Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow, frequent IE crashes, and random audio files play


  • This topic is locked This topic is locked
20 replies to this topic

#1 joeburnside

joeburnside

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 22 June 2013 - 12:07 PM

Greetings,

I believe my son's laptop is infected with malware. It has the folllowing hardware:

Dell Studio 1555

Core 2 Duo CPU T6600 @ 2.2HGz

4 GB RAM (task Manager reports 47% in use)

64-bit OS

Windows 7 Home Premium Service Pack 1

 

The fan is constantly running to keep the laptop cool as if a power hungry program is running. He frequently complains of IE not responding. The laptop will also randomly not respond to the touchpad or hot keys. Lately random audio files (people talking) will play when the computer is ON but not in use.

 

Please help. In anticipation of your support I have downloaded toe following programs already:

Security Check

Combofix

aswMBR

tdsskiller

OTC

 

Regards,

Joe


Edited by hamluis, 22 June 2013 - 01:00 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:32 AM

Posted 22 June 2013 - 12:59 PM

Please...do not run any of the apps you have downloaded...unless instructed to do so by a BC Staff member.

 

I am moving your topic to a more appropriate forum, Am I Infected, where members will provide guidance.

 

Louis



#3 joeburnside

joeburnside
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 22 June 2013 - 01:10 PM

Standing by....



#4 joeburnside

joeburnside
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 23 June 2013 - 03:40 PM

Please help.



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:32 AM

Posted 28 June 2013 - 11:01 PM

Sorry for the delay.

Please run and post these logs.

Security Check

Combofix

aswMBR

tdsskiller

OTC
DO NOT run the 2 strikethrough unless requested.
 
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 
 
 
Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
Do not change the default options on scan results.
 
 
 
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 joeburnside

joeburnside
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 29 June 2013 - 01:44 PM

Thanks for helping. I have posted the log files separately. They were too long for one post.

12:16:40.0149 5364    TDSS rootkit removing tool 2.7.44.0 Jul  2 2012 20:01:08
12:16:40.0929 5364    ============================================================
12:16:40.0929 5364    Current date / time: 2013/06/29 12:16:40.0929
12:16:40.0929 5364    SystemInfo:
12:16:40.0929 5364    
12:16:40.0929 5364    OS Version: 6.1.7601 ServicePack: 1.0
12:16:40.0929 5364    Product type: Workstation
12:16:40.0929 5364    ComputerName: JOEYS_LAPTOP
12:16:40.0929 5364    UserName: Kasi
12:16:40.0929 5364    Windows directory: C:\Windows
12:16:40.0929 5364    System windows directory: C:\Windows
12:16:40.0929 5364    Running under WOW64
12:16:40.0929 5364    Processor architecture: Intel x64
12:16:40.0929 5364    Number of processors: 2
12:16:40.0929 5364    Page size: 0x1000
12:16:40.0929 5364    Boot type: Normal boot
12:16:40.0929 5364    ============================================================
12:16:42.0380 5364    Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:16:42.0396 5364    ============================================================
12:16:42.0396 5364    \Device\Harddisk0\DR0:
12:16:42.0396 5364    MBR partitions:
12:16:42.0396 5364    \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
12:16:42.0396 5364    \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B
12:16:42.0396 5364    ============================================================
12:16:42.0427 5364    C: <-> \Device\Harddisk0\DR0\Partition1
12:16:42.0427 5364    ============================================================
12:16:42.0427 5364    Initialize success
12:16:42.0427 5364    ============================================================
12:17:14.0002 3720    ============================================================
12:17:14.0002 3720    Scan started
12:17:14.0002 3720    Mode: Manual;
12:17:14.0002 3720    ============================================================
12:17:15.0250 3720    1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:17:15.0266 3720    1394ohci - ok
12:17:15.0297 3720    ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:17:15.0313 3720    ACPI - ok
12:17:15.0344 3720    AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:17:15.0344 3720    AcpiPmi - ok
12:17:15.0484 3720    AdobeARMservice (adda5e1951b90d3d23c56d3cf0622adc) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:17:15.0484 3720    AdobeARMservice - ok
12:17:15.0640 3720    AdobeFlashPlayerUpdateSvc (9915504f602d277ee47fd843a677fd15) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:17:15.0656 3720    AdobeFlashPlayerUpdateSvc - ok
12:17:15.0765 3720    adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:17:15.0781 3720    adp94xx - ok
12:17:15.0796 3720    adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:17:15.0812 3720    adpahci - ok
12:17:15.0827 3720    adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:17:15.0827 3720    adpu320 - ok
12:17:15.0859 3720    AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:17:15.0859 3720    AeLookupSvc - ok
12:17:15.0921 3720    AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:17:15.0952 3720    AFD - ok
12:17:15.0983 3720    agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:17:15.0983 3720    agp440 - ok
12:17:15.0999 3720    ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:17:16.0015 3720    ALG - ok
12:17:16.0015 3720    aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:17:16.0015 3720    aliide - ok
12:17:16.0030 3720    amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:17:16.0030 3720    amdide - ok
12:17:16.0046 3720    AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:17:16.0046 3720    AmdK8 - ok
12:17:16.0061 3720    AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:17:16.0061 3720    AmdPPM - ok
12:17:16.0093 3720    amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:17:16.0093 3720    amdsata - ok
12:17:16.0108 3720    amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:17:16.0124 3720    amdsbs - ok
12:17:16.0139 3720    amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:17:16.0139 3720    amdxata - ok
12:17:16.0233 3720    APNMCP          (dea1d1757f8f8624e498092684b55d58) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
12:17:16.0249 3720    APNMCP - ok
12:17:16.0280 3720    AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:17:16.0280 3720    AppID - ok
12:17:16.0295 3720    AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:17:16.0295 3720    AppIDSvc - ok
12:17:16.0358 3720    Appinfo         (9d2a2369ab4b08a4905fe72db104498f) C:\Windows\System32\appinfo.dll
12:17:16.0358 3720    Appinfo - ok
12:17:16.0436 3720    Apple Mobile Device (4fe5c6d40664ae07be5105874357d2ed) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:17:16.0451 3720    Apple Mobile Device - ok
12:17:16.0498 3720    arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:17:16.0498 3720    arc - ok
12:17:16.0529 3720    arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:17:16.0529 3720    arcsas - ok
12:17:16.0685 3720    aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:17:16.0685 3720    aspnet_state - ok
12:17:16.0685 3720    AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:17:16.0685 3720    AsyncMac - ok
12:17:16.0732 3720    atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:17:16.0732 3720    atapi - ok
12:17:16.0810 3720    AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:17:16.0857 3720    AudioEndpointBuilder - ok
12:17:16.0873 3720    AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:17:16.0888 3720    AudioSrv - ok
12:17:16.0951 3720    avgtp           (a2dc9feb5466f8ead9c06527ef464a05) C:\Windows\system32\drivers\avgtpx64.sys
12:17:16.0966 3720    avgtp - ok
12:17:16.0997 3720    AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:17:16.0997 3720    AxInstSV - ok
12:17:17.0075 3720    b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:17:17.0091 3720    b06bdrv - ok
12:17:17.0138 3720    b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:17:17.0169 3720    b57nd60a - ok
12:17:17.0216 3720    BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:17:17.0231 3720    BDESVC - ok
12:17:17.0247 3720    Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:17:17.0247 3720    Beep - ok
12:17:17.0325 3720    BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:17:17.0372 3720    BFE - ok
12:17:17.0949 3720    BHDrvx64        (6e10db69db1aa96207f4b14b18ff12f8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130620.001\BHDrvx64.sys
12:17:17.0980 3720    BHDrvx64 - ok
12:17:18.0183 3720    BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
12:17:18.0199 3720    BITS - ok
12:17:18.0261 3720    blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:17:18.0261 3720    blbdrive - ok
12:17:18.0355 3720    Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:17:18.0370 3720    Bonjour Service - ok
12:17:18.0401 3720    bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:17:18.0417 3720    bowser - ok
12:17:18.0448 3720    BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:17:18.0448 3720    BrFiltLo - ok
12:17:18.0448 3720    BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:17:18.0448 3720    BrFiltUp - ok
12:17:18.0464 3720    BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:17:18.0464 3720    BridgeMP - ok
12:17:18.0542 3720    Browser         (05f5a0d14a2ee1d8255c2aa0e9e8e694) C:\Windows\System32\browser.dll
12:17:18.0557 3720    Browser - ok
12:17:18.0604 3720    Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:17:18.0635 3720    Brserid - ok
12:17:18.0635 3720    BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:17:18.0651 3720    BrSerWdm - ok
12:17:18.0667 3720    BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:17:18.0667 3720    BrUsbMdm - ok
12:17:18.0682 3720    BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:17:18.0682 3720    BrUsbSer - ok
12:17:18.0698 3720    BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:17:18.0698 3720    BTHMODEM - ok
12:17:18.0745 3720    bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:17:18.0760 3720    bthserv - ok
12:17:18.0838 3720    ccSet_N360      (248c952c82df1e23775432774cbb20f1) C:\Windows\system32\drivers\N360x64\1403010.016\ccSetx64.sys
12:17:18.0838 3720    ccSet_N360 - ok
12:17:18.0869 3720    cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:17:18.0885 3720    cdfs - ok
12:17:18.0916 3720    cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:17:18.0932 3720    cdrom - ok
12:17:18.0963 3720    CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:17:18.0963 3720    CertPropSvc - ok
12:17:18.0979 3720    circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:17:18.0979 3720    circlass - ok
12:17:19.0025 3720    CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:17:19.0041 3720    CLFS - ok
12:17:19.0135 3720    clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:17:19.0166 3720    clr_optimization_v2.0.50727_32 - ok
12:17:19.0228 3720    clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:17:19.0244 3720    clr_optimization_v2.0.50727_64 - ok
12:17:19.0306 3720    clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:17:19.0322 3720    clr_optimization_v4.0.30319_32 - ok
12:17:19.0369 3720    clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:17:19.0384 3720    clr_optimization_v4.0.30319_64 - ok
12:17:19.0400 3720    CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:17:19.0400 3720    CmBatt - ok
12:17:19.0447 3720    cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:17:19.0447 3720    cmdide - ok
12:17:19.0525 3720    CNG             (aafcb52fe0037207fb6fbea070d25efe) C:\Windows\system32\Drivers\cng.sys
12:17:19.0556 3720    CNG - ok
12:17:19.0571 3720    Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:17:19.0571 3720    Compbatt - ok
12:17:19.0618 3720    CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:17:19.0618 3720    CompositeBus - ok
12:17:19.0618 3720    COMSysApp - ok
12:17:19.0634 3720    crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:17:19.0634 3720    crcdisk - ok
12:17:19.0712 3720    CryptSvc        (d8129c49798cbbfb2e4351d4b7b8ef9c) C:\Windows\system32\cryptsvc.dll
12:17:19.0727 3720    CryptSvc - ok
12:17:19.0759 3720    CtClsFlt        (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
12:17:19.0774 3720    CtClsFlt - ok
12:17:19.0805 3720    dc3d            (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
12:17:19.0805 3720    dc3d - ok
12:17:19.0883 3720    DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:17:19.0899 3720    DcomLaunch - ok
12:17:19.0961 3720    defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:17:19.0961 3720    defragsvc - ok
12:17:19.0993 3720    DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:17:20.0008 3720    DfsC - ok
12:17:20.0055 3720    Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:17:20.0071 3720    Dhcp - ok
12:17:20.0086 3720    discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:17:20.0086 3720    discache - ok
12:17:20.0102 3720    Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:17:20.0102 3720    Disk - ok
12:17:20.0149 3720    Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:17:20.0164 3720    Dnscache - ok
12:17:20.0227 3720    DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
12:17:20.0242 3720    DockLoginService - ok
12:17:20.0305 3720    dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:17:20.0320 3720    dot3svc - ok
12:17:20.0367 3720    DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:17:20.0367 3720    DPS - ok
12:17:20.0414 3720    drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:17:20.0414 3720    drmkaud - ok
12:17:20.0539 3720    DXGKrnl         (af2e16242aa723f68f461b6eae2ead3d) C:\Windows\System32\drivers\dxgkrnl.sys
12:17:20.0570 3720    DXGKrnl - ok
12:17:20.0601 3720    EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:17:20.0617 3720    EapHost - ok
12:17:20.0960 3720    ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:17:21.0053 3720    ebdrv - ok
12:17:21.0178 3720    eeCtrl          (4353ff94d47a0a9d52b89eccf0cdb013) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:17:21.0194 3720    eeCtrl - ok
12:17:21.0319 3720    EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:17:21.0319 3720    EFS - ok
12:17:21.0428 3720    ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:17:21.0459 3720    ehRecvr - ok
12:17:21.0490 3720    ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:17:21.0490 3720    ehSched - ok
12:17:21.0537 3720    ElRawDisk       (f21a07780bbd64adef872f50e8ce2e75) C:\Windows\system32\drivers\ElRawDsk.sys
12:17:21.0584 3720    ElRawDisk - ok
12:17:22.0645 3720    elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:17:22.0676 3720    elxstor - ok
12:17:23.0159 3720    EraserUtilRebootDrv (c5bccb378d0a896304a3e71be7215983) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:17:23.0175 3720    EraserUtilRebootDrv - ok
12:17:23.0222 3720    ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:17:23.0237 3720    ErrDev - ok
12:17:23.0362 3720    EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:17:23.0378 3720    EventSystem - ok
12:17:23.0425 3720    exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:17:23.0440 3720    exfat - ok
12:17:23.0487 3720    fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:17:23.0503 3720    fastfat - ok
12:17:23.0596 3720    Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:17:23.0627 3720    Fax - ok
12:17:23.0643 3720    fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:17:23.0643 3720    fdc - ok
12:17:23.0659 3720    fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:17:23.0659 3720    fdPHost - ok
12:17:23.0674 3720    FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:17:23.0674 3720    FDResPub - ok
12:17:23.0690 3720    FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:17:23.0690 3720    FileInfo - ok
12:17:23.0705 3720    Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:17:23.0705 3720    Filetrace - ok
12:17:23.0721 3720    flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:17:23.0721 3720    flpydisk - ok
12:17:23.0768 3720    FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:17:23.0783 3720    FltMgr - ok
12:17:23.0877 3720    FontCache       (c4c183e6551084039ec862da1c945e3d) C:\Windows\system32\FntCache.dll
12:17:23.0908 3720    FontCache - ok
12:17:23.0986 3720    FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:17:23.0986 3720    FontCache3.0.0.0 - ok
12:17:24.0033 3720    FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:17:24.0033 3720    FsDepends - ok
12:17:24.0064 3720    Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:17:24.0064 3720    Fs_Rec - ok
12:17:24.0127 3720    fvevol          (8f6322049018354f45f05a2fd2d4e5e0) C:\Windows\system32\DRIVERS\fvevol.sys
12:17:24.0142 3720    fvevol - ok
12:17:24.0173 3720    gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:17:24.0173 3720    gagp30kx - ok
12:17:24.0251 3720    GEARAspiWDM     (8e98d21ee06192492a5671a6144d092f) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:17:24.0251 3720    GEARAspiWDM - ok
12:17:24.0283 3720    GoToAssist - ok
12:17:24.0376 3720    gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:17:24.0407 3720    gpsvc - ok
12:17:24.0439 3720    grmnusb         (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys
12:17:24.0454 3720    grmnusb - ok
12:17:24.0532 3720    gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:17:24.0548 3720    gupdate - ok
12:17:24.0548 3720    gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:17:24.0548 3720    gupdatem - ok
12:17:24.0595 3720    gusvc           (5d4bc124faae6730ac002cdb67bf1a1c) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:17:24.0610 3720    gusvc - ok
12:17:24.0626 3720    hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:17:24.0626 3720    hcw85cir - ok
12:17:24.0657 3720    HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:17:24.0673 3720    HDAudBus - ok
12:17:24.0673 3720    HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:17:24.0688 3720    HidBatt - ok
12:17:24.0704 3720    HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:17:24.0704 3720    HidBth - ok
12:17:24.0735 3720    HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:17:24.0751 3720    HidIr - ok
12:17:24.0782 3720    hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:17:24.0782 3720    hidserv - ok
12:17:24.0797 3720    HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:17:24.0797 3720    HidUsb - ok
12:17:24.0829 3720    hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:17:24.0829 3720    hkmsvc - ok
12:17:24.0891 3720    HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:17:24.0907 3720    HomeGroupListener - ok
12:17:24.0953 3720    HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:17:24.0953 3720    HomeGroupProvider - ok
12:17:24.0985 3720    HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:17:24.0985 3720    HpSAMD - ok
12:17:25.0063 3720    HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:17:25.0094 3720    HTTP - ok
12:17:25.0141 3720    hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:17:25.0141 3720    hwpolicy - ok
12:17:25.0156 3720    i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:17:25.0156 3720    i8042prt - ok
12:17:25.0234 3720    iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:17:25.0250 3720    iaStorV - ok
12:17:25.0375 3720    IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:17:25.0375 3720    IDriverT - ok
12:17:25.0531 3720    idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:17:25.0562 3720    idsvc - ok
12:17:25.0796 3720    IDSVia64        (a48928d4cca6f8b731989db08cf2c0ab) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130628.001\IDSvia64.sys
12:17:25.0811 3720    IDSVia64 - ok
12:17:27.0621 3720    igfx            (8814f0b9a09c647d3d7be735450e7b4c) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:17:27.0808 3720    igfx - ok
12:17:27.0933 3720    iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:17:28.0027 3720    iirsp - ok
12:17:28.0339 3720    IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:17:28.0479 3720    IKEEXT - ok
12:17:28.0573 3720    IntcHdmiAddService (b014ce58f0a8048d3924ba8d5ccbc5f1) C:\Windows\system32\drivers\IntcHdmi.sys
12:17:28.0588 3720    IntcHdmiAddService - ok
12:17:28.0619 3720    intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:17:28.0619 3720    intelide - ok
12:17:28.0682 3720    intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:17:28.0682 3720    intelppm - ok
12:17:28.0853 3720    ioloSystemService (5f0f75fadb9d84b39e792567e0e88725) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
12:17:28.0963 3720    ioloSystemService - ok
12:17:29.0009 3720    IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:17:29.0009 3720    IPBusEnum - ok
12:17:29.0072 3720    IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:17:29.0087 3720    IpFilterDriver - ok
12:17:29.0181 3720    iphlpsvc        (08c2957bb30058e663720c5606885653) C:\Windows\System32\iphlpsvc.dll
12:17:29.0197 3720    iphlpsvc - ok
12:17:29.0243 3720    IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:17:29.0243 3720    IPMIDRV - ok
12:17:29.0275 3720    IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:17:29.0275 3720    IPNAT - ok
12:17:29.0446 3720    iPod Service    (4effc8ff6d349e971e94b1c670c0c66a) C:\Program Files\iPod\bin\iPodService.exe
12:17:29.0477 3720    iPod Service - ok
12:17:29.0493 3720    IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:17:29.0493 3720    IRENUM - ok
12:17:29.0509 3720    isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:17:29.0509 3720    isapnp - ok
12:17:29.0571 3720    iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:17:29.0587 3720    iScsiPrt - ok
12:17:29.0649 3720    k57nd60a        (7dbafe10c1b777305c80bea42fbda710) C:\Windows\system32\DRIVERS\k57nd60a.sys
12:17:29.0665 3720    k57nd60a - ok
12:17:29.0680 3720    kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:17:29.0696 3720    kbdclass - ok
12:17:29.0696 3720    kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:17:29.0696 3720    kbdhid - ok
12:17:29.0727 3720    KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:17:29.0727 3720    KeyIso - ok
12:17:29.0758 3720    KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
12:17:29.0758 3720    KSecDD - ok
12:17:29.0805 3720    KSecPkg         (7efb9333e4ecce6ae4ae9d777d9e553e) C:\Windows\system32\Drivers\ksecpkg.sys
12:17:29.0821 3720    KSecPkg - ok
12:17:29.0836 3720    ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:17:29.0836 3720    ksthunk - ok
12:17:29.0899 3720    KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:17:29.0914 3720    KtmRm - ok
12:17:29.0992 3720    LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:17:30.0008 3720    LanmanServer - ok
12:17:30.0039 3720    LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:17:30.0055 3720    LanmanWorkstation - ok
12:17:30.0086 3720    lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:17:30.0086 3720    lltdio - ok
12:17:30.0148 3720    lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:17:30.0164 3720    lltdsvc - ok
12:17:30.0179 3720    lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:17:30.0195 3720    lmhosts - ok
12:17:30.0226 3720    LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:17:30.0226 3720    LSI_FC - ok
12:17:30.0242 3720    LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:17:30.0242 3720    LSI_SAS - ok
12:17:30.0273 3720    LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:17:30.0289 3720    LSI_SAS2 - ok
12:17:30.0304 3720    LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:17:30.0304 3720    LSI_SCSI - ok
12:17:30.0335 3720    luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:17:30.0351 3720    luafv - ok
12:17:30.0398 3720    Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:17:30.0413 3720    Mcx2Svc - ok
12:17:30.0507 3720    MDM             (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
12:17:30.0523 3720    MDM - ok
12:17:30.0538 3720    megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:17:30.0554 3720    megasas - ok
12:17:30.0601 3720    MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:17:30.0632 3720    MegaSR - ok
12:17:30.0710 3720    Microsoft SharePoint Workspace Audit Service - ok
12:17:30.0757 3720    MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:17:30.0757 3720    MMCSS - ok
12:17:30.0772 3720    Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:17:30.0772 3720    Modem - ok
12:17:30.0788 3720    monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:17:30.0788 3720    monitor - ok
12:17:30.0819 3720    mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
12:17:30.0819 3720    mouclass - ok
12:17:30.0835 3720    mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:17:30.0835 3720    mouhid - ok
12:17:30.0866 3720    mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:17:30.0866 3720    mountmgr - ok
12:17:30.0928 3720    MozillaMaintenance (825bf0e46b4470a463aeb641480c5fca) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:17:30.0944 3720    MozillaMaintenance - ok
12:17:30.0991 3720    mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:17:30.0991 3720    mpio - ok
12:17:31.0053 3720    mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:17:31.0053 3720    mpsdrv - ok
12:17:31.0162 3720    MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:17:31.0193 3720    MpsSvc - ok
12:17:31.0240 3720    MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:17:31.0240 3720    MRxDAV - ok
12:17:31.0271 3720    mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:17:31.0287 3720    mrxsmb - ok
12:17:31.0334 3720    mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:17:31.0365 3720    mrxsmb10 - ok
12:17:31.0396 3720    mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:17:31.0412 3720    mrxsmb20 - ok
12:17:31.0443 3720    msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:17:31.0443 3720    msahci - ok
12:17:31.0474 3720    msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:17:31.0474 3720    msdsm - ok
12:17:31.0537 3720    MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:17:31.0552 3720    MSDTC - ok
12:17:31.0599 3720    Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:17:31.0599 3720    Msfs - ok
12:17:31.0615 3720    mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:17:31.0615 3720    mshidkmdf - ok
12:17:31.0630 3720    msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:17:31.0630 3720    msisadrv - ok
12:17:31.0661 3720    MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:17:31.0677 3720    MSiSCSI - ok
12:17:31.0677 3720    msiserver - ok
12:17:31.0708 3720    MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:17:31.0724 3720    MSKSSRV - ok
12:17:31.0739 3720    MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:17:31.0739 3720    MSPCLOCK - ok
12:17:31.0755 3720    MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:17:31.0755 3720    MSPQM - ok
12:17:31.0833 3720    MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:17:31.0849 3720    MsRPC - ok
12:17:31.0864 3720    mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:17:31.0880 3720    mssmbios - ok
12:17:31.0880 3720    MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:17:31.0880 3720    MSTEE - ok
12:17:31.0895 3720    MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:17:31.0895 3720    MTConfig - ok
12:17:31.0911 3720    Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:17:31.0911 3720    Mup - ok
12:17:32.0020 3720    N360            (241bd3019fb31e812a51b31b06906335) C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe
12:17:32.0036 3720    N360 - ok
12:17:32.0083 3720    napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:17:32.0098 3720    napagent - ok
12:17:32.0129 3720    NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:17:32.0145 3720    NativeWifiP - ok
12:17:32.0285 3720    NAVENG          (56540e526b46e379a476fb5bc381b290) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130628.024\ENG64.SYS
12:17:32.0301 3720    NAVENG - ok
12:17:32.0519 3720    NAVEX15         (8a19d3991f9f14b885cde8bc640f6b68) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130628.024\EX64.SYS
12:17:32.0551 3720    NAVEX15 - ok
12:17:32.0785 3720    NDIS            (760e38053bf56e501d562b70ad796b88) C:\Windows\system32\drivers\ndis.sys
12:17:32.0816 3720    NDIS - ok
12:17:32.0847 3720    NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:17:32.0847 3720    NdisCap - ok
12:17:32.0894 3720    NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:17:32.0894 3720    NdisTapi - ok
12:17:32.0925 3720    Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:17:32.0925 3720    Ndisuio - ok
12:17:32.0972 3720    NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:17:32.0987 3720    NdisWan - ok
12:17:33.0019 3720    NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:17:33.0019 3720    NDProxy - ok
12:17:33.0050 3720    NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:17:33.0050 3720    NetBIOS - ok
12:17:33.0097 3720    NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:17:33.0112 3720    NetBT - ok
12:17:33.0159 3720    Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:17:33.0159 3720    Netlogon - ok
12:17:33.0206 3720    Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:17:33.0221 3720    Netman - ok
12:17:33.0331 3720    NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:17:33.0346 3720    NetMsmqActivator - ok
12:17:33.0362 3720    NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:17:33.0362 3720    NetPipeActivator - ok
12:17:33.0440 3720    netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:17:33.0471 3720    netprofm - ok
12:17:33.0471 3720    NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:17:33.0471 3720    NetTcpActivator - ok
12:17:33.0487 3720    NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:17:33.0487 3720    NetTcpPortSharing - ok
12:17:33.0892 3720    NETw5v64        (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\NETw5v64.sys
12:17:34.0033 3720    NETw5v64 - ok
12:17:34.0235 3720    nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:17:34.0235 3720    nfrd960 - ok
12:17:34.0313 3720    NlaSvc          (8ad77806d336673f270db31645267293) C:\Windows\System32\nlasvc.dll
12:17:34.0345 3720    NlaSvc - ok
12:17:34.0360 3720    Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:17:34.0360 3720    Npfs - ok
12:17:34.0391 3720    nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:17:34.0391 3720    nsi - ok
12:17:34.0407 3720    nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:17:34.0407 3720    nsiproxy - ok
12:17:34.0579 3720    Ntfs            (b98f8c6e31cd07b2e6f71f7f648e38c0) C:\Windows\system32\drivers\Ntfs.sys
12:17:34.0641 3720    Ntfs - ok
12:17:34.0750 3720    NuidFltr        (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys
12:17:34.0766 3720    NuidFltr - ok
12:17:34.0781 3720    Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:17:34.0781 3720    Null - ok
12:17:34.0828 3720    nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:17:34.0844 3720    nvraid - ok
12:17:34.0922 3720    nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:17:34.0922 3720    nvstor - ok
12:17:34.0953 3720    nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:17:34.0953 3720    nv_agp - ok
12:17:35.0000 3720    ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:17:35.0015 3720    ohci1394 - ok
12:17:35.0125 3720    ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:17:35.0140 3720    ose - ok
12:17:35.0686 3720    osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:17:35.0858 3720    osppsvc - ok
12:17:35.0998 3720    p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:17:36.0014 3720    p2pimsvc - ok
12:17:36.0061 3720    p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:17:36.0076 3720    p2psvc - ok
12:17:36.0139 3720    Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:17:36.0154 3720    Parport - ok
12:17:36.0201 3720    partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:17:36.0201 3720    partmgr - ok
12:17:36.0232 3720    PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:17:36.0263 3720    PcaSvc - ok
12:17:36.0310 3720    pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:17:36.0326 3720    pci - ok
12:17:36.0326 3720    pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:17:36.0341 3720    pciide - ok
12:17:36.0373 3720    pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:17:36.0373 3720    pcmcia - ok
12:17:36.0435 3720    pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:17:36.0435 3720    pcw - ok
12:17:36.0482 3720    PDFsFilter      (8570c04d9dbfddd2ccf655deb4d84715) C:\Windows\system32\DRIVERS\PDFsFilter.sys
12:17:36.0482 3720    PDFsFilter - ok
12:17:36.0560 3720    PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:17:36.0575 3720    PEAUTH - ok
12:17:36.0669 3720    PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:17:36.0669 3720    PerfHost - ok
12:17:36.0841 3720    pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:17:36.0872 3720    pla - ok
12:17:36.0950 3720    PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:17:36.0965 3720    PlugPlay - ok
12:17:36.0997 3720    PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:17:37.0012 3720    PNRPAutoReg - ok
12:17:37.0043 3720    PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:17:37.0043 3720    PNRPsvc - ok
12:17:37.0106 3720    Point64         (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
12:17:37.0106 3720    Point64 - ok
12:17:37.0418 3720    PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:17:37.0433 3720    PolicyAgent - ok
12:17:37.0465 3720    Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:17:37.0496 3720    Power - ok
12:17:37.0527 3720    PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:17:37.0527 3720    PptpMiniport - ok
12:17:37.0543 3720    Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:17:37.0558 3720    Processor - ok
12:17:37.0558 3720    prodrv06 - ok
12:17:37.0589 3720    ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:17:37.0605 3720    ProfSvc - ok
12:17:37.0605 3720    prohlp02 - ok
12:17:37.0621 3720    prosync1 - ok
12:17:37.0652 3720    ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:17:37.0652 3720    ProtectedStorage - ok
12:17:37.0699 3720    Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:17:37.0699 3720    Psched - ok
12:17:37.0745 3720    PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:17:37.0745 3720    PxHlpa64 - ok
12:17:37.0917 3720    ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:17:37.0964 3720    ql2300 - ok
12:17:38.0073 3720    ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:17:38.0073 3720    ql40xx - ok
12:17:38.0135 3720    QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:17:38.0151 3720    QWAVE - ok
12:17:38.0182 3720    QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:17:38.0182 3720    QWAVEdrv - ok
12:17:38.0198 3720    RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:17:38.0198 3720    RasAcd - ok
12:17:38.0229 3720    RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:17:38.0229 3720    RasAgileVpn - ok
12:17:38.0245 3720    RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:17:38.0260 3720    RasAuto - ok
12:17:38.0291 3720    Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:17:38.0291 3720    Rasl2tp - ok
12:17:38.0354 3720    RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:17:38.0369 3720    RasMan - ok
12:17:38.0401 3720    RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:17:38.0401 3720    RasPppoe - ok
12:17:38.0416 3720    RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:17:38.0416 3720    RasSstp - ok
12:17:38.0463 3720    rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:17:38.0479 3720    rdbss - ok
12:17:38.0494 3720    rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:17:38.0494 3720    rdpbus - ok
12:17:38.0510 3720    RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:17:38.0510 3720    RDPCDD - ok
12:17:38.0525 3720    RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:17:38.0525 3720    RDPENCDD - ok
12:17:38.0557 3720    RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:17:38.0557 3720    RDPREFMP - ok
12:17:38.0619 3720    RdpVideoMiniport (313f68e1a3e6345a4f47a36b07062f34) C:\Windows\system32\drivers\rdpvideominiport.sys
12:17:38.0619 3720    RdpVideoMiniport - ok
12:17:38.0666 3720    RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:17:38.0666 3720    RDPWD - ok
12:17:38.0713 3720    rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:17:38.0728 3720    rdyboost - ok
12:17:38.0775 3720    RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:17:38.0791 3720    RemoteAccess - ok
12:17:38.0822 3720    RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:17:38.0837 3720    RemoteRegistry - ok
12:17:38.0869 3720    rimmptsk        (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
12:17:38.0884 3720    rimmptsk - ok
12:17:38.0900 3720    rimsptsk        (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
12:17:38.0900 3720    rimsptsk - ok
12:17:38.0915 3720    rismxdp         (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
12:17:38.0931 3720    rismxdp - ok
12:17:38.0962 3720    RMCAST          (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys
12:17:38.0962 3720    RMCAST - ok
12:17:38.0978 3720    RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:17:38.0978 3720    RpcEptMapper - ok
12:17:39.0009 3720    RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:17:39.0009 3720    RpcLocator - ok
12:17:39.0056 3720    RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:17:39.0071 3720    RpcSs - ok
12:17:39.0087 3720    rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:17:39.0103 3720    rspndr - ok
12:17:39.0118 3720    SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:17:39.0134 3720    SamSs - ok
12:17:39.0181 3720    sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:17:39.0196 3720    sbp2port - ok
12:17:39.0243 3720    SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:17:39.0259 3720    SCardSvr - ok
12:17:39.0305 3720    scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:17:39.0305 3720    scfilter - ok
12:17:39.0430 3720    Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:17:39.0477 3720    Schedule - ok
12:17:39.0508 3720    SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:17:39.0524 3720    SCPolicySvc - ok
12:17:39.0539 3720    sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
12:17:39.0539 3720    sdbus - ok
12:17:39.0586 3720    SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:17:39.0602 3720    SDRSVC - ok
12:17:39.0617 3720    secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:17:39.0633 3720    secdrv - ok
12:17:39.0664 3720    seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:17:39.0664 3720    seclogon - ok
12:17:39.0695 3720    SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
12:17:39.0695 3720    SENS - ok
12:17:39.0727 3720    SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:17:39.0727 3720    SensrSvc - ok
12:17:39.0758 3720    Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:17:39.0758 3720    Serenum - ok
12:17:39.0773 3720    Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:17:39.0773 3720    Serial - ok
12:17:39.0789 3720    sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:17:39.0789 3720    sermouse - ok
12:17:39.0867 3720    SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:17:39.0883 3720    SessionEnv - ok
12:17:39.0883 3720    sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:17:39.0898 3720    sffdisk - ok
12:17:39.0898 3720    sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:17:39.0914 3720    sffp_mmc - ok
12:17:39.0914 3720    sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:17:39.0914 3720    sffp_sd - ok
12:17:39.0929 3720    sfhlp01 - ok
12:17:39.0929 3720    sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:17:39.0929 3720    sfloppy - ok
12:17:40.0070 3720    SftService      (dbeb7c353fb71e7d8b9abce62d93d590) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
12:17:40.0101 3720    SftService - ok
12:17:40.0195 3720    SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:17:40.0210 3720    SharedAccess - ok
12:17:40.0273 3720    ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:17:40.0288 3720    ShellHWDetection - ok
12:17:40.0335 3720    silabenm        (720088aad691ff1d90be8ec28727f6ca) C:\Windows\system32\DRIVERS\silabenm.sys
12:17:40.0335 3720    silabenm - ok
12:17:40.0382 3720    silabser        (77d4f56682ab668dd7d4bd4f1178d3c9) C:\Windows\system32\DRIVERS\silabser.sys
12:17:40.0413 3720    silabser - ok
12:17:40.0429 3720    SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:17:40.0429 3720    SiSRaid2 - ok
12:17:40.0460 3720    SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:17:40.0460 3720    SiSRaid4 - ok
12:17:40.0538 3720    SkypeUpdate     (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:17:40.0538 3720    SkypeUpdate - ok
12:17:40.0569 3720    Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:17:40.0569 3720    Smb - ok
12:17:40.0616 3720    SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:17:40.0616 3720    SNMPTRAP - ok
12:17:40.0631 3720    spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:17:40.0631 3720    spldr - ok
12:17:40.0694 3720    Spooler         (85daa09a98c9286d4ea2ba8d0e644377) C:\Windows\System32\spoolsv.exe
12:17:40.0725 3720    Spooler - ok
12:17:40.0975 3720    sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:17:41.0053 3720    sppsvc - ok
12:17:41.0162 3720    sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:17:41.0177 3720    sppuinotify - ok
12:17:41.0365 3720    SRTSP           (378a0748de5adf90bf9db897da8564e6) C:\Windows\System32\Drivers\N360x64\1403010.016\SRTSP64.SYS
12:17:41.0396 3720    SRTSP - ok
12:17:41.0427 3720    SRTSPX          (0e76cef892c45734f7aed09fddf35d4d) C:\Windows\system32\drivers\N360x64\1403010.016\SRTSPX64.SYS
12:17:41.0427 3720    SRTSPX - ok
12:17:41.0489 3720    srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:17:41.0521 3720    srv - ok
12:17:41.0583 3720    srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:17:41.0614 3720    srv2 - ok
12:17:41.0645 3720    srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:17:41.0661 3720    srvnet - ok
12:17:41.0708 3720    SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:17:41.0723 3720    SSDPSRV - ok
12:17:41.0755 3720    SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:17:41.0770 3720    SstpSvc - ok
12:17:41.0942 3720    STacSV          (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
12:17:41.0957 3720    STacSV - ok
12:17:42.0020 3720    Steam Client Service - ok
12:17:42.0191 3720    stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:17:42.0238 3720    stexstor - ok
12:17:42.0457 3720    STHDA           (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
12:17:42.0488 3720    STHDA - ok
12:17:42.0613 3720    stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:17:42.0628 3720    stisvc - ok
12:17:42.0675 3720    swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:17:42.0675 3720    swenum - ok
12:17:42.0925 3720    SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:17:42.0940 3720    SwitchBoard - ok
12:17:43.0237 3720    swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:17:43.0268 3720    swprv - ok
12:17:43.0408 3720    SymDS           (e174c8bc572e93aeee1036dedac5f225) C:\Windows\system32\drivers\N360x64\1403010.016\SYMDS64.SYS
12:17:43.0440 3720    SymDS - ok
12:17:43.0564 3720    SymEFA          (599872bad7cfb45c7ce47cded4b726d8) C:\Windows\system32\drivers\N360x64\1403010.016\SYMEFA64.SYS
12:17:43.0611 3720    SymEFA - ok
12:17:43.0658 3720    SymEvent        (f5d6d3b7468c46ea2ddc1d19d2a6da0f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:17:43.0674 3720    SymEvent - ok
12:17:43.0705 3720    SymIRON         (adf37f1a715d6c56c8e065fd8569a9a4) C:\Windows\system32\drivers\N360x64\1403010.016\Ironx64.SYS
12:17:43.0720 3720    SymIRON - ok
12:17:43.0767 3720    SymNetS         (1605ebd8cb86afc4430116065995279a) C:\Windows\System32\Drivers\N360x64\1403010.016\SYMNETS.SYS
12:17:43.0783 3720    SymNetS - ok
12:17:43.0845 3720    SynTP           (1657b7442d5ce30533f5c4317716b468) C:\Windows\system32\DRIVERS\SynTP.sys
12:17:43.0861 3720    SynTP - ok
12:17:44.0048 3720    SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:17:44.0095 3720    SysMain - ok
12:17:44.0235 3720    TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:17:44.0235 3720    TabletInputService - ok
12:17:44.0282 3720    TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:17:44.0298 3720    TapiSrv - ok
12:17:44.0329 3720    TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:17:44.0344 3720    TBS - ok
12:17:44.0594 3720    Tcpip           (9849ea3843a2adbdd1497e97a85d8cae) C:\Windows\system32\drivers\tcpip.sys
12:17:44.0641 3720    Tcpip - ok
12:17:44.0890 3720    TCPIP6          (9849ea3843a2adbdd1497e97a85d8cae) C:\Windows\system32\DRIVERS\tcpip.sys
12:17:44.0906 3720    TCPIP6 - ok
12:17:45.0000 3720    tcpipreg        (1b16d0bd9841794a6e0cde0cef744abc) C:\Windows\system32\drivers\tcpipreg.sys
12:17:45.0000 3720    tcpipreg - ok
12:17:45.0046 3720    TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:17:45.0062 3720    TDPIPE - ok
12:17:45.0093 3720    TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:17:45.0093 3720    TDTCP - ok
12:17:45.0124 3720    tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:17:45.0124 3720    tdx - ok
12:17:45.0171 3720    TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:17:45.0171 3720    TermDD - ok
12:17:45.0265 3720    TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:17:45.0296 3720    TermService - ok
12:17:45.0327 3720    Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:17:45.0327 3720    Themes - ok
12:17:45.0343 3720    THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:17:45.0343 3720    THREADORDER - ok
12:17:45.0374 3720    TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:17:45.0374 3720    TrkWks - ok
12:17:45.0436 3720    TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:17:45.0452 3720    TrustedInstaller - ok
12:17:45.0499 3720    tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:17:45.0499 3720    tssecsrv - ok
12:17:45.0546 3720    TsUsbFlt        (17c6b51cbccded95b3cc14e22791f85e) C:\Windows\system32\drivers\tsusbflt.sys
12:17:45.0561 3720    TsUsbFlt - ok
12:17:45.0624 3720    tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:17:45.0639 3720    tunnel - ok
12:17:45.0655 3720    uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:17:45.0670 3720    uagp35 - ok
12:17:45.0733 3720    udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:17:45.0733 3720    udfs - ok
12:17:45.0795 3720    UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:17:45.0795 3720    UI0Detect - ok
12:17:45.0842 3720    uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:17:45.0842 3720    uliagpkx - ok
12:17:45.0873 3720    umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:17:45.0873 3720    umbus - ok
12:17:45.0873 3720    UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:17:45.0873 3720    UmPass - ok
12:17:45.0920 3720    upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:17:45.0936 3720    upnphost - ok
12:17:45.0967 3720    USBAAPL64       (43228f8edd1b0bcdd3145ad246e63d39) C:\Windows\system32\Drivers\usbaapl64.sys
12:17:45.0967 3720    USBAAPL64 - ok
12:17:46.0014 3720    usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:17:46.0029 3720    usbaudio - ok
12:17:46.0076 3720    usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:17:46.0092 3720    usbccgp - ok
12:17:46.0107 3720    usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:17:46.0123 3720    usbcir - ok
12:17:46.0138 3720    usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:17:46.0138 3720    usbehci - ok
12:17:46.0170 3720    usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:17:46.0185 3720    usbhub - ok
12:17:46.0201 3720    usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:17:46.0201 3720    usbohci - ok
12:17:46.0216 3720    usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:17:46.0216 3720    usbprint - ok
12:17:46.0232 3720    USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:17:46.0248 3720    USBSTOR - ok
12:17:46.0263 3720    usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
12:17:46.0263 3720    usbuhci - ok
12:17:46.0294 3720    usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:17:46.0294 3720    usbvideo - ok
12:17:46.0326 3720    UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:17:46.0326 3720    UxSms - ok
12:17:46.0357 3720    VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:17:46.0357 3720    VaultSvc - ok
12:17:46.0372 3720    vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:17:46.0372 3720    vdrvroot - ok
12:17:46.0450 3720    vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:17:46.0466 3720    vds - ok
12:17:46.0482 3720    vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:17:46.0497 3720    vga - ok
12:17:46.0513 3720    VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:17:46.0513 3720    VgaSave - ok
12:17:46.0544 3720    vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:17:46.0560 3720    vhdmp - ok
12:17:46.0560 3720    viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:17:46.0560 3720    viaide - ok
12:17:46.0622 3720    volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:17:46.0622 3720    volmgr - ok
12:17:46.0684 3720    volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:17:46.0700 3720    volmgrx - ok
12:17:46.0731 3720    volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:17:46.0747 3720    volsnap - ok
12:17:46.0778 3720    vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:17:46.0778 3720    vsmraid - ok
12:17:46.0887 3720    VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:17:46.0934 3720    VSS - ok
12:17:47.0184 3720    vToolbarUpdater15.3.0 (654d358f8dc18167f31a01166b4ca9d6) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
12:17:47.0230 3720    vToolbarUpdater15.3.0 - ok
12:17:47.0386 3720    vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:17:47.0386 3720    vwifibus - ok
12:17:47.0464 3720    W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:17:47.0480 3720    W32Time - ok
12:17:47.0527 3720    WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:17:47.0527 3720    WacomPen - ok
12:17:47.0558 3720    WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:17:47.0558 3720    WANARP - ok
12:17:47.0574 3720    Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:17:47.0574 3720    Wanarpv6 - ok
12:17:47.0714 3720    WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:17:47.0745 3720    WatAdminSvc - ok
12:17:47.0870 3720    wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:17:47.0901 3720    wbengine - ok
12:17:48.0010 3720    WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:17:48.0042 3720    WbioSrvc - ok
12:17:48.0088 3720    wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:17:48.0104 3720    wcncsvc - ok
12:17:48.0120 3720    WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:17:48.0135 3720    WcsPlugInService - ok
12:17:48.0182 3720    Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:17:48.0182 3720    Wd - ok
12:17:48.0307 3720    Wdf01000        (442783e2cb0da19873b7a63833ff4cb4) C:\Windows\system32\drivers\Wdf01000.sys
12:17:48.0338 3720    Wdf01000 - ok
12:17:48.0354 3720    WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:17:48.0354 3720    WdiServiceHost - ok
12:17:48.0369 3720    WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:17:48.0369 3720    WdiSystemHost - ok
12:17:48.0432 3720    WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:17:48.0447 3720    WebClient - ok
12:17:48.0478 3720    Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:17:48.0510 3720    Wecsvc - ok
12:17:48.0525 3720    wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:17:48.0541 3720    wercplsupport - ok
12:17:48.0556 3720    WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:17:48.0572 3720    WerSvc - ok
12:17:48.0603 3720    WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:17:48.0603 3720    WfpLwf - ok
12:17:48.0650 3720    WimFltr         (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
12:17:48.0650 3720    WimFltr - ok
12:17:48.0712 3720    WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:17:48.0728 3720    WIMMount - ok
12:17:48.0759 3720    WinDefend - ok
12:17:48.0790 3720    WinHttpAutoProxySvc - ok
12:17:48.0868 3720    Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:17:48.0884 3720    Winmgmt - ok
12:17:49.0056 3720    WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:17:49.0102 3720    WinRM - ok
12:17:49.0274 3720    WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:17:49.0274 3720    WinUsb - ok
12:17:49.0383 3720    Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:17:49.0414 3720    Wlansvc - ok
12:17:49.0648 3720    wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:17:49.0711 3720    wlidsvc - ok
12:17:49.0789 3720    WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:17:49.0789 3720    WmiAcpi - ok
12:17:50.0007 3720    wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:17:50.0023 3720    wmiApSrv - ok
12:17:50.0070 3720    WMPNetworkSvc - ok
12:17:50.0116 3720    WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:17:50.0116 3720    WPCSvc - ok
12:17:50.0163 3720    WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:17:50.0179 3720    WPDBusEnum - ok
12:17:50.0226 3720    ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:17:50.0226 3720    ws2ifsl - ok
12:17:50.0241 3720    wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:17:50.0241 3720    wscsvc - ok
12:17:50.0272 3720    WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
12:17:50.0272 3720    WSDPrintDevice - ok
12:17:50.0304 3720    WSDScan         (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
12:17:50.0319 3720    WSDScan - ok
12:17:50.0319 3720    WSearch - ok
12:17:50.0600 3720    wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:17:50.0662 3720    wuauserv - ok
12:17:50.0818 3720    WudfPf          (ab886378eeb55c6c75b4f2d14b6c869f) C:\Windows\system32\drivers\WudfPf.sys
12:17:50.0834 3720    WudfPf - ok
12:17:50.0881 3720    WUDFRd          (dda4caf29d8c0a297f886bfe561e6659) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:17:50.0881 3720    WUDFRd - ok
12:17:50.0928 3720    wudfsvc         (b20f051b03a966392364c83f009f7d17) C:\Windows\System32\WUDFSvc.dll
12:17:50.0943 3720    wudfsvc - ok
12:17:51.0021 3720    WwanSvc         (fe90b750ab808fb9dd8fbb428b5ff83b) C:\Windows\System32\wwansvc.dll
12:17:51.0037 3720    WwanSvc - ok
12:17:51.0193 3720    ZSMC211         (b3610e66bd97b27f519a7b2c165ea753) C:\Windows\system32\Drivers\ZS211.sys
12:17:51.0240 3720    ZSMC211 - ok
12:17:51.0302 3720    MBR (0x1B8)     (9711bf5a8929c6dbe3455a72c790bef0) \Device\Harddisk0\DR0
12:17:51.0770 3720    \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning
12:17:51.0770 3720    \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
12:17:51.0786 3720    Boot (0x1200)   (127da5c5830d7121c9a9049c25e9e492) \Device\Harddisk0\DR0\Partition0
12:17:51.0786 3720    \Device\Harddisk0\DR0\Partition0 - ok
12:17:51.0801 3720    Boot (0x1200)   (d79b19afbc99083a7539feeff5d90240) \Device\Harddisk0\DR0\Partition1
12:17:51.0801 3720    \Device\Harddisk0\DR0\Partition1 - ok
12:17:51.0801 3720    ============================================================
12:17:51.0801 3720    Scan finished
12:17:51.0801 3720    ============================================================
12:17:51.0817 2756    Detected object count: 1
12:17:51.0817 2756    Actual detected object count: 1
12:18:15.0217 2756    \Device\Harddisk0\DR0\# - copied to quarantine
12:18:15.0217 2756    \Device\Harddisk0\DR0 - copied to quarantine
12:18:15.0217 2756    \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Quarantine
12:18:52.0672 3824    ============================================================
12:18:52.0672 3824    Scan started
12:18:52.0672 3824    Mode: Manual; TDLFS;
12:18:52.0672 3824    ============================================================
12:18:53.0062 3824    1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:18:53.0062 3824    1394ohci - ok
12:18:53.0094 3824    ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:18:53.0094 3824    ACPI - ok
12:18:53.0125 3824    AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:18:53.0125 3824    AcpiPmi - ok
12:18:53.0250 3824    AdobeARMservice (adda5e1951b90d3d23c56d3cf0622adc) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:18:53.0250 3824    AdobeARMservice - ok
12:18:53.0406 3824    AdobeFlashPlayerUpdateSvc (9915504f602d277ee47fd843a677fd15) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:18:53.0406 3824    AdobeFlashPlayerUpdateSvc - ok
12:18:53.0499 3824    adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:18:53.0515 3824    adp94xx - ok
12:18:53.0546 3824    adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:18:53.0546 3824    adpahci - ok
12:18:53.0562 3824    adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:18:53.0562 3824    adpu320 - ok
12:18:53.0593 3824    AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:18:53.0593 3824    AeLookupSvc - ok
12:18:53.0671 3824    AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:18:53.0671 3824    AFD - ok
12:18:53.0702 3824    agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:18:53.0702 3824    agp440 - ok
12:18:53.0718 3824    ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:18:53.0718 3824    ALG - ok
12:18:53.0718 3824    aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:18:53.0718 3824    aliide - ok
12:18:53.0733 3824    amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:18:53.0733 3824    amdide - ok
12:18:53.0749 3824    AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:18:53.0749 3824    AmdK8 - ok
12:18:53.0749 3824    AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:18:53.0749 3824    AmdPPM - ok
12:18:53.0780 3824    amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:18:53.0780 3824    amdsata - ok
12:18:53.0811 3824    amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:18:53.0811 3824    amdsbs - ok
12:18:53.0827 3824    amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:18:53.0827 3824    amdxata - ok
12:18:53.0905 3824    APNMCP          (dea1d1757f8f8624e498092684b55d58) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
12:18:53.0905 3824    APNMCP - ok
12:18:53.0920 3824    AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:18:53.0920 3824    AppID - ok
12:18:53.0952 3824    AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:18:53.0952 3824    AppIDSvc - ok
12:18:53.0998 3824    Appinfo         (9d2a2369ab4b08a4905fe72db104498f) C:\Windows\System32\appinfo.dll
12:18:53.0998 3824    Appinfo - ok
12:18:54.0092 3824    Apple Mobile Device (4fe5c6d40664ae07be5105874357d2ed) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:18:54.0092 3824    Apple Mobile Device - ok
12:18:54.0139 3824    arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:18:54.0139 3824    arc - ok
12:18:54.0154 3824    arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:18:54.0154 3824    arcsas - ok
12:18:54.0295 3824    aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:18:54.0295 3824    aspnet_state - ok
12:18:54.0310 3824    AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:18:54.0310 3824    AsyncMac - ok
12:18:54.0357 3824    atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:18:54.0357 3824    atapi - ok
12:18:54.0451 3824    AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:18:54.0451 3824    AudioEndpointBuilder - ok
12:18:54.0466 3824    AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:18:54.0466 3824    AudioSrv - ok
12:18:54.0513 3824    avgtp           (a2dc9feb5466f8ead9c06527ef464a05) C:\Windows\system32\drivers\avgtpx64.sys
12:18:54.0513 3824    avgtp - ok
12:18:54.0544 3824    AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:18:54.0544 3824    AxInstSV - ok
12:18:54.0622 3824    b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:18:54.0638 3824    b06bdrv - ok
12:18:54.0669 3824    b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:18:54.0669 3824    b57nd60a - ok
12:18:54.0716 3824    BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:18:54.0716 3824    BDESVC - ok
12:18:54.0732 3824    Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:18:54.0732 3824    Beep - ok
12:18:54.0794 3824    BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:18:54.0810 3824    BFE - ok
12:18:55.0137 3824    BHDrvx64        (6e10db69db1aa96207f4b14b18ff12f8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130620.001\BHDrvx64.sys
12:18:55.0153 3824    BHDrvx64 - ok
12:18:55.0449 3824    BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
12:18:55.0449 3824    BITS - ok
12:18:55.0496 3824    blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:18:55.0496 3824    blbdrive - ok
12:18:55.0590 3824    Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:18:55.0590 3824    Bonjour Service - ok
12:18:55.0621 3824    bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:18:55.0636 3824    bowser - ok
12:18:55.0668 3824    BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:18:55.0668 3824    BrFiltLo - ok
12:18:55.0668 3824    BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:18:55.0668 3824    BrFiltUp - ok
12:18:55.0683 3824    BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:18:55.0683 3824    BridgeMP - ok
12:18:55.0730 3824    Browser         (05f5a0d14a2ee1d8255c2aa0e9e8e694) C:\Windows\System32\browser.dll
12:18:55.0730 3824    Browser - ok
12:18:55.0761 3824    Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:18:55.0777 3824    Brserid - ok
12:18:55.0777 3824    BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:18:55.0777 3824    BrSerWdm - ok
12:18:55.0792 3824    BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:18:55.0792 3824    BrUsbMdm - ok
12:18:55.0792 3824    BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:18:55.0792 3824    BrUsbSer - ok
12:18:55.0808 3824    BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:18:55.0808 3824    BTHMODEM - ok
12:18:55.0839 3824    bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:18:55.0839 3824    bthserv - ok
12:18:55.0917 3824    ccSet_N360      (248c952c82df1e23775432774cbb20f1) C:\Windows\system32\drivers\N360x64\1403010.016\ccSetx64.sys
12:18:55.0917 3824    ccSet_N360 - ok
12:18:55.0948 3824    cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:18:55.0948 3824    cdfs - ok
12:18:55.0980 3824    cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:18:55.0995 3824    cdrom - ok
12:18:56.0011 3824    CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:18:56.0026 3824    CertPropSvc - ok
12:18:56.0026 3824    circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:18:56.0026 3824    circlass - ok
12:18:56.0073 3824    CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:18:56.0073 3824    CLFS - ok
12:18:56.0151 3824    clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:18:56.0151 3824    clr_optimization_v2.0.50727_32 - ok
12:18:56.0245 3824    clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:18:56.0245 3824    clr_optimization_v2.0.50727_64 - ok
12:18:56.0323 3824    clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:18:56.0323 3824    clr_optimization_v4.0.30319_32 - ok
12:18:56.0370 3824    clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:18:56.0370 3824    clr_optimization_v4.0.30319_64 - ok
12:18:56.0385 3824    CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:18:56.0385 3824    CmBatt - ok
12:18:56.0432 3824    cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:18:56.0432 3824    cmdide - ok
12:18:56.0510 3824    CNG             (aafcb52fe0037207fb6fbea070d25efe) C:\Windows\system32\Drivers\cng.sys
12:18:56.0510 3824    CNG - ok
12:18:56.0526 3824    Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:18:56.0526 3824    Compbatt - ok
12:18:56.0541 3824    CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:18:56.0541 3824    CompositeBus - ok
12:18:56.0541 3824    COMSysApp - ok
12:18:56.0557 3824    crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:18:56.0557 3824    crcdisk - ok
12:18:56.0619 3824    CryptSvc        (d8129c49798cbbfb2e4351d4b7b8ef9c) C:\Windows\system32\cryptsvc.dll
12:18:56.0619 3824    CryptSvc - ok
12:18:56.0650 3824    CtClsFlt        (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
12:18:56.0650 3824    CtClsFlt - ok
12:18:56.0682 3824    dc3d            (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
12:18:56.0682 3824    dc3d - ok
12:18:56.0744 3824    DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:18:56.0744 3824    DcomLaunch - ok
12:18:56.0791 3824    defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:18:56.0791 3824    defragsvc - ok
12:18:56.0822 3824    DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:18:56.0822 3824    DfsC - ok
12:18:56.0884 3824    Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:18:56.0884 3824    Dhcp - ok
12:18:56.0900 3824    discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:18:56.0900 3824    discache - ok
12:18:56.0916 3824    Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:18:56.0916 3824    Disk - ok
12:18:56.0962 3824    Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:18:56.0962 3824    Dnscache - ok
12:18:57.0040 3824    DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
12:18:57.0040 3824    DockLoginService - ok
12:18:57.0103 3824    dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:18:57.0103 3824    dot3svc - ok
12:18:57.0150 3824    DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:18:57.0150 3824    DPS - ok
12:18:57.0181 3824    drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:18:57.0181 3824    drmkaud - ok
12:18:57.0306 3824    DXGKrnl         (af2e16242aa723f68f461b6eae2ead3d) C:\Windows\System32\drivers\dxgkrnl.sys
12:18:57.0321 3824    DXGKrnl - ok
12:18:57.0352 3824    EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:18:57.0352 3824    EapHost - ok
12:18:57.0696 3824    ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:18:57.0727 3824    ebdrv - ok
12:18:57.0852 3824    eeCtrl          (4353ff94d47a0a9d52b89eccf0cdb013) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:18:57.0867 3824    eeCtrl - ok
12:18:57.0976 3824    EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:18:57.0976 3824    EFS - ok
12:18:58.0086 3824    ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:18:58.0086 3824    ehRecvr - ok
12:18:58.0117 3824    ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:18:58.0117 3824    ehSched - ok
12:18:58.0148 3824    ElRawDisk       (f21a07780bbd64adef872f50e8ce2e75) C:\Windows\system32\drivers\ElRawDsk.sys
12:18:58.0164 3824    ElRawDisk - ok
12:18:58.0242 3824    elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:18:58.0242 3824    elxstor - ok
12:18:58.0351 3824    EraserUtilRebootDrv (c5bccb378d0a896304a3e71be7215983) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:18:58.0351 3824    EraserUtilRebootDrv - ok
12:18:58.0382 3824    ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:18:58.0382 3824    ErrDev - ok
12:18:58.0429 3824    EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:18:58.0444 3824    EventSystem - ok
12:18:58.0476 3824    exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:18:58.0476 3824    exfat - ok
12:18:58.0538 3824    fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:18:58.0538 3824    fastfat - ok
12:18:58.0632 3824    Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:18:58.0647 3824    Fax - ok
12:18:58.0647 3824    fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:18:58.0647 3824    fdc - ok
12:18:58.0663 3824    fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:18:58.0663 3824    fdPHost - ok
12:18:58.0678 3824    FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:18:58.0694 3824    FDResPub - ok
12:18:58.0694 3824    FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:18:58.0694 3824    FileInfo - ok
12:18:58.0710 3824    Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:18:58.0710 3824    Filetrace - ok
12:18:58.0725 3824    flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:18:58.0725 3824    flpydisk - ok
12:18:58.0772 3824    FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:18:58.0772 3824    FltMgr - ok
12:18:58.0881 3824    FontCache       (c4c183e6551084039ec862da1c945e3d) C:\Windows\system32\FntCache.dll
12:18:58.0897 3824    FontCache - ok
12:18:58.0990 3824    FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:18:58.0990 3824    FontCache3.0.0.0 - ok
12:18:59.0037 3824    FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:18:59.0037 3824    FsDepends - ok
12:18:59.0068 3824    Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:18:59.0068 3824    Fs_Rec - ok
12:18:59.0131 3824    fvevol          (8f6322049018354f45f05a2fd2d4e5e0) C:\Windows\system32\DRIVERS\fvevol.sys
12:18:59.0131 3824    fvevol - ok
12:18:59.0162 3824    gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:18:59.0162 3824    gagp30kx - ok
12:18:59.0209 3824    GEARAspiWDM     (8e98d21ee06192492a5671a6144d092f) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:18:59.0209 3824    GEARAspiWDM - ok
12:18:59.0240 3824    GoToAssist - ok
12:18:59.0334 3824    gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:18:59.0349 3824    gpsvc - ok
12:18:59.0396 3824    grmnusb         (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys
12:18:59.0396 3824    grmnusb - ok
12:18:59.0490 3824    gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:18:59.0490 3824    gupdate - ok
12:18:59.0505 3824    gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:18:59.0505 3824    gupdatem - ok
12:18:59.0552 3824    gusvc           (5d4bc124faae6730ac002cdb67bf1a1c) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:18:59.0552 3824    gusvc - ok
12:18:59.0568 3824    hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:18:59.0568 3824    hcw85cir - ok
12:18:59.0614 3824    HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:18:59.0614 3824    HDAudBus - ok
12:18:59.0630 3824    HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:18:59.0630 3824    HidBatt - ok
12:18:59.0646 3824    HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:18:59.0646 3824    HidBth - ok
12:18:59.0661 3824    HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:18:59.0661 3824    HidIr - ok
12:18:59.0739 3824    hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:18:59.0739 3824    hidserv - ok
12:18:59.0755 3824    HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:18:59.0755 3824    HidUsb - ok
12:18:59.0802 3824    hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:18:59.0802 3824    hkmsvc - ok
12:18:59.0848 3824    HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:18:59.0848 3824    HomeGroupListener - ok
12:18:59.0895 3824    HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:18:59.0895 3824    HomeGroupProvider - ok
12:18:59.0911 3824    HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:18:59.0911 3824    HpSAMD - ok
12:18:59.0989 3824    HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:18:59.0989 3824    HTTP - ok
12:19:00.0082 3824    hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:19:00.0098 3824    hwpolicy - ok
12:19:00.0114 3824    i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:19:00.0114 3824    i8042prt - ok
12:19:00.0176 3824    iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:19:00.0176 3824    iaStorV - ok
12:19:00.0316 3824    IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:19:00.0316 3824    IDriverT - ok
12:19:00.0550 3824    idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:19:00.0566 3824    idsvc - ok
12:19:01.0330 3824    IDSVia64        (a48928d4cca6f8b731989db08cf2c0ab) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130628.001\IDSvia64.sys
12:19:01.0346 3824    IDSVia64 - ok
12:19:05.0106 3824    igfx            (8814f0b9a09c647d3d7be735450e7b4c) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:19:05.0184 3824    igfx - ok
12:19:05.0683 3824    iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:19:05.0683 3824    iirsp - ok
12:19:06.0026 3824    IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:19:06.0026 3824    IKEEXT - ok
12:19:06.0151 3824    IntcHdmiAddService (b014ce58f0a8048d3924ba8d5ccbc5f1) C:\Windows\system32\drivers\IntcHdmi.sys
12:19:06.0151 3824    IntcHdmiAddService - ok
12:19:06.0307 3824    intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:19:06.0307 3824    intelide - ok
12:19:06.0541 3824    intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:19:06.0541 3824    intelppm - ok
12:19:07.0399 3824    ioloSystemService (5f0f75fadb9d84b39e792567e0e88725) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
12:19:07.0446 3824    ioloSystemService - ok
12:19:07.0477 3824    IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:19:07.0477 3824    IPBusEnum - ok
12:19:07.0586 3824    IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:19:07.0586 3824    IpFilterDriver - ok
12:19:07.0929 3824    iphlpsvc        (08c2957bb30058e663720c5606885653) C:\Windows\System32\iphlpsvc.dll
12:19:07.0945 3824    iphlpsvc - ok
12:19:08.0007 3824    IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:19:08.0007 3824    IPMIDRV - ok
12:19:08.0070 3824    IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:19:08.0070 3824    IPNAT - ok
12:19:08.0335 3824    iPod Service    (4effc8ff6d349e971e94b1c670c0c66a) C:\Program Files\iPod\bin\iPodService.exe
12:19:08.0335 3824    iPod Service - ok
12:19:08.0366 3824    IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:19:08.0366 3824    IRENUM - ok
12:19:08.0397 3824    isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:19:08.0397 3824    isapnp - ok
12:19:08.0506 3824    iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:19:08.0522 3824    iScsiPrt - ok
12:19:08.0569 3824    k57nd60a        (7dbafe10c1b777305c80bea42fbda710) C:\Windows\system32\DRIVERS\k57nd60a.sys
12:19:08.0569 3824    k57nd60a - ok
12:19:08.0616 3824    kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:19:08.0616 3824    kbdclass - ok
12:19:08.0662 3824    kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:19:08.0662 3824    kbdhid - ok
12:19:08.0709 3824    KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:19:08.0709 3824    KeyIso - ok
12:19:09.0021 3824    KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
12:19:09.0021 3824    KSecDD - ok
12:19:09.0520 3824    KSecPkg         (7efb9333e4ecce6ae4ae9d777d9e553e) C:\Windows\system32\Drivers\ksecpkg.sys
12:19:09.0536 3824    KSecPkg - ok
12:19:09.0552 3824    ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:19:09.0567 3824    ksthunk - ok
12:19:09.0895 3824    KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:19:09.0895 3824    KtmRm - ok
12:19:11.0190 3824    LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:19:11.0190 3824    LanmanServer - ok
12:19:11.0236 3824    LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:19:11.0236 3824    LanmanWorkstation - ok
12:19:11.0268 3824    lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:19:11.0268 3824    lltdio - ok
12:19:11.0471 3824    lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:19:11.0474 3824    lltdsvc - ok
12:19:11.0522 3824    lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:19:11.0522 3824    lmhosts - ok
12:19:11.0761 3824    LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:19:11.0761 3824    LSI_FC - ok
12:19:11.0776 3824    LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:19:11.0776 3824    LSI_SAS - ok
12:19:11.0808 3824    LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:19:11.0808 3824    LSI_SAS2 - ok
12:19:11.0839 3824    LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:19:11.0839 3824    LSI_SCSI - ok
12:19:11.0917 3824    luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:19:11.0917 3824    luafv - ok
12:19:11.0964 3824    Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:19:11.0979 3824    Mcx2Svc - ok
12:19:12.0088 3824    MDM             (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
12:19:12.0088 3824    MDM - ok
12:19:12.0104 3824    megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:19:12.0104 3824    megasas - ok
12:19:12.0166 3824    MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:19:12.0166 3824    MegaSR - ok
12:19:12.0291 3824    Microsoft SharePoint Workspace Audit Service - ok
12:19:12.0322 3824    MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:19:12.0322 3824    MMCSS - ok
12:19:12.0338 3824    Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:19:12.0338 3824    Modem - ok
12:19:12.0354 3824    monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:19:12.0354 3824    monitor - ok
12:19:12.0463 3824    mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
12:19:12.0463 3824    mouclass - ok
12:19:12.0494 3824    mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:19:12.0494 3824    mouhid - ok
12:19:12.0619 3824    mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:19:12.0619 3824    mountmgr - ok
12:19:12.0666 3824    MozillaMaintenance (825bf0e46b4470a463aeb641480c5fca) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:19:12.0666 3824    MozillaMaintenance - ok
12:19:12.0744 3824    mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:19:12.0759 3824    mpio - ok
12:19:12.0915 3824    mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:19:12.0915 3824    mpsdrv - ok
12:19:14.0335 3824    MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:19:14.0350 3824    MpsSvc - ok
12:19:14.0460 3824    MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:19:14.0460 3824    MRxDAV - ok
12:19:14.0553 3824    mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:19:14.0553 3824    mrxsmb - ok
12:19:14.0709 3824    mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:19:14.0709 3824    mrxsmb10 - ok
12:19:14.0740 3824    mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:19:14.0740 3824    mrxsmb20 - ok
12:19:14.0787 3824    msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:19:14.0787 3824    msahci - ok
12:19:14.0850 3824    msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:19:14.0850 3824    msdsm - ok
12:19:14.0928 3824    MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:19:14.0928 3824    MSDTC - ok
12:19:15.0006 3824    Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:19:15.0006 3824    Msfs - ok
12:19:15.0021 3824    mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:19:15.0021 3824    mshidkmdf - ok
12:19:15.0037 3824    msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:19:15.0037 3824    msisadrv - ok
12:19:15.0442 3824    MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:19:15.0442 3824    MSiSCSI - ok
12:19:15.0458 3824    msiserver - ok
12:19:15.0552 3824    MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:19:15.0552 3824    MSKSSRV - ok
12:19:15.0567 3824    MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:19:15.0567 3824    MSPCLOCK - ok
12:19:15.0598 3824    MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:19:15.0598 3824    MSPQM - ok
12:19:15.0942 3824    MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:19:15.0942 3824    MsRPC - ok
12:19:17.0158 3824    mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:19:17.0174 3824    mssmbios - ok
12:19:17.0486 3824    MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:19:17.0486 3824    MSTEE - ok
12:19:17.0548 3824    MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:19:17.0548 3824    MTConfig - ok
12:19:17.0580 3824    Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:19:17.0580 3824    Mup - ok
12:19:17.0689 3824    N360            (241bd3019fb31e812a51b31b06906335) C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe
12:19:17.0689 3824    N360 - ok
12:19:17.0751 3824    napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:19:17.0751 3824    napagent - ok
12:19:17.0829 3824    NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:19:17.0829 3824    NativeWifiP - ok
12:19:18.0048 3824    NAVENG          (56540e526b46e379a476fb5bc381b290) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130628.024\ENG64.SYS
12:19:18.0048 3824    NAVENG - ok
12:19:18.0204 3824    NAVEX15         (8a19d3991f9f14b885cde8bc640f6b68) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130628.024\EX64.SYS
12:19:18.0219 3824    NAVEX15 - ok
12:19:18.0422 3824    NDIS            (760e38053bf56e501d562b70ad796b88) C:\Windows\system32\drivers\ndis.sys
12:19:18.0438 3824    NDIS - ok
12:19:18.0516 3824    NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:19:18.0516 3824    NdisCap - ok
12:19:18.0547 3824    NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:19:18.0547 3824    NdisTapi - ok
12:19:18.0765 3824    Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:19:18.0765 3824    Ndisuio - ok
12:19:19.0155 3824    NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:19:19.0171 3824    NdisWan - ok
12:19:19.0264 3824    NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:19:19.0264 3824    NDProxy - ok
12:19:19.0342 3824    NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:19:19.0342 3824    NetBIOS - ok
12:19:20.0154 3824    NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:19:20.0154 3824    NetBT - ok
12:19:20.0434 3824    Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:19:20.0434 3824    Netlogon - ok
12:19:20.0715 3824    Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:19:20.0731 3824    Netman - ok
12:19:20.0996 3824    NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:19:20.0996 3824    NetMsmqActivator - ok
12:19:20.0996 3824    NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:19:21.0012 3824    NetPipeActivator - ok
12:19:21.0058 3824    netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:19:21.0074 3824    netprofm - ok
12:19:21.0074 3824    NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:19:21.0074 3824    NetTcpActivator - ok
12:19:21.0090 3824    NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:19:21.0090 3824    NetTcpPortSharing - ok
12:19:23.0648 3824    NETw5v64        (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\NETw5v64.sys
12:19:23.0804 3824    NETw5v64 - ok
12:19:24.0225 3824    nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:19:24.0225 3824    nfrd960 - ok
12:19:24.0334 3824    NlaSvc          (8ad77806d336673f270db31645267293) C:\Windows\System32\nlasvc.dll
12:19:24.0381 3824    NlaSvc - ok
12:19:24.0412 3824    Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:19:24.0412 3824    Npfs - ok
12:19:24.0444 3824    nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:19:24.0444 3824    nsi - ok
12:19:24.0522 3824    nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:19:24.0522 3824    nsiproxy - ok
12:19:25.0489 3824    Ntfs            (b98f8c6e31cd07b2e6f71f7f648e38c0) C:\Windows\system32\drivers\Ntfs.sys
12:19:26.0128 3824    Ntfs - ok
12:19:26.0663 3824    NuidFltr        (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys
12:19:26.0700 3824    NuidFltr - ok
12:19:26.0770 3824    Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:19:26.0774 3824    Null - ok
12:19:26.0851 3824    nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:19:26.0855 3824    nvraid - ok
12:19:26.0926 3824    nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:19:26.0935 3824    nvstor - ok
12:19:26.0986 3824    nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:19:26.0989 3824    nv_agp - ok
12:19:27.0046 3824    ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:19:27.0048 3824    ohci1394 - ok
12:19:27.0530 3824    ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:19:27.0551 3824    ose - ok
12:19:28.0239 3824    osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:19:28.0361 3824    osppsvc - ok
12:19:28.0630 3824    p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:19:28.0658 3824    p2pimsvc - ok
12:19:28.0752 3824    p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:19:28.0784 3824    p2psvc - ok
12:19:28.0926 3824    Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:19:28.0926 3824    Parport - ok
12:19:29.0004 3824    partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:19:29.0014 3824    partmgr - ok
12:19:29.0043 3824    PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:19:29.0064 3824    PcaSvc - ok
12:19:29.0492 3824    pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:19:29.0552 3824    pci - ok
12:19:29.0602 3824    pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:19:29.0604 3824    pciide - ok
12:19:29.0780 3824    pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:19:29.0790 3824    pcmcia - ok
12:19:29.0902 3824    pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:19:29.0922 3824    pcw - ok
12:19:30.0112 3824    PDFsFilter      (8570c04d9dbfddd2ccf655deb4d84715) C:\Windows\system32\DRIVERS\PDFsFilter.sys
12:19:30.0112 3824    PDFsFilter - ok
12:19:30.0172 3824    PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:19:30.0204 3824    PEAUTH - ok
12:19:30.0394 3824    PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:19:30.0394 3824    PerfHost - ok
12:19:30.0506 3824    pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:19:30.0546 3824    pla - ok
12:19:30.0944 3824    PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:19:30.0951 3824    PlugPlay - ok
12:19:31.0020 3824    PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:19:31.0030 3824    PNRPAutoReg - ok
12:19:31.0132 3824    PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:19:32.0612 3824    PNRPsvc - ok
12:19:32.0685 3824    Point64         (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
12:19:32.0688 3824    Point64 - ok
12:19:33.0100 3824    PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:19:33.0144 3824    PolicyAgent - ok
12:19:33.0229 3824    Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:19:33.0245 3824    Power - ok
12:19:33.0291 3824    PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:19:33.0295 3824    PptpMiniport - ok
12:19:33.0330 3824    Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:19:33.0337 3824    Processor - ok
12:19:33.0346 3824    prodrv06 - ok
12:19:33.0423 3824    ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:19:33.0426 3824    ProfSvc - ok
12:19:33.0440 3824    prohlp02 - ok
12:19:33.0452 3824    prosync1 - ok
12:19:33.0497 3824    ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:19:33.0501 3824    ProtectedStorage - ok
12:19:33.0557 3824    Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:19:33.0571 3824    Psched - ok
12:19:33.0603 3824    PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:19:33.0606 3824    PxHlpa64 - ok
12:19:34.0112 3824    ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:19:34.0242 3824    ql2300 - ok
12:19:34.0556 3824    ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:19:34.0746 3824    ql40xx - ok
12:19:34.0876 3824    QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:19:34.0876 3824    QWAVE - ok
12:19:34.0946 3824    QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:19:34.0946 3824    QWAVEdrv - ok
12:19:34.0956 3824    RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:19:34.0966 3824    RasAcd - ok
12:19:34.0996 3824    RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:19:35.0156 3824    RasAgileVpn - ok
12:19:35.0236 3824    RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:19:35.0256 3824    RasAuto - ok
12:19:35.0316 3824    Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:19:35.0486 3824    Rasl2tp - ok
12:19:35.0606 3824    RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:19:35.0626 3824    RasMan - ok
12:19:35.0696 3824    RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:19:35.0876 3824    RasPppoe - ok
12:19:36.0249 3824    RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:19:36.0262 3824    RasSstp - ok
12:19:36.0360 3824    rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:19:36.0370 3824    rdbss - ok
12:19:36.0440 3824    rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:19:36.0440 3824    rdpbus - ok
12:19:36.0470 3824    RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:19:36.0481 3824    RDPCDD - ok
12:19:36.0514 3824    RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:19:36.0516 3824    RDPENCDD - ok
12:19:36.0542 3824    RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:19:36.0546 3824    RDPREFMP - ok
12:19:36.0579 3824    RdpVideoMiniport (313f68e1a3e6345a4f47a36b07062f34) C:\Windows\system32\drivers\rdpvideominiport.sys
12:19:36.0581 3824    RdpVideoMiniport - ok
12:19:36.0648 3824    RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:19:36.0670 3824    RDPWD - ok
12:19:36.0832 3824    rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:19:36.0840 3824    rdyboost - ok
12:19:36.0870 3824    RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:19:36.0880 3824    RemoteAccess - ok
12:19:36.0910 3824    RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:19:36.0920 3824    RemoteRegistry - ok
12:19:36.0950 3824    rimmptsk        (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
12:19:36.0960 3824    rimmptsk - ok
12:19:36.0980 3824    rimsptsk        (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
12:19:36.0980 3824    rimsptsk - ok
12:19:37.0000 3824    rismxdp         (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
12:19:37.0000 3824    rismxdp - ok
12:19:37.0040 3824    RMCAST          (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys
12:19:37.0050 3824    RMCAST - ok
12:19:37.0070 3824    RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:19:37.0080 3824    RpcEptMapper - ok
12:19:37.0120 3824    RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:19:37.0130 3824    RpcLocator - ok
12:19:37.0200 3824    RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:19:37.0200 3824    RpcSs - ok
12:19:37.0250 3824    rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:19:37.0250 3824    rspndr - ok
12:19:37.0300 3824    SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:19:37.0300 3824    SamSs - ok
12:19:37.0350 3824    sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:19:37.0350 3824    sbp2port - ok
12:19:37.0400 3824    SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:19:37.0410 3824    SCardSvr - ok
12:19:37.0450 3824    scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:19:37.0450 3824    scfilter - ok
12:19:37.0530 3824    Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:19:37.0540 3824    Schedule - ok
12:19:37.0590 3824    SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:19:37.0590 3824    SCPolicySvc - ok
12:19:37.0610 3824    sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
12:19:37.0620 3824    sdbus - ok
12:19:37.0650 3824    SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:19:37.0660 3824    SDRSVC - ok
12:19:37.0700 3824    secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:19:37.0700 3824    secdrv - ok
12:19:37.0730 3824    seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:19:37.0740 3824    seclogon - ok
12:19:37.0760 3824    SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
12:19:37.0760 3824    SENS - ok
12:19:37.0780 3824    SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:19:37.0790 3824    SensrSvc - ok
12:19:37.0820 3824    Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:19:37.0830 3824    Serenum - ok
12:19:37.0850 3824    Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:19:37.0860 3824    Serial - ok
12:19:37.0870 3824    sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:19:37.0870 3824    sermouse - ok
12:19:37.0960 3824    SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:19:37.0970 3824    SessionEnv - ok
12:19:37.0990 3824    sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:19:37.0990 3824    sffdisk - ok
12:19:38.0000 3824    sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:19:38.0000 3824    sffp_mmc - ok
12:19:38.0020 3824    sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:19:38.0020 3824    sffp_sd - ok
12:19:38.0040 3824    sfhlp01 - ok
12:19:38.0063 3824    sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:19:38.0065 3824    sfloppy - ok
12:19:38.0182 3824    SftService      (dbeb7c353fb71e7d8b9abce62d93d590) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
12:19:38.0192 3824    SftService - ok
12:19:38.0254 3824    SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:19:38.0274 3824    SharedAccess - ok
12:19:38.0324 3824    ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:19:38.0334 3824    ShellHWDetection - ok
12:19:38.0394 3824    silabenm        (720088aad691ff1d90be8ec28727f6ca) C:\Windows\system32\DRIVERS\silabenm.sys
12:19:38.0394 3824    silabenm - ok
12:19:38.0444 3824    silabser        (77d4f56682ab668dd7d4bd4f1178d3c9) C:\Windows\system32\DRIVERS\silabser.sys
12:19:38.0464 3824    silabser - ok
12:19:38.0494 3824    SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:19:38.0504 3824    SiSRaid2 - ok
12:19:38.0514 3824    SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:19:38.0524 3824    SiSRaid4 - ok
12:19:38.0564 3824    SkypeUpdate     (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:19:38.0564 3824    SkypeUpdate - ok
12:19:38.0594 3824    Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:19:38.0594 3824    Smb - ok
12:19:38.0634 3824    SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:19:38.0634 3824    SNMPTRAP - ok
12:19:38.0654 3824    spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:19:38.0654 3824    spldr - ok
12:19:38.0714 3824    Spooler         (85daa09a98c9286d4ea2ba8d0e644377) C:\Windows\System32\spoolsv.exe
12:19:38.0734 3824    Spooler - ok
12:19:38.0944 3824    sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:19:39.0026 3824    sppsvc - ok
12:19:39.0138 3824    sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:19:39.0138 3824    sppuinotify - ok
12:19:39.0298 3824    SRTSP           (378a0748de5adf90bf9db897da8564e6) C:\Windows\System32\Drivers\N360x64\1403010.016\SRTSP64.SYS
12:19:39.0318 3824    SRTSP - ok
12:19:39.0348 3824    SRTSPX          (0e76cef892c45734f7aed09fddf35d4d) C:\Windows\system32\drivers\N360x64\1403010.016\SRTSPX64.SYS
12:19:39.0358 3824    SRTSPX - ok
12:19:39.0418 3824    srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:19:39.0430 3824    srv - ok
12:19:39.0470 3824    srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:19:39.0490 3824    srv2 - ok
12:19:39.0530 3824    srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:19:39.0540 3824    srvnet - ok
12:19:39.0580 3824    SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:19:39.0600 3824    SSDPSRV - ok
12:19:39.0620 3824    SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:19:39.0620 3824    SstpSvc - ok
12:19:39.0770 3824    STacSV          (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
12:19:39.0790 3824    STacSV - ok
12:19:39.0850 3824    Steam Client Service - ok
12:19:39.0890 3824    stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:19:39.0900 3824    stexstor - ok
12:19:39.0960 3824    STHDA           (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
12:19:39.0980 3824    STHDA - ok
12:19:40.0050 3824    stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:19:40.0070 3824    stisvc - ok
12:19:40.0100 3824    swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:19:40.0110 3824    swenum - ok
12:19:40.0230 3824    SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:19:40.0240 3824    SwitchBoard - ok
12:19:40.0300 3824    swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:19:40.0320 3824    swprv - ok
12:19:40.0450 3824    SymDS           (e174c8bc572e93aeee1036dedac5f225) C:\Windows\system32\drivers\N360x64\1403010.016\SYMDS64.SYS
12:19:40.0470 3824    SymDS - ok
12:19:40.0550 3824    SymEFA          (599872bad7cfb45c7ce47cded4b726d8) C:\Windows\system32\drivers\N360x64\1403010.016\SYMEFA64.SYS
12:19:40.0580 3824    SymEFA - ok
12:19:40.0630 3824    SymEvent        (f5d6d3b7468c46ea2ddc1d19d2a6da0f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:19:40.0640 3824    SymEvent - ok
12:19:40.0670 3824    SymIRON         (adf37f1a715d6c56c8e065fd8569a9a4) C:\Windows\system32\drivers\N360x64\1403010.016\Ironx64.SYS
12:19:40.0680 3824    SymIRON - ok
12:19:40.0720 3824    SymNetS         (1605ebd8cb86afc4430116065995279a) C:\Windows\System32\Drivers\N360x64\1403010.016\SYMNETS.SYS
12:19:40.0730 3824    SymNetS - ok
12:19:40.0780 3824    SynTP           (1657b7442d5ce30533f5c4317716b468) C:\Windows\system32\DRIVERS\SynTP.sys
12:19:40.0790 3824    SynTP - ok
12:19:40.0920 3824    SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:19:40.0950 3824    SysMain - ok
12:19:41.0079 3824    TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:19:41.0082 3824    TabletInputService - ok
12:19:41.0122 3824    TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:19:41.0132 3824    TapiSrv - ok
12:19:41.0182 3824    TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:19:41.0182 3824    TBS - ok
12:19:41.0542 3824    Tcpip           (9849ea3843a2adbdd1497e97a85d8cae) C:\Windows\system32\drivers\tcpip.sys
12:19:41.0582 3824    Tcpip - ok
12:19:41.0782 3824    TCPIP6          (9849ea3843a2adbdd1497e97a85d8cae) C:\Windows\system32\DRIVERS\tcpip.sys
12:19:41.0802 3824    TCPIP6 - ok
12:19:41.0934 3824    tcpipreg        (1b16d0bd9841794a6e0cde0cef744abc) C:\Windows\system32\drivers\tcpipreg.sys
12:19:41.0934 3824    tcpipreg - ok
12:19:41.0984 3824    TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:19:41.0984 3824    TDPIPE - ok
12:19:42.0014 3824    TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:19:42.0024 3824    TDTCP - ok
12:19:42.0064 3824    tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:19:42.0064 3824    tdx - ok
12:19:42.0104 3824    TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:19:42.0114 3824    TermDD - ok
12:19:42.0164 3824    TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:19:42.0184 3824    TermService - ok
12:19:42.0274 3824    Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:19:42.0274 3824    Themes - ok
12:19:42.0314 3824    THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:19:42.0314 3824    THREADORDER - ok
12:19:42.0404 3824    TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:19:42.0414 3824    TrkWks - ok
12:19:42.0534 3824    TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:19:42.0544 3824    TrustedInstaller - ok
12:19:42.0584 3824    tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:19:42.0594 3824    tssecsrv - ok
12:19:42.0644 3824    TsUsbFlt        (17c6b51cbccded95b3cc14e22791f85e) C:\Windows\system32\drivers\tsusbflt.sys
12:19:42.0644 3824    TsUsbFlt - ok
12:19:42.0704 3824    tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:19:42.0714 3824    tunnel - ok
12:19:42.0754 3824    uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:19:42.0754 3824    uagp35 - ok
12:19:42.0794 3824    udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:19:42.0804 3824    udfs - ok
12:19:42.0844 3824    UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:19:42.0854 3824    UI0Detect - ok
12:19:42.0874 3824    uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:19:42.0884 3824    uliagpkx - ok
12:19:42.0904 3824    umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:19:42.0914 3824    umbus - ok
12:19:42.0924 3824    UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:19:42.0924 3824    UmPass - ok
12:19:42.0954 3824    upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:19:42.0974 3824    upnphost - ok
12:19:43.0024 3824    USBAAPL64       (43228f8edd1b0bcdd3145ad246e63d39) C:\Windows\system32\Drivers\usbaapl64.sys
12:19:43.0044 3824    USBAAPL64 - ok
12:19:43.0094 3824    usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:19:43.0094 3824    usbaudio - ok
12:19:43.0124 3824    usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:19:43.0134 3824    usbccgp - ok
12:19:43.0294 3824    usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:19:43.0294 3824    usbcir - ok
12:19:43.0334 3824    usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:19:43.0344 3824    usbehci - ok
12:19:43.0394 3824    usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:19:43.0404 3824    usbhub - ok
12:19:43.0434 3824    usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:19:43.0434 3824    usbohci - ok
12:19:43.0457 3824    usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:19:43.0459 3824    usbprint - ok
12:19:43.0489 3824    USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:19:43.0491 3824    USBSTOR - ok
12:19:43.0576 3824    usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
12:19:43.0586 3824    usbuhci - ok
12:19:43.0626 3824    usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:19:43.0636 3824    usbvideo - ok
12:19:43.0676 3824    UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:19:43.0696 3824    UxSms - ok
12:19:43.0753 3824    VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:19:43.0755 3824    VaultSvc - ok
12:19:43.0778 3824    vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:19:43.0778 3824    vdrvroot - ok
12:19:44.0008 3824    vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:19:44.0028 3824    vds - ok
12:19:44.0038 3824    vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:19:44.0038 3824    vga - ok
12:19:44.0048 3824    VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:19:44.0048 3824    VgaSave - ok
12:19:44.0108 3824    vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:19:44.0128 3824    vhdmp - ok
12:19:44.0138 3824    viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:19:44.0148 3824    viaide - ok
12:19:44.0178 3824    volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:19:44.0188 3824    volmgr - ok
12:19:44.0308 3824    volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:19:44.0338 3824    volmgrx - ok
12:19:44.0368 3824    volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:19:44.0388 3824    volsnap - ok
12:19:44.0418 3824    vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:19:44.0418 3824    vsmraid - ok
12:19:44.0538 3824    VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:19:44.0578 3824    VSS - ok
12:19:44.0788 3824    vToolbarUpdater15.3.0 (654d358f8dc18167f31a01166b4ca9d6) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
12:19:44.0818 3824    vToolbarUpdater15.3.0 - ok
12:19:44.0948 3824    vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:19:44.0948 3824    vwifibus - ok
12:19:44.0998 3824    W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:19:45.0018 3824    W32Time - ok
12:19:45.0066 3824    WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:19:45.0069 3824    WacomPen - ok
12:19:45.0120 3824    WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:19:45.0130 3824    WANARP - ok
12:19:45.0130 3824    Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:19:45.0140 3824    Wanarpv6 - ok
12:19:45.0240 3824    WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:19:45.0270 3824    WatAdminSvc - ok
12:19:45.0390 3824    wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:19:45.0430 3824    wbengine - ok
12:19:45.0510 3824    WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:19:45.0520 3824    WbioSrvc - ok
12:19:45.0580 3824    wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:19:45.0600 3824    wcncsvc - ok
12:19:45.0620 3824    WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:19:45.0620 3824    WcsPlugInService - ok
12:19:45.0680 3824    Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:19:45.0690 3824    Wd - ok
12:19:45.0770 3824    Wdf01000        (442783e2cb0da19873b7a63833ff4cb4) C:\Windows\system32\drivers\Wdf01000.sys
12:19:45.0790 3824    Wdf01000 - ok
12:19:45.0820 3824    WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:19:45.0820 3824    WdiServiceHost - ok
12:19:45.0840 3824    WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:19:45.0840 3824    WdiSystemHost - ok
12:19:45.0892 3824    WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:19:45.0902 3824    WebClient - ok
12:19:45.0942 3824    Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:19:45.0952 3824    Wecsvc - ok
12:19:45.0982 3824    wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:19:45.0992 3824    wercplsupport - ok
12:19:46.0012 3824    WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:19:46.0012 3824    WerSvc - ok
12:19:46.0052 3824    WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:19:46.0052 3824    WfpLwf - ok
12:19:46.0092 3824    WimFltr         (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
12:19:46.0092 3824    WimFltr - ok
12:19:46.0152 3824    WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:19:46.0162 3824    WIMMount - ok
12:19:46.0192 3824    WinDefend - ok
12:19:46.0212 3824    WinHttpAutoProxySvc - ok
12:19:46.0272 3824    Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:19:46.0282 3824    Winmgmt - ok
12:19:46.0712 3824    WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:19:46.0762 3824    WinRM - ok
12:19:46.0922 3824    WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:19:46.0922 3824    WinUsb - ok
12:19:47.0022 3824    Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:19:47.0042 3824    Wlansvc - ok
12:19:47.0272 3824    wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:19:47.0282 3824    wlidsvc - ok
12:19:47.0352 3824    WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:19:47.0352 3824    WmiAcpi - ok
12:19:47.0422 3824    wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:19:47.0432 3824    wmiApSrv - ok
12:19:47.0452 3824    WMPNetworkSvc - ok
12:19:47.0482 3824    WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:19:47.0482 3824    WPCSvc - ok
12:19:47.0522 3824    WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:19:47.0532 3824    WPDBusEnum - ok
12:19:47.0562 3824    ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:19:47.0562 3824    ws2ifsl - ok
12:19:47.0632 3824    wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:19:47.0642 3824    wscsvc - ok
12:19:47.0662 3824    WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
12:19:47.0672 3824    WSDPrintDevice - ok
12:19:47.0702 3824    WSDScan         (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
12:19:47.0712 3824    WSDScan - ok
12:19:47.0722 3824    WSearch - ok
12:19:47.0914 3824    wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:19:47.0934 3824    wuauserv - ok
12:19:48.0086 3824    WudfPf          (ab886378eeb55c6c75b4f2d14b6c869f) C:\Windows\system32\drivers\WudfPf.sys
12:19:48.0086 3824    WudfPf - ok
12:19:48.0148 3824    WUDFRd          (dda4caf29d8c0a297f886bfe561e6659) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:19:48.0158 3824    WUDFRd - ok
12:19:48.0208 3824    wudfsvc         (b20f051b03a966392364c83f009f7d17) C:\Windows\System32\WUDFSvc.dll
12:19:48.0208 3824    wudfsvc - ok
12:19:48.0278 3824    WwanSvc         (fe90b750ab808fb9dd8fbb428b5ff83b) C:\Windows\System32\wwansvc.dll
12:19:48.0298 3824    WwanSvc - ok
12:19:48.0448 3824    ZSMC211         (b3610e66bd97b27f519a7b2c165ea753) C:\Windows\system32\Drivers\ZS211.sys
12:19:48.0488 3824    ZSMC211 - ok
12:19:48.0528 3824    MBR (0x1B8)     (9711bf5a8929c6dbe3455a72c790bef0) \Device\Harddisk0\DR0
12:19:49.0252 3824    \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning
12:19:49.0252 3824    \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
12:19:49.0392 3824    Boot (0x1200)   (127da5c5830d7121c9a9049c25e9e492) \Device\Harddisk0\DR0\Partition0
12:19:49.0392 3824    \Device\Harddisk0\DR0\Partition0 - ok
12:19:49.0442 3824    Boot (0x1200)   (d79b19afbc99083a7539feeff5d90240) \Device\Harddisk0\DR0\Partition1
12:19:49.0452 3824    \Device\Harddisk0\DR0\Partition1 - ok
12:19:49.0452 3824    ============================================================
12:19:49.0452 3824    Scan finished
12:19:49.0452 3824    ============================================================
12:19:49.0472 1672    Detected object count: 1
12:19:49.0472 1672    Actual detected object count: 1
12:19:56.0682 1672    \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - skipped by user
12:19:56.0682 1672    \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Skip
 



Here is the next log

# AdwCleaner v2.303 - Logfile created 06/29/2013 at 12:23:42
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kasi - JOEYS_LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Kasi\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : APNMCP

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Users\Kasi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
File Deleted : C:\Users\Kasi\AppData\Roaming\Mozilla\Firefox\Profiles\tsmme8ek.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Kasi\AppData\Roaming\Mozilla\Firefox\Profiles\tsmme8ek.default\searchplugins\safesearch.xml
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\jZip
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\Users\Kasi\AppData\Local\Conduit
Folder Deleted : C:\Users\Kasi\AppData\Local\jZip
Folder Deleted : C:\Users\Kasi\AppData\Local\Temp\APN
Folder Deleted : C:\Users\Kasi\AppData\Local\Temp\jZip
Folder Deleted : C:\Users\Kasi\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kasi\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Kasi\AppData\Roaming\registry mechanic

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Kasi\AppData\Roaming\Mozilla\Firefox\Profiles\tsmme8ek.default\prefs.js

Deleted : user_pref("avg.install.userSPSettings", "AVG Secure Search");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Kasi\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"backup":{"_signature":"J7yfzjR+vCVzdXoxu75Tq7TZGFJc23gZhTour7xyl/A=","_version":4,"extensions":{"i[...]

*************************

AdwCleaner[S1].txt - [7872 octets] - [29/06/2013 12:23:42]

########## EOF - C:\AdwCleaner[S1].txt - [7932 octets] ##########
 



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:32 AM

Posted 29 June 2013 - 09:25 PM

Hello and you're welcome.. You did not post the Minintoolbox log.

Also rerun TDSS and change the option on this to Cure or Delete
( Rootkit.Win32.BackBoot.gen )

Post new log

Are the redirects gone?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 joeburnside

joeburnside
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 29 June 2013 - 09:57 PM

I ran TDSSkiller again, but I do not have the option to cure or delete. Only Copy all to quarantine with Skip, copy all to quarantine, and restore. What shall I do with the file (Rootkit.Win32.BackBoot.gen)

 

MiniToolBox by Farbar  Version: 16-06-2013
Ran by Kasi (administrator) on 29-06-2013 at 20:55:34
Running from "C:\Users\Kasi\Desktop\Virus scan Tools"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® WiFi Link 5100 AGN = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Joeys_laptop
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
   Physical Address. . . . . . . . . : 00-24-D6-03-FF-CC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, June 29, 2013 12:26:53 PM
   Lease Expires . . . . . . . . . . : Sunday, June 30, 2013 8:41:01 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-26-B9-01-96-C5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{865F1DA4-31FF-42B0-B692-8BDD59F0A429}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:3cfa:37a2:3f57:fef5(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3cfa:37a2:3f57:fef5%15(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{933DDD3F-CCD6-4040-A518-B956D161E93A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4005:802::1001
      74.125.239.39
      74.125.239.38
      74.125.239.40
      74.125.239.34
      74.125.239.46
      74.125.239.37
      74.125.239.33
      74.125.239.41
      74.125.239.35
      74.125.239.36
      74.125.239.32


Pinging google.com [74.125.239.142] with 32 bytes of data:
Reply from 74.125.239.142: bytes=32 time=48ms TTL=54
Reply from 74.125.239.142: bytes=32 time=41ms TTL=54

Ping statistics for 74.125.239.142:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 41ms, Maximum = 48ms, Average = 44ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=63ms TTL=50
Reply from 206.190.36.45: bytes=32 time=61ms TTL=50

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 61ms, Maximum = 63ms, Average = 62ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 24 d6 03 ff cc ......Intel® WiFi Link 5100 AGN
 10...00 26 b9 01 96 c5 ......Broadcom NetLink ™ Gigabit Ethernet
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.10     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.10    281
     192.168.1.10  255.255.255.255         On-link      192.168.1.10    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.10    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.10    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.10    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 15     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 15     58 2001::/32                On-link
 15    306 2001:0:9d38:6ab8:3cfa:37a2:3f57:fef5/128
                                    On-link
 15    306 fe80::/64                On-link
 15    306 fe80::3cfa:37a2:3f57:fef5/128
                                    On-link
  1    306 ff00::/8                 On-link
 15    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/29/2013 06:30:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/29/2013 10:46:03 AM) (Source: Application Error) (User: )
Description: Faulting application name: prism3d.exe, version: 1.0.0.1, time stamp: 0x454070b0
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x000222b2
Faulting process id: 0x15c4
Faulting application start time: 0xprism3d.exe0
Faulting application path: prism3d.exe1
Faulting module path: prism3d.exe2
Report Id: prism3d.exe3

Error: (06/29/2013 10:11:24 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: Flash64_11_7_700_224.ocx, version: 11.7.700.224, time stamp: 0x51a67129
Exception code: 0xc0000005
Fault offset: 0x000000000024e5b1
Faulting process id: 0xf4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (06/29/2013 09:45:20 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)

Error: (06/29/2013 09:45:20 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)

Error: (06/29/2013 09:45:20 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)

Error: (06/29/2013 09:45:14 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/29/2013 09:45:14 AM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=431}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/29/2013 09:45:14 AM) (Source: Windows Search Service) (User: )
Description: The gatherer is unable to read the registry URL.

Context:  Application, SystemIndex Catalog


Details:
    (HRESULT : 0x0) (0x00000000)

Error: (06/28/2013 04:54:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: prism3d.exe, version: 1.0.0.1, time stamp: 0x454070b0
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x000222b2
Faulting process id: 0x22cc
Faulting application start time: 0xprism3d.exe0
Faulting application path: prism3d.exe1
Faulting module path: prism3d.exe2
Report Id: prism3d.exe3


System errors:
=============
Error: (06/29/2013 03:43:09 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/29/2013 00:28:02 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/29/2013 00:27:05 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
prodrv06
prohlp02
prosync1
sfhlp01

Error: (06/29/2013 00:26:14 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\prodrv06.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/29/2013 10:16:28 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (06/29/2013 10:16:28 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error:
%%1056

Error: (06/29/2013 10:16:28 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error:
%%1056

Error: (06/29/2013 10:15:28 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error:
%%1056

Error: (06/29/2013 10:14:28 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/29/2013 10:14:28 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (06/29/2013 06:30:06 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/29/2013 10:46:03 AM) (Source: Application Error)(User: )
Description: prism3d.exe1.0.0.1454070b0ntdll.dll6.1.7601.177254ec49b8fc0000005000222b215c401ce74e74cc0151eC:\Program Files (x86)\18 Wheels of Steel Haulin\prism3d.exeC:\Windows\SysWOW64\ntdll.dll6269e992-e0db-11e2-8782-0026b90196c5

Error: (06/29/2013 10:11:24 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1Flash64_11_7_700_224.ocx11.7.700.22451a67129c0000005000000000024e5b1f401ce74df8cb48501C:\Windows\system32\svchost.exeC:\Windows\system32\Macromed\Flash\Flash64_11_7_700_224.ocx8b151348-e0d6-11e2-8782-0026b90196c5

Error: (06/29/2013 09:45:20 AM) (Source: Windows Search Service)(User: )
Description:
Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)

Error: (06/29/2013 09:45:20 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)

Error: (06/29/2013 09:45:20 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)

Error: (06/29/2013 09:45:14 AM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (06/29/2013 09:45:14 AM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
431

Error: (06/29/2013 09:45:14 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    (HRESULT : 0x0) (0x00000000)
URL

Error: (06/28/2013 04:54:59 PM) (Source: Application Error)(User: )
Description: prism3d.exe1.0.0.1454070b0ntdll.dll6.1.7601.177254ec49b8fc0000005000222b222cc01ce745249a9faf0C:\Program Files (x86)\18 Wheels of Steel Haulin\prism3d.exeC:\Windows\SysWOW64\ntdll.dllc1c01af8-e045-11e2-aafc-0026b90196c5


CodeIntegrity Errors:
===================================
  Date: 2013-06-29 20:41:22.693
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-29 18:49:42.600
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-29 17:47:16.305
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-29 14:33:50.871
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-29 12:51:09.416
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-29 12:26:47.593
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-29 12:12:55.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-29 11:17:09.398
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-29 09:44:44.964
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-28 21:36:25.331
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

18 Wheels of Steel Big City Rigs (Version: 1.00.0000)
18 Wheels of Steel Extreme Trucker 2
18 Wheels of Steel Pedal to the Metal (Version: 1.0)
18 Wheels of Steel: Haulin'  (Version: )
18 WoS Extreme Trucker (Version: 1.00.0000)
Activision® (Version: 1.0)
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Advanced Audio FX Engine (Version: 1.12.05)
Amazon Add to Wish List IE Extension 1.2 (Version: 1.2)
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 12.0.1.100)
AVG SafeGuard toolbar (Version: 15.3.0.11)
Bing Rewards Client Installer (Version: 16.0.345.0)
Bonjour (Version: 3.0.0.10)
Canon MG6100 series MP Drivers
Canon RAW Codec (Version: 1.9.0.73)
Caterpillar Construction Tycoon
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Construction - Destruction (Version: 01.00.0000)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup - Support Software (Version: 2.25)
Dell DataSafe Local Backup (Version: 9.3.36)
Dell Dock (Version: 2.0.0)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Touchpad (Version: 13.2.2.2)
Dell Webcam Central (Version: 1.40.05)
Demolition Company
DetectorTools (Version: 1.9.0)
Direct Show Ogg Vorbis Filter (remove only)
Disney Pirates of the Caribbean Online (Version: )
Emergency Fire Response (Version: 1.00.000)
FlatOut (Version: 1.02.0000)
Flight Simulator X Service Pack 1
Garmin Communicator Plugin (Version: 2.9.1)
Garmin USB Drivers (Version: 2.3.0.0)
Geomate.Jr Software Kit (Version: 1.0.0)
Google Chrome (Version: 27.0.1453.116)
Google Earth (Version: 7.0.3.8542)
Google SketchUp 8 (Version: 3.0.4811)
Google Update Helper (Version: 1.3.21.145)
Hot Wheels™ Velocity X (Version: 1.00.0000)
iCloud (Version: 2.1.2.8)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2869)
Internet TV for Windows Media Center (Version: 4.2.2.0)
iolo technologies' System Mechanic (Version: 11.7.1)
iTunes (Version: 11.0.2.26)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 14 (64-bit) (Version: 6.0.140)
Junk Mail filter update (Version: 15.4.3502.0922)
LEGO Digital Designer
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Flight Simulator X (Version: 10.0.60905)
Microsoft Flight Simulator X: Acceleration (Version: 10.0.61637.0)
Microsoft IntelliPoint 8.0 (Version: 8.0.225.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Train Simulator
Microsoft UI Engine (Version: 6.3.2348.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.8.0)
Monster Jam (Version: 1.00.000)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
My Dell (Version: 3.3.6261.27)
Norton Security Suite (Version: 20.3.1.22)
NVIDIA PhysX (Version: 9.10.0513)
Open Downloader Manager
OpenAL
PDF Settings CS5 (Version: 10.0)
Picasa 3 (Version: 3.9)
PowerDVD DX (Version: 8.3.5424)
Quickset64 (Version: 9.6.6)
QuickTime (Version: 7.74.80.86)
Remote Control USB Driver (Version: 2.3.2.317)
RigNRoll (Remove Only) (Version: 3.0.1.0)
Rigs of Rods 0.38.44 (Version: 0.38.44)
ROBLOX Player
ROBLOX Studio 2013
Roxio Burn (Version: 1.0)
Roxio Burn (Version: 1.0.0)
Roxio Update Manager (Version: 6.0.0)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Skype Toolbars (Version: 1.0.4051)
Skype™ 5.10 (Version: 5.10.116)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
Test Drive Off-Road 3
Tom Clancy's Rainbow Six Vegas (Version: 1.06.000)
Train Simulator 2012
Ulead VideoStudio version 4.0 SE Basic
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Windows Driver Package - Escort, Inc. (usbser) Ports  (07/28/2010 1.0.0.0) (Version: 07/28/2010 1.0.0.0)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Wise Disk Cleaner 7.33
Wise Registry Cleaner 7.23
World of Tanks

========================= Memory info: ===================================

Percentage of memory in use: 62%
Total physical RAM: 3932.84 MB
Available physical RAM: 1473.67 MB
Total Pagefile: 7863.86 MB
Available Pagefile: 5254.12 MB
Total Virtual: 4095.88 MB
Available Virtual: 3960.98 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:202.33 GB) NTFS

========================= Users: ========================================

User accounts for \\JOEYS_LAPTOP

Administrator            Guest                    Kasi                     


**** End of log ****
 



#9 joeburnside

joeburnside
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 29 June 2013 - 09:59 PM

The random audio files are still active.



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:32 AM

Posted 29 June 2013 - 10:07 PM

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.
Then

Download Bootkit Remover to your desktop.
  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 joeburnside

joeburnside
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 30 June 2013 - 05:09 PM

Here are the next set of reports.

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-30 15:54:14
-----------------------------
15:54:14.766    OS Version: Windows x64 6.1.7601 Service Pack 1
15:54:14.766    Number of processors: 2 586 0x170A
15:54:14.767    ComputerName: JOEYS_LAPTOP  UserName: Kasi
15:54:16.815    Initialize success
15:56:59.438    AVAST engine defs: 13062800
15:57:29.125    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:57:29.125    Disk 0 Vendor: ST9500420ASG 0003SDM1 Size: 476940MB BusType: 11
15:57:29.125    Device \Driver\atapi -> MajorFunction fffffa80051670a8
15:57:29.140    Disk 0 MBR read successfully
15:57:29.156    Disk 0 MBR scan
15:57:29.156    Disk 0 MBR:Olmarik-A [Rtk]
15:57:29.171    Disk 0 MBR:Olmarik-A [Rtk]@MBR code has been found
15:57:29.171    Disk 0 MBR hidden
15:57:29.171    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
15:57:29.187    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 80325
15:57:29.203    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       461899 MB offset 30800325
15:57:29.203    Disk 0 MBR [MBR:Olmarik-A [Rtk]]  **ROOTKIT**
15:57:29.218    Scan finished successfully
15:58:07.797    Disk 0 MBR has been saved successfully to "C:\Users\Kasi\Desktop\Virus scan Tools\MBR.dat"
15:58:07.797    The log file has been saved successfully to "C:\Users\Kasi\Desktop\Virus scan Tools\aswMBR_2nd.txt"

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-30 15:54:14
-----------------------------
15:54:14.766    OS Version: Windows x64 6.1.7601 Service Pack 1
15:54:14.766    Number of processors: 2 586 0x170A
15:54:14.767    ComputerName: JOEYS_LAPTOP  UserName: Kasi
15:54:16.815    Initialize success
15:56:59.438    AVAST engine defs: 13062800
15:57:29.125    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:57:29.125    Disk 0 Vendor: ST9500420ASG 0003SDM1 Size: 476940MB BusType: 11
15:57:29.125    Device \Driver\atapi -> MajorFunction fffffa80051670a8
15:57:29.140    Disk 0 MBR read successfully
15:57:29.156    Disk 0 MBR scan
15:57:29.156    Disk 0 MBR:Olmarik-A [Rtk]
15:57:29.171    Disk 0 MBR:Olmarik-A [Rtk]@MBR code has been found
15:57:29.171    Disk 0 MBR hidden
15:57:29.171    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
15:57:29.187    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 80325
15:57:29.203    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       461899 MB offset 30800325
15:57:29.203    Disk 0 MBR [MBR:Olmarik-A [Rtk]]  **ROOTKIT**
15:57:29.218    Scan finished successfully
15:58:07.797    Disk 0 MBR has been saved successfully to "C:\Users\Kasi\Desktop\Virus scan Tools\MBR.dat"
15:58:07.797    The log file has been saved successfully to "C:\Users\Kasi\Desktop\Virus scan Tools\aswMBR_2nd.txt"

Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`abf38a00

     Size  Device Name          MBR Status
 --------------------------------------------
   465 GB  \\.\PhysicalDrive0   Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:32 AM

Posted 30 June 2013 - 10:27 PM

OK

Re-Run aswMBR
  • Click Scan
  • On completion of the scan, click the FIX button,
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.
  • Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.

    [list]
  • Save

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 joeburnside

joeburnside
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 01 July 2013 - 09:24 PM

Here is the last scan log file

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-01 19:27:21
-----------------------------
19:27:21.371    OS Version: Windows x64 6.1.7601 Service Pack 1
19:27:21.371    Number of processors: 2 586 0x170A
19:27:21.371    ComputerName: JOEYS_LAPTOP  UserName: Kasi
19:27:30.668    Initialize success
19:27:47.797    AVAST engine defs: 13070101
19:29:14.424    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:29:14.424    Disk 0 Vendor: ST9500420ASG 0003SDM1 Size: 476940MB BusType: 11
19:29:14.518    Disk 0 MBR read successfully
19:29:14.518    Disk 0 MBR scan
19:29:14.533    Disk 0 Windows VISTA default MBR code
19:29:14.533    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
19:29:14.549    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 80325
19:29:14.565    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       461899 MB offset 30800325
19:29:14.596    Disk 0 scanning C:\Windows\system32\drivers
19:29:26.421    Service scanning
19:29:59.914    Modules scanning
19:29:59.914    Disk 0 trace - called modules:
19:29:59.961    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:29:59.961    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bd4060]
19:29:59.961    3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800471b060]
19:30:04.329    AVAST engine scan C:\Windows
19:30:20.350    AVAST engine scan C:\Windows\system32
19:37:40.161    AVAST engine scan C:\Windows\system32\drivers
19:38:28.849    AVAST engine scan C:\Users\Kasi
19:58:46.837    AVAST engine scan C:\ProgramData
20:05:15.184    Scan finished successfully
20:23:19.776    Disk 0 MBR has been saved successfully to "C:\Users\Kasi\Desktop\Virus scan Tools\MBR.dat"
20:23:19.916    The log file has been saved successfully to "C:\Users\Kasi\Desktop\Virus scan Tools\aswMBR_3.txt"

 



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:32 AM

Posted 01 July 2013 - 10:06 PM

Good
Now with TDSS...  copy all to quarantine, and restore


Then run ESET and let me know how it is running.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 joeburnside

joeburnside
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 02 July 2013 - 08:46 PM

Here are the list of threats found.

 

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.07.2012_13.19.24\mbr0000\tdlfs0000\tsk0000.dta    a variant of Win32/Olmarik.AYI trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.07.2012_13.19.24\mbr0000\tdlfs0000\tsk0002.dta    Win32/Olmarik.AWO trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\07.07.2012_13.19.24\mbr0000\tdlfs0000\tsk0012.dta    a variant of Win32/Olmarik.AYI trojan    cleaned by deleting - quarantined
C:\Users\Kasi\AppData\Local\Google\Chrome\User Data\Default\Default\aadegededcggdegbdbgfgfdadedfgdgg\background.html    Win32/BHO.OEI trojan    cleaned by deleting - quarantined
C:\Users\Kasi\AppData\Roaming\Mozilla\Firefox\Profiles\tsmme8ek.default\extensions\gdqwddfqmh@gdqwddfqmh.org.xpi    JS/Redirector.NBX trojan    deleted - quarantined
C:\Users\Kasi\Documents\Zip files\ZipOpenerSetup.exe    Win32/InstallCore.BN.Gen application    cleaned by deleting - quarantined
C:\Users\Kasi\Downloads\Firefox_Setup_21.0.exe    Win32/InstallCore.BL application    cleaned by deleting - quarantined
C:\Users\Kasi\Downloads\jZSetup-r170-n-bi.exe    Win32/Toolbar.SearchSuite application    cleaned by deleting - quarantined
C:\Users\Kasi\Downloads\WinZip175.exe    a variant of Win32/OpenInstall application    cleaned by deleting - quarantined
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users