Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Malware problem


  • Please log in to reply
12 replies to this topic

#1 D_ingo

D_ingo

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 10 June 2013 - 06:47 PM

Hi guys 

I am totally new here and have a huge problem.

 

I noticed that my data allowance dropped in 2-3 days to zero and I was asking myself why.

There is 100% data going from this pc even if I do not use the web.

 

There is norton 360 installed and I also used the free version of malwarebytes which detected 3 rootkit zero access files.

 

The Pc is still not 100% , if I connect to the net Malwarebytes detects and blocks ip addresses incoming and outgoing 

 

Any help is much appreciated!

 

Thanks Ingo

 

Moderator edit: Moved from the logs forum to the More appropriate forum

Roger


Edited by rotor123, 10 June 2013 - 08:25 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:19 PM

Posted 10 June 2013 - 08:44 PM

Hello D_ingo,
Can you run these next.

If needed to complete the scans use Safe Mode with Networking as a boot option.


Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 D_ingo

D_ingo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 10 June 2013 - 09:24 PM

Thanks getting back to me so quickly

 

below is the mini tool box result 

I will work through the other tasks as well

 

MiniToolBox by Farbar  Version:21-04-2013
Ran by User (administrator) on 11-06-2013 at 12:19:18
Running from "C:\Documents and Settings\User\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.

Windows IP Configuration

 

        Host Name . . . . . . . . . . . . : dell

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Mixed

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

 

Ethernet adapter Local Area Connection:

 

        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

        Physical Address. . . . . . . . . : 00-18-8B-24-CC-0B

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.0.104

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.0.1

        DHCP Server . . . . . . . . . . . : 192.168.0.1

        DNS Servers . . . . . . . . . . . : 192.168.0.1

        Lease Obtained. . . . . . . . . . : Tuesday, 11 June 2013 12:11:34 PM

        Lease Expires . . . . . . . . . . : Wednesday, 12 June 2013 12:11:34 PM

 

Pinging google.com [74.125.237.6] with 32 bytes of data:

 

Reply from 74.125.237.6: bytes=32 time=653ms TTL=54

Reply from 74.125.237.6: bytes=32 time=806ms TTL=54

 

Ping statistics for 74.125.237.6:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 653ms, Maximum = 806ms, Average = 729ms

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

 

Reply from 206.190.36.45: bytes=32 time=906ms TTL=44

Reply from 206.190.36.45: bytes=32 time=840ms TTL=43

 

Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 840ms, Maximum = 906ms, Average = 873ms

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 8b 24 cc 0b ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1   192.168.0.104   20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
      192.168.0.0    255.255.255.0    192.168.0.104   192.168.0.104   20
    192.168.0.104  255.255.255.255        127.0.0.1       127.0.0.1   20
    192.168.0.255  255.255.255.255    192.168.0.104   192.168.0.104   20
        224.0.0.0        240.0.0.0    192.168.0.104   192.168.0.104   20
  255.255.255.255  255.255.255.255    192.168.0.104   192.168.0.104   1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog9 01 mswsock.dll [File not found] ()
Catalog9 02 mswsock.dll [File not found] ()
Catalog9 03 mswsock.dll [File not found] ()
Catalog9 04 mswsock.dll [File not found] ()
Catalog9 05 mswsock.dll [File not found] ()
Catalog9 06 mswsock.dll [File not found] ()
Catalog9 07 mswsock.dll [File not found] ()
Catalog9 08 mswsock.dll [File not found] ()
Catalog9 09 mswsock.dll [File not found] ()
Catalog9 10 mswsock.dll [File not found] ()
Catalog9 11 mswsock.dll [File not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/10/2013 02:25:27 PM) (Source: Application Hang) (User: )
Description: Hanging application OUTLOOK.EXE, version 12.0.6212.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/10/2013 02:24:18 PM) (Source: Application Hang) (User: )
Description: Hanging application OUTLOOK.EXE, version 12.0.6212.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/10/2013 02:22:32 PM) (Source: Application Hang) (User: )
Description: Hanging application OUTLOOK.EXE, version 12.0.6212.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/10/2013 01:04:08 PM) (Source: Application Hang) (User: )
Description: Hanging application OUTLOOK.EXE, version 12.0.6212.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/10/2013 01:01:55 PM) (Source: Microsoft Office 12) (User: )
Description: EventType officelifeboathang, P1 outlook.exe, P2 12.0.6212.1000, P3 ntdll.dll, P4 5.1.2600.5512, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1.

Error: (06/09/2013 08:34:16 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/07/2013 10:48:42 AM) (Source: Windows Search Service) (User: )
Description: Notifications for the volume e:\ are not active.

Context: Windows Application

Details:
 The device is not ready.   (0x80070015)

Error: (06/06/2013 11:11:50 AM) (Source: Application Hang) (User: )
Description: Hanging application QBW32.EXE, version 20.0.4001.1150, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/06/2013 11:10:56 AM) (Source: Application Hang) (User: )
Description: Hanging application QBW32.EXE, version 20.0.4001.1150, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/06/2013 11:09:30 AM) (Source: Application Hang) (User: )
Description: Hanging application QBW32.EXE, version 20.0.4001.1150, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (06/11/2013 00:19:25 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (06/11/2013 00:19:24 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (06/11/2013 00:19:24 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (06/11/2013 00:19:24 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (06/11/2013 00:19:24 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (06/11/2013 00:19:23 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (06/11/2013 00:19:23 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (06/11/2013 00:19:23 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (06/11/2013 00:19:23 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (06/11/2013 00:19:23 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Microsoft Office Sessions:
=========================
Error: (05/28/2013 02:10:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 17 seconds with 0 seconds of active time.  This session ended with a crash.

=========================== Installed Programs ============================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.2.443)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0)
Adobe AIR (Version: 1.1.0.5790)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Asset Services CS4 (Version: 4)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Recommended Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Extra Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe Creative Suite 4 Design Premium (Version: 4.0)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Dreamweaver CS4 (Version: 10.0)
Adobe Drive CS4 (Version: 1)
Adobe Dynamiclink Support (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Fireworks CS4 (Version: 10.0)
Adobe Flash CS4 (Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0)
Adobe Flash CS4 STI-en (Version: 10.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Fonts All (Version: 2.0)
Adobe Illustrator CS4 (Version: 14.0)
Adobe InDesign CS4 (Version: 6.0)
Adobe InDesign CS4 Application Feature Set Files (Roman) (Version: 6.0)
Adobe InDesign CS4 Common Base Files (Version: 6.0)
Adobe InDesign CS4 Icon Handler (Version: 6.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Encoder CS4 (Version: 1.0)
Adobe Media Encoder CS4 Importer (Version: 1.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Reader 9.5.5 (Version: 9.5.5)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe SGM CS4 (Version: 3.0)
Adobe SING CS4 (Version: 2.0)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe Version Cue CS4 Server (Version: 4.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Broadcom Gigabit Integrated Controller (Version: 10.50.03)
Brother MFL-Pro Suite (Version: 1.00)
Carbonite Online Backup Setup (Version: 3.8.0)
Connect (Version: 1.0.0.1)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 16 (Version: 6.0.160)
K-Lite Codec Pack 4.5.3 (Standard) (Version: 4.5.3)
kuler (Version: 2.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 (Version: 3.0.04506.30)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Professional Plus 2007 (Version: 12.0.6215.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.4518.1014)
Microsoft SQL Server Desktop Engine (STARTRACK) (Version: 8.00.760)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Mozilla Firefox (3.5) (Version: 3.5 (en-US))
Mozilla Thunderbird (2.0.0.23) (Version: 2.0.0.23 (en-US))
MSVCRT (Version: 14.0.1468.721)
MSXML 6.0 Parser (KB925673) (Version: 6.00.3888.0)
Norton 360 (Version: 3.8.3.6)
PaperPort Image Printer (Version: 1.00.0000)
PDF Settings CS4 (Version: 9.0)
Photoshop Camera Raw (Version: 5.0)
Pixel Bender Toolkit (Version: 1.0)
QuickBooks Plus 2011-12 (Version: )
QuickTime (Version: 7.65.17.80)
ScanSoft PaperPort 11 (Version: 11.1.0000)
Seagate Manager Installer (Version: 2.01.0700)
Segoe UI (Version: 14.0.4327.805)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.3 (Version: 6.3.107)
SoundMAX (Version: 5.10.01.4542)
Suite Shared Configuration CS4 (Version: 1.0)
the Borland Database Engine
Update for Windows Internet Explorer 8 (KB978506) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
VLC media player 1.0.2 (Version: 1.0.2)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.63 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Communication Foundation (Version: 3.0.04506.30)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows Workflow Foundation (Version: 3.0.4203.2)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 3061.54 MB
Available physical RAM: 1420.89 MB
Total Pagefile: 4425.31 MB
Available Pagefile: 2917.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.53 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.5 GB) (Free:15.79 GB) NTFS

========================= Users: ========================================

User accounts for \\DELL

Administrator            ASPNET                   Guest                   
HelpAssistant            SUPPORT_388945a0         User                    

**** End of log ****



#4 D_ingo

D_ingo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 10 June 2013 - 09:34 PM

hi

 

attached is the TDS killer log

 

12:25:26.0343 5472  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:25:28.0343 5472  ============================================================
12:25:28.0343 5472  Current date / time: 2013/06/11 12:25:28.0343
12:25:28.0343 5472  SystemInfo:
12:25:28.0343 5472 
12:25:28.0343 5472  OS Version: 5.1.2600 ServicePack: 3.0
12:25:28.0343 5472  Product type: Workstation
12:25:28.0343 5472  ComputerName: DELL
12:25:28.0343 5472  UserName: User
12:25:28.0343 5472  Windows directory: C:\WINDOWS
12:25:28.0343 5472  System windows directory: C:\WINDOWS
12:25:28.0343 5472  Processor architecture: Intel x86
12:25:28.0343 5472  Number of processors: 2
12:25:28.0343 5472  Page size: 0x1000
12:25:28.0343 5472  Boot type: Normal boot
12:25:28.0343 5472  ============================================================
12:25:29.0562 5472  Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:25:29.0562 5472  ============================================================
12:25:29.0562 5472  \Device\Harddisk0\DR0:
12:25:29.0562 5472  MBR partitions:
12:25:29.0562 5472  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
12:25:29.0562 5472  ============================================================
12:25:29.0593 5472  C: <-> \Device\Harddisk0\DR0\Partition1
12:25:29.0593 5472  ============================================================
12:25:29.0593 5472  Initialize success
12:25:29.0593 5472  ============================================================
12:26:00.0390 4064  ============================================================
12:26:00.0390 4064  Scan started
12:26:00.0390 4064  Mode: Manual; TDLFS;
12:26:00.0390 4064  ============================================================
12:26:00.0812 4064  ================ Scan system memory ========================
12:26:00.0812 4064  System memory - ok
12:26:00.0812 4064  ================ Scan services =============================
12:26:00.0875 4064  Abiosdsk - ok
12:26:00.0875 4064  abp480n5 - ok
12:26:00.0921 4064  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:26:00.0921 4064  ACPI - ok
12:26:00.0953 4064  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
12:26:00.0968 4064  ACPIEC - ok
12:26:01.0000 4064  [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs            C:\WINDOWS\system32\drivers\adfs.sys
12:26:01.0031 4064  adfs - ok
12:26:01.0062 4064  [ 62AFC64108BBDB8D3CA32AAD559E5AF1 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
12:26:01.0078 4064  ADIHdAudAddService - ok
12:26:01.0171 4064  [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
12:26:01.0218 4064  Adobe Version Cue CS4 - ok
12:26:01.0281 4064  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:26:01.0281 4064  AdobeFlashPlayerUpdateSvc - ok
12:26:01.0281 4064  adpu160m - ok
12:26:01.0328 4064  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
12:26:01.0328 4064  aec - ok
12:26:01.0359 4064  [ 322D0E36693D6E24A2398BEE62A268CD ] AFD             C:\WINDOWS\System32\drivers\afd.sys
12:26:01.0375 4064  AFD - ok
12:26:01.0375 4064  Aha154x - ok
12:26:01.0390 4064  aic78u2 - ok
12:26:01.0390 4064  aic78xx - ok
12:26:01.0406 4064  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
12:26:01.0421 4064  Alerter - ok
12:26:01.0437 4064  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
12:26:01.0437 4064  ALG - ok
12:26:01.0437 4064  AliIde - ok
12:26:01.0437 4064  amsint - ok
12:26:01.0453 4064  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
12:26:01.0468 4064  AppMgmt - ok
12:26:01.0468 4064  asc - ok
12:26:01.0468 4064  asc3350p - ok
12:26:01.0468 4064  asc3550 - ok
12:26:01.0562 4064  [ D33C507942299753868204CC7642FA27 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:26:01.0593 4064  aspnet_state - ok
12:26:01.0609 4064  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:26:01.0609 4064  AsyncMac - ok
12:26:01.0640 4064  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
12:26:01.0640 4064  atapi - ok
12:26:01.0640 4064  Atdisk - ok
12:26:01.0656 4064  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:26:01.0656 4064  Atmarpc - ok
12:26:01.0687 4064  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:26:01.0687 4064  AudioSrv - ok
12:26:01.0718 4064  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
12:26:01.0734 4064  audstub - ok
12:26:01.0765 4064  [ D0692F7B8217E3B82D2BFAC535816117 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
12:26:01.0765 4064  b57w2k - ok
12:26:01.0812 4064  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:26:01.0812 4064  Beep - ok
12:26:01.0906 4064  [ 76154FA6A742C613B44BB636B1A7C057 ] BHDrvx86        C:\WINDOWS\System32\Drivers\N360\0308030.006\BHDrvx86.sys
12:26:01.0921 4064  BHDrvx86 - ok
12:26:01.0968 4064  [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser         C:\WINDOWS\System32\browser.dll
12:26:01.0968 4064  Browser - ok
12:26:01.0984 4064  [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb        C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
12:26:01.0984 4064  BrScnUsb - ok
12:26:02.0000 4064  [ 1A5FC78E41840EDF79D65EC16EFF2787 ] BrSerIf         C:\WINDOWS\system32\Drivers\BrSerIf.sys
12:26:02.0031 4064  BrSerIf - ok
12:26:02.0046 4064  [ A24C7B39602218F8DBDB2B6704325FC7 ] BrUsbSer        C:\WINDOWS\system32\Drivers\BrUsbSer.sys
12:26:02.0046 4064  BrUsbSer - ok
12:26:02.0062 4064  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
12:26:02.0078 4064  cbidf2k - ok
12:26:02.0109 4064  [ 3182B846490DC4D71FABD4A8CB6B73EA ] ccHP            C:\WINDOWS\System32\Drivers\N360\0308030.006\ccHPx86.sys
12:26:02.0125 4064  ccHP - ok
12:26:02.0125 4064  cd20xrnt - ok
12:26:02.0140 4064  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
12:26:02.0140 4064  Cdaudio - ok
12:26:02.0171 4064  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:26:02.0171 4064  Cdfs - ok
12:26:02.0187 4064  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:26:02.0203 4064  Cdrom - ok
12:26:02.0203 4064  cerc6 - ok
12:26:02.0203 4064  Changer - ok
12:26:02.0218 4064  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
12:26:02.0234 4064  CiSvc - ok
12:26:02.0250 4064  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
12:26:02.0265 4064  ClipSrv - ok
12:26:02.0281 4064  [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:26:02.0296 4064  clr_optimization_v2.0.50727_32 - ok
12:26:02.0296 4064  CmdIde - ok
12:26:02.0296 4064  COMSysApp - ok
12:26:02.0296 4064  Cpqarray - ok
12:26:02.0296 4064  Crypkey License - ok
12:26:02.0328 4064  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:26:02.0328 4064  CryptSvc - ok
12:26:02.0328 4064  dac2w2k - ok
12:26:02.0328 4064  dac960nt - ok
12:26:02.0343 4064  [ 2589FE6015A316C0F5D5112B4DA7B509 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:26:02.0359 4064  DcomLaunch - ok
12:26:02.0375 4064  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:26:02.0375 4064  Dhcp - ok
12:26:02.0390 4064  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:26:02.0390 4064  Disk - ok
12:26:02.0390 4064  dmadmin - ok
12:26:02.0437 4064  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:26:02.0468 4064  dmboot - ok
12:26:02.0484 4064  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:26:02.0484 4064  dmio - ok
12:26:02.0484 4064  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:26:02.0484 4064  dmload - ok
12:26:02.0500 4064  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:26:02.0500 4064  dmserver - ok
12:26:02.0531 4064  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:26:02.0531 4064  DMusic - ok
12:26:02.0546 4064  [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:26:02.0546 4064  Dnscache - ok
12:26:02.0562 4064  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
12:26:02.0578 4064  Dot3svc - ok
12:26:02.0578 4064  dpti2o - ok
12:26:02.0593 4064  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:26:02.0593 4064  drmkaud - ok
12:26:02.0609 4064  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
12:26:02.0640 4064  EapHost - ok
12:26:02.0687 4064  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:26:02.0718 4064  eeCtrl - ok
12:26:02.0750 4064  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:26:02.0765 4064  EraserUtilRebootDrv - ok
12:26:02.0796 4064  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
12:26:02.0796 4064  ERSvc - ok
12:26:02.0828 4064  [ 0E776ED5F7CC9F94299E70461B7B8185 ] Eventlog        C:\WINDOWS\system32\services.exe
12:26:02.0843 4064  Eventlog - ok
12:26:02.0859 4064  [ 19A799805B24990867B00C120D300C3A ] EventSystem     C:\WINDOWS\system32\es.dll
12:26:02.0859 4064  EventSystem - ok
12:26:02.0890 4064  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
12:26:02.0890 4064  Fastfat - ok
12:26:02.0906 4064  [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:26:02.0906 4064  FastUserSwitchingCompatibility - ok
12:26:02.0937 4064  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
12:26:02.0953 4064  Fdc - ok
12:26:02.0968 4064  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:26:02.0968 4064  Fips - ok
12:26:03.0000 4064  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:26:03.0046 4064  FLEXnet Licensing Service - ok
12:26:03.0046 4064  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:26:03.0062 4064  Flpydisk - ok
12:26:03.0078 4064  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:26:03.0093 4064  FltMgr - ok
12:26:03.0140 4064  [ FACECF3F75BAF3775A879D1168402270 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:26:03.0171 4064  FontCache3.0.0.0 - ok
12:26:03.0265 4064  [ 81B4A2C6C9BD17FFB6031A0A61C09764 ] FreeAgentGoNext Service C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
12:26:03.0265 4064  FreeAgentGoNext Service - ok
12:26:03.0281 4064  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:26:03.0281 4064  Fs_Rec - ok
12:26:03.0281 4064  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:26:03.0281 4064  Ftdisk - ok
12:26:03.0328 4064  [ DF6E37B27A9A1A498C6D9F29995B7A03 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:26:03.0359 4064  GEARAspiWDM - ok
12:26:03.0406 4064  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:26:03.0406 4064  Gpc - ok
12:26:03.0468 4064  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:26:03.0468 4064  gupdate - ok
12:26:03.0468 4064  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:26:03.0468 4064  gupdatem - ok
12:26:03.0500 4064  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:26:03.0500 4064  gusvc - ok
12:26:03.0546 4064  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:26:03.0546 4064  HDAudBus - ok
12:26:03.0593 4064  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:26:03.0593 4064  helpsvc - ok
12:26:03.0625 4064  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
12:26:03.0625 4064  HidServ - ok
12:26:03.0640 4064  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:26:03.0671 4064  hidusb - ok
12:26:03.0703 4064  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
12:26:03.0734 4064  hkmsvc - ok
12:26:03.0734 4064  hpn - ok
12:26:03.0750 4064  [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:26:03.0765 4064  HTTP - ok
12:26:03.0796 4064  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:26:03.0796 4064  HTTPFilter - ok
12:26:03.0796 4064  i2omgmt - ok
12:26:03.0796 4064  i2omp - ok
12:26:03.0828 4064  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
12:26:03.0828 4064  i8042prt - ok
12:26:03.0984 4064  [ BD9462E346229F37FD5B95FBCB6D3D34 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:26:04.0140 4064  ialm - ok
12:26:04.0218 4064  [ EA7267505149B3A10DF32506A4E4E412 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:26:04.0250 4064  idsvc - ok
12:26:04.0437 4064  [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20130607.001\IDSxpx86.sys
12:26:04.0453 4064  IDSxpx86 - ok
12:26:04.0515 4064  [ 5F43E40C46D98E5E1E7D8A77D7BBF738 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd32.sys
12:26:04.0578 4064  igfx - ok
12:26:04.0593 4064  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
12:26:04.0593 4064  Imapi - ok
12:26:04.0625 4064  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
12:26:04.0625 4064  ImapiService - ok
12:26:04.0625 4064  ini910u - ok
12:26:04.0625 4064  IntelIde - ok
12:26:04.0656 4064  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:26:04.0656 4064  intelppm - ok
12:26:04.0671 4064  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:26:04.0671 4064  Ip6Fw - ok
12:26:04.0687 4064  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:26:04.0687 4064  IpFilterDriver - ok
12:26:04.0703 4064  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:26:04.0703 4064  IpInIp - ok
12:26:04.0703 4064  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:26:04.0734 4064  IpNat - ok
12:26:04.0750 4064  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:26:04.0750 4064  IPSec - ok
12:26:04.0781 4064  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:26:04.0796 4064  IRENUM - ok
12:26:04.0828 4064  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:26:04.0828 4064  isapnp - ok
12:26:04.0906 4064  [ 09417134F248DFCEEA15C72BCC87F592 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:26:04.0906 4064  JavaQuickStarterService - ok
12:26:04.0937 4064  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:26:04.0937 4064  Kbdclass - ok
12:26:04.0937 4064  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:26:04.0937 4064  kbdhid - ok
12:26:04.0953 4064  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:26:04.0953 4064  kmixer - ok
12:26:04.0953 4064  [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:26:04.0968 4064  KSecDD - ok
12:26:04.0984 4064  [ F385F4B02C535BFFE1D70CAB80838123 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
12:26:05.0000 4064  LanmanServer - ok
12:26:05.0015 4064  [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:26:05.0031 4064  lanmanworkstation - ok
12:26:05.0031 4064  lbrtfdc - ok
12:26:05.0046 4064  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
12:26:05.0046 4064  LmHosts - ok
12:26:05.0078 4064  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
12:26:05.0078 4064  MBAMProtector - ok
12:26:05.0109 4064  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:26:05.0109 4064  MBAMScheduler - ok
12:26:05.0140 4064  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:26:05.0156 4064  MBAMService - ok
12:26:05.0171 4064  [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
12:26:05.0187 4064  MBAMSwissArmy - ok
12:26:05.0203 4064  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
12:26:05.0218 4064  Messenger - ok
12:26:05.0265 4064  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
12:26:05.0281 4064  mnmdd - ok
12:26:05.0312 4064  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
12:26:05.0312 4064  mnmsrvc - ok
12:26:05.0343 4064  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
12:26:05.0343 4064  Modem - ok
12:26:05.0359 4064  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:26:05.0359 4064  Mouclass - ok
12:26:05.0375 4064  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:26:05.0375 4064  mouhid - ok
12:26:05.0390 4064  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:26:05.0390 4064  MountMgr - ok
12:26:05.0406 4064  mraid35x - ok
12:26:05.0406 4064  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:26:05.0406 4064  MRxDAV - ok
12:26:05.0421 4064  [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:26:05.0421 4064  MRxSmb - ok
12:26:05.0453 4064  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
12:26:05.0468 4064  MSDTC - ok
12:26:05.0468 4064  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:26:05.0468 4064  Msfs - ok
12:26:05.0484 4064  MSIServer - ok
12:26:05.0515 4064  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:26:05.0515 4064  MSKSSRV - ok
12:26:05.0531 4064  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:26:05.0546 4064  MSPCLOCK - ok
12:26:05.0562 4064  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:26:05.0593 4064  MSPQM - ok
12:26:05.0625 4064  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:26:05.0625 4064  mssmbios - ok
12:26:05.0656 4064  MSSQL$STARTRACK - ok
12:26:05.0687 4064  [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
12:26:05.0703 4064  MSSQLServerADHelper - ok
12:26:05.0718 4064  [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
12:26:05.0718 4064  Mup - ok
12:26:05.0812 4064  [ 64C89DB40949FD0E7C8FF303676A91F1 ] N360            C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
12:26:05.0812 4064  N360 - ok
12:26:05.0828 4064  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
12:26:05.0843 4064  napagent - ok
12:26:05.0937 4064  [ CE2156DF796D41614AB60E68D107D573 ] NAVENG          C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20130609.007\NAVENG.SYS
12:26:05.0937 4064  NAVENG - ok
12:26:05.0984 4064  [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15         C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20130609.007\NAVEX15.SYS
12:26:06.0046 4064  NAVEX15 - ok
12:26:06.0062 4064  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:26:06.0062 4064  NDIS - ok
12:26:06.0062 4064  [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:26:06.0078 4064  NdisTapi - ok
12:26:06.0109 4064  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:26:06.0125 4064  Ndisuio - ok
12:26:06.0140 4064  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:26:06.0140 4064  NdisWan - ok
12:26:06.0156 4064  [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:26:06.0156 4064  NDProxy - ok
12:26:06.0156 4064  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:26:06.0156 4064  NetBIOS - ok
12:26:06.0171 4064  [ 9CAC28A3215E970AD9BD5857D889C953 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:26:06.0171 4064  Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: 9CAC28A3215E970AD9BD5857D889C953, Fake md5: 74B2B2F5BEA5E9A3DC021D685551BD3D
12:26:06.0171 4064  NetBT ( Virus.Win32.ZAccess.aml ) - infected
12:26:06.0171 4064  NetBT - detected Virus.Win32.ZAccess.aml (0)
12:26:06.0203 4064  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
12:26:06.0234 4064  NetDDE - ok
12:26:06.0234 4064  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
12:26:06.0250 4064  NetDDEdsdm - ok
12:26:06.0265 4064  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:26:06.0265 4064  Netlogon - ok
12:26:06.0281 4064  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
12:26:06.0281 4064  Netman - ok
12:26:06.0296 4064  [ 8070BB07FE06DE8B9ACB29B07016A273 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:26:06.0343 4064  NetTcpPortSharing - ok
12:26:06.0390 4064  [ 5EF7DD401771693245D46F4B0B69FE2B ] NetworkX        C:\WINDOWS\system32\ckldrv.sys
12:26:06.0406 4064  NetworkX - ok
12:26:06.0421 4064  [ B4138E99236F0F57D4CF49BAE98A0746 ] Nla             C:\WINDOWS\System32\mswsock.dll
12:26:06.0421 4064  Nla - ok
12:26:06.0437 4064  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:26:06.0437 4064  Npfs - ok
12:26:06.0468 4064  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:26:06.0484 4064  Ntfs - ok
12:26:06.0500 4064  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
12:26:06.0500 4064  NtLmSsp - ok
12:26:06.0531 4064  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
12:26:06.0546 4064  NtmsSvc - ok
12:26:06.0578 4064  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:26:06.0578 4064  Null - ok
12:26:06.0609 4064  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:26:06.0609 4064  NwlnkFlt - ok
12:26:06.0609 4064  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:26:06.0609 4064  NwlnkFwd - ok
12:26:06.0687 4064  [ E54AA592A65F317390EEE386A8821692 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:26:06.0718 4064  odserv - ok
12:26:06.0765 4064  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:26:06.0828 4064  ose - ok
12:26:06.0843 4064  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
12:26:06.0843 4064  Parport - ok
12:26:06.0859 4064  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
12:26:06.0859 4064  PartMgr - ok
12:26:06.0875 4064  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:26:06.0921 4064  ParVdm - ok
12:26:06.0968 4064  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
12:26:06.0968 4064  PCI - ok
12:26:06.0968 4064  PCIDump - ok
12:26:06.0984 4064  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
12:26:06.0984 4064  PCIIde - ok
12:26:07.0000 4064  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
12:26:07.0031 4064  Pcmcia - ok
12:26:07.0031 4064  PDCOMP - ok
12:26:07.0031 4064  PDFRAME - ok
12:26:07.0031 4064  PDRELI - ok
12:26:07.0031 4064  PDRFRAME - ok
12:26:07.0031 4064  perc2 - ok
12:26:07.0031 4064  perc2hib - ok
12:26:07.0062 4064  [ 0E776ED5F7CC9F94299E70461B7B8185 ] PlugPlay        C:\WINDOWS\system32\services.exe
12:26:07.0062 4064  PlugPlay - ok
12:26:07.0078 4064  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
12:26:07.0078 4064  PolicyAgent - ok
12:26:07.0078 4064  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:26:07.0078 4064  PptpMiniport - ok
12:26:07.0093 4064  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:26:07.0093 4064  ProtectedStorage - ok
12:26:07.0093 4064  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:26:07.0093 4064  PSched - ok
12:26:07.0125 4064  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:26:07.0125 4064  Ptilink - ok
12:26:07.0140 4064  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:26:07.0156 4064  PxHelp20 - ok
12:26:07.0203 4064  [ 296C2565B69B1D933E65807C0155350C ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
12:26:07.0218 4064  QBCFMonitorService - ok
12:26:07.0250 4064  [ 77AEA3F9383A2690A44AE5496FD0631C ] QBFCService     C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
12:26:07.0265 4064  QBFCService - ok
12:26:07.0265 4064  ql1080 - ok
12:26:07.0265 4064  Ql10wnt - ok
12:26:07.0265 4064  ql12160 - ok
12:26:07.0281 4064  ql1240 - ok
12:26:07.0281 4064  ql1280 - ok
12:26:07.0296 4064  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:26:07.0296 4064  RasAcd - ok
12:26:07.0328 4064  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:26:07.0328 4064  RasAuto - ok
12:26:07.0328 4064  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:26:07.0343 4064  Rasl2tp - ok
12:26:07.0359 4064  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:26:07.0359 4064  RasMan - ok
12:26:07.0375 4064  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:26:07.0375 4064  RasPppoe - ok
12:26:07.0375 4064  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:26:07.0390 4064  Raspti - ok
12:26:07.0390 4064  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:26:07.0390 4064  Rdbss - ok
12:26:07.0406 4064  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:26:07.0406 4064  RDPCDD - ok
12:26:07.0437 4064  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:26:07.0468 4064  rdpdr - ok
12:26:07.0484 4064  [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
12:26:07.0500 4064  RDPWD - ok
12:26:07.0515 4064  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
12:26:07.0531 4064  RDSessMgr - ok
12:26:07.0531 4064  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
12:26:07.0531 4064  redbook - ok
12:26:07.0562 4064  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:26:07.0562 4064  RemoteAccess - ok
12:26:07.0593 4064  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
12:26:07.0609 4064  RemoteRegistry - ok
12:26:07.0640 4064  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
12:26:07.0656 4064  RpcLocator - ok
12:26:07.0671 4064  [ 2589FE6015A316C0F5D5112B4DA7B509 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
12:26:07.0687 4064  RpcSs - ok
12:26:07.0734 4064  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
12:26:07.0765 4064  RSVP - ok
12:26:07.0796 4064  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
12:26:07.0796 4064  SamSs - ok
12:26:07.0828 4064  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
12:26:07.0843 4064  SCardSvr - ok
12:26:07.0875 4064  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:26:07.0875 4064  Schedule - ok
12:26:07.0890 4064  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:26:07.0890 4064  Secdrv - ok
12:26:07.0890 4064  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:26:07.0906 4064  seclogon - ok
12:26:07.0937 4064  [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService  C:\WINDOWS\system32\drivers\Senfilt.sys
12:26:07.0937 4064  SenFiltService - ok
12:26:07.0953 4064  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
12:26:07.0953 4064  SENS - ok
12:26:07.0968 4064  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
12:26:07.0968 4064  serenum - ok
12:26:07.0984 4064  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
12:26:07.0984 4064  Serial - ok
12:26:07.0984 4064  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
12:26:07.0984 4064  Sfloppy - ok
12:26:08.0000 4064  [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:26:08.0000 4064  ShellHWDetection - ok
12:26:08.0000 4064  Simbad - ok
12:26:08.0140 4064  [ EB17DF573B4423DF0B3B2EE3B268A6DE ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:26:08.0828 4064  Skype C2C Service - ok
12:26:08.0890 4064  [ CA355B308AA537C6B9D67CD3A5485AF9 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
12:26:08.0890 4064  SkypeUpdate - ok
12:26:08.0906 4064  Sparrow - ok
12:26:08.0921 4064  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:26:08.0921 4064  splitter - ok
12:26:08.0937 4064  [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler         C:\WINDOWS\system32\spoolsv.exe
12:26:08.0937 4064  Spooler - ok
12:26:08.0937 4064  SQLAgent$STARTRACK - ok
12:26:08.0968 4064  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:26:08.0968 4064  sr - ok
12:26:08.0984 4064  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
12:26:08.0984 4064  srservice - ok
12:26:09.0015 4064  [ E81F6CAEAB9AD5732E94C07C97866AA2 ] SRTSP           C:\WINDOWS\System32\Drivers\N360\0308030.006\SRTSP.SYS
12:26:09.0031 4064  SRTSP - ok
12:26:09.0046 4064  [ E28DE499D942B08058BFFAC69D4122B6 ] SRTSPX          C:\WINDOWS\system32\drivers\N360\0308030.006\SRTSPX.SYS
12:26:09.0062 4064  SRTSPX - ok
12:26:09.0078 4064  [ 5252605079810904E31C332E241CD59B ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
12:26:09.0078 4064  Srv - ok
12:26:09.0125 4064  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:26:09.0125 4064  SSDPSRV - ok
12:26:09.0156 4064  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:26:09.0171 4064  stisvc - ok
12:26:09.0187 4064  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:26:09.0218 4064  swenum - ok
12:26:09.0281 4064  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:26:09.0296 4064  swmidi - ok
12:26:09.0296 4064  SwPrv - ok
12:26:09.0296 4064  symc810 - ok
12:26:09.0296 4064  symc8xx - ok
12:26:09.0375 4064  [ D0885F6E24259A6C65E68D6AD749910A ] SymEFA          C:\WINDOWS\system32\drivers\N360\0308030.006\SYMEFA.SYS
12:26:09.0468 4064  SymEFA - ok
12:26:09.0546 4064  [ A54FF04BD6E75DC4D8CB6F3E352635E0 ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:26:09.0562 4064  SymEvent - ok
12:26:09.0609 4064  [ A8C45C36309EE066F9191E511F88ED76 ] SYMFW           C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMFW.SYS
12:26:09.0828 4064  SYMFW - ok
12:26:09.0937 4064  [ F4DB00BC0C25BE3E05D4BBB8637CC3A3 ] SYMIDS          C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMIDS.SYS
12:26:10.0218 4064  SYMIDS - ok
12:26:10.0296 4064  [ C6DB9F873B09C63F5CB1DE10C08BF6F9 ] SymIM           C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:26:10.0375 4064  SymIM - ok
12:26:10.0421 4064  [ C6DB9F873B09C63F5CB1DE10C08BF6F9 ] SymIMMP         C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:26:10.0421 4064  SymIMMP - ok
12:26:10.0437 4064  [ 06A8ECFC68D61A26A67F0E96FF1CA9CC ] SYMNDIS         C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMNDIS.SYS
12:26:10.0453 4064  SYMNDIS - ok
12:26:10.0500 4064  [ 26BC80EC79D7BA478249C266CBDF17B4 ] SYMTDI          C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMTDI.SYS
12:26:10.0515 4064  SYMTDI - ok
12:26:10.0515 4064  sym_hi - ok
12:26:10.0515 4064  sym_u3 - ok
12:26:10.0531 4064  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:26:10.0531 4064  sysaudio - ok
12:26:10.0562 4064  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
12:26:10.0578 4064  SysmonLog - ok
12:26:10.0625 4064  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:26:10.0625 4064  TapiSrv - ok
12:26:10.0640 4064  [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:26:10.0640 4064  Tcpip - ok
12:26:10.0671 4064  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:26:10.0687 4064  TDPIPE - ok
12:26:10.0703 4064  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:26:10.0703 4064  TDTCP - ok
12:26:10.0734 4064  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:26:10.0750 4064  TermDD - ok
12:26:10.0781 4064  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
12:26:10.0781 4064  TermService - ok
12:26:10.0812 4064  [ 1926899BF9FFE2602B63074971700412 ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:26:10.0812 4064  Themes - ok
12:26:10.0843 4064  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
12:26:10.0859 4064  TlntSvr - ok
12:26:10.0859 4064  TosIde - ok
12:26:10.0890 4064  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:26:10.0890 4064  TrkWks - ok
12:26:10.0906 4064  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:26:10.0906 4064  Udfs - ok
12:26:10.0906 4064  ultra - ok
12:26:10.0937 4064  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:26:10.0953 4064  Update - ok
12:26:10.0984 4064  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:26:10.0984 4064  upnphost - ok
12:26:11.0015 4064  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
12:26:11.0015 4064  UPS - ok
12:26:11.0046 4064  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:26:11.0062 4064  usbccgp - ok
12:26:11.0093 4064  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:26:11.0109 4064  usbehci - ok
12:26:11.0140 4064  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:26:11.0156 4064  usbhub - ok
12:26:11.0171 4064  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:26:11.0187 4064  usbprint - ok
12:26:11.0203 4064  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:26:11.0234 4064  USBSTOR - ok
12:26:11.0250 4064  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:26:11.0281 4064  usbuhci - ok
12:26:11.0296 4064  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
12:26:11.0296 4064  VgaSave - ok
12:26:11.0296 4064  ViaIde - ok
12:26:11.0296 4064  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
12:26:11.0296 4064  VolSnap - ok
12:26:11.0328 4064  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
12:26:11.0343 4064  VSS - ok
12:26:11.0375 4064  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
12:26:11.0390 4064  W32Time - ok
12:26:11.0406 4064  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:26:11.0406 4064  Wanarp - ok
12:26:11.0406 4064  WDICA - ok
12:26:11.0421 4064  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:26:11.0437 4064  wdmaud - ok
12:26:11.0437 4064  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:26:11.0437 4064  WebClient - ok
12:26:11.0515 4064  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:26:11.0531 4064  winmgmt - ok
12:26:11.0546 4064  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
12:26:11.0578 4064  WmdmPmSN - ok
12:26:11.0625 4064  [ BAB489A5FE26F2D0C910CF7AF7E4CF92 ] Wmi             C:\WINDOWS\System32\advapi32.dll
12:26:11.0625 4064  Wmi - ok
12:26:11.0656 4064  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:26:11.0687 4064  WmiApSrv - ok
12:26:11.0750 4064  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
12:26:11.0812 4064  WMPNetworkSvc - ok
12:26:11.0812 4064  WSearch - ok
12:26:11.0843 4064  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:26:11.0843 4064  WudfPf - ok
12:26:11.0843 4064  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:26:11.0843 4064  WudfRd - ok
12:26:11.0875 4064  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
12:26:11.0875 4064  WudfSvc - ok
12:26:11.0906 4064  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:26:11.0921 4064  WZCSVC - ok
12:26:11.0937 4064  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
12:26:11.0968 4064  xmlprov - ok
12:26:11.0968 4064  ================ Scan global ===============================
12:26:12.0000 4064  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:26:12.0015 4064  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
12:26:12.0031 4064  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
12:26:12.0046 4064  [ 0E776ED5F7CC9F94299E70461B7B8185 ] C:\WINDOWS\system32\services.exe
12:26:12.0046 4064  [Global] - ok
12:26:12.0046 4064  ================ Scan MBR ==================================
12:26:12.0062 4064  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:26:13.0203 4064  \Device\Harddisk0\DR0 - ok
12:26:13.0203 4064  ================ Scan VBR ==================================
12:26:13.0203 4064  [ E9A916447FF6CC89FD7C37835C2C17E9 ] \Device\Harddisk0\DR0\Partition1
12:26:13.0203 4064  \Device\Harddisk0\DR0\Partition1 - ok
12:26:13.0203 4064  ============================================================
12:26:13.0203 4064  Scan finished
12:26:13.0203 4064  ============================================================
12:26:13.0203 2844  Detected object count: 1
12:26:13.0203 2844  Actual detected object count: 1
12:26:31.0296 2844  C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
12:26:32.0125 2844  C:\WINDOWS\$NtUninstallKB16327$\3255107011\@ - copied to quarantine
12:26:32.0171 2844  C:\WINDOWS\$NtUninstallKB16327$\3255107011\Desktop.ini - copied to quarantine
12:26:32.0640 2844  C:\WINDOWS\$NtUninstallKB16327$\3255107011\L\00000004.@ - copied to quarantine
12:26:32.0671 2844  C:\WINDOWS\$NtUninstallKB16327$\3255107011\L\201d3dde - copied to quarantine
12:26:32.0703 2844  C:\WINDOWS\$NtUninstallKB16327$\3255107011\L\6715e287 - copied to quarantine
12:26:32.0718 2844  C:\WINDOWS\$NtUninstallKB16327$\3255107011\L\76603ac3 - copied to quarantine
12:26:32.0765 2844  C:\WINDOWS\$NtUninstallKB16327$\3255107011\L\ixhiupzd - copied to quarantine
12:26:32.0890 2844  C:\WINDOWS\$NtUninstallKB16327$\3255107011\U\00000004.@ - copied to quarantine
12:26:32.0937 2844  C:\WINDOWS\$NtUninstallKB16327$\3255107011\U\00000008.@ - copied to quarantine
12:26:33.0015 2844  C:\WINDOWS\$NtUninstallKB16327$\3255107011\U\000000cb.@ - copied to quarantine
12:26:33.0171 2844  C:\WINDOWS\$NtUninstallKB16327$\3255107011\U\80000000.@ - copied to quarantine
12:26:33.0281 2844  C:\WINDOWS\$NtUninstallKB16327$\3255107011\U\80000032.@ - copied to quarantine
12:26:35.0187 2844  Backup copy found, using it..
12:26:35.0250 2844  C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
12:26:35.0281 2844  C:\WINDOWS\$NtUninstallKB16327$\2056672201 - will be deleted on reboot
12:26:35.0281 2844  C:\WINDOWS\$NtUninstallKB16327$\3255107011\@ - will be deleted on reboot
12:26:35.0281 2844  C:\WINDOWS\$NtUninstallKB16327$\3255107011\Desktop.ini - will be deleted on reboot
12:26:35.0500 2844  C:\WINDOWS\$NtUninstallKB16327$\3255107011\U\00000004.@ - will be deleted on reboot
12:26:35.0500 2844  C:\WINDOWS\$NtUninstallKB16327$\3255107011\U\00000008.@ - will be deleted on reboot
12:26:35.0500 2844  C:\WINDOWS\$NtUninstallKB16327$\3255107011\U\000000cb.@ - will be deleted on reboot
12:26:35.0500 2844  C:\WINDOWS\$NtUninstallKB16327$\3255107011\U\80000000.@ - will be deleted on reboot
12:26:35.0500 2844  C:\WINDOWS\$NtUninstallKB16327$\3255107011\U\80000032.@ - will be deleted on reboot
12:26:35.0500 2844  NetBT ( Virus.Win32.ZAccess.aml ) - User select action: Cure
 



#5 D_ingo

D_ingo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 10 June 2013 - 10:07 PM

And attached the ADW log

 

# AdwCleaner v2.303 - Logfile created 06/11/2013 at 13:03:10
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : User - DELL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\User\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v3.5 (en-US)

File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\u8pxoorf.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1375 octets] - [10/06/2013 10:06:34]
AdwCleaner[S2].txt - [362 octets] - [11/06/2013 12:38:45]
AdwCleaner[S3].txt - [811 octets] - [11/06/2013 13:03:10]

########## EOF - C:\AdwCleaner[S3].txt - [870 octets] ##########



#6 D_ingo

D_ingo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 10 June 2013 - 11:40 PM

Hi

 

finally the Eset scan

 

C:\Documents and Settings\User\Desktop\winamp563_full_emusic-7plus_all.exe Win32/OpenCandy application cleaned by deleting - quarantined



#7 67Nero

67Nero

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:19 AM

Posted 11 June 2013 - 08:55 AM

Just in case you care, I'm giving a link, where you can read about your infection (0Access)
nakedsecurity.sophos.com/zeroaccess/
Here you can read what it does to your system, and how it got there in the first place.


Edited by 67Nero, 11 June 2013 - 12:04 PM.

trace.

Signature500x83_zps94555895.png


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:19 PM

Posted 11 June 2013 - 11:39 AM

Ok, nicely done..

In Control Panel Add/ Remove Uninstall theseolder exploitable versions.

Adobe Reader 9.5.5 (Version: 9.5.5)
Java™ 6 Update 16 (Version: 6.0.160)

 
now
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.
 
 
 
Rerun TDSSKiller, post new  log.


Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 D_ingo

D_ingo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 11 June 2013 - 03:15 PM

Hi 67Nero,

 

would love to see the link 

and read more about it!

Cheers



#10 D_ingo

D_ingo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 11 June 2013 - 03:36 PM

Hi Boopme,

 

below is the TDSSKiller scan log

 

06:27:23.0390 0728  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
06:27:25.0390 0728  ============================================================
06:27:25.0390 0728  Current date / time: 2013/06/12 06:27:25.0390
06:27:25.0390 0728  SystemInfo:
06:27:25.0390 0728 
06:27:25.0390 0728  OS Version: 5.1.2600 ServicePack: 3.0
06:27:25.0390 0728  Product type: Workstation
06:27:25.0390 0728  ComputerName: DELL
06:27:25.0390 0728  UserName: User
06:27:25.0390 0728  Windows directory: C:\WINDOWS
06:27:25.0390 0728  System windows directory: C:\WINDOWS
06:27:25.0390 0728  Processor architecture: Intel x86
06:27:25.0390 0728  Number of processors: 2
06:27:25.0390 0728  Page size: 0x1000
06:27:25.0390 0728  Boot type: Normal boot
06:27:25.0390 0728  ============================================================
06:27:35.0093 0728  Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:27:35.0343 0728  ============================================================
06:27:35.0343 0728  \Device\Harddisk0\DR0:
06:27:35.0531 0728  MBR partitions:
06:27:35.0531 0728  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
06:27:35.0531 0728  ============================================================
06:27:35.0859 0728  C: <-> \Device\Harddisk0\DR0\Partition1
06:27:35.0859 0728  ============================================================
06:27:35.0859 0728  Initialize success
06:27:35.0859 0728  ============================================================
06:28:07.0984 1728  ============================================================
06:28:07.0984 1728  Scan started
06:28:07.0984 1728  Mode: Manual; TDLFS;
06:28:07.0984 1728  ============================================================
06:28:08.0062 1728  ================ Scan system memory ========================
06:28:08.0062 1728  System memory - ok
06:28:08.0062 1728  ================ Scan services =============================
06:28:08.0140 1728  Abiosdsk - ok
06:28:08.0140 1728  abp480n5 - ok
06:28:08.0171 1728  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:28:08.0171 1728  ACPI - ok
06:28:08.0203 1728  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
06:28:08.0218 1728  ACPIEC - ok
06:28:08.0265 1728  [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs            C:\WINDOWS\system32\drivers\adfs.sys
06:28:08.0281 1728  adfs - ok
06:28:08.0312 1728  [ 62AFC64108BBDB8D3CA32AAD559E5AF1 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
06:28:08.0328 1728  ADIHdAudAddService - ok
06:28:08.0421 1728  [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
06:28:08.0468 1728  Adobe Version Cue CS4 - ok
06:28:08.0531 1728  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
06:28:08.0531 1728  AdobeFlashPlayerUpdateSvc - ok
06:28:08.0531 1728  adpu160m - ok
06:28:08.0562 1728  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
06:28:08.0562 1728  aec - ok
06:28:08.0593 1728  [ 322D0E36693D6E24A2398BEE62A268CD ] AFD             C:\WINDOWS\System32\drivers\afd.sys
06:28:08.0625 1728  AFD - ok
06:28:08.0625 1728  Aha154x - ok
06:28:08.0625 1728  aic78u2 - ok
06:28:08.0625 1728  aic78xx - ok
06:28:08.0640 1728  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
06:28:08.0656 1728  Alerter - ok
06:28:08.0671 1728  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
06:28:08.0671 1728  ALG - ok
06:28:08.0671 1728  AliIde - ok
06:28:08.0671 1728  amsint - ok
06:28:08.0687 1728  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
06:28:08.0687 1728  AppMgmt - ok
06:28:08.0687 1728  asc - ok
06:28:08.0703 1728  asc3350p - ok
06:28:08.0703 1728  asc3550 - ok
06:28:08.0781 1728  [ D33C507942299753868204CC7642FA27 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
06:28:08.0812 1728  aspnet_state - ok
06:28:08.0828 1728  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:28:08.0828 1728  AsyncMac - ok
06:28:08.0859 1728  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
06:28:08.0859 1728  atapi - ok
06:28:08.0859 1728  Atdisk - ok
06:28:08.0875 1728  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:28:08.0875 1728  Atmarpc - ok
06:28:08.0875 1728  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
06:28:08.0875 1728  AudioSrv - ok
06:28:08.0906 1728  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
06:28:08.0937 1728  audstub - ok
06:28:08.0968 1728  [ D0692F7B8217E3B82D2BFAC535816117 ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
06:28:08.0984 1728  b57w2k - ok
06:28:09.0000 1728  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
06:28:09.0000 1728  Beep - ok
06:28:09.0078 1728  [ 76154FA6A742C613B44BB636B1A7C057 ] BHDrvx86        C:\WINDOWS\System32\Drivers\N360\0308030.006\BHDrvx86.sys
06:28:09.0109 1728  BHDrvx86 - ok
06:28:09.0140 1728  [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser         C:\WINDOWS\System32\browser.dll
06:28:09.0140 1728  Browser - ok
06:28:09.0156 1728  [ 92A964547B96D697E5E9ED43B4297F5A ] BrScnUsb        C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
06:28:09.0156 1728  BrScnUsb - ok
06:28:09.0156 1728  [ 1A5FC78E41840EDF79D65EC16EFF2787 ] BrSerIf         C:\WINDOWS\system32\Drivers\BrSerIf.sys
06:28:09.0156 1728  BrSerIf - ok
06:28:09.0171 1728  [ A24C7B39602218F8DBDB2B6704325FC7 ] BrUsbSer        C:\WINDOWS\system32\Drivers\BrUsbSer.sys
06:28:09.0171 1728  BrUsbSer - ok
06:28:09.0171 1728  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
06:28:09.0187 1728  cbidf2k - ok
06:28:09.0218 1728  [ 3182B846490DC4D71FABD4A8CB6B73EA ] ccHP            C:\WINDOWS\System32\Drivers\N360\0308030.006\ccHPx86.sys
06:28:09.0234 1728  ccHP - ok
06:28:09.0234 1728  cd20xrnt - ok
06:28:09.0250 1728  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
06:28:09.0250 1728  Cdaudio - ok
06:28:09.0281 1728  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
06:28:09.0296 1728  Cdfs - ok
06:28:09.0312 1728  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:28:09.0312 1728  Cdrom - ok
06:28:09.0312 1728  cerc6 - ok
06:28:09.0312 1728  Changer - ok
06:28:09.0328 1728  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
06:28:09.0328 1728  CiSvc - ok
06:28:09.0343 1728  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
06:28:09.0343 1728  ClipSrv - ok
06:28:09.0375 1728  [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:28:09.0421 1728  clr_optimization_v2.0.50727_32 - ok
06:28:09.0421 1728  CmdIde - ok
06:28:09.0421 1728  COMSysApp - ok
06:28:09.0421 1728  Cpqarray - ok
06:28:09.0421 1728  Crypkey License - ok
06:28:09.0437 1728  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
06:28:09.0437 1728  CryptSvc - ok
06:28:09.0437 1728  dac2w2k - ok
06:28:09.0453 1728  dac960nt - ok
06:28:09.0468 1728  [ 2589FE6015A316C0F5D5112B4DA7B509 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
06:28:09.0484 1728  DcomLaunch - ok
06:28:09.0500 1728  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
06:28:09.0500 1728  Dhcp - ok
06:28:09.0531 1728  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
06:28:09.0531 1728  Disk - ok
06:28:09.0531 1728  dmadmin - ok
06:28:09.0578 1728  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
06:28:09.0625 1728  dmboot - ok
06:28:09.0625 1728  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
06:28:09.0625 1728  dmio - ok
06:28:09.0640 1728  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
06:28:09.0640 1728  dmload - ok
06:28:09.0656 1728  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
06:28:09.0656 1728  dmserver - ok
06:28:09.0687 1728  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
06:28:09.0687 1728  DMusic - ok
06:28:09.0703 1728  [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
06:28:09.0703 1728  Dnscache - ok
06:28:09.0718 1728  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
06:28:09.0718 1728  Dot3svc - ok
06:28:09.0718 1728  dpti2o - ok
06:28:09.0734 1728  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
06:28:09.0734 1728  drmkaud - ok
06:28:09.0734 1728  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
06:28:09.0734 1728  EapHost - ok
06:28:09.0796 1728  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
06:28:09.0812 1728  eeCtrl - ok
06:28:09.0843 1728  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
06:28:09.0875 1728  EraserUtilRebootDrv - ok
06:28:09.0890 1728  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
06:28:09.0890 1728  ERSvc - ok
06:28:09.0921 1728  [ 0E776ED5F7CC9F94299E70461B7B8185 ] Eventlog        C:\WINDOWS\system32\services.exe
06:28:09.0937 1728  Eventlog - ok
06:28:09.0968 1728  [ 19A799805B24990867B00C120D300C3A ] EventSystem     C:\WINDOWS\system32\es.dll
06:28:09.0968 1728  EventSystem - ok
06:28:09.0984 1728  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
06:28:09.0984 1728  Fastfat - ok
06:28:10.0000 1728  [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
06:28:10.0000 1728  FastUserSwitchingCompatibility - ok
06:28:10.0015 1728  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
06:28:10.0015 1728  Fdc - ok
06:28:10.0015 1728  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
06:28:10.0015 1728  Fips - ok
06:28:10.0046 1728  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
06:28:10.0109 1728  FLEXnet Licensing Service - ok
06:28:10.0109 1728  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:28:10.0125 1728  Flpydisk - ok
06:28:10.0140 1728  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
06:28:10.0156 1728  FltMgr - ok
06:28:10.0203 1728  [ FACECF3F75BAF3775A879D1168402270 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
06:28:10.0250 1728  FontCache3.0.0.0 - ok
06:28:10.0343 1728  [ 81B4A2C6C9BD17FFB6031A0A61C09764 ] FreeAgentGoNext Service C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
06:28:10.0343 1728  FreeAgentGoNext Service - ok
06:28:10.0359 1728  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:28:10.0359 1728  Fs_Rec - ok
06:28:10.0359 1728  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:28:10.0375 1728  Ftdisk - ok
06:28:10.0421 1728  [ DF6E37B27A9A1A498C6D9F29995B7A03 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
06:28:10.0437 1728  GEARAspiWDM - ok
06:28:10.0468 1728  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:28:10.0468 1728  Gpc - ok
06:28:10.0531 1728  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
06:28:10.0546 1728  gupdate - ok
06:28:10.0546 1728  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
06:28:10.0546 1728  gupdatem - ok
06:28:10.0578 1728  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
06:28:10.0609 1728  gusvc - ok
06:28:10.0640 1728  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
06:28:10.0640 1728  HDAudBus - ok
06:28:10.0687 1728  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
06:28:10.0687 1728  helpsvc - ok
06:28:10.0703 1728  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
06:28:10.0703 1728  HidServ - ok
06:28:10.0734 1728  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:28:10.0765 1728  hidusb - ok
06:28:10.0781 1728  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
06:28:10.0812 1728  hkmsvc - ok
06:28:10.0812 1728  hpn - ok
06:28:10.0843 1728  [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
06:28:10.0843 1728  HTTP - ok
06:28:10.0875 1728  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
06:28:10.0875 1728  HTTPFilter - ok
06:28:10.0890 1728  i2omgmt - ok
06:28:10.0890 1728  i2omp - ok
06:28:10.0906 1728  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
06:28:10.0906 1728  i8042prt - ok
06:28:11.0046 1728  [ BD9462E346229F37FD5B95FBCB6D3D34 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
06:28:11.0187 1728  ialm - ok
06:28:11.0265 1728  [ EA7267505149B3A10DF32506A4E4E412 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:28:11.0328 1728  idsvc - ok
06:28:11.0531 1728  [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86        C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20130608.001\IDSxpx86.sys
06:28:11.0546 1728  IDSxpx86 - ok
06:28:11.0593 1728  [ 5F43E40C46D98E5E1E7D8A77D7BBF738 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd32.sys
06:28:11.0656 1728  igfx - ok
06:28:11.0671 1728  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
06:28:11.0671 1728  Imapi - ok
06:28:11.0703 1728  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
06:28:11.0703 1728  ImapiService - ok
06:28:11.0703 1728  ini910u - ok
06:28:11.0703 1728  IntelIde - ok
06:28:11.0734 1728  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:28:11.0734 1728  intelppm - ok
06:28:11.0750 1728  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
06:28:11.0750 1728  Ip6Fw - ok
06:28:11.0781 1728  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:28:11.0781 1728  IpFilterDriver - ok
06:28:11.0812 1728  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:28:11.0828 1728  IpInIp - ok
06:28:11.0875 1728  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:28:11.0921 1728  IpNat - ok
06:28:11.0968 1728  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:28:11.0984 1728  IPSec - ok
06:28:12.0046 1728  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
06:28:12.0078 1728  IRENUM - ok
06:28:12.0125 1728  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:28:12.0156 1728  isapnp - ok
06:28:12.0359 1728  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:28:12.0375 1728  Kbdclass - ok
06:28:12.0421 1728  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:28:12.0578 1728  kbdhid - ok
06:28:12.0593 1728  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
06:28:12.0593 1728  kmixer - ok
06:28:12.0609 1728  [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
06:28:12.0625 1728  KSecDD - ok
06:28:12.0656 1728  [ F385F4B02C535BFFE1D70CAB80838123 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
06:28:12.0656 1728  LanmanServer - ok
06:28:12.0671 1728  [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
06:28:12.0671 1728  lanmanworkstation - ok
06:28:12.0671 1728  lbrtfdc - ok
06:28:12.0703 1728  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
06:28:12.0703 1728  LmHosts - ok
06:28:12.0734 1728  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
06:28:12.0734 1728  MBAMProtector - ok
06:28:12.0781 1728  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
06:28:12.0781 1728  MBAMScheduler - ok
06:28:12.0796 1728  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
06:28:12.0796 1728  MBAMService - ok
06:28:12.0828 1728  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
06:28:12.0843 1728  Messenger - ok
06:28:12.0890 1728  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
06:28:12.0890 1728  mnmdd - ok
06:28:12.0921 1728  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
06:28:12.0953 1728  mnmsrvc - ok
06:28:12.0984 1728  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
06:28:13.0000 1728  Modem - ok
06:28:13.0015 1728  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:28:13.0015 1728  Mouclass - ok
06:28:13.0015 1728  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:28:13.0015 1728  mouhid - ok
06:28:13.0046 1728  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
06:28:13.0046 1728  MountMgr - ok
06:28:13.0046 1728  mraid35x - ok
06:28:13.0046 1728  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:28:13.0046 1728  MRxDAV - ok
06:28:13.0078 1728  [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:28:13.0093 1728  MRxSmb - ok
06:28:13.0109 1728  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
06:28:13.0140 1728  MSDTC - ok
06:28:13.0140 1728  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
06:28:13.0140 1728  Msfs - ok
06:28:13.0140 1728  MSIServer - ok
06:28:13.0187 1728  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:28:13.0187 1728  MSKSSRV - ok
06:28:13.0203 1728  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:28:13.0218 1728  MSPCLOCK - ok
06:28:13.0250 1728  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
06:28:13.0265 1728  MSPQM - ok
06:28:13.0296 1728  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:28:13.0296 1728  mssmbios - ok
06:28:13.0328 1728  MSSQL$STARTRACK - ok
06:28:13.0343 1728  [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
06:28:13.0390 1728  MSSQLServerADHelper - ok
06:28:13.0406 1728  [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
06:28:13.0406 1728  Mup - ok
06:28:13.0484 1728  [ 64C89DB40949FD0E7C8FF303676A91F1 ] N360            C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
06:28:13.0500 1728  N360 - ok
06:28:13.0515 1728  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
06:28:13.0531 1728  napagent - ok
06:28:13.0625 1728  [ CE2156DF796D41614AB60E68D107D573 ] NAVENG          C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20130610.025\NAVENG.SYS
06:28:13.0625 1728  NAVENG - ok
06:28:13.0718 1728  [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15         C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20130610.025\NAVEX15.SYS
06:28:13.0718 1728  NAVEX15 - ok
06:28:13.0734 1728  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
06:28:13.0734 1728  NDIS - ok
06:28:13.0750 1728  [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:28:13.0765 1728  NdisTapi - ok
06:28:13.0796 1728  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:28:13.0812 1728  Ndisuio - ok
06:28:13.0828 1728  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:28:13.0843 1728  NdisWan - ok
06:28:13.0843 1728  [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
06:28:13.0843 1728  NDProxy - ok
06:28:13.0875 1728  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
06:28:13.0875 1728  NetBIOS - ok
06:28:13.0890 1728  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
06:28:13.0890 1728  NetBT - ok
06:28:13.0906 1728  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
06:28:14.0343 1728  NetDDE - ok
06:28:14.0375 1728  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
06:28:14.0375 1728  NetDDEdsdm - ok
06:28:14.0390 1728  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
06:28:14.0390 1728  Netlogon - ok
06:28:14.0421 1728  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
06:28:14.0437 1728  Netman - ok
06:28:14.0468 1728  [ 8070BB07FE06DE8B9ACB29B07016A273 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:28:14.0531 1728  NetTcpPortSharing - ok
06:28:14.0593 1728  [ 5EF7DD401771693245D46F4B0B69FE2B ] NetworkX        C:\WINDOWS\system32\ckldrv.sys
06:28:14.0609 1728  NetworkX - ok
06:28:14.0625 1728  [ B4138E99236F0F57D4CF49BAE98A0746 ] Nla             C:\WINDOWS\System32\mswsock.dll
06:28:14.0625 1728  Nla - ok
06:28:14.0703 1728  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
06:28:14.0703 1728  Npfs - ok
06:28:14.0734 1728  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
06:28:14.0750 1728  Ntfs - ok
06:28:14.0765 1728  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
06:28:14.0765 1728  NtLmSsp - ok
06:28:14.0781 1728  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
06:28:14.0828 1728  NtmsSvc - ok
06:28:14.0843 1728  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
06:28:14.0859 1728  Null - ok
06:28:14.0890 1728  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:28:14.0890 1728  NwlnkFlt - ok
06:28:14.0890 1728  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:28:14.0890 1728  NwlnkFwd - ok
06:28:14.0968 1728  [ E54AA592A65F317390EEE386A8821692 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:28:15.0031 1728  odserv - ok
06:28:15.0062 1728  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:28:15.0109 1728  ose - ok
06:28:15.0140 1728  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
06:28:15.0140 1728  Parport - ok
06:28:15.0140 1728  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
06:28:15.0156 1728  PartMgr - ok
06:28:15.0171 1728  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
06:28:15.0171 1728  ParVdm - ok
06:28:15.0187 1728  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
06:28:15.0203 1728  PCI - ok
06:28:15.0203 1728  PCIDump - ok
06:28:15.0203 1728  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
06:28:15.0218 1728  PCIIde - ok
06:28:15.0250 1728  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
06:28:15.0250 1728  Pcmcia - ok
06:28:15.0250 1728  PDCOMP - ok
06:28:15.0265 1728  PDFRAME - ok
06:28:15.0265 1728  PDRELI - ok
06:28:15.0265 1728  PDRFRAME - ok
06:28:15.0265 1728  perc2 - ok
06:28:15.0265 1728  perc2hib - ok
06:28:15.0281 1728  [ 0E776ED5F7CC9F94299E70461B7B8185 ] PlugPlay        C:\WINDOWS\system32\services.exe
06:28:15.0296 1728  PlugPlay - ok
06:28:15.0296 1728  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
06:28:15.0296 1728  PolicyAgent - ok
06:28:15.0296 1728  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:28:15.0296 1728  PptpMiniport - ok
06:28:15.0312 1728  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
06:28:15.0312 1728  ProtectedStorage - ok
06:28:15.0312 1728  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
06:28:15.0312 1728  PSched - ok
06:28:15.0343 1728  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:28:15.0343 1728  Ptilink - ok
06:28:15.0359 1728  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
06:28:15.0375 1728  PxHelp20 - ok
06:28:15.0437 1728  [ 296C2565B69B1D933E65807C0155350C ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
06:28:15.0453 1728  QBCFMonitorService - ok
06:28:15.0484 1728  [ 77AEA3F9383A2690A44AE5496FD0631C ] QBFCService     C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
06:28:15.0500 1728  QBFCService - ok
06:28:15.0515 1728  ql1080 - ok
06:28:15.0515 1728  Ql10wnt - ok
06:28:15.0515 1728  ql12160 - ok
06:28:15.0515 1728  ql1240 - ok
06:28:15.0515 1728  ql1280 - ok
06:28:15.0546 1728  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:28:15.0546 1728  RasAcd - ok
06:28:15.0578 1728  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
06:28:15.0593 1728  RasAuto - ok
06:28:15.0593 1728  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:28:15.0609 1728  Rasl2tp - ok
06:28:15.0625 1728  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
06:28:15.0625 1728  RasMan - ok
06:28:15.0656 1728  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:28:15.0656 1728  RasPppoe - ok
06:28:15.0656 1728  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
06:28:15.0656 1728  Raspti - ok
06:28:15.0671 1728  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:28:15.0671 1728  Rdbss - ok
06:28:15.0671 1728  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:28:15.0671 1728  RDPCDD - ok
06:28:15.0718 1728  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:28:15.0734 1728  rdpdr - ok
06:28:15.0765 1728  [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
06:28:15.0765 1728  RDPWD - ok
06:28:15.0796 1728  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
06:28:15.0906 1728  RDSessMgr - ok
06:28:15.0921 1728  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
06:28:15.0937 1728  redbook - ok
06:28:15.0968 1728  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
06:28:15.0984 1728  RemoteAccess - ok
06:28:16.0000 1728  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
06:28:16.0000 1728  RemoteRegistry - ok
06:28:16.0015 1728  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
06:28:16.0046 1728  RpcLocator - ok
06:28:16.0062 1728  [ 2589FE6015A316C0F5D5112B4DA7B509 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
06:28:16.0062 1728  RpcSs - ok
06:28:16.0093 1728  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
06:28:16.0296 1728  RSVP - ok
06:28:16.0343 1728  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
06:28:16.0343 1728  SamSs - ok
06:28:16.0359 1728  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
06:28:16.0546 1728  SCardSvr - ok
06:28:16.0578 1728  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
06:28:16.0578 1728  Schedule - ok
06:28:16.0609 1728  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:28:16.0625 1728  Secdrv - ok
06:28:16.0640 1728  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
06:28:16.0640 1728  seclogon - ok
06:28:16.0671 1728  [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService  C:\WINDOWS\system32\drivers\Senfilt.sys
06:28:16.0671 1728  SenFiltService - ok
06:28:16.0703 1728  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
06:28:16.0703 1728  SENS - ok
06:28:16.0718 1728  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
06:28:16.0718 1728  serenum - ok
06:28:16.0718 1728  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
06:28:16.0734 1728  Serial - ok
06:28:16.0734 1728  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
06:28:16.0734 1728  Sfloppy - ok
06:28:16.0750 1728  [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
06:28:16.0750 1728  ShellHWDetection - ok
06:28:16.0750 1728  Simbad - ok
06:28:16.0875 1728  [ EB17DF573B4423DF0B3B2EE3B268A6DE ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
06:28:16.0890 1728  Skype C2C Service - ok
06:28:16.0953 1728  [ CA355B308AA537C6B9D67CD3A5485AF9 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
06:28:16.0953 1728  SkypeUpdate - ok
06:28:16.0953 1728  Sparrow - ok
06:28:16.0984 1728  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
06:28:16.0984 1728  splitter - ok
06:28:16.0984 1728  [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler         C:\WINDOWS\system32\spoolsv.exe
06:28:16.0984 1728  Spooler - ok
06:28:16.0984 1728  SQLAgent$STARTRACK - ok
06:28:17.0015 1728  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
06:28:17.0031 1728  sr - ok
06:28:17.0046 1728  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
06:28:17.0046 1728  srservice - ok
06:28:17.0093 1728  [ E81F6CAEAB9AD5732E94C07C97866AA2 ] SRTSP           C:\WINDOWS\System32\Drivers\N360\0308030.006\SRTSP.SYS
06:28:17.0093 1728  SRTSP - ok
06:28:17.0093 1728  [ E28DE499D942B08058BFFAC69D4122B6 ] SRTSPX          C:\WINDOWS\system32\drivers\N360\0308030.006\SRTSPX.SYS
06:28:17.0125 1728  SRTSPX - ok
06:28:17.0140 1728  [ 5252605079810904E31C332E241CD59B ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
06:28:17.0156 1728  Srv - ok
06:28:17.0203 1728  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
06:28:17.0203 1728  SSDPSRV - ok
06:28:17.0234 1728  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
06:28:17.0234 1728  stisvc - ok
06:28:17.0250 1728  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
06:28:17.0250 1728  swenum - ok
06:28:17.0281 1728  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
06:28:17.0281 1728  swmidi - ok
06:28:17.0281 1728  SwPrv - ok
06:28:17.0281 1728  symc810 - ok
06:28:17.0281 1728  symc8xx - ok
06:28:17.0328 1728  [ D0885F6E24259A6C65E68D6AD749910A ] SymEFA          C:\WINDOWS\system32\drivers\N360\0308030.006\SYMEFA.SYS
06:28:17.0343 1728  SymEFA - ok
06:28:17.0406 1728  [ A54FF04BD6E75DC4D8CB6F3E352635E0 ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
06:28:17.0421 1728  SymEvent - ok
06:28:17.0437 1728  [ A8C45C36309EE066F9191E511F88ED76 ] SYMFW           C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMFW.SYS
06:28:17.0453 1728  SYMFW - ok
06:28:17.0468 1728  [ F4DB00BC0C25BE3E05D4BBB8637CC3A3 ] SYMIDS          C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMIDS.SYS
06:28:17.0468 1728  SYMIDS - ok
06:28:17.0500 1728  [ C6DB9F873B09C63F5CB1DE10C08BF6F9 ] SymIM           C:\WINDOWS\system32\DRIVERS\SymIM.sys
06:28:17.0515 1728  SymIM - ok
06:28:17.0515 1728  [ C6DB9F873B09C63F5CB1DE10C08BF6F9 ] SymIMMP         C:\WINDOWS\system32\DRIVERS\SymIM.sys
06:28:17.0515 1728  SymIMMP - ok
06:28:17.0515 1728  [ 06A8ECFC68D61A26A67F0E96FF1CA9CC ] SYMNDIS         C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMNDIS.SYS
06:28:17.0515 1728  SYMNDIS - ok
06:28:17.0546 1728  [ 26BC80EC79D7BA478249C266CBDF17B4 ] SYMTDI          C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMTDI.SYS
06:28:17.0546 1728  SYMTDI - ok
06:28:17.0546 1728  sym_hi - ok
06:28:17.0546 1728  sym_u3 - ok
06:28:17.0562 1728  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
06:28:17.0562 1728  sysaudio - ok
06:28:17.0593 1728  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
06:28:17.0609 1728  SysmonLog - ok
06:28:17.0640 1728  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
06:28:17.0640 1728  TapiSrv - ok
06:28:17.0656 1728  [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:28:17.0671 1728  Tcpip - ok
06:28:17.0687 1728  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
06:28:17.0687 1728  TDPIPE - ok
06:28:17.0687 1728  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
06:28:17.0687 1728  TDTCP - ok
06:28:17.0718 1728  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
06:28:17.0718 1728  TermDD - ok
06:28:17.0734 1728  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
06:28:17.0734 1728  TermService - ok
06:28:17.0765 1728  [ 1926899BF9FFE2602B63074971700412 ] Themes          C:\WINDOWS\System32\shsvcs.dll
06:28:17.0765 1728  Themes - ok
06:28:17.0781 1728  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
06:28:17.0859 1728  TlntSvr - ok
06:28:17.0859 1728  TosIde - ok
06:28:17.0906 1728  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
06:28:17.0906 1728  TrkWks - ok
06:28:17.0937 1728  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
06:28:17.0937 1728  Udfs - ok
06:28:17.0937 1728  ultra - ok
06:28:17.0984 1728  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
06:28:18.0000 1728  Update - ok
06:28:18.0031 1728  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
06:28:18.0031 1728  upnphost - ok
06:28:18.0062 1728  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
06:28:18.0078 1728  UPS - ok
06:28:18.0093 1728  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:28:18.0093 1728  usbccgp - ok
06:28:18.0125 1728  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:28:18.0125 1728  usbehci - ok
06:28:18.0140 1728  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:28:18.0171 1728  usbhub - ok
06:28:18.0187 1728  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:28:18.0187 1728  usbprint - ok
06:28:18.0234 1728  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:28:18.0250 1728  USBSTOR - ok
06:28:18.0265 1728  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:28:18.0281 1728  usbuhci - ok
06:28:18.0296 1728  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
06:28:18.0296 1728  VgaSave - ok
06:28:18.0296 1728  ViaIde - ok
06:28:18.0312 1728  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
06:28:18.0312 1728  VolSnap - ok
06:28:18.0343 1728  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
06:28:18.0375 1728  VSS - ok
06:28:18.0421 1728  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
06:28:18.0421 1728  W32Time - ok
06:28:18.0453 1728  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:28:18.0453 1728  Wanarp - ok
06:28:18.0453 1728  WDICA - ok
06:28:18.0468 1728  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
06:28:18.0468 1728  wdmaud - ok
06:28:18.0484 1728  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
06:28:18.0484 1728  WebClient - ok
06:28:18.0546 1728  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
06:28:18.0546 1728  winmgmt - ok
06:28:18.0578 1728  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
06:28:18.0609 1728  WmdmPmSN - ok
06:28:18.0671 1728  [ BAB489A5FE26F2D0C910CF7AF7E4CF92 ] Wmi             C:\WINDOWS\System32\advapi32.dll
06:28:18.0671 1728  Wmi - ok
06:28:18.0687 1728  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
06:28:18.0718 1728  WmiApSrv - ok
06:28:18.0781 1728  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
06:28:18.0859 1728  WMPNetworkSvc - ok
06:28:18.0859 1728  WSearch - ok
06:28:18.0890 1728  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:28:18.0906 1728  WudfPf - ok
06:28:18.0906 1728  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:28:18.0906 1728  WudfRd - ok
06:28:18.0937 1728  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
06:28:18.0937 1728  WudfSvc - ok
06:28:18.0968 1728  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
06:28:18.0968 1728  WZCSVC - ok
06:28:19.0000 1728  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
06:28:19.0031 1728  xmlprov - ok
06:28:19.0031 1728  ================ Scan global ===============================
06:28:19.0062 1728  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
06:28:19.0078 1728  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
06:28:19.0093 1728  [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll
06:28:19.0109 1728  [ 0E776ED5F7CC9F94299E70461B7B8185 ] C:\WINDOWS\system32\services.exe
06:28:19.0109 1728  [Global] - ok
06:28:19.0109 1728  ================ Scan MBR ==================================
06:28:19.0125 1728  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
06:28:19.0437 1728  \Device\Harddisk0\DR0 - ok
06:28:19.0437 1728  ================ Scan VBR ==================================
06:28:19.0437 1728  [ E9A916447FF6CC89FD7C37835C2C17E9 ] \Device\Harddisk0\DR0\Partition1
06:28:19.0437 1728  \Device\Harddisk0\DR0\Partition1 - ok
06:28:19.0437 1728  ============================================================
06:28:19.0437 1728  Scan finished
06:28:19.0437 1728  ============================================================
06:28:19.0437 0876  Detected object count: 0
06:28:19.0437 0876  Actual detected object count: 0
06:29:09.0421 0904  Deinitialize success
 



#11 D_ingo

D_ingo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:19 PM

Posted 11 June 2013 - 03:37 PM

last the ASW scan

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-12 06:34:51
-----------------------------
06:34:51.390    OS Version: Windows 5.1.2600 Service Pack 3
06:34:51.390    Number of processors: 2 586 0xF06
06:34:51.390    ComputerName: DELL  UserName: User
06:34:52.046    Initialize success
06:35:17.859    AVAST engine download error: 0
06:35:37.078    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
06:35:37.078    Disk 0 Vendor: ST3808110AS 3.ADH Size: 76293MB BusType: 3
06:35:37.171    Disk 0 MBR read successfully
06:35:37.171    Disk 0 MBR scan
06:35:37.171    Disk 0 Windows XP default MBR code
06:35:37.171    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        76285 MB offset 63
06:35:37.171    Disk 0 scanning sectors +156232125
06:35:37.234    Disk 0 scanning C:\WINDOWS\system32\drivers
06:35:41.843    Service scanning
06:35:49.921    Modules scanning
06:36:03.468    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
06:36:03.468    The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"

 

 

 

Do you think I am clean?



#12 67Nero

67Nero

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:19 AM

Posted 11 June 2013 - 07:16 PM

http://nakedsecurity.sophos.com/zeroaccess2/
EDIT #Finally I understand. Fixed.

Edited by 67Nero, 12 June 2013 - 06:33 PM.

trace.

Signature500x83_zps94555895.png


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:19 PM

Posted 12 June 2013 - 08:26 AM

Looks good to go..
 
Rootkits, IRC]http://en.wikipedia.org/wiki/IRC_bot"]IRCIRC]http://en.wikipedia.org/wiki/IRC_bot"]IRC Bots are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Rootkits are used by Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:
and how to combat them[/b]
Analysis: What Is A Rootkit[/b]
Thanks to quietman7

 

Edit coding issue ///

see topic

http://www.bleepingcomputer.com/forums/t/426373/rootkits/


Edited by boopme, 12 June 2013 - 08:29 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users