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
17:36:32.0443 5548 iaStorV - ok
17:36:32.0521 5548 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:36:32.0521 5548 IDriverT - ok
17:36:32.0584 5548 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:36:32.0599 5548 idsvc - ok
17:36:33.0005 5548 [ CE0BF35C79E03BB89DA6B14FAC838605 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120818.001\IDSvia64.sys
17:36:33.0036 5548 IDSVia64 - ok
17:36:33.0052 5548 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:36:33.0052 5548 iirsp - ok
17:36:33.0098 5548 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
17:36:33.0114 5548 IKEEXT - ok
17:36:33.0192 5548 [ 358A23ACF3A78893EEACD4BEB20953D5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:36:33.0239 5548 IntcAzAudAddService - ok
17:36:33.0254 5548 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\DRIVERS\intelide.sys
17:36:33.0254 5548 intelide - ok
17:36:33.0254 5548 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:36:33.0270 5548 intelppm - ok
17:36:33.0286 5548 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:36:33.0286 5548 IPBusEnum - ok
17:36:33.0332 5548 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:36:33.0332 5548 IpFilterDriver - ok
17:36:33.0332 5548 IpInIp - ok
17:36:33.0348 5548 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
17:36:33.0348 5548 IPMIDRV - ok
17:36:33.0348 5548 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
17:36:33.0364 5548 IPNAT - ok
17:36:33.0364 5548 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:36:33.0364 5548 IRENUM - ok
17:36:33.0395 5548 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:36:33.0395 5548 isapnp - ok
17:36:33.0442 5548 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:36:33.0442 5548 iScsiPrt - ok
17:36:33.0457 5548 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
17:36:33.0457 5548 iteatapi - ok
17:36:33.0473 5548 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
17:36:33.0473 5548 iteraid - ok
17:36:33.0535 5548 [ 8F92E7FE65423535AD60445EB730EB61 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
17:36:33.0535 5548 ivusb - ok
17:36:33.0535 5548 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:36:33.0535 5548 kbdclass - ok
17:36:33.0582 5548 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:36:33.0582 5548 kbdhid - ok
17:36:33.0598 5548 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
17:36:33.0598 5548 KeyIso - ok
17:36:33.0629 5548 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:36:33.0644 5548 KSecDD - ok
17:36:33.0676 5548 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:36:33.0676 5548 ksthunk - ok
17:36:33.0722 5548 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
17:36:33.0738 5548 KtmRm - ok
17:36:33.0769 5548 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:36:33.0769 5548 LanmanServer - ok
17:36:33.0816 5548 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:36:33.0816 5548 LanmanWorkstation - ok
17:36:33.0816 5548 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:36:33.0816 5548 lltdio - ok
17:36:33.0847 5548 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:36:33.0847 5548 lltdsvc - ok
17:36:33.0863 5548 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:36:33.0863 5548 lmhosts - ok
17:36:33.0878 5548 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:36:33.0878 5548 LSI_FC - ok
17:36:33.0894 5548 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:36:33.0894 5548 LSI_SAS - ok
17:36:33.0910 5548 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:36:33.0910 5548 LSI_SCSI - ok
17:36:33.0910 5548 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
17:36:33.0910 5548 luafv - ok
17:36:33.0925 5548 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:36:33.0941 5548 Mcx2Svc - ok
17:36:33.0956 5548 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
17:36:33.0956 5548 megasas - ok
17:36:33.0988 5548 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
17:36:33.0988 5548 MegaSR - ok
17:36:34.0081 5548 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:36:34.0081 5548 Microsoft Office Groove Audit Service - ok
17:36:34.0112 5548 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
17:36:34.0112 5548 MMCSS - ok
17:36:34.0128 5548 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
17:36:34.0128 5548 Modem - ok
17:36:34.0128 5548 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:36:34.0128 5548 monitor - ok
17:36:34.0144 5548 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:36:34.0144 5548 mouclass - ok
17:36:34.0159 5548 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:36:34.0159 5548 mouhid - ok
17:36:34.0175 5548 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
17:36:34.0175 5548 MountMgr - ok
17:36:34.0190 5548 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
17:36:34.0206 5548 mpio - ok
17:36:34.0206 5548 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:36:34.0206 5548 mpsdrv - ok
17:36:34.0222 5548 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
17:36:34.0222 5548 Mraid35x - ok
17:36:34.0268 5548 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:36:34.0268 5548 MRxDAV - ok
17:36:34.0300 5548 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:36:34.0315 5548 mrxsmb - ok
17:36:34.0346 5548 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:36:34.0362 5548 mrxsmb10 - ok
17:36:34.0362 5548 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:36:34.0378 5548 mrxsmb20 - ok
17:36:34.0378 5548 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys
17:36:34.0378 5548 msahci - ok
17:36:34.0393 5548 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:36:34.0393 5548 msdsm - ok
17:36:34.0409 5548 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
17:36:34.0409 5548 MSDTC - ok
17:36:34.0440 5548 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:36:34.0440 5548 Msfs - ok
17:36:34.0456 5548 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:36:34.0456 5548 msisadrv - ok
17:36:34.0471 5548 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:36:34.0471 5548 MSiSCSI - ok
17:36:34.0487 5548 msiserver - ok
17:36:34.0487 5548 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:36:34.0487 5548 MSKSSRV - ok
17:36:34.0518 5548 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:36:34.0518 5548 MSPCLOCK - ok
17:36:34.0518 5548 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:36:34.0518 5548 MSPQM - ok
17:36:34.0565 5548 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:36:34.0565 5548 MsRPC - ok
17:36:34.0580 5548 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:36:34.0580 5548 mssmbios - ok
17:36:34.0627 5548 MSSQL$MSSMLBIZ - ok
17:36:34.0643 5548 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:36:34.0643 5548 MSSQLServerADHelper - ok
17:36:34.0658 5548 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:36:34.0658 5548 MSTEE - ok
17:36:34.0658 5548 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
17:36:34.0674 5548 Mup - ok
17:36:35.0017 5548 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
17:36:35.0017 5548 N360 - ok
17:36:35.0033 5548 [ B5A7DED4455D6D694091827DC91FED99 ] NAL C:\Windows\system32\Drivers\iqvw64e.sys
17:36:35.0033 5548 NAL - ok
17:36:35.0080 5548 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
17:36:35.0095 5548 napagent - ok
17:36:35.0126 5548 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:36:35.0126 5548 NativeWifiP - ok
17:36:35.0220 5548 [ 149A9AD81BB327E892FA1ACB77722442 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120820.034\ENG64.SYS
17:36:35.0236 5548 NAVENG - ok
17:36:35.0298 5548 [ 4AF8750E71B549FEC5F6D1D01398CA69 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120820.034\EX64.SYS
17:36:35.0360 5548 NAVEX15 - ok
17:36:35.0407 5548 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:36:35.0423 5548 NDIS - ok
17:36:35.0438 5548 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:36:35.0438 5548 NdisTapi - ok
17:36:35.0438 5548 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:36:35.0438 5548 Ndisuio - ok
17:36:35.0470 5548 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:36:35.0485 5548 NdisWan - ok
17:36:35.0485 5548 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:36:35.0501 5548 NDProxy - ok
17:36:35.0548 5548 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:36:35.0548 5548 Net Driver HPZ12 - ok
17:36:35.0548 5548 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:36:35.0548 5548 NetBIOS - ok
17:36:35.0594 5548 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
17:36:35.0594 5548 netbt - ok
17:36:35.0594 5548 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
17:36:35.0594 5548 Netlogon - ok
17:36:35.0626 5548 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
17:36:35.0626 5548 Netman - ok
17:36:35.0641 5548 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
17:36:35.0657 5548 netprofm - ok
17:36:35.0688 5548 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:36:35.0688 5548 NetTcpPortSharing - ok
17:36:35.0704 5548 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:36:35.0704 5548 nfrd960 - ok
17:36:35.0719 5548 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
17:36:35.0719 5548 NlaSvc - ok
17:36:35.0750 5548 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:36:35.0750 5548 Npfs - ok
17:36:35.0766 5548 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
17:36:35.0766 5548 nsi - ok
17:36:35.0766 5548 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:36:35.0766 5548 nsiproxy - ok
17:36:35.0828 5548 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:36:35.0875 5548 Ntfs - ok
17:36:35.0875 5548 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
17:36:35.0875 5548 Null - ok
17:36:35.0891 5548 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:36:35.0891 5548 nvraid - ok
17:36:35.0906 5548 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:36:35.0906 5548 nvstor - ok
17:36:35.0922 5548 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:36:35.0922 5548 nv_agp - ok
17:36:35.0922 5548 NwlnkFlt - ok
17:36:35.0938 5548 NwlnkFwd - ok
17:36:35.0984 5548 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:36:36.0000 5548 odserv - ok
17:36:36.0031 5548 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:36:36.0047 5548 ohci1394 - ok
17:36:36.0078 5548 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:36:36.0078 5548 ose - ok
17:36:36.0140 5548 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
17:36:36.0156 5548 p2pimsvc - ok
17:36:36.0172 5548 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
17:36:36.0172 5548 p2psvc - ok
17:36:36.0234 5548 [ AD930193F413316F2B713B90F12AE767 ] PAC207 C:\Windows\system32\DRIVERS\PFC027.SYS
17:36:36.0250 5548 PAC207 - ok
17:36:36.0265 5548 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
17:36:36.0265 5548 Parport - ok
17:36:36.0296 5548 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:36:36.0296 5548 partmgr - ok
17:36:36.0328 5548 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
17:36:36.0328 5548 PcaSvc - ok
17:36:36.0374 5548 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
17:36:36.0390 5548 pci - ok
17:36:36.0437 5548 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
17:36:36.0437 5548 pciide - ok
17:36:36.0468 5548 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:36:36.0468 5548 pcmcia - ok
17:36:36.0484 5548 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:36:36.0499 5548 PEAUTH - ok
17:36:36.0562 5548 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:36:36.0577 5548 PerfHost - ok
17:36:36.0640 5548 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
17:36:36.0671 5548 pla - ok
17:36:36.0733 5548 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:36:36.0733 5548 PlugPlay - ok
17:36:36.0780 5548 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:36:36.0780 5548 Pml Driver HPZ12 - ok
17:36:36.0796 5548 PnkBstrA - ok
17:36:36.0827 5548 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
17:36:36.0842 5548 PNRPAutoReg - ok
17:36:36.0858 5548 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
17:36:36.0858 5548 PNRPsvc - ok
17:36:36.0920 5548 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:36:36.0936 5548 PolicyAgent - ok
17:36:36.0967 5548 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:36:36.0967 5548 PptpMiniport - ok
17:36:36.0998 5548 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
17:36:36.0998 5548 Processor - ok
17:36:37.0030 5548 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
17:36:37.0045 5548 ProfSvc - ok
17:36:37.0045 5548 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
17:36:37.0045 5548 ProtectedStorage - ok
17:36:37.0092 5548 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
17:36:37.0092 5548 PSched - ok
17:36:37.0123 5548 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
17:36:37.0123 5548 PxHlpa64 - ok
17:36:37.0170 5548 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:36:37.0186 5548 ql2300 - ok
17:36:37.0217 5548 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:36:37.0232 5548 ql40xx - ok
17:36:37.0248 5548 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
17:36:37.0248 5548 QWAVE - ok
17:36:37.0264 5548 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:36:37.0264 5548 QWAVEdrv - ok
17:36:37.0654 5548 [ 9E3B4946F7E1BCA0B763E19D81EDBF2C ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
17:36:37.0841 5548 R300 - ok
17:36:37.0934 5548 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
17:36:37.0934 5548 RapiMgr - ok
17:36:37.0934 5548 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:36:37.0934 5548 RasAcd - ok
17:36:37.0966 5548 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
17:36:37.0966 5548 RasAuto - ok
17:36:38.0012 5548 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:36:38.0012 5548 Rasl2tp - ok
17:36:38.0028 5548 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
17:36:38.0028 5548 RasMan - ok
17:36:38.0075 5548 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:36:38.0075 5548 RasPppoe - ok
17:36:38.0106 5548 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:36:38.0106 5548 RasSstp - ok
17:36:38.0153 5548 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:36:38.0153 5548 rdbss - ok
17:36:38.0168 5548 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:36:38.0168 5548 RDPCDD - ok
17:36:38.0200 5548 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
17:36:38.0200 5548 rdpdr - ok
17:36:38.0200 5548 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:36:38.0200 5548 RDPENCDD - ok
17:36:38.0309 5548 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:36:38.0324 5548 RDPWD - ok
17:36:38.0356 5548 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:36:38.0356 5548 RemoteAccess - ok
17:36:38.0402 5548 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:36:38.0402 5548 RemoteRegistry - ok
17:36:38.0418 5548 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
17:36:38.0418 5548 RpcLocator - ok
17:36:38.0465 5548 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
17:36:38.0480 5548 RpcSs - ok
17:36:38.0496 5548 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:36:38.0496 5548 rspndr - ok
17:36:38.0543 5548 [ 1BF56EF13988348F2AC8BD932FADEA0B ] RT73 C:\Windows\system32\DRIVERS\Dr71WU.sys
17:36:38.0543 5548 RT73 - ok
17:36:38.0558 5548 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
17:36:38.0558 5548 SamSs - ok
17:36:38.0558 5548 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:36:38.0574 5548 sbp2port - ok
17:36:38.0590 5548 SBRE - ok
17:36:38.0636 5548 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:36:38.0636 5548 SCardSvr - ok
17:36:38.0699 5548 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
17:36:38.0714 5548 Schedule - ok
17:36:38.0761 5548 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:36:38.0761 5548 SCPolicySvc - ok
17:36:38.0792 5548 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:36:38.0792 5548 SDRSVC - ok
17:36:38.0870 5548 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:36:38.0886 5548 SeaPort - ok
17:36:38.0886 5548 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:36:38.0886 5548 secdrv - ok
17:36:38.0902 5548 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
17:36:38.0902 5548 seclogon - ok
17:36:38.0902 5548 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
17:36:38.0902 5548 SENS - ok
17:36:38.0917 5548 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:36:38.0917 5548 Serenum - ok
17:36:38.0933 5548 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
17:36:38.0933 5548 Serial - ok
17:36:38.0948 5548 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:36:38.0948 5548 sermouse - ok
17:36:38.0964 5548 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
17:36:38.0964 5548 SessionEnv - ok
17:36:38.0964 5548 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:36:38.0980 5548 sffdisk - ok
17:36:38.0980 5548 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:36:38.0980 5548 sffp_mmc - ok
17:36:38.0995 5548 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:36:38.0995 5548 sffp_sd - ok
17:36:38.0995 5548 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:36:38.0995 5548 sfloppy - ok
17:36:39.0042 5548 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:36:39.0042 5548 ShellHWDetection - ok
17:36:39.0058 5548 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
17:36:39.0058 5548 SiSRaid2 - ok
17:36:39.0073 5548 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:36:39.0073 5548 SiSRaid4 - ok
17:36:39.0151 5548 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
17:36:39.0229 5548 slsvc - ok
17:36:39.0292 5548 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
17:36:39.0307 5548 SLUINotify - ok
17:36:39.0338 5548 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:36:39.0338 5548 Smb - ok
17:36:39.0354 5548 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:36:39.0354 5548 SNMPTRAP - ok
17:36:39.0385 5548 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
17:36:39.0385 5548 spldr - ok
17:36:39.0432 5548 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
17:36:39.0448 5548 Spooler - ok
17:36:39.0463 5548 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:36:39.0463 5548 SQLBrowser - ok
17:36:39.0526 5548 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:36:39.0541 5548 SQLWriter - ok
17:36:39.0666 5548 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0603000.00E\SRTSP64.SYS
17:36:39.0682 5548 SRTSP - ok
17:36:39.0713 5548 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0603000.00E\SRTSPX64.SYS
17:36:39.0713 5548 SRTSPX - ok
17:36:39.0760 5548 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
17:36:39.0760 5548 srv - ok
17:36:39.0806 5548 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:36:39.0806 5548 srv2 - ok
17:36:39.0838 5548 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:36:39.0838 5548 srvnet - ok
17:36:39.0853 5548 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:36:39.0869 5548 SSDPSRV - ok
17:36:39.0884 5548 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:36:39.0884 5548 SstpSvc - ok
17:36:39.0916 5548 Steam Client Service - ok
17:36:39.0962 5548 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
17:36:39.0978 5548 stisvc - ok
17:36:40.0025 5548 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
17:36:40.0040 5548 stllssvr - ok
17:36:40.0056 5548 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:36:40.0056 5548 swenum - ok
17:36:40.0118 5548 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
17:36:40.0118 5548 swprv - ok
17:36:40.0150 5548 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
17:36:40.0150 5548 Symc8xx - ok
17:36:40.0196 5548 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS
17:36:40.0196 5548 SymDS - ok
17:36:40.0274 5548 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS
17:36:40.0306 5548 SymEFA - ok
17:36:40.0337 5548 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
17:36:40.0352 5548 SymEvent - ok
17:36:40.0399 5548 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS
17:36:40.0399 5548 SymIRON - ok
17:36:40.0446 5548 [ A25FEE245C78804601D83431386A0BEE ] SYMTDIv C:\Windows\System32\Drivers\N360x64\0603000.00E\SYMTDIV.SYS
17:36:40.0462 5548 SYMTDIv - ok
17:36:40.0477 5548 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
17:36:40.0477 5548 Sym_hi - ok
17:36:40.0493 5548 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
17:36:40.0493 5548 Sym_u3 - ok
17:36:40.0540 5548 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
17:36:40.0571 5548 SysMain - ok
17:36:40.0586 5548 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:36:40.0586 5548 TabletInputService - ok
17:36:40.0649 5548 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:36:40.0649 5548 TapiSrv - ok
17:36:40.0664 5548 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
17:36:40.0664 5548 TBS - ok
17:36:40.0711 5548 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:36:40.0742 5548 Tcpip - ok
17:36:40.0789 5548 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
17:36:40.0789 5548 Tcpip6 - ok
17:36:40.0836 5548 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:36:40.0836 5548 tcpipreg - ok
17:36:40.0852 5548 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:36:40.0852 5548 TDPIPE - ok
17:36:40.0852 5548 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:36:40.0852 5548 TDTCP - ok
17:36:40.0898 5548 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:36:40.0898 5548 tdx - ok
17:36:40.0930 5548 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:36:40.0930 5548 TermDD - ok
17:36:40.0992 5548 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
17:36:41.0008 5548 TermService - ok
17:36:41.0023 5548 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
17:36:41.0023 5548 Themes - ok
17:36:41.0054 5548 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
17:36:41.0054 5548 THREADORDER - ok
17:36:41.0054 5548 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
17:36:41.0054 5548 TrkWks - ok
17:36:41.0117 5548 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:36:41.0117 5548 TrustedInstaller - ok
17:36:41.0132 5548 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:36:41.0132 5548 tssecsrv - ok
17:36:41.0148 5548 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
17:36:41.0148 5548 tunmp - ok
17:36:41.0195 5548 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:36:41.0195 5548 tunnel - ok
17:36:41.0210 5548 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:36:41.0210 5548 uagp35 - ok
17:36:41.0257 5548 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:36:41.0257 5548 udfs - ok
17:36:41.0288 5548 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:36:41.0304 5548 UI0Detect - ok
17:36:41.0320 5548 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:36:41.0320 5548 uliagpkx - ok
17:36:41.0335 5548 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
17:36:41.0335 5548 uliahci - ok
17:36:41.0351 5548 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
17:36:41.0366 5548 UlSata - ok
17:36:41.0382 5548 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
17:36:41.0382 5548 ulsata2 - ok
17:36:41.0398 5548 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:36:41.0398 5548 umbus - ok
17:36:41.0413 5548 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
17:36:41.0413 5548 upnphost - ok
17:36:41.0460 5548 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:36:41.0460 5548 usbaudio - ok
17:36:41.0507 5548 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:36:41.0507 5548 usbccgp - ok
17:36:41.0538 5548 [ 8C39D53E1A343F4C47EE8F3C052126D8 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
17:36:41.0538 5548 usbcir - ok
17:36:41.0554 5548 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:36:41.0554 5548 usbehci - ok
17:36:41.0600 5548 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:36:41.0600 5548 usbhub - ok
17:36:41.0616 5548 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:36:41.0616 5548 usbohci - ok
17:36:41.0663 5548 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:36:41.0663 5548 usbprint - ok
17:36:41.0694 5548 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:36:41.0694 5548 usbscan - ok
17:36:41.0725 5548 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:36:41.0725 5548 USBSTOR - ok
17:36:41.0756 5548 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:36:41.0756 5548 usbuhci - ok
17:36:41.0803 5548 [ 1E36BB1A3C5AAF2AA9FA9A126DF8C16C ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
17:36:41.0803 5548 usb_rndisx - ok
17:36:41.0850 5548 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
17:36:41.0850 5548 UxSms - ok
17:36:41.0912 5548 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
17:36:41.0928 5548 vds - ok
17:36:41.0944 5548 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:36:41.0944 5548 vga - ok
17:36:41.0959 5548 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:36:41.0959 5548 VgaSave - ok
17:36:41.0975 5548 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
17:36:41.0975 5548 viaide - ok
17:36:42.0022 5548 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
17:36:42.0037 5548 Viewpoint Manager Service - ok
17:36:42.0068 5548 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:36:42.0068 5548 volmgr - ok
17:36:42.0115 5548 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:36:42.0115 5548 volmgrx - ok
17:36:42.0146 5548 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:36:42.0146 5548 volsnap - ok
17:36:42.0162 5548 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:36:42.0178 5548 vsmraid - ok
17:36:42.0240 5548 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
17:36:42.0287 5548 VSS - ok
17:36:42.0318 5548 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
17:36:42.0396 5548 W32Time - ok
17:36:42.0427 5548 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:36:42.0427 5548 WacomPen - ok
17:36:42.0458 5548 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
17:36:42.0458 5548 Wanarp - ok
17:36:42.0458 5548 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:36:42.0458 5548 Wanarpv6 - ok
17:36:42.0505 5548 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
17:36:42.0505 5548 WcesComm - ok
17:36:42.0521 5548 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:36:42.0552 5548 wcncsvc - ok
17:36:42.0568 5548 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:36:42.0568 5548 WcsPlugInService - ok
17:36:42.0583 5548 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
17:36:42.0583 5548 Wd - ok
17:36:42.0614 5548 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:36:42.0630 5548 Wdf01000 - ok
17:36:42.0646 5548 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:36:42.0646 5548 WdiServiceHost - ok
17:36:42.0646 5548 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:36:42.0646 5548 WdiSystemHost - ok
17:36:42.0677 5548 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
17:36:42.0677 5548 WebClient - ok
17:36:42.0724 5548 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:36:42.0724 5548 Wecsvc - ok
17:36:42.0739 5548 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:36:42.0739 5548 wercplsupport - ok
17:36:42.0739 5548 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
17:36:42.0755 5548 WerSvc - ok
17:36:42.0755 5548 WinHttpAutoProxySvc - ok
17:36:42.0833 5548 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:36:42.0833 5548 Winmgmt - ok
17:36:42.0958 5548 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
17:36:42.0989 5548 WinRM - ok
17:36:43.0020 5548 [ 7F2F9E48566B2087F2AAAD258CB2A8D4 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
17:36:43.0020 5548 winusb - ok
17:36:43.0067 5548 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:36:43.0098 5548 Wlansvc - ok
17:36:43.0207 5548 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:36:43.0270 5548 wlidsvc - ok
17:36:43.0285 5548 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:36:43.0285 5548 WmiAcpi - ok
17:36:43.0332 5548 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:36:43.0332 5548 wmiApSrv - ok
17:36:43.0348 5548 WMPNetworkSvc - ok
17:36:43.0379 5548 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:36:43.0379 5548 WPCSvc - ok
17:36:43.0410 5548 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:36:43.0410 5548 WPDBusEnum - ok
17:36:43.0457 5548 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
17:36:43.0457 5548 WpdUsb - ok
17:36:43.0691 5548 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:36:43.0706 5548 WPFFontCache_v0400 - ok
17:36:43.0722 5548 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:36:43.0722 5548 ws2ifsl - ok
17:36:43.0738 5548 WSearch - ok
17:36:43.0878 5548 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:36:43.0956 5548 wuauserv - ok
17:36:43.0987 5548 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:36:43.0987 5548 wudfsvc - ok
17:36:44.0050 5548 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
17:36:44.0050 5548 xusb21 - ok
17:36:44.0065 5548 ================ Scan global ===============================
17:36:44.0081 5548 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
17:36:44.0128 5548 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
17:36:44.0159 5548 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
17:36:44.0190 5548 [ BC81150939BD52DBC7A08C245F1FB229 ] C:\Windows\system32\services.exe
17:36:44.0206 5548 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
17:36:44.0206 5548 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
17:36:44.0221 5548 ================ Scan MBR ==================================
17:36:44.0237 5548 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
17:36:45.0688 5548 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:36:45.0688 5548 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:36:45.0688 5548 ================ Scan VBR ==================================
17:36:45.0719 5548 [ 44DDE21E0422D060A46DC4AB4B5FD145 ] \Device\Harddisk0\DR0\Partition1
17:36:45.0719 5548 \Device\Harddisk0\DR0\Partition1 - ok
17:36:45.0750 5548 [ 82A52E35ADD02F736211E151567B3098 ] \Device\Harddisk0\DR0\Partition2
17:36:45.0750 5548 \Device\Harddisk0\DR0\Partition2 - ok
17:36:45.0750 5548 ============================================================
17:36:45.0750 5548 Scan finished
17:36:45.0750 5548 ============================================================
17:36:45.0750 5060 Detected object count: 2
17:36:45.0750 5060 Actual detected object count: 2
17:37:03.0830 5060 C:\Windows\system32\services.exe - copied to quarantine
17:37:05.0656 5060 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
17:37:05.0656 5060 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
17:37:06.0014 5060 C:\Windows\installer\{9a8d8245-9d94-c9de-a7ee-87dc52a166a0}\@ - copied to quarantine
17:37:06.0077 5060 C:\Windows\installer\{9a8d8245-9d94-c9de-a7ee-87dc52a166a0}\L\00000004.@ - copied to quarantine
17:37:06.0077 5060 C:\Windows\installer\{9a8d8245-9d94-c9de-a7ee-87dc52a166a0}\L\201d3dde - copied to quarantine
17:37:06.0373 5060 C:\Users\XXX\AppData\Local\{9a8d8245-9d94-c9de-a7ee-87dc52a166a0}\@ - copied to quarantine
17:41:52.0399 5060 Backup copy not found, trying to cure infected file..
17:41:52.0399 5060 Cure success, using it..
17:41:54.0365 5060 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot
17:41:54.0365 5060 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot
17:41:54.0412 5060 C:\Windows\installer\{9a8d8245-9d94-c9de-a7ee-87dc52a166a0}\@ - will be deleted on reboot
17:41:54.0458 5060 C:\Users\XXX\AppData\Local\{9a8d8245-9d94-c9de-a7ee-87dc52a166a0}\@ - will be deleted on reboot
17:41:54.0458 5060 C:\Windows\system32\services.exe - will be cured on reboot
17:41:54.0458 5060 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Cure
17:41:54.0458 5060 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:41:54.0458 5060 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:42:48.0637 4916 Deinitialize success

2nd log
17:49:58.0635 3832 Current date / time: 2012/08/21 17:49:58.0635
17:49:58.0635 3832 SystemInfo:
17:49:58.0635 3832
17:49:58.0635 3832 OS Version: 6.0.6002 ServicePack: 2.0
17:49:58.0635 3832 Product type: Workstation
17:49:58.0635 3832 ComputerName: DEFAULT
17:49:58.0635 3832 UserName: XXX
17:49:58.0635 3832 Windows directory: C:\Windows
17:49:58.0635 3832 System windows directory: C:\Windows
17:49:58.0635 3832 Running under WOW64
17:49:58.0635 3832 Processor architecture: Intel x64
17:49:58.0635 3832 Number of processors: 8
17:49:58.0635 3832 Page size: 0x1000
17:49:58.0635 3832 Boot type: Normal boot
17:49:58.0635 3832 ============================================================
17:50:01.0505 3832 BG loaded
17:50:01.0817 3832 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:50:01.0879 3832 ============================================================
17:50:01.0879 3832 \Device\Harddisk0\DR0:
17:50:01.0879 3832 MBR partitions:
17:50:01.0879 3832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
17:50:01.0879 3832 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
17:50:01.0879 3832 ============================================================
17:50:01.0973 3832 C: <-> \Device\Harddisk0\DR0\Partition2
17:50:02.0066 3832 D: <-> \Device\Harddisk0\DR0\Partition1
17:50:02.0066 3832 ============================================================
17:50:02.0066 3832 Initialize success
17:50:02.0066 3832 ============================================================
17:50:05.0764 4336 ============================================================
17:50:05.0764 4336 Scan started
17:50:05.0764 4336 Mode: Manual;
17:50:05.0764 4336 ============================================================
17:50:14.0717 4692 ============================================================
17:50:14.0717 4692 Scan started
17:50:14.0717 4692 Mode: Manual; TDLFS;
17:50:14.0717 4692 ============================================================
17:50:16.0339 4692 ================ Scan system memory ========================
17:50:16.0339 4692 System memory - ok
17:50:16.0339 4692 ================ Scan services =============================
17:50:19.0163 4692 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
17:50:19.0163 4692 ACPI - ok
17:50:19.0397 4692 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:50:19.0490 4692 adp94xx - ok
17:50:19.0584 4692 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:50:19.0693 4692 adpahci - ok
17:50:19.0724 4692 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
17:50:19.0740 4692 adpu160m - ok
17:50:19.0849 4692 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:50:19.0927 4692 adpu320 - ok
17:50:20.0021 4692 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:50:20.0021 4692 AeLookupSvc - ok
17:50:20.0161 4692 [ 233EE06F203F6FD78CCBB8E0D139A271 ] AERTFilters C:\Windows\system32\AERTSr64.exe
17:50:20.0161 4692 AERTFilters - ok
17:50:20.0411 4692 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
17:50:20.0426 4692 AFD - ok
17:50:20.0458 4692 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:50:20.0458 4692 agp440 - ok
17:50:20.0520 4692 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:50:20.0567 4692 aic78xx - ok
17:50:20.0598 4692 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
17:50:20.0598 4692 ALG - ok
17:50:20.0660 4692 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys
17:50:20.0692 4692 aliide - ok
17:50:20.0848 4692 [ B5E2434FC851698C1F119CF1C3935A50 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:50:20.0848 4692 AMD External Events Utility - ok
17:50:20.0910 4692 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
17:50:20.0941 4692 amdide - ok
17:50:21.0004 4692 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:50:21.0035 4692 AmdK8 - ok
17:50:23.0890 4692 [ 9E3B4946F7E1BCA0B763E19D81EDBF2C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:50:23.0952 4692 amdkmdag - ok
17:50:24.0217 4692 [ B9E1C7B7F1865F99B16FF2E1BB94EDB6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:50:24.0217 4692 amdkmdap - ok
17:50:24.0451 4692 [ F5761675DA9D15D7AE0E40907A8F4404 ] AmdLLD64 C:\Windows\system32\DRIVERS\AmdLLD64.sys
17:50:24.0451 4692 AmdLLD64 - ok
17:50:24.0748 4692 [ 71AFF825B960731E2AE366467BC0D1F3 ] Amfilter C:\Windows\system32\DRIVERS\Amfltx64.sys
17:50:24.0748 4692 Amfilter - ok
17:50:25.0060 4692 [ 8F1DB3D133197AFFA3A721953EB0988C ] Amusbprt C:\Windows\system32\DRIVERS\Amusbx64.sys
17:50:25.0060 4692 Amusbprt - ok
17:50:25.0356 4692 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
17:50:25.0356 4692 Appinfo - ok
17:50:25.0652 4692 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
17:50:25.0746 4692 arc - ok
17:50:25.0902 4692 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:50:26.0011 4692 arcsas - ok
17:50:26.0339 4692 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:50:26.0386 4692 AsyncMac - ok
17:50:26.0526 4692 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
17:50:26.0526 4692 atapi - ok
17:50:27.0041 4692 [ 1A872AB76D00F52643BB0F81792BBF3B ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys
17:50:27.0041 4692 AtiHDAudioService - ok
17:50:31.0612 4692 [ 9E3B4946F7E1BCA0B763E19D81EDBF2C ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:50:31.0674 4692 atikmdag - ok
17:50:32.0111 4692 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:50:32.0111 4692 AudioEndpointBuilder - ok
17:50:32.0282 4692 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:50:32.0282 4692 AudioSrv - ok
17:50:33.0250 4692 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
17:50:33.0250 4692 BcmSqlStartupSvc - ok
17:50:33.0250 4692 Beep - ok
17:50:34.0732 4692 [ E99F59342171101EE2446D0CD1A60A8D ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120811.003\BHDrvx64.sys
17:50:34.0747 4692 BHDrvx64 - ok
17:50:35.0168 4692 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
17:50:35.0184 4692 BITS - ok
17:50:35.0262 4692 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:50:35.0278 4692 blbdrive - ok
17:50:35.0340 4692 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:50:35.0340 4692 bowser - ok
17:50:35.0434 4692 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
17:50:35.0449 4692 BrFiltLo - ok
17:50:35.0527 4692 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
17:50:35.0558 4692 BrFiltUp - ok
17:50:35.0668 4692 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
17:50:35.0668 4692 Browser - ok
17:50:35.0746 4692 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
17:50:35.0824 4692 Brserid - ok
17:50:35.0855 4692 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
17:50:35.0855 4692 BrSerWdm - ok
17:50:35.0886 4692 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
17:50:35.0886 4692 BrUsbMdm - ok
17:50:35.0964 4692 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
17:50:35.0995 4692 BrUsbSer - ok
17:50:36.0073 4692 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:50:36.0089 4692 BTHMODEM - ok
17:50:36.0416 4692 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys
17:50:36.0416 4692 ccSet_N360 - ok
17:50:36.0432 4692 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:50:36.0432 4692 cdfs - ok
17:50:36.0494 4692 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:50:36.0494 4692 cdrom - ok
17:50:36.0572 4692 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
17:50:36.0572 4692 CertPropSvc - ok
17:50:36.0619 4692 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:50:36.0619 4692 circlass - ok
17:50:36.0728 4692 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
17:50:36.0728 4692 CLFS - ok
17:50:37.0118 4692 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:50:37.0134 4692 clr_optimization_v2.0.50727_32 - ok
17:50:37.0571 4692 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:50:37.0633 4692 clr_optimization_v2.0.50727_64 - ok
17:50:38.0351 4692 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:50:38.0366 4692 clr_optimization_v4.0.30319_32 - ok
17:50:38.0788 4692 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:50:38.0788 4692 clr_optimization_v4.0.30319_64 - ok
17:50:38.0834 4692 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:50:38.0834 4692 cmdide - ok
17:50:38.0834 4692 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:50:38.0834 4692 Compbatt - ok
17:50:38.0834 4692 COMSysApp - ok
17:50:38.0850 4692 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:50:38.0850 4692 crcdisk - ok
17:50:38.0897 4692 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:50:38.0897 4692 CryptSvc - ok
17:50:38.0959 4692 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:50:38.0959 4692 DcomLaunch - ok
17:50:39.0006 4692 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:50:39.0006 4692 DfsC - ok
17:50:39.0412 4692 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
17:50:39.0583 4692 DFSR - ok
17:50:39.0755 4692 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
17:50:39.0755 4692 Dhcp - ok
17:50:39.0833 4692 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
17:50:39.0864 4692 disk - ok
17:50:40.0348 4692 [ C27FC910BD278E45AD1EDAB316BD852F ] DlinkUDSMBus C:\Windows\syswow64\Drivers\DlinkUDSMBus.sys
17:50:40.0348 4692 DlinkUDSMBus - ok
17:50:40.0394 4692 [ 73C8D236AC3B3D65B624CE9CCC3C1D4B ] DlinkUDSTcpBus C:\Windows\syswow64\Drivers\DlinkUDSTcpBus.sys
17:50:40.0410 4692 DlinkUDSTcpBus - ok
17:50:40.0488 4692 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:50:40.0488 4692 Dnscache - ok
17:50:40.0550 4692 [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
17:50:40.0550 4692 DockLoginService - ok
17:50:40.0722 4692 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
17:50:40.0722 4692 dot3svc - ok
17:50:40.0816 4692 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
17:50:40.0816 4692 Dot4 - ok
17:50:40.0925 4692 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:50:40.0925 4692 Dot4Print - ok
17:50:41.0018 4692 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
17:50:41.0034 4692 dot4usb - ok
17:50:41.0096 4692 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
17:50:41.0096 4692 DPS - ok
17:50:41.0143 4692 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:50:41.0143 4692 drmkaud - ok
17:50:41.0221 4692 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:50:41.0237 4692 DXGKrnl - ok
17:50:41.0393 4692 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
17:50:41.0424 4692 e1express - ok
17:50:41.0502 4692 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
17:50:41.0518 4692 E1G60 - ok
17:50:41.0611 4692 [ B37F6853D6E0C6F5F8EFDE33E831B5F8 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
17:50:41.0611 4692 e1yexpress - ok
17:50:41.0689 4692 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
17:50:41.0689 4692 EapHost - ok
17:50:41.0783 4692 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
17:50:41.0830 4692 Ecache - ok
17:50:42.0017 4692 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
17:50:42.0017 4692 eeCtrl - ok
17:50:42.0126 4692 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:50:42.0126 4692 ehRecvr - ok
17:50:42.0204 4692 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
17:50:42.0204 4692 ehSched - ok
17:50:42.0235 4692 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
17:50:42.0235 4692 ehstart - ok
17:50:42.0313 4692 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:50:42.0329 4692 elxstor - ok
17:50:42.0438 4692 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
17:50:42.0438 4692 EMDMgmt - ok
17:50:42.0516 4692 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:50:42.0516 4692 EraserUtilRebootDrv - ok
17:50:42.0547 4692 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:50:42.0547 4692 ErrDev - ok
17:50:42.0625 4692 [ 3184759434D6BA5031AC221DF6765B86 ] EuMusDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\vrtaucbl.sys
17:50:42.0625 4692 EuMusDesignVirtualAudioCableWdm - ok
17:50:42.0766 4692 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
17:50:42.0766 4692 EventSystem - ok
17:50:42.0828 4692 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
17:50:42.0828 4692 exfat - ok
17:50:42.0890 4692 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:50:42.0890 4692 fastfat - ok
17:50:42.0922 4692 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:50:42.0922 4692 fdc - ok
17:50:42.0968 4692 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
17:50:42.0968 4692 fdPHost - ok
17:50:43.0000 4692 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
17:50:43.0000 4692 FDResPub - ok
17:50:43.0031 4692 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:50:43.0031 4692 FileInfo - ok
17:50:43.0046 4692 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:50:43.0046 4692 Filetrace - ok
17:50:43.0218 4692 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:50:43.0218 4692 FLEXnet Licensing Service - ok
17:50:43.0249 4692 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:50:43.0265 4692 flpydisk - ok
17:50:43.0358 4692 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:50:43.0358 4692 FltMgr - ok
17:50:43.0514 4692 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
17:50:43.0530 4692 FontCache - ok
17:50:43.0592 4692 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:50:43.0608 4692 FontCache3.0.0.0 - ok
17:50:43.0686 4692 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:50:43.0686 4692 Fs_Rec - ok
17:50:43.0686 4692 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:50:43.0702 4692 gagp30kx - ok
17:50:43.0811 4692 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
17:50:43.0811 4692 gpsvc - ok
17:50:43.0936 4692 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:50:43.0951 4692 gupdate - ok
17:50:43.0982 4692 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:50:43.0982 4692 gupdatem - ok
17:50:44.0154 4692 [ 98405343D7DCD330FE1B08C8F4C3900C ] HCW85BDA C:\Windows\system32\drivers\HCW85BDA.sys
17:50:44.0170 4692 HCW85BDA - ok
17:50:44.0248 4692 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:50:44.0248 4692 HdAudAddService - ok
17:50:44.0326 4692 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:50:44.0326 4692 HDAudBus - ok
17:50:44.0357 4692 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:50:44.0372 4692 HidBth - ok
17:50:44.0388 4692 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:50:44.0404 4692 HidIr - ok
17:50:44.0435 4692 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
17:50:44.0435 4692 hidserv - ok
17:50:44.0497 4692 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:50:44.0497 4692 HidUsb - ok
17:50:44.0528 4692 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
17:50:44.0544 4692 hkmsvc - ok
17:50:44.0560 4692 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
17:50:44.0575 4692 HpCISSs - ok
17:50:44.0606 4692 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:50:44.0622 4692 HTTP - ok
17:50:44.0638 4692 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
17:50:44.0638 4692 i2omp - ok
17:50:44.0669 4692 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:50:44.0669 4692 i8042prt - ok
17:50:44.0762 4692 [ FC28E90F2204D8FD147FA9BFA8A51C01 ] iaStor C:\Windows\system32\drivers\iastor.sys
17:50:44.0762 4692 iaStor - ok
17:50:44.0794 4692 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
17:50:44.0794 4692 iaStorV - ok
17:50:44.0950 4692 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:50:44.0965 4692 IDriverT - ok
17:50:45.0059 4692 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:50:45.0106 4692 idsvc - ok
17:50:45.0386 4692 [ CE0BF35C79E03BB89DA6B14FAC838605 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120818.001\IDSvia64.sys
17:50:45.0402 4692 IDSVia64 - ok
17:50:45.0433 4692 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:50:45.0433 4692 iirsp - ok
17:50:45.0496 4692 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
17:50:45.0496 4692 IKEEXT - ok
17:50:45.0589 4692 [ 358A23ACF3A78893EEACD4BEB20953D5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:50:45.0605 4692 IntcAzAudAddService - ok
17:50:45.0620 4692 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\DRIVERS\intelide.sys
17:50:45.0636 4692 intelide - ok
17:50:45.0652 4692 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:50:45.0652 4692 intelppm - ok
17:50:45.0683 4692 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:50:45.0683 4692 IPBusEnum - ok
17:50:45.0730 4692 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:50:45.0745 4692 IpFilterDriver - ok
17:50:45.0745 4692 IpInIp - ok
17:50:45.0745 4692 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
17:50:45.0776 4692 IPMIDRV - ok
17:50:45.0808 4692 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
17:50:45.0808 4692 IPNAT - ok
17:50:45.0823 4692 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:50:45.0823 4692 IRENUM - ok
17:50:45.0839 4692 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:50:45.0870 4692 isapnp - ok
17:50:45.0948 4692 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:50:45.0948 4692 iScsiPrt - ok
17:50:45.0979 4692 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
17:50:45.0995 4692 iteatapi - ok
17:50:46.0042 4692 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
17:50:46.0042 4692 iteraid - ok
17:50:46.0120 4692 [ 8F92E7FE65423535AD60445EB730EB61 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
17:50:46.0135 4692 ivusb - ok
17:50:46.0229 4692 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:50:46.0229 4692 kbdclass - ok
17:50:46.0260 4692 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:50:46.0260 4692 kbdhid - ok
17:50:46.0307 4692 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
17:50:46.0307 4692 KeyIso - ok
17:50:46.0369 4692 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:50:46.0400 4692 KSecDD - ok
17:50:46.0432 4692 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:50:46.0432 4692 ksthunk - ok
17:50:46.0619 4692 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
17:50:46.0619 4692 KtmRm - ok
17:50:46.0666 4692 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:50:46.0666 4692 LanmanServer - ok
17:50:46.0744 4692 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:50:46.0759 4692 LanmanWorkstation - ok
17:50:46.0759 4692 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:50:46.0759 4692 lltdio - ok
17:50:46.0853 4692 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:50:46.0868 4692 lltdsvc - ok
17:50:46.0868 4692 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:50:46.0884 4692 lmhosts - ok
17:50:46.0884 4692 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:50:46.0884 4692 LSI_FC - ok
17:50:46.0900 4692 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:50:46.0900 4692 LSI_SAS - ok
17:50:46.0915 4692 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:50:46.0915 4692 LSI_SCSI - ok
17:50:46.0915 4692 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
17:50:46.0915 4692 luafv - ok
17:50:46.0946 4692 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:50:46.0946 4692 Mcx2Svc - ok
17:50:46.0962 4692 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
17:50:46.0962 4692 megasas - ok
17:50:46.0993 4692 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
17:50:47.0009 4692 MegaSR - ok
17:50:47.0071 4692 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:50:47.0071 4692 Microsoft Office Groove Audit Service - ok
17:50:47.0102 4692 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
17:50:47.0102 4692 MMCSS - ok
17:50:47.0118 4692 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
17:50:47.0118 4692 Modem - ok
17:50:47.0134 4692 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:50:47.0134 4692 monitor - ok
17:50:47.0134 4692 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:50:47.0134 4692 mouclass - ok
17:50:47.0165 4692 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:50:47.0165 4692 mouhid - ok
17:50:47.0165 4692 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
17:50:47.0165 4692 MountMgr - ok
17:50:47.0196 4692 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
17:50:47.0196 4692 mpio - ok
17:50:47.0212 4692 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:50:47.0212 4692 mpsdrv - ok
17:50:47.0227 4692 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
17:50:47.0227 4692 Mraid35x - ok
17:50:47.0258 4692 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:50:47.0258 4692 MRxDAV - ok
17:50:47.0321 4692 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:50:47.0321 4692 mrxsmb - ok
17:50:47.0336 4692 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:50:47.0336 4692 mrxsmb10 - ok
17:50:47.0352 4692 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:50:47.0368 4692 mrxsmb20 - ok
17:50:47.0368 4692 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys
17:50:47.0383 4692 msahci - ok
17:50:47.0399 4692 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:50:47.0399 4692 msdsm - ok
17:50:47.0414 4692 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
17:50:47.0414 4692 MSDTC - ok
17:50:47.0430 4692 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:50:47.0430 4692 Msfs - ok
17:50:47.0446 4692 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:50:47.0446 4692 msisadrv - ok
17:50:47.0477 4692 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:50:47.0477 4692 MSiSCSI - ok
17:50:47.0477 4692 msiserver - ok
17:50:47.0477 4692 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:50:47.0477 4692 MSKSSRV - ok
17:50:47.0492 4692 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:50:47.0492 4692 MSPCLOCK - ok
17:50:47.0508 4692 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:50:47.0508 4692 MSPQM - ok
17:50:47.0555 4692 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:50:47.0555 4692 MsRPC - ok
17:50:47.0570 4692 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:50:47.0570 4692 mssmbios - ok
17:50:47.0617 4692 MSSQL$MSSMLBIZ - ok
17:50:47.0633 4692 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:50:47.0633 4692 MSSQLServerADHelper - ok
17:50:47.0648 4692 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:50:47.0648 4692 MSTEE - ok
17:50:47.0648 4692 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
17:50:47.0664 4692 Mup - ok
17:50:47.0804 4692 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.3.0.14\ccSvcHst.exe
17:50:47.0804 4692 N360 - ok
17:50:47.0836 4692 [ B5A7DED4455D6D694091827DC91FED99 ] NAL C:\Windows\system32\Drivers\iqvw64e.sys
17:50:47.0836 4692 NAL - ok
17:50:47.0882 4692 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
17:50:47.0882 4692 napagent - ok
17:50:47.0914 4692 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:50:47.0914 4692 NativeWifiP - ok
17:50:48.0007 4692 [ 149A9AD81BB327E892FA1ACB77722442 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120820.034\ENG64.SYS
17:50:48.0007 4692 NAVENG - ok
17:50:48.0070 4692 [ 4AF8750E71B549FEC5F6D1D01398CA69 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120820.034\EX64.SYS
17:50:48.0085 4692 NAVEX15 - ok
17:50:48.0132 4692 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:50:48.0148 4692 NDIS - ok
17:50:48.0163 4692 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:50:48.0163 4692 NdisTapi - ok
17:50:48.0163 4692 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:50:48.0163 4692 Ndisuio - ok
17:50:48.0194 4692 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:50:48.0194 4692 NdisWan - ok
17:50:48.0210 4692 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:50:48.0210 4692 NDProxy - ok
17:50:48.0257 4692 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:50:48.0257 4692 Net Driver HPZ12 - ok
17:50:48.0272 4692 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:50:48.0272 4692 NetBIOS - ok
17:50:48.0304 4692 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
17:50:48.0304 4692 netbt - ok
17:50:48.0304 4692 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
17:50:48.0304 4692 Netlogon - ok
17:50:48.0335 4692 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
17:50:48.0335 4692 Netman - ok
17:50:48.0350 4692 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
17:50:48.0350 4692 netprofm - ok
17:50:48.0397 4692 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:50:48.0397 4692 NetTcpPortSharing - ok
17:50:48.0413 4692 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:50:48.0413 4692 nfrd960 - ok
17:50:48.0428 4692 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
17:50:48.0428 4692 NlaSvc - ok
17:50:48.0460 4692 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:50:48.0460 4692 Npfs - ok
17:50:48.0475 4692 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
17:50:48.0475 4692 nsi - ok
17:50:48.0475 4692 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:50:48.0475 4692 nsiproxy - ok
17:50:48.0538 4692 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:50:48.0569 4692 Ntfs - ok
17:50:48.0584 4692 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
17:50:48.0584 4692 Null - ok
17:50:48.0600 4692 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:50:48.0600 4692 nvraid - ok
17:50:48.0600 4692 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:50:48.0600 4692 nvstor - ok
17:50:48.0616 4692 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:50:48.0616 4692 nv_agp - ok
17:50:48.0631 4692 NwlnkFlt - ok
17:50:48.0631 4692 NwlnkFwd - ok
17:50:48.0678 4692 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:50:48.0678 4692 odserv - ok
17:50:48.0725 4692 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:50:48.0725 4692 ohci1394 - ok
17:50:48.0772 4692 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:50:48.0772 4692 ose - ok
17:50:48.0818 4692 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
17:50:48.0834 4692 p2pimsvc - ok
17:50:48.0865 4692 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
17:50:48.0865 4692 p2psvc - ok
17:50:48.0912 4692 [ AD930193F413316F2B713B90F12AE767 ] PAC207 C:\Windows\system32\DRIVERS\PFC027.SYS
17:50:48.0928 4692 PAC207 - ok
17:50:48.0943 4692 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
17:50:48.0943 4692 Parport - ok
17:50:48.0974 4692 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:50:48.0974 4692 partmgr - ok
17:50:49.0006 4692 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
17:50:49.0006 4692 PcaSvc - ok
17:50:49.0052 4692 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
17:50:49.0052 4692 pci - ok
17:50:49.0099 4692 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
17:50:49.0099 4692 pciide - ok
17:50:49.0115 4692 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:50:49.0115 4692 pcmcia - ok
17:50:49.0130 4692 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:50:49.0130 4692 PEAUTH - ok
17:50:49.0193 4692 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:50:49.0193 4692 PerfHost - ok
17:50:49.0240 4692 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
17:50:49.0240 4692 pla - ok
17:50:49.0302 4692 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:50:49.0302 4692 PlugPlay - ok
17:50:49.0364 4692 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:50:49.0364 4692 Pml Driver HPZ12 - ok
17:50:49.0380 4692 PnkBstrA - ok
17:50:49.0411 4692 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
17:50:49.0427 4692 PNRPAutoReg - ok
17:50:49.0442 4692 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
17:50:49.0442 4692 PNRPsvc - ok
17:50:49.0552 4692 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:50:49.0552 4692 PolicyAgent - ok
17:50:49.0583 4692 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:50:49.0583 4692 PptpMiniport - ok
17:50:49.0598 4692 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
17:50:49.0614 4692 Processor - ok
17:50:49.0645 4692 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
17:50:49.0645 4692 ProfSvc - ok
17:50:49.0645 4692 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
17:50:49.0645 4692 ProtectedStorage - ok
17:50:49.0708 4692 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
17:50:49.0708 4692 PSched - ok
17:50:49.0739 4692 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
17:50:49.0739 4692 PxHlpa64 - ok
17:50:49.0770 4692 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:50:49.0786 4692 ql2300 - ok
17:50:49.0801 4692 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:50:49.0801 4692 ql40xx - ok
17:50:49.0817 4692 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
17:50:49.0832 4692 QWAVE - ok
17:50:49.0832 4692 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:50:49.0832 4692 QWAVEdrv - ok
17:50:50.0020 4692 [ 9E3B4946F7E1BCA0B763E19D81EDBF2C ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
17:50:50.0066 4692 R300 - ok
17:50:50.0129 4692 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
17:50:50.0129 4692 RapiMgr - ok
17:50:50.0144 4692 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:50:50.0144 4692 RasAcd - ok
17:50:50.0160 4692 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
17:50:50.0160 4692 RasAuto - ok
17:50:50.0207 4692 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:50:50.0207 4692 Rasl2tp - ok
17:50:50.0207 4692 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
17:50:50.0222 4692 RasMan - ok
17:50:50.0238 4692 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:50:50.0238 4692 RasPppoe - ok
17:50:50.0269 4692 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:50:50.0269 4692 RasSstp - ok
17:50:50.0316 4692 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:50:50.0316 4692 rdbss - ok
17:50:50.0316 4692 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:50:50.0316 4692 RDPCDD - ok
17:50:50.0347 4692 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
17:50:50.0347 4692 rdpdr - ok
17:50:50.0347 4692 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:50:50.0347 4692 RDPENCDD - ok
17:50:50.0378 4692 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:50:50.0394 4692 RDPWD - ok
17:50:50.0410 4692 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:50:50.0425 4692 RemoteAccess - ok
17:50:50.0456 4692 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:50:50.0472 4692 RemoteRegistry - ok
17:50:50.0488 4692 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
17:50:50.0488 4692 RpcLocator - ok
17:50:50.0534 4692 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
17:50:50.0534 4692 RpcSs - ok
17:50:50.0550 4692 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:50:50.0550 4692 rspndr - ok
17:50:50.0581 4692 [ 1BF56EF13988348F2AC8BD932FADEA0B ] RT73 C:\Windows\system32\DRIVERS\Dr71WU.sys
17:50:50.0581 4692 RT73 - ok
17:50:50.0597 4692 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
17:50:50.0597 4692 SamSs - ok
17:50:50.0597 4692 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:50:50.0597 4692 sbp2port - ok
17:50:50.0612 4692 SBRE - ok
17:50:50.0675 4692 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:50:50.0675 4692 SCardSvr - ok
17:50:50.0706 4692 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
17:50:50.0722 4692 Schedule - ok
17:50:50.0753 4692 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:50:50.0753 4692 SCPolicySvc - ok
17:50:50.0768 4692 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:50:50.0768 4692 SDRSVC - ok
17:50:50.0815 4692 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:50:50.0831 4692 SeaPort - ok
17:50:50.0831 4692 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:50:50.0831 4692 secdrv - ok
17:50:50.0831 4692 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
17:50:50.0846 4692 seclogon - ok
17:50:50.0846 4692 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
17:50:50.0846 4692 SENS - ok
17:50:50.0846 4692 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:50:50.0862 4692 Serenum - ok
17:50:50.0862 4692 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
17:50:50.0862 4692 Serial - ok
17:50:50.0878 4692 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:50:50.0878 4692 sermouse - ok
17:50:50.0893 4692 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
17:50:50.0893 4692 SessionEnv - ok
17:50:50.0909 4692 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:50:50.0909 4692 sffdisk - ok
17:50:50.0909 4692 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:50:50.0924 4692 sffp_mmc - ok
17:50:50.0924 4692 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:50:50.0924 4692 sffp_sd - ok
17:50:50.0924 4692 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:50:50.0940 4692 sfloppy - ok
17:50:50.0971 4692 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:50:50.0971 4692 ShellHWDetection - ok
17:50:50.0987 4692 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
17:50:50.0987 4692 SiSRaid2 - ok
17:50:50.0987 4692 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:50:50.0987 4692 SiSRaid4 - ok
17:50:51.0065 4692 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
17:50:51.0080 4692 slsvc - ok
17:50:51.0143 4692 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
17:50:51.0143 4692 SLUINotify - ok
17:50:51.0174 4692 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:50:51.0174 4692 Smb - ok
17:50:51.0190 4692 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:50:51.0190 4692 SNMPTRAP - ok
17:50:51.0221 4692 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
17:50:51.0221 4692 spldr - ok
17:50:51.0252 4692 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
17:50:51.0252 4692 Spooler - ok
17:50:51.0268 4692 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:50:51.0268 4692 SQLBrowser - ok
17:50:51.0330 4692 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:50:51.0330 4692 SQLWriter - ok
17:50:51.0424 4692 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0603000.00E\SRTSP64.SYS
17:50:51.0439 4692 SRTSP - ok
17:50:51.0470 4692 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0603000.00E\SRTSPX64.SYS
17:50:51.0470 4692 SRTSPX - ok
17:50:51.0502 4692 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
17:50:51.0502 4692 srv - ok
17:50:51.0548 4692 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:50:51.0548 4692 srv2 - ok
17:50:51.0580 4692 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:50:51.0580 4692 srvnet - ok
17:50:51.0595 4692 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:50:51.0611 4692 SSDPSRV - ok
17:50:51.0626 4692 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:50:51.0626 4692 SstpSvc - ok
17:50:51.0658 4692 Steam Client Service - ok
17:50:51.0704 4692 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
17:50:51.0704 4692 stisvc - ok
17:50:51.0751 4692 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
17:50:51.0751 4692 stllssvr - ok
17:50:51.0782 4692 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:50:51.0782 4692 swenum - ok
17:50:51.0814 4692 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
17:50:51.0829 4692 swprv - ok
17:50:51.0829 4692 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
17:50:51.0829 4692 Symc8xx - ok
17:50:51.0876 4692 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS
17:50:51.0876 4692 SymDS - ok
17:50:52.0048 4692 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS
17:50:52.0110 4692 SymEFA - ok
17:50:52.0157 4692 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
17:50:52.0157 4692 SymEvent - ok
17:50:52.0188 4692 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS
17:50:52.0188 4692 SymIRON - ok
17:50:52.0219 4692 [ A25FEE245C78804601D83431386A0BEE ] SYMTDIv C:\Windows\System32\Drivers\N360x64\0603000.00E\SYMTDIV.SYS
17:50:52.0219 4692 SYMTDIv - ok
17:50:52.0250 4692 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
17:50:52.0250 4692 Sym_hi - ok
17:50:52.0266 4692 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
17:50:52.0266 4692 Sym_u3 - ok
17:50:52.0297 4692 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
17:50:52.0313 4692 SysMain - ok
17:50:52.0360 4692 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:50:52.0360 4692 TabletInputService - ok
17:50:52.0406 4692 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:50:52.0406 4692 TapiSrv - ok
17:50:52.0422 4692 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
17:50:52.0422 4692 TBS - ok
17:50:52.0781 4692 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:50:52.0812 4692 Tcpip - ok
17:50:52.0828 4692 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
17:50:52.0843 4692 Tcpip6 - ok
17:50:52.0890 4692 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:50:52.0890 4692 tcpipreg - ok
17:50:52.0921 4692 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:50:52.0952 4692 TDPIPE - ok
17:50:52.0984 4692 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:50:52.0984 4692 TDTCP - ok
17:50:53.0015 4692 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:50:53.0015 4692 tdx - ok
17:50:53.0077 4692 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:50:53.0077 4692 TermDD - ok
17:50:53.0249 4692 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
17:50:53.0249 4692 TermService - ok
17:50:53.0264 4692 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
17:50:53.0264 4692 Themes - ok
17:50:53.0296 4692 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
17:50:53.0296 4692 THREADORDER - ok
17:50:53.0296 4692 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
17:50:53.0296 4692 TrkWks - ok
17:50:53.0436 4692 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:50:53.0436 4692 TrustedInstaller - ok
17:50:53.0483 4692 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:50:53.0514 4692 tssecsrv - ok
17:50:53.0545 4692 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
17:50:53.0545 4692 tunmp - ok
17:50:53.0576 4692 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:50:53.0576 4692 tunnel - ok
17:50:53.0623 4692 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:50:53.0639 4692 uagp35 - ok
17:50:53.0670 4692 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:50:53.0686 4692 udfs - ok
17:50:53.0701 4692 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:50:53.0701 4692 UI0Detect - ok
17:50:53.0717 4692 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:50:53.0717 4692 uliagpkx - ok
17:50:53.0748 4692 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
17:50:53.0748 4692 uliahci - ok
17:50:53.0764 4692 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
17:50:53.0764 4692 UlSata - ok
17:50:53.0779 4692 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
17:50:53.0795 4692 ulsata2 - ok
17:50:53.0810 4692 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:50:53.0810 4692 umbus - ok
17:50:53.0810 4692 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
17:50:53.0826 4692 upnphost - ok
17:50:53.0857 4692 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:50:53.0873 4692 usbaudio - ok
17:50:53.0904 4692 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:50:53.0920 4692 usbccgp - ok
17:50:53.0966 4692 [ 8C39D53E1A343F4C47EE8F3C052126D8 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
17:50:53.0982 4692 usbcir - ok
17:50:54.0013 4692 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:50:54.0013 4692 usbehci - ok
17:50:54.0060 4692 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:50:54.0060 4692 usbhub - ok
17:50:54.0076 4692 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:50:54.0091 4692 usbohci - ok
17:50:54.0122 4692 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:50:54.0122 4692 usbprint - ok
17:50:54.0169 4692 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:50:54.0169 4692 usbscan - ok
17:50:54.0216 4692 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:50:54.0216 4692 USBSTOR - ok
17:50:54.0247 4692 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:50:54.0247 4692 usbuhci - ok
17:50:54.0278 4692 [ 1E36BB1A3C5AAF2AA9FA9A126DF8C16C ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
17:50:54.0278 4692 usb_rndisx - ok
17:50:54.0310 4692 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
17:50:54.0325 4692 UxSms - ok
17:50:54.0356 4692 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
17:50:54.0372 4692 vds - ok
17:50:54.0388 4692 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:50:54.0388 4692 vga - ok
17:50:54.0388 4692 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:50:54.0388 4692 VgaSave - ok
17:50:54.0403 4692 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
17:50:54.0403 4692 viaide - ok
17:50:54.0466 4692 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
17:50:54.0466 4692 Viewpoint Manager Service - ok
17:50:54.0497 4692 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:50:54.0512 4692 volmgr - ok
17:50:54.0544 4692 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:50:54.0575 4692 volmgrx - ok
17:50:54.0622 4692 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:50:54.0622 4692 volsnap - ok
17:50:54.0637 4692 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:50:54.0637 4692 vsmraid - ok
17:50:54.0700 4692 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
17:50:54.0700 4692 VSS - ok
17:50:54.0746 4692 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
17:50:54.0746 4692 W32Time - ok
17:50:54.0762 4692 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:50:54.0778 4692 WacomPen - ok
17:50:54.0809 4692 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
17:50:54.0809 4692 Wanarp - ok
17:50:54.0809 4692 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:50:54.0809 4692 Wanarpv6 - ok
17:50:54.0856 4692 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
17:50:54.0856 4692 WcesComm - ok
17:50:54.0871 4692 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:50:54.0871 4692 wcncsvc - ok
17:50:54.0887 4692 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:50:54.0887 4692 WcsPlugInService - ok
17:50:54.0902 4692 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
17:50:54.0918 4692 Wd - ok
17:50:54.0934 4692 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:50:54.0949 4692 Wdf01000 - ok
17:50:54.0965 4692 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:50:54.0965 4692 WdiServiceHost - ok
17:50:54.0965 4692 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:50:54.0965 4692 WdiSystemHost - ok
17:50:54.0980 4692 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
17:50:54.0980 4692 WebClient - ok
17:50:55.0027 4692 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:50:55.0027 4692 Wecsvc - ok
17:50:55.0027 4692 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:50:55.0027 4692 wercplsupport - ok
17:50:55.0043 4692 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
17:50:55.0043 4692 WerSvc - ok
17:50:55.0043 4692 WinHttpAutoProxySvc - ok
17:50:55.0105 4692 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:50:55.0105 4692 Winmgmt - ok
17:50:55.0168 4692 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
17:50:55.0183 4692 WinRM - ok
17:50:55.0214 4692 [ 7F2F9E48566B2087F2AAAD258CB2A8D4 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
17:50:55.0214 4692 winusb - ok
17:50:55.0261 4692 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:50:55.0261 4692 Wlansvc - ok
17:50:55.0355 4692 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:50:55.0370 4692 wlidsvc - ok
17:50:55.0386 4692 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:50:55.0386 4692 WmiAcpi - ok
17:50:55.0417 4692 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:50:55.0417 4692 wmiApSrv - ok
17:50:55.0448 4692 WMPNetworkSvc - ok
17:50:55.0464 4692 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:50:55.0464 4692 WPCSvc - ok
17:50:55.0495 4692 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:50:55.0495 4692 WPDBusEnum - ok
17:50:55.0526 4692 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
17:50:55.0526 4692 WpdUsb - ok
17:50:55.0651 4692 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:50:55.0651 4692 WPFFontCache_v0400 - ok
17:50:55.0667 4692 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:50:55.0667 4692 ws2ifsl - ok
17:50:55.0667 4692 WSearch - ok
17:50:55.0729 4692 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:50:55.0745 4692 wuauserv - ok
17:50:55.0807 4692 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:50:55.0807 4692 wudfsvc - ok
17:50:55.0870 4692 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
17:50:55.0870 4692 xusb21 - ok
17:50:55.0885 4692 ================ Scan global ===============================
17:50:55.0916 4692 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
17:50:55.0948 4692 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
17:50:55.0963 4692 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
17:50:56.0010 4692 [ E2D076F2C1239AA6C7412BA6B8B1DE4E ] C:\Windows\system32\services.exe
17:50:56.0010 4692 [Global] - ok
17:50:56.0010 4692 ================ Scan MBR ==================================
17:50:56.0026 4692 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
17:50:58.0225 4692 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:50:58.0225 4692 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:50:58.0225 4692 ================ Scan VBR ==================================
17:50:58.0241 4692 [ 44DDE21E0422D060A46DC4AB4B5FD145 ] \Device\Harddisk0\DR0\Partition1
17:50:58.0241 4692 \Device\Harddisk0\DR0\Partition1 - ok
17:50:58.0272 4692 [ 82A52E35ADD02F736211E151567B3098 ] \Device\Harddisk0\DR0\Partition2
17:50:58.0288 4692 \Device\Harddisk0\DR0\Partition2 - ok
17:50:58.0288 4692 ============================================================
17:50:58.0288 4692 Scan finished
17:50:58.0288 4692 ============================================================
17:50:58.0288 4684 Detected object count: 1
17:50:58.0288 4684 Actual detected object count: 1
17:51:02.0000 4684 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:51:02.0000 4684 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:51:04.0840 0840 Deinitialize success

#4 themostconfusedman

themostconfusedman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 21 August 2012 - 11:19 PM

Link finally worked, must've been down for a bit. Here is the avast mbr scan log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-21 23:37:09
-----------------------------
23:37:09.117 OS Version: Windows x64 6.0.6002 Service Pack 2
23:37:09.117 Number of processors: 8 586 0x1A04
23:37:09.117 ComputerName: DEFAULT UserName: XXX
23:37:12.955 Initialize success
23:39:08.902 AVAST engine defs: 12082100
23:39:33.129 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:39:33.129 Disk 0 Vendor: WDC_WD5000AAKS-75A7B2 01.03B01 Size: 476940MB BusType: 3
23:39:33.129 Disk 0 MBR read successfully
23:39:33.129 Disk 0 MBR scan
23:39:33.145 Disk 0 Windows VISTA default MBR code
23:39:33.145 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
23:39:33.145 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
23:39:33.160 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461899 MB offset 30801920
23:39:33.191 Disk 0 scanning C:\Windows\system32\drivers
23:39:45.001 Service scanning
23:40:12.254 Modules scanning
23:40:12.254 Disk 0 trace - called modules:
23:40:12.269 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:40:12.769 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800792e4f0]
23:40:12.769 3 CLASSPNP.SYS[fffffa6000dbac33] -> nt!IofCallDriver -> [0xfffffa80065a9520]
23:40:12.769 5 acpi.sys[fffffa6000900fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80065a6060]
23:40:15.733 AVAST engine scan C:\Windows
23:40:19.055 AVAST engine scan C:\Windows\system32
23:43:44.619 AVAST engine scan C:\Windows\system32\drivers
23:43:58.830 AVAST engine scan C:\Users\XXX
23:57:26.130 AVAST engine scan C:\ProgramData
00:11:34.713 Scan finished successfully
00:17:43.092 Disk 0 MBR has been saved successfully to "C:\Users\XXX\Desktop\MBR.dat"
00:17:43.108 The log file has been saved successfully to "C:\Users\XXX\Desktop\aswMBR.txt"

Edited by themostconfusedman, 21 August 2012 - 11:19 PM.


#5 themostconfusedman

themostconfusedman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 22 August 2012 - 02:30 AM

And finally, the Eset log. It seems like it picked up even more stuff this time than last scan I ran. It is at least no longer in the operating memory after running td killer.

C:\TDSSKiller_Quarantine\21.08.2012_17.35.57\zasubsys0000\file0000\tsk0000.dta Win64/Patched.B trojan
C:\TDSSKiller_Quarantine\21.08.2012_17.35.57\zasubsys0000\zafs0000\tsk0000.dta Win32/Sirefef.EZ trojan
C:\TDSSKiller_Quarantine\21.08.2012_17.35.57\zasubsys0000\zafs0000\tsk0001.dta Win64/Sirefef.AD trojan

So what do you suggest I do next? Is it okay that those are in the quarentine, or will they escape somehow again?

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:20 PM

Posted 22 August 2012 - 04:16 AM

They will not.Delete the TDSSkiller quarantine folder

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#7 themostconfusedman

themostconfusedman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 22 August 2012 - 01:27 PM

Malware scan log - rest will follow after I restart computer.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.22.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
XXX :: DEFAULT [administrator]

8/22/2012 12:04:22 PM
mbam-log-2012-08-22 (12-04-22).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 546568
Time elapsed: 1 hour(s), 56 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 themostconfusedman

themostconfusedman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 22 August 2012 - 10:54 PM

Finally finished the second avast mbr scan. See below for log, I am not really sure how to tell if it is picking up any problems. It was a quick scan, not a full one since that one froze after 6 hours. Additionally logs to follow as soon as available.
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-22 20:46:33
-----------------------------
20:46:33.470 OS Version: Windows x64 6.0.6002 Service Pack 2
20:46:33.470 Number of processors: 8 586 0x1A04
20:46:33.471 ComputerName: DEFAULT UserName: XXX
20:46:39.503 Initialize success
20:47:06.544 AVAST engine defs: 12082100
20:47:18.681 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:47:18.682 Disk 0 Vendor: WDC_WD5000AAKS-75A7B2 01.03B01 Size: 476940MB BusType: 3
20:47:18.921 Disk 0 MBR read successfully
20:47:18.923 Disk 0 MBR scan
20:47:18.926 Disk 0 Windows VISTA default MBR code
20:47:18.974 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:47:19.017 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
20:47:19.063 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461899 MB offset 30801920
20:47:19.298 Disk 0 scanning C:\Windows\system32\drivers
20:48:39.175 Service scanning
20:49:00.872 Modules scanning
20:49:00.876 Disk 0 trace - called modules:
20:49:00.915 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:49:01.240 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078ac790]
20:49:01.243 3 CLASSPNP.SYS[fffffa60011d3c33] -> nt!IofCallDriver -> [0xfffffa800658e520]
20:49:01.247 5 acpi.sys[fffffa60008fefde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800658a520]
20:49:13.017 AVAST engine scan C:\Windows
20:51:26.741 AVAST engine scan C:\Windows\system32
21:06:39.045 AVAST engine scan C:\Windows\system32\drivers
21:11:27.019 AVAST engine scan C:\Users\XXX
22:35:14.353 AVAST engine scan C:\ProgramData
23:36:21.137 Scan finished successfully
23:53:07.814 Disk 0 MBR has been saved successfully to "C:\Users\XXX\Desktop\MBR.dat"
23:53:07.818 The log file has been saved successfully to "C:\Users\XXX\Desktop\MBR scan 2.txt"

#9 themostconfusedman

themostconfusedman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 22 August 2012 - 11:13 PM

Below is minitoolbox log, I changed my IP to XXXs for privacy.

MiniToolBox by Farbar Version: 23-07-2012
Ran by XXX (administrator) on 22-08-2012 at 23:58:10
Windows ™ Vista Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15248 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================



# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Default
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : nyc.rr.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : nyc.rr.com
Description . . . . . . . . . . . : Intel® 82567LF-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-21-9B-23-FE-XX
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e83d:d463:716c:8543%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.XXX.0.XXX(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, August 22, 2012 2:32:56 PM
Lease Expires . . . . . . . . . . : Thursday, August 23, 2012 2:32:54 PM
Default Gateway . . . . . . . . . : 192.XXX.0.1
DHCP Server . . . . . . . . . . . : 192.XXX.0.1
DHCPv6 IAID . . . . . . . . . . . : 251666843
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-26-02-E1-00-21-9B-23-FE-DC
DNS Servers . . . . . . . . . . . : 192.XXX.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.nyc.rr.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.XXX.0.1

Name: google.com
Addresses: 2607:f8b0:4004:800::1000
74.125.228.97
74.125.228.98
74.125.228.99
74.125.228.100
74.125.228.101
74.125.228.102
74.125.228.103
74.125.228.104
74.125.228.105
74.125.228.110
74.125.228.96



Pinging google.com [74.125.228.101] with 32 bytes of data:

Reply from 74.125.228.101: bytes=32 time=15ms TTL=54

Reply from 74.125.228.101: bytes=32 time=16ms TTL=54



Ping statistics for 74.125.228.101:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 15ms, Maximum = 16ms, Average = 15ms

Server: UnKnown
Address: 192.XXX.0.1

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=86ms TTL=52

Reply from 72.30.38.140: bytes=32 time=86ms TTL=52



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 86ms, Maximum = 86ms, Average = 86ms

Server: UnKnown
Address: 192.XXX.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 21 9b 23 fe dc ...... Intel® 82567LF-2 Gigabit Network Connection
1 ........................... Software Loopback Interface 1
18 ...00 00 00 00 00 00 00 e0 isatap.nyc.rr.com
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
17 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.X 192.XXX.0.XXX 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.XXX.0.X 255.255.255.0 On-link 192.XXX.0.XXX 266
192.XXX.0.XXX 255.255.255.255 On-link 192.XXX.0.XXX 266
192.XXX.0.XXX 255.255.255.255 On-link 192.XXX.0.XXX 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.XXX.0.XXX 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.XXX.0.XXX 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 266 fe80::/64 On-link
11 266 fe80::e83d:d463:716c:8543/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/22/2012 10:28:24 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (08/22/2012 10:28:24 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (08/22/2012 02:34:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (08/22/2012 02:33:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (08/22/2012 02:33:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (08/22/2012 02:33:12 PM) (Source: WinMgmt) (User: )
Description: 0x8007007e

Error: (08/22/2012 00:22:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (08/22/2012 00:22:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (08/22/2012 00:00:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (08/22/2012 00:00:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.


System errors:
=============
Error: (08/22/2012 02:36:17 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424

Error: (08/21/2012 05:47:44 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424

Error: (08/21/2012 01:35:54 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424

Error: (08/21/2012 01:30:53 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424

Error: (08/21/2012 01:27:47 PM) (Source: Service Control Manager) (User: )
Description: Beep
SBRE

Error: (08/21/2012 01:27:47 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (08/21/2012 01:27:47 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (08/21/2012 01:27:47 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (08/20/2012 07:04:01 AM) (Source: Service Control Manager) (User: )
Description: 30000TrkWks

Error: (08/20/2012 07:03:31 AM) (Source: Service Control Manager) (User: )
Description: 30000SysMain


Microsoft Office Sessions:
=========================
Error: (04/12/2010 01:13:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 397 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 6.2.2)
AMD APP SDK Runtime (Version: 10.0.851.4)
AMD Catalyst Install Manager (Version: 3.0.859.0)
ccc-utility64 (Version: 2008.0728.2151.37274)
ccc-utility64 (Version: 2010.0825.2146.37182)
ccc-utility64 (Version: 2010.0930.2237.38732)
ccc-utility64 (Version: 2011.1205.2215.39827)
CCleaner (Version: 3.20)
Dell Dock (Version: 1.0.0)
Google Chrome (Version: 21.0.1180.83)
HP OfficeJet J3600 (Version: 14.0)
Intel® Network Connections 13.1.33.0 (Version: 13.1.33.0)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Recuva (Version: 1.43)
rev2546
Virtual Audio Cable 4.10
VistaCodecs x64 Components v1.7.0 (Version: 1.7.0)
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Mobile Device Center (Version: 6.1.6965.0)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 60%
Total physical RAM: 6134.26 MB
Available physical RAM: 2427.07 MB
Total Pagefile: 12380.03 MB
Available Pagefile: 8649.3 MB
Total Virtual: 4095.88 MB
Available Virtual: 3993.61 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:33.26 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.46 GB) NTFS

========================= Users: ========================================

User accounts for \\DEFAULT

Administrator ASPNET Guest
XXX


**** End of log ****

#10 themostconfusedman

themostconfusedman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 22 August 2012 - 11:17 PM

Farbar Service Scanner Version: 06-08-2012
Ran by XXX (administrator) on 23-08-2012 at 00:15:29
Running from "C:\Users\Joel\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-09-17 00:34] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-14 20:37] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 04:43] - [2012-03-30 08:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-14 23:52] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-09-17 00:34] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-09-17 00:33] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-09-17 00:34] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-09-17 00:33] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-09-17 00:34] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-09-17 00:35] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-09-17 00:34] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-13 14:27] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-09-17 00:34] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

#11 themostconfusedman

themostconfusedman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 22 August 2012 - 11:53 PM

Last log! Let me know what I should do next, if I should run ESET scanner again or something since that seems to be the only thing that was detecting the viruses besides tdsskiller. Again, thanks for your help and sorry it took so long to run these scans.

# AdwCleaner v1.801 - Logfile created 08/23/2012 at 00:21:06
# Updated 14/08/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : XXX - DEFAULT
# Boot Mode : Normal
# Running from : C:\Users\XXX\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Viewpoint Manager Service

***** [Files / Folders] *****

Deleted on reboot : C:\Users\XXX\AppData\LocalLow\Viewpoint
Deleted on reboot : C:\ProgramData\Viewpoint
Deleted on reboot : C:\Program Files (x86)\Viewpoint
Deleted on reboot : C:\Program Files (x86)\Common Files\Software Update Utility
File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Viewpoint
[x64] Key Deleted : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v3.5.10 (en-US)

Profile name : default
File : C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\2hwg9pf4.default\prefs.js

C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\2hwg9pf4.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3932 octets] - [23/08/2012 00:21:06]

########## EOF - C:\AdwCleaner[S1].txt - [4060 octets] ##########

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:20 PM

Posted 23 August 2012 - 12:14 AM

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the new FSS log


download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#13 themostconfusedman

themostconfusedman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 23 August 2012 - 01:42 AM

New FSS log:
Farbar Service Scanner Version: 06-08-2012
Ran by XXX (administrator) on 23-08-2012 at 02:40:46
Running from "C:\Users\XXX\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-09-17 00:34] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-14 20:37] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 04:43] - [2012-03-30 08:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-14 23:52] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-09-17 00:34] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-09-17 00:33] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-09-17 00:34] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-09-17 00:33] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-09-17 00:34] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-09-17 00:35] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-09-17 00:34] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-13 14:27] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-09-17 00:34] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

#14 themostconfusedman

themostconfusedman
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 23 August 2012 - 01:46 AM

Rkill 2.3.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/23/2012 02:44:00 AM in x64 mode.
Windows Version: Windows Vista Service Pack 2

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Possibly Patched Files.

* C:\Windows\system32\services.exe

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@" was reset to comfile!


Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]
* C:\Users\XXX\AppData\Local\{9a8d8245-9d94-c9de-a7ee-87dc52a166a0}\ [ZA Dir]
* C:\Users\XXX\AppData\Local\{9a8d8245-9d94-c9de-a7ee-87dc52a166a0}\L\ [ZA Dir]
* C:\Users\XXX\AppData\Local\{9a8d8245-9d94-c9de-a7ee-87dc52a166a0}\U\ [ZA Dir]
* C:\Windows\installer\{9a8d8245-9d94-c9de-a7ee-87dc52a166a0}\ [ZA Dir]
* C:\Windows\installer\{9a8d8245-9d94-c9de-a7ee-87dc52a166a0}\L\ [ZA Dir]
* C:\Windows\installer\{9a8d8245-9d94-c9de-a7ee-87dc52a166a0}\L\00000004.@ [ZA File]
* C:\Windows\installer\{9a8d8245-9d94-c9de-a7ee-87dc52a166a0}\L\201d3dde [ZA File]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\Windows\System32\services.exe [NoSig]
+-> C:\Windows\erdnt\cache64\services.exe : 384,512 : 07/02/2012 05:33 PM : 934e0b7d77ff78c18d9f8891221b6de3 [Pos Repl]
+-> C:\Windows\SysWOW64\services.exe : 279,552 : 04/11/2009 00:27 AM : d4e6d91c1349b7bfb3599a6ada56851b [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe : 384,512 : 01/20/2008 09:49 PM : dfac660f0f139276cc9299812de42719 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe : 384,512 : 04/11/2009 09:10 AM : 934e0b7d77ff78c18d9f8891221b6de3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe : 279,040 : 01/20/2008 09:50 PM : 2b336ab6286d6c81fa02cbab914e3c6c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe : 279,552 : 04/11/2009 09:27 AM : d4e6d91c1349b7bfb3599a6ada56851b [Pos Repl]

Program finished at: 08/23/2012 02:45:08 AM
Execution time: 0 hours(s), 1 minute(s), and 8 seconds(s)

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:20 PM

Posted 23 August 2012 - 05:45 AM

Download

windefend

Launch it,click YES

Restart the PC and run RKILL again and post the new log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users