Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hard drive almost full probably infected


  • This topic is locked This topic is locked
22 replies to this topic

#1 ummhasan

ummhasan

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:35 PM

Posted 21 August 2013 - 11:05 PM

Hi, I have an HP Pavillion a305w pc with a hard drive nearly 75% full but very minimal very small personal files. Programs are at a bare minimum too. I'm suspecting there is a keylogger or some deeply embedded malware or infection on the hard drive.

 

Ive updated and ran my Norton, ran a spybot search and destroy which did find some things and needed a reboot to remove, did that; ran a CCleaner that cleaned up a bit freeing up some space.

 

I also ran a space sniffer but aren't sure what I'm looking for there, I have ran a chkdsk /f /r and checked the error logs to find no problems.

 

I'm currently running a Malwarebytes full scan which, so far, has found no problems. I was going to do a ComboFixer but due to the warnings of not running it withou explicit instruction by a helper, decided to post here.

 

FYI - I just realized that all my scans have been done in normal mode NOT safe mode - not sure if that matters.

 

I tried uploading my file report from SpaceSniffer but it's too big.

 

Please help me out. Thanks - Karen


Edited by hamluis, 22 August 2013 - 06:00 AM.
Moved from Vista to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 ummhasan

ummhasan
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:35 PM

Posted 22 August 2013 - 09:41 PM

UPDATE - when Malwarebytes finished, it had found 48 threats and needed reboot to quarinteen them. Below is the report. It seems that a program one of my kids downloaded is the culprit - SweetIM

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.21.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Admin :: HASAN [administrator]

8/21/2013 11:16:53 PM
mbam-log-2013-08-21 (23-16-53).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 364934
Time elapsed: 2 hour(s), 18 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 48
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079655.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079656.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079657.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079658.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079659.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079660.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079661.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079662.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079663.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079664.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079665.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079666.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079667.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079668.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079669.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079670.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079671.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079672.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079673.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079674.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079675.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP180\A0079677.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP181\A0079679.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP181\A0079680.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP181\A0079681.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP181\A0079682.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP181\A0079683.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP181\A0079684.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP181\A0079689.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP181\A0080099.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP181\A0084120.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP181\A0084121.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP184\A0090482.dll (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP184\A0090483.exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP191\A0093672.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP191\A0093673.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP191\A0093674.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP191\A0093675.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP191\A0093676.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP191\A0093677.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP191\A0093678.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP191\A0093679.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP191\A0093680.rbf (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP191\A0093681.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP191\A0093686.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP193\A0094026.rbf (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP162\A0048536.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8A04BD8A-31E4-43EF-B812-9FD4B2564582}\RP162\A0048537.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.

(end)
 

 



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:35 PM

Posted 22 August 2013 - 09:54 PM

Hello Karen, you have found PUPs with MBAM.
From MBAM's developer http://forums.malwarebytes.org/index.php?showtopic=130156
 

We've seen way too many support tickets and forum posts about PUPs, Potentially Unwanted Programs, that we couldn't sit back anymore.

Starting today, we are upping our Malwarebytes Anti-Malware detection to include those annoying and misleading PUPs, in addition to the harmful and dangerous PUPs we already detect.

 
 
They are spyware and should go. I would suspect we can find more if you found that. Would you also run these.
 
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 
 
 
Download TDSSKiller  and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
.
.
.

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • >>>
  • Last run ESET.
    • Hold down Control and click on this link to open ESET OnlineScan in a new window.
    • Click the esetonlinebtn.png button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under scan settings, check "Scan Archives" and "Remove found threats"
    • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
    • NOTE:Sometimes if ESET finds no infections it will not create a log.

Edited by boopme, 17 September 2013 - 11:50 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 ummhasan

ummhasan
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:35 PM

Posted 22 August 2013 - 11:51 PM

Thanks for your reply, my Norton keeps blocking both the AdwCleaner and miniToolBox. I was able to download the AdwCleaner via CNetDownload but can only find the miniToolBox at Soft32. Is this a reputable site to dl from?

 

I cant find where to add attachments in the reply box so below are my reports

TDSSKiller

00:44:36.0885 0x0b58  TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
00:44:37.0448 0x0b58  ============================================================
00:44:37.0448 0x0b58  Current date / time: 2013/08/23 00:44:37.0448
00:44:37.0448 0x0b58  SystemInfo:
00:44:37.0448 0x0b58  
00:44:37.0448 0x0b58  OS Version: 6.0.6002 ServicePack: 2.0
00:44:37.0448 0x0b58  Product type: Workstation
00:44:37.0448 0x0b58  ComputerName: HASAN
00:44:37.0448 0x0b58  UserName: Admin
00:44:37.0448 0x0b58  Windows directory: C:\Windows
00:44:37.0448 0x0b58  System windows directory: C:\Windows
00:44:37.0448 0x0b58  Processor architecture: Intel x86
00:44:37.0448 0x0b58  Number of processors: 1
00:44:37.0448 0x0b58  Page size: 0x1000
00:44:37.0448 0x0b58  Boot type: Normal boot
00:44:37.0448 0x0b58  ============================================================
00:44:39.0167 0x0b58  Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
00:44:39.0213 0x0b58  ============================================================
00:44:39.0213 0x0b58  \Device\Harddisk0\DR0:
00:44:39.0276 0x0b58  MBR partitions:
00:44:39.0276 0x0b58  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
00:44:39.0276 0x0b58  ============================================================
00:44:39.0292 0x0b58  C: <-> \Device\Harddisk0\DR0\Partition1
00:44:39.0307 0x0b58  ============================================================
00:44:39.0307 0x0b58  Initialize success
00:44:39.0307 0x0b58  ============================================================
00:44:56.0499 0x0f44  ============================================================
00:44:56.0499 0x0f44  Scan started
00:44:56.0499 0x0f44  Mode: Manual; TDLFS;
00:44:56.0499 0x0f44  ============================================================
00:44:56.0967 0x0f44  ================ Scan system memory ========================
00:44:56.0967 0x0f44  System memory - ok
00:44:56.0983 0x0f44  ================ Scan services =============================
00:44:57.0389 0x0f44  [ D829323FBF23348AE6F34A89241648B9 ] A5AGU           C:\Windows\system32\DRIVERS\AGUx86.sys
00:44:57.0436 0x0f44  A5AGU - ok
00:44:57.0514 0x0f44  [ 4B56CAAFED0B0B996341D74CE0E76565 ] ac97intc        C:\Windows\system32\drivers\ac97intc.sys
00:44:57.0514 0x0f44  ac97intc - ok
00:44:57.0608 0x0f44  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
00:44:57.0624 0x0f44  ACPI - ok
00:44:57.0796 0x0f44  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:44:57.0811 0x0f44  AdobeFlashPlayerUpdateSvc - ok
00:44:57.0921 0x0f44  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
00:44:57.0936 0x0f44  adp94xx - ok
00:44:58.0014 0x0f44  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
00:44:58.0030 0x0f44  adpahci - ok
00:44:58.0077 0x0f44  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
00:44:58.0077 0x0f44  adpu160m - ok
00:44:58.0171 0x0f44  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
00:44:58.0186 0x0f44  adpu320 - ok
00:44:58.0296 0x0f44  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:44:58.0296 0x0f44  AeLookupSvc - ok
00:44:58.0405 0x0f44  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
00:44:58.0421 0x0f44  AFD - ok
00:44:58.0530 0x0f44  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
00:44:58.0546 0x0f44  agp440 - ok
00:44:58.0624 0x0f44  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
00:44:58.0624 0x0f44  aic78xx - ok
00:44:58.0874 0x0f44  [ 7997B6F02CBDA0E31FA18CC85871B938 ] ALCXWDM         C:\Windows\system32\drivers\RTKVAC.SYS
00:44:59.0046 0x0f44  ALCXWDM - ok
00:44:59.0092 0x0f44  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
00:44:59.0108 0x0f44  ALG - ok
00:44:59.0186 0x0f44  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:44:59.0186 0x0f44  aliide - ok
00:44:59.0249 0x0f44  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
00:44:59.0249 0x0f44  amdagp - ok
00:44:59.0296 0x0f44  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
00:44:59.0296 0x0f44  amdide - ok
00:44:59.0358 0x0f44  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
00:44:59.0374 0x0f44  AmdK7 - ok
00:44:59.0452 0x0f44  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
00:44:59.0452 0x0f44  AmdK8 - ok
00:44:59.0530 0x0f44  [ 48E008CF2EDCF8FC91A9D3507865A51D ] anodlwf         C:\Windows\system32\DRIVERS\anodlwf.sys
00:44:59.0530 0x0f44  anodlwf - ok
00:44:59.0624 0x0f44  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
00:44:59.0624 0x0f44  Appinfo - ok
00:44:59.0717 0x0f44  [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt         C:\Windows\System32\appmgmts.dll
00:44:59.0749 0x0f44  AppMgmt - ok
00:44:59.0842 0x0f44  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
00:44:59.0842 0x0f44  arc - ok
00:44:59.0905 0x0f44  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
00:44:59.0921 0x0f44  arcsas - ok
00:44:59.0983 0x0f44  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:44:59.0983 0x0f44  AsyncMac - ok
00:45:00.0014 0x0f44  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
00:45:00.0014 0x0f44  atapi - ok
00:45:00.0092 0x0f44  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:45:00.0108 0x0f44  AudioEndpointBuilder - ok
00:45:00.0155 0x0f44  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
00:45:00.0171 0x0f44  Audiosrv - ok
00:45:00.0249 0x0f44  [ F798F61B3B5642D7086B96A891B129D2 ] avgtp           C:\Windows\system32\drivers\avgtpx86.sys
00:45:00.0249 0x0f44  avgtp - ok
00:45:00.0374 0x0f44  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:45:00.0374 0x0f44  Beep - ok
00:45:00.0483 0x0f44  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
00:45:00.0514 0x0f44  BFE - ok
00:45:00.0749 0x0f44  [ 6C6AC7CA8A034C15C52B35189BAD58EE ] BHDrvx86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys
00:45:00.0780 0x0f44  BHDrvx86 - ok
00:45:00.0905 0x0f44  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
00:45:00.0936 0x0f44  BITS - ok
00:45:01.0030 0x0f44  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
00:45:01.0030 0x0f44  blbdrive - ok
00:45:01.0077 0x0f44  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:45:01.0092 0x0f44  bowser - ok
00:45:01.0139 0x0f44  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
00:45:01.0139 0x0f44  BrFiltLo - ok
00:45:01.0186 0x0f44  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
00:45:01.0202 0x0f44  BrFiltUp - ok
00:45:01.0328 0x0f44  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
00:45:01.0343 0x0f44  Browser - ok
00:45:01.0437 0x0f44  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
00:45:01.0437 0x0f44  Brserid - ok
00:45:01.0484 0x0f44  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
00:45:01.0484 0x0f44  BrSerWdm - ok
00:45:01.0546 0x0f44  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
00:45:01.0546 0x0f44  BrUsbMdm - ok
00:45:01.0593 0x0f44  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
00:45:01.0593 0x0f44  BrUsbSer - ok
00:45:01.0656 0x0f44  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
00:45:01.0656 0x0f44  BTHMODEM - ok
00:45:01.0828 0x0f44  [ 3BEE52611F22C9C0023A98A4425E084F ] ccSet_N360      C:\Windows\system32\drivers\N360\1404000.028\ccSetx86.sys
00:45:01.0843 0x0f44  ccSet_N360 - ok
00:45:01.0906 0x0f44  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:45:01.0906 0x0f44  cdfs - ok
00:45:01.0984 0x0f44  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
00:45:02.0000 0x0f44  cdrom - ok
00:45:02.0093 0x0f44  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
00:45:02.0093 0x0f44  CertPropSvc - ok
00:45:02.0140 0x0f44  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
00:45:02.0156 0x0f44  circlass - ok
00:45:02.0218 0x0f44  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
00:45:02.0234 0x0f44  CLFS - ok
00:45:02.0375 0x0f44  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:45:02.0375 0x0f44  clr_optimization_v2.0.50727_32 - ok
00:45:02.0484 0x0f44  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:45:02.0500 0x0f44  clr_optimization_v4.0.30319_32 - ok
00:45:02.0578 0x0f44  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:45:02.0578 0x0f44  cmdide - ok
00:45:02.0625 0x0f44  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
00:45:02.0625 0x0f44  Compbatt - ok
00:45:02.0656 0x0f44  COMSysApp - ok
00:45:02.0718 0x0f44  cpomy - ok
00:45:02.0765 0x0f44  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
00:45:02.0765 0x0f44  crcdisk - ok
00:45:02.0796 0x0f44  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
00:45:02.0812 0x0f44  Crusoe - ok
00:45:02.0906 0x0f44  [ 684C130BBC6DB681BAD4920A4C944AA5 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:45:02.0921 0x0f44  CryptSvc - ok
00:45:02.0968 0x0f44  [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC             C:\Windows\system32\drivers\csc.sys
00:45:02.0984 0x0f44  CSC - ok
00:45:03.0078 0x0f44  [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService      C:\Windows\System32\cscsvc.dll
00:45:03.0125 0x0f44  CscService - ok
00:45:03.0234 0x0f44  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:45:03.0265 0x0f44  DcomLaunch - ok
00:45:03.0328 0x0f44  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:45:03.0328 0x0f44  DfsC - ok
00:45:03.0484 0x0f44  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
00:45:03.0562 0x0f44  DFSR - ok
00:45:03.0656 0x0f44  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
00:45:03.0687 0x0f44  Dhcp - ok
00:45:03.0750 0x0f44  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
00:45:03.0750 0x0f44  disk - ok
00:45:03.0812 0x0f44  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:45:03.0812 0x0f44  Dnscache - ok
00:45:03.0906 0x0f44  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
00:45:03.0906 0x0f44  dot3svc - ok
00:45:03.0968 0x0f44  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
00:45:03.0968 0x0f44  DPS - ok
00:45:04.0046 0x0f44  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:45:04.0046 0x0f44  drmkaud - ok
00:45:04.0125 0x0f44  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:45:04.0171 0x0f44  DXGKrnl - ok
00:45:04.0281 0x0f44  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
00:45:04.0281 0x0f44  E1G60 - ok
00:45:04.0390 0x0f44  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
00:45:04.0390 0x0f44  EapHost - ok
00:45:04.0468 0x0f44  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
00:45:04.0468 0x0f44  Ecache - ok
00:45:04.0625 0x0f44  [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
00:45:04.0656 0x0f44  eeCtrl - ok
00:45:04.0750 0x0f44  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
00:45:04.0781 0x0f44  elxstor - ok
00:45:04.0890 0x0f44  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
00:45:04.0906 0x0f44  EMDMgmt - ok
00:45:05.0000 0x0f44  [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilDrv11220 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys
00:45:05.0000 0x0f44  EraserUtilDrv11220 - ok
00:45:05.0046 0x0f44  EraserUtilDrv11310 - ok
00:45:05.0109 0x0f44  [ A81AB23EDDB4693612014D87367D014C ] ErrDev          C:\Windows\system32\drivers\errdev.sys
00:45:05.0109 0x0f44  ErrDev - ok
00:45:05.0234 0x0f44  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
00:45:05.0250 0x0f44  EventSystem - ok
00:45:05.0343 0x0f44  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
00:45:05.0343 0x0f44  exfat - ok
00:45:05.0406 0x0f44  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:45:05.0437 0x0f44  fastfat - ok
00:45:05.0546 0x0f44  [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax             C:\Windows\system32\fxssvc.exe
00:45:05.0562 0x0f44  Fax - ok
00:45:05.0656 0x0f44  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
00:45:05.0671 0x0f44  fdc - ok
00:45:05.0734 0x0f44  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
00:45:05.0750 0x0f44  fdPHost - ok
00:45:05.0796 0x0f44  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:45:05.0796 0x0f44  FDResPub - ok
00:45:05.0828 0x0f44  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:45:05.0843 0x0f44  FileInfo - ok
00:45:05.0890 0x0f44  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:45:05.0890 0x0f44  Filetrace - ok
00:45:05.0937 0x0f44  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
00:45:05.0953 0x0f44  flpydisk - ok
00:45:06.0015 0x0f44  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:45:06.0015 0x0f44  FltMgr - ok
00:45:06.0093 0x0f44  [ 119ACA7CADCA75BEA6B38E999443BAA6 ] FontCache       C:\Windows\system32\FntCache.dll
00:45:06.0140 0x0f44  FontCache - ok
00:45:06.0250 0x0f44  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:45:06.0281 0x0f44  FontCache3.0.0.0 - ok
00:45:06.0375 0x0f44  [ B0082808A6856A252F7CDD939892CE50 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
00:45:06.0375 0x0f44  fssfltr - ok
00:45:06.0531 0x0f44  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
00:45:06.0625 0x0f44  fsssvc - ok
00:45:06.0687 0x0f44  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:45:06.0703 0x0f44  Fs_Rec - ok
00:45:06.0765 0x0f44  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
00:45:06.0781 0x0f44  gagp30kx - ok
00:45:06.0890 0x0f44  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
00:45:06.0906 0x0f44  gpsvc - ok
00:45:07.0031 0x0f44  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
00:45:07.0062 0x0f44  gupdate - ok
00:45:07.0109 0x0f44  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
00:45:07.0109 0x0f44  gupdatem - ok
00:45:07.0187 0x0f44  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
00:45:07.0218 0x0f44  gusvc - ok
00:45:07.0296 0x0f44  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\drivers\hdaudbus.sys
00:45:07.0328 0x0f44  HDAudBus - ok
00:45:07.0390 0x0f44  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
00:45:07.0406 0x0f44  HidBth - ok
00:45:07.0437 0x0f44  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
00:45:07.0453 0x0f44  HidIr - ok
00:45:07.0515 0x0f44  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
00:45:07.0531 0x0f44  hidserv - ok
00:45:07.0593 0x0f44  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
00:45:07.0609 0x0f44  HidUsb - ok
00:45:07.0703 0x0f44  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:45:07.0703 0x0f44  hkmsvc - ok
00:45:07.0750 0x0f44  [ 7EBEC5EB56B90ED65A8BBD91464E5CFB ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
00:45:07.0765 0x0f44  HpCISSs - ok
00:45:07.0828 0x0f44  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:45:07.0843 0x0f44  HTTP - ok
00:45:07.0937 0x0f44  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
00:45:07.0937 0x0f44  i2omp - ok
00:45:08.0015 0x0f44  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
00:45:08.0015 0x0f44  i8042prt - ok
00:45:08.0078 0x0f44  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
00:45:08.0093 0x0f44  iaStorV - ok
00:45:08.0234 0x0f44  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:45:08.0281 0x0f44  idsvc - ok
00:45:08.0421 0x0f44  [ 715941AC16A273F986733BA9A2536368 ] IDSVix86        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130822.001\IDSvix86.sys
00:45:08.0453 0x0f44  IDSVix86 - ok
00:45:08.0531 0x0f44  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
00:45:08.0531 0x0f44  iirsp - ok
00:45:08.0609 0x0f44  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
00:45:08.0640 0x0f44  IKEEXT - ok
00:45:08.0703 0x0f44  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
00:45:08.0718 0x0f44  intelide - ok
00:45:08.0765 0x0f44  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:45:08.0765 0x0f44  intelppm - ok
00:45:08.0859 0x0f44  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:45:08.0859 0x0f44  IPBusEnum - ok
00:45:08.0937 0x0f44  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:45:08.0937 0x0f44  IpFilterDriver - ok
00:45:09.0015 0x0f44  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:45:09.0031 0x0f44  iphlpsvc - ok
00:45:09.0062 0x0f44  IpInIp - ok
00:45:09.0125 0x0f44  [ 4B9C0F4D4A3ACC535F9771039ECD6365 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
00:45:09.0125 0x0f44  IPMIDRV - ok
00:45:09.0203 0x0f44  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
00:45:09.0218 0x0f44  IPNAT - ok
00:45:09.0281 0x0f44  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:45:09.0281 0x0f44  IRENUM - ok
00:45:09.0328 0x0f44  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:45:09.0343 0x0f44  isapnp - ok
00:45:09.0406 0x0f44  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
00:45:09.0421 0x0f44  iScsiPrt - ok
00:45:09.0468 0x0f44  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
00:45:09.0468 0x0f44  iteatapi - ok
00:45:09.0531 0x0f44  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
00:45:09.0546 0x0f44  iteraid - ok
00:45:09.0656 0x0f44  [ E45E7B0C8DA1FCD568342D4FFA47AD85 ] jswpsapi        C:\Program Files\D-Link\RangeBooster G WUA-2340\JSWUtilVst\jswpsapi.exe
00:45:09.0718 0x0f44  jswpsapi - ok
00:45:09.0796 0x0f44  [ 55C9B4252B751226B838EED2BC50BB64 ] jswpslwf        C:\Windows\system32\DRIVERS\jswpslwf.sys
00:45:09.0796 0x0f44  jswpslwf - ok
00:45:09.0875 0x0f44  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
00:45:09.0890 0x0f44  kbdclass - ok
00:45:09.0937 0x0f44  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
00:45:09.0937 0x0f44  kbdhid - ok
00:45:09.0984 0x0f44  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
00:45:09.0984 0x0f44  KeyIso - ok
00:45:10.0062 0x0f44  [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
00:45:10.0062 0x0f44  KMWDFILTER - ok
00:45:10.0140 0x0f44  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:45:10.0171 0x0f44  KSecDD - ok
00:45:10.0281 0x0f44  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:45:10.0312 0x0f44  KtmRm - ok
00:45:10.0406 0x0f44  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
00:45:10.0406 0x0f44  LanmanServer - ok
00:45:10.0515 0x0f44  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:45:10.0531 0x0f44  LanmanWorkstation - ok
00:45:10.0640 0x0f44  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:45:10.0640 0x0f44  lltdio - ok
00:45:10.0734 0x0f44  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:45:10.0750 0x0f44  lltdsvc - ok
00:45:10.0796 0x0f44  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:45:10.0796 0x0f44  lmhosts - ok
00:45:10.0890 0x0f44  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
00:45:10.0890 0x0f44  LSI_FC - ok
00:45:10.0968 0x0f44  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
00:45:10.0968 0x0f44  LSI_SAS - ok
00:45:11.0031 0x0f44  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
00:45:11.0031 0x0f44  LSI_SCSI - ok
00:45:11.0093 0x0f44  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
00:45:11.0093 0x0f44  luafv - ok
00:45:11.0171 0x0f44  [ 9FB982DE1C8DD769F8ED681DD878B12F ] lvpopflt        C:\Windows\system32\DRIVERS\lvpopflt.sys
00:45:11.0171 0x0f44  lvpopflt - ok
00:45:11.0250 0x0f44  [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2Mon.sys
00:45:11.0250 0x0f44  LVPr2Mon - ok
00:45:11.0343 0x0f44  [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
00:45:11.0343 0x0f44  LVPrcSrv - ok
00:45:11.0421 0x0f44  [ 37072EC9299E825F4335CC554B6FAC6A ] LVRS            C:\Windows\system32\DRIVERS\lvrs.sys
00:45:11.0453 0x0f44  LVRS - ok
00:45:11.0812 0x0f44  [ A240E42A7402E927A71B6E8AA4629B13 ] LVUVC           C:\Windows\system32\DRIVERS\lvuvc.sys
00:45:12.0078 0x0f44  LVUVC - ok
00:45:12.0171 0x0f44  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
00:45:12.0187 0x0f44  MBAMProtector - ok
00:45:12.0296 0x0f44  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:45:12.0312 0x0f44  MBAMScheduler - ok
00:45:12.0406 0x0f44  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:45:12.0453 0x0f44  MBAMService - ok
00:45:12.0546 0x0f44  [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy   C:\Windows\system32\drivers\mbamswissarmy.sys
00:45:12.0546 0x0f44  MBAMSwissArmy - ok
00:45:12.0609 0x0f44  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
00:45:12.0625 0x0f44  megasas - ok
00:45:12.0687 0x0f44  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
00:45:12.0703 0x0f44  MegaSR - ok
00:45:12.0781 0x0f44  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
00:45:12.0796 0x0f44  MMCSS - ok
00:45:12.0843 0x0f44  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
00:45:12.0843 0x0f44  Modem - ok
00:45:12.0953 0x0f44  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:45:12.0953 0x0f44  monitor - ok
00:45:13.0000 0x0f44  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:45:13.0000 0x0f44  mouclass - ok
00:45:13.0046 0x0f44  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:45:13.0046 0x0f44  mouhid - ok
00:45:13.0093 0x0f44  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
00:45:13.0093 0x0f44  MountMgr - ok
00:45:13.0187 0x0f44  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:45:13.0187 0x0f44  MozillaMaintenance - ok
00:45:13.0265 0x0f44  [ 5DA347912FD3AF24D7BFB3DE519D4BD0 ] mpio            C:\Windows\system32\drivers\mpio.sys
00:45:13.0281 0x0f44  mpio - ok
00:45:13.0328 0x0f44  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:45:13.0328 0x0f44  mpsdrv - ok
00:45:13.0437 0x0f44  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:45:13.0468 0x0f44  MpsSvc - ok
00:45:13.0546 0x0f44  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
00:45:13.0546 0x0f44  Mraid35x - ok
00:45:13.0593 0x0f44  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:45:13.0609 0x0f44  MRxDAV - ok
00:45:13.0687 0x0f44  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:45:13.0687 0x0f44  mrxsmb - ok
00:45:13.0734 0x0f44  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:45:13.0750 0x0f44  mrxsmb10 - ok
00:45:13.0796 0x0f44  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:45:13.0796 0x0f44  mrxsmb20 - ok
00:45:13.0875 0x0f44  [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci          C:\Windows\system32\drivers\msahci.sys
00:45:13.0875 0x0f44  msahci - ok
00:45:13.0953 0x0f44  [ 2C563AEF15B8D0014C36C5F27742AC7B ] msdsm           C:\Windows\system32\drivers\msdsm.sys
00:45:13.0953 0x0f44  msdsm - ok
00:45:14.0000 0x0f44  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
00:45:14.0015 0x0f44  MSDTC - ok
00:45:14.0093 0x0f44  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:45:14.0093 0x0f44  Msfs - ok
00:45:14.0140 0x0f44  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:45:14.0140 0x0f44  msisadrv - ok
00:45:14.0234 0x0f44  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:45:14.0250 0x0f44  MSiSCSI - ok
00:45:14.0281 0x0f44  msiserver - ok
00:45:14.0359 0x0f44  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:45:14.0359 0x0f44  MSKSSRV - ok
00:45:14.0421 0x0f44  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:45:14.0421 0x0f44  MSPCLOCK - ok
00:45:14.0484 0x0f44  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:45:14.0484 0x0f44  MSPQM - ok
00:45:14.0546 0x0f44  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:45:14.0546 0x0f44  MsRPC - ok
00:45:14.0609 0x0f44  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
00:45:14.0609 0x0f44  mssmbios - ok
00:45:14.0703 0x0f44  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:45:14.0703 0x0f44  MSTEE - ok
00:45:14.0765 0x0f44  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
00:45:14.0781 0x0f44  Mup - ok
00:45:14.0890 0x0f44  [ 1BF9D6476061B31CD7FC2BF848529A56 ] N360            C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
00:45:14.0906 0x0f44  N360 - ok
00:45:14.0984 0x0f44  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
00:45:15.0015 0x0f44  napagent - ok
00:45:15.0109 0x0f44  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:45:15.0140 0x0f44  NativeWifiP - ok
00:45:15.0281 0x0f44  [ CE2156DF796D41614AB60E68D107D573 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130822.016\NAVENG.SYS
00:45:15.0296 0x0f44  NAVENG - ok
00:45:15.0406 0x0f44  [ 19CEB8F4EC8C800A53D0B67E658E0367 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130822.016\NAVEX15.SYS
00:45:15.0453 0x0f44  NAVEX15 - ok
00:45:15.0578 0x0f44  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:45:15.0609 0x0f44  NDIS - ok
00:45:15.0656 0x0f44  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:45:15.0656 0x0f44  NdisTapi - ok
00:45:15.0703 0x0f44  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:45:15.0703 0x0f44  Ndisuio - ok
00:45:15.0750 0x0f44  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:45:15.0765 0x0f44  NdisWan - ok
00:45:15.0812 0x0f44  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:45:15.0828 0x0f44  NDProxy - ok
00:45:15.0890 0x0f44  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:45:15.0906 0x0f44  NetBIOS - ok
00:45:15.0953 0x0f44  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
00:45:15.0968 0x0f44  netbt - ok
00:45:16.0015 0x0f44  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
00:45:16.0015 0x0f44  Netlogon - ok
00:45:16.0125 0x0f44  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
00:45:16.0140 0x0f44  Netman - ok
00:45:16.0187 0x0f44  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
00:45:16.0218 0x0f44  netprofm - ok
00:45:16.0312 0x0f44  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:45:16.0312 0x0f44  NetTcpPortSharing - ok
00:45:16.0406 0x0f44  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
00:45:16.0421 0x0f44  nfrd960 - ok
00:45:16.0500 0x0f44  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:45:16.0531 0x0f44  NlaSvc - ok
00:45:16.0578 0x0f44  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:45:16.0578 0x0f44  Npfs - ok
00:45:16.0656 0x0f44  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
00:45:16.0656 0x0f44  nsi - ok
00:45:16.0703 0x0f44  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:45:16.0703 0x0f44  nsiproxy - ok
00:45:16.0828 0x0f44  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:45:16.0875 0x0f44  Ntfs - ok
00:45:16.0984 0x0f44  [ A7DFF9642D510BE1EEC6664CD0369953 ] NtmsSvc         C:\Windows\system32\ntmssvc.dll
00:45:17.0015 0x0f44  NtmsSvc - ok
00:45:17.0078 0x0f44  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
00:45:17.0093 0x0f44  ntrigdigi - ok
00:45:17.0140 0x0f44  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
00:45:17.0140 0x0f44  Null - ok
00:45:17.0203 0x0f44  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:45:17.0203 0x0f44  nvraid - ok
00:45:17.0265 0x0f44  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:45:17.0265 0x0f44  nvstor - ok
00:45:17.0312 0x0f44  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:45:17.0312 0x0f44  nv_agp - ok
00:45:17.0391 0x0f44  NwlnkFlt - ok
00:45:17.0422 0x0f44  NwlnkFwd - ok
00:45:17.0594 0x0f44  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:45:17.0610 0x0f44  odserv - ok
00:45:17.0672 0x0f44  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
00:45:17.0672 0x0f44  ohci1394 - ok
00:45:17.0782 0x0f44  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:45:17.0797 0x0f44  ose - ok
00:45:17.0907 0x0f44  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
00:45:17.0938 0x0f44  p2pimsvc - ok
00:45:18.0001 0x0f44  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
00:45:18.0016 0x0f44  p2psvc - ok
00:45:18.0094 0x0f44  [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
00:45:18.0094 0x0f44  Parport - ok
00:45:18.0157 0x0f44  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:45:18.0157 0x0f44  partmgr - ok
00:45:18.0219 0x0f44  [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
00:45:18.0219 0x0f44  Parvdm - ok
00:45:18.0329 0x0f44  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:45:18.0329 0x0f44  PcaSvc - ok
00:45:18.0422 0x0f44  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
00:45:18.0438 0x0f44  pci - ok
00:45:18.0501 0x0f44  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
00:45:18.0501 0x0f44  pciide - ok
00:45:18.0579 0x0f44  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
00:45:18.0594 0x0f44  pcmcia - ok
00:45:18.0688 0x0f44  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:45:18.0719 0x0f44  PEAUTH - ok
00:45:18.0922 0x0f44  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
00:45:18.0985 0x0f44  pla - ok
00:45:19.0063 0x0f44  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:45:19.0094 0x0f44  PlugPlay - ok
00:45:19.0157 0x0f44  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
00:45:19.0172 0x0f44  PNRPAutoReg - ok
00:45:19.0235 0x0f44  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
00:45:19.0251 0x0f44  PNRPsvc - ok
00:45:19.0360 0x0f44  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:45:19.0376 0x0f44  PolicyAgent - ok
00:45:19.0469 0x0f44  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:45:19.0485 0x0f44  PptpMiniport - ok
00:45:19.0563 0x0f44  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
00:45:19.0563 0x0f44  Processor - ok
00:45:19.0641 0x0f44  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
00:45:19.0657 0x0f44  ProfSvc - ok
00:45:19.0719 0x0f44  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
00:45:19.0719 0x0f44  ProtectedStorage - ok
00:45:19.0797 0x0f44  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
00:45:19.0813 0x0f44  PSched - ok
00:45:19.0907 0x0f44  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
00:45:19.0938 0x0f44  ql2300 - ok
00:45:19.0985 0x0f44  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
00:45:20.0001 0x0f44  ql40xx - ok
00:45:20.0079 0x0f44  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
00:45:20.0110 0x0f44  QWAVE - ok
00:45:20.0204 0x0f44  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:45:20.0204 0x0f44  QWAVEdrv - ok
00:45:20.0251 0x0f44  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:45:20.0266 0x0f44  RasAcd - ok
00:45:20.0297 0x0f44  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
00:45:20.0313 0x0f44  RasAuto - ok
00:45:20.0360 0x0f44  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:45:20.0376 0x0f44  Rasl2tp - ok
00:45:20.0469 0x0f44  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
00:45:20.0501 0x0f44  RasMan - ok
00:45:20.0547 0x0f44  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:45:20.0563 0x0f44  RasPppoe - ok
00:45:20.0641 0x0f44  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:45:20.0641 0x0f44  RasSstp - ok
00:45:20.0704 0x0f44  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:45:20.0719 0x0f44  rdbss - ok
00:45:20.0766 0x0f44  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:45:20.0766 0x0f44  RDPCDD - ok
00:45:20.0844 0x0f44  [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr           C:\Windows\system32\DRIVERS\rdpdr.sys
00:45:20.0860 0x0f44  rdpdr - ok
00:45:20.0891 0x0f44  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:45:20.0907 0x0f44  RDPENCDD - ok
00:45:21.0001 0x0f44  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:45:21.0016 0x0f44  RDPWD - ok
00:45:21.0110 0x0f44  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:45:21.0110 0x0f44  RemoteAccess - ok
00:45:21.0332 0x0f44  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:45:21.0347 0x0f44  RemoteRegistry - ok
00:45:21.0600 0x0f44  [ 1D4061CC5BC8E823D05E1E6E6C1224E3 ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe
00:45:21.0616 0x0f44  RichVideo - ok
00:45:21.0725 0x0f44  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
00:45:21.0741 0x0f44  RpcLocator - ok
00:45:21.0850 0x0f44  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
00:45:21.0866 0x0f44  RpcSs - ok
00:45:22.0116 0x0f44  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:45:22.0116 0x0f44  rspndr - ok
00:45:22.0210 0x0f44  [ D80E68254117518C637AFE6803FD4619 ] RTL8023xp       C:\Windows\system32\DRIVERS\Rtnicxp.sys
00:45:22.0210 0x0f44  RTL8023xp - ok
00:45:22.0397 0x0f44  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
00:45:22.0413 0x0f44  SamSs - ok
00:45:22.0475 0x0f44  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:45:22.0475 0x0f44  sbp2port - ok
00:45:22.0678 0x0f44  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
00:45:22.0788 0x0f44  SBSDWSCService - ok
00:45:22.0881 0x0f44  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:45:22.0897 0x0f44  SCardSvr - ok
00:45:23.0088 0x0f44  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
00:45:23.0134 0x0f44  Schedule - ok
00:45:23.0166 0x0f44  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:45:23.0166 0x0f44  SCPolicySvc - ok
00:45:23.0275 0x0f44  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:45:23.0291 0x0f44  SDRSVC - ok
00:45:23.0369 0x0f44  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:45:23.0369 0x0f44  secdrv - ok
00:45:23.0416 0x0f44  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
00:45:23.0416 0x0f44  seclogon - ok
00:45:23.0463 0x0f44  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
00:45:23.0463 0x0f44  SENS - ok
00:45:23.0509 0x0f44  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
00:45:23.0509 0x0f44  Serenum - ok
00:45:23.0572 0x0f44  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
00:45:23.0588 0x0f44  Serial - ok
00:45:23.0619 0x0f44  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
00:45:23.0634 0x0f44  sermouse - ok
00:45:23.0744 0x0f44  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
00:45:23.0759 0x0f44  SessionEnv - ok
00:45:23.0822 0x0f44  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
00:45:23.0838 0x0f44  sffdisk - ok
00:45:23.0869 0x0f44  [ E5EAFE85815BD89095FEF3144A09AB68 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:45:23.0869 0x0f44  sffp_mmc - ok
00:45:23.0994 0x0f44  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
00:45:24.0009 0x0f44  sffp_sd - ok
00:45:24.0166 0x0f44  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
00:45:24.0166 0x0f44  sfloppy - ok
00:45:24.0437 0x0f44  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:45:24.0468 0x0f44  SharedAccess - ok
00:45:24.0546 0x0f44  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:45:24.0562 0x0f44  ShellHWDetection - ok
00:45:24.0640 0x0f44  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
00:45:24.0656 0x0f44  sisagp - ok
00:45:24.0765 0x0f44  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
00:45:24.0765 0x0f44  SiSRaid2 - ok
00:45:24.0937 0x0f44  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
00:45:25.0031 0x0f44  SiSRaid4 - ok
00:45:25.0390 0x0f44  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
00:45:25.0546 0x0f44  slsvc - ok
00:45:25.0656 0x0f44  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
00:45:25.0687 0x0f44  SLUINotify - ok
00:45:25.0796 0x0f44  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:45:25.0796 0x0f44  Smb - ok
00:45:25.0953 0x0f44  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:45:26.0000 0x0f44  SNMPTRAP - ok
00:45:26.0078 0x0f44  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
00:45:26.0078 0x0f44  spldr - ok
00:45:26.0156 0x0f44  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
00:45:26.0171 0x0f44  Spooler - ok
00:45:26.0281 0x0f44  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\Windows\system32\Drivers\sptd.sys
00:45:26.0312 0x0f44  sptd - ok
00:45:26.0406 0x0f44  [ C743E384E9EFCA10B41C60D406DE39C0 ] SRTSP           C:\Windows\System32\Drivers\N360\1404000.028\SRTSP.SYS
00:45:26.0437 0x0f44  SRTSP - ok
00:45:26.0515 0x0f44  [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX          C:\Windows\system32\drivers\N360\1404000.028\SRTSPX.SYS
00:45:26.0515 0x0f44  SRTSPX - ok
00:45:26.0593 0x0f44  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:45:26.0609 0x0f44  srv - ok
00:45:26.0671 0x0f44  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:45:26.0687 0x0f44  srv2 - ok
00:45:26.0765 0x0f44  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:45:26.0765 0x0f44  srvnet - ok
00:45:26.0843 0x0f44  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:45:26.0875 0x0f44  SSDPSRV - ok
00:45:26.0937 0x0f44  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:45:26.0953 0x0f44  SstpSvc - ok
00:45:27.0000 0x0f44  [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
00:45:27.0000 0x0f44  StillCam - ok
00:45:27.0093 0x0f44  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
00:45:27.0125 0x0f44  stisvc - ok
00:45:27.0203 0x0f44  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
00:45:27.0203 0x0f44  swenum - ok
00:45:27.0281 0x0f44  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
00:45:27.0328 0x0f44  swprv - ok
00:45:27.0375 0x0f44  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
00:45:27.0375 0x0f44  Symc8xx - ok
00:45:27.0468 0x0f44  [ 5A193E5E0F0A776430E5D62A051C1E16 ] SymDS           C:\Windows\system32\drivers\N360\1404000.028\SYMDS.SYS
00:45:27.0484 0x0f44  SymDS - ok
00:45:27.0578 0x0f44  [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA          C:\Windows\system32\drivers\N360\1404000.028\SYMEFA.SYS
00:45:27.0640 0x0f44  SymEFA - ok
00:45:27.0718 0x0f44  [ F50D81D3E0C7A353F205562B89CD06D6 ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
00:45:27.0734 0x0f44  SymEvent - ok
00:45:27.0828 0x0f44  [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON         C:\Windows\system32\drivers\N360\1404000.028\Ironx86.SYS
00:45:27.0828 0x0f44  SymIRON - ok
00:45:27.0921 0x0f44  [ C834343C3A23DC9BC3AA752F0CAFD04B ] SYMTDIv         C:\Windows\System32\Drivers\N360\1404000.028\SYMTDIV.SYS
00:45:27.0937 0x0f44  SYMTDIv - ok
00:45:27.0984 0x0f44  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
00:45:28.0000 0x0f44  Sym_hi - ok
00:45:28.0093 0x0f44  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
00:45:28.0093 0x0f44  Sym_u3 - ok
00:45:28.0187 0x0f44  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
00:45:28.0218 0x0f44  SysMain - ok
00:45:28.0265 0x0f44  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:45:28.0281 0x0f44  TabletInputService - ok
00:45:28.0343 0x0f44  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:45:28.0359 0x0f44  TapiSrv - ok
00:45:28.0437 0x0f44  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
00:45:28.0453 0x0f44  TBS - ok
00:45:28.0546 0x0f44  [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:45:28.0578 0x0f44  Tcpip - ok
00:45:28.0671 0x0f44  [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
00:45:28.0687 0x0f44  Tcpip6 - ok
00:45:29.0078 0x0f44  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:45:29.0140 0x0f44  tcpipreg - ok
00:45:29.0265 0x0f44  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:45:29.0281 0x0f44  TDPIPE - ok
00:45:29.0390 0x0f44  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:45:29.0406 0x0f44  TDTCP - ok
00:45:29.0500 0x0f44  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:45:29.0515 0x0f44  tdx - ok
00:45:29.0671 0x0f44  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
00:45:29.0750 0x0f44  TermDD - ok
00:45:29.0843 0x0f44  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
00:45:29.0890 0x0f44  TermService - ok
00:45:30.0000 0x0f44  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
00:45:30.0015 0x0f44  Themes - ok
00:45:30.0093 0x0f44  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
00:45:30.0093 0x0f44  THREADORDER - ok
00:45:30.0187 0x0f44  [ 5E1BC006CB4A26507D4512795CF08373 ] TlntSvr         C:\Windows\System32\tlntsvr.exe
00:45:30.0203 0x0f44  TlntSvr - ok
00:45:30.0281 0x0f44  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
00:45:30.0281 0x0f44  TrkWks - ok
00:45:30.0406 0x0f44  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:45:30.0406 0x0f44  TrustedInstaller - ok
00:45:30.0515 0x0f44  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:45:30.0515 0x0f44  tssecsrv - ok
00:45:30.0593 0x0f44  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
00:45:30.0593 0x0f44  tunmp - ok
00:45:30.0671 0x0f44  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:45:30.0687 0x0f44  tunnel - ok
00:45:30.0734 0x0f44  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
00:45:30.0750 0x0f44  uagp35 - ok
00:45:30.0812 0x0f44  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:45:30.0828 0x0f44  udfs - ok
00:45:30.0937 0x0f44  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:45:30.0953 0x0f44  UI0Detect - ok
00:45:31.0031 0x0f44  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:45:31.0031 0x0f44  uliagpkx - ok
00:45:31.0109 0x0f44  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
00:45:31.0125 0x0f44  uliahci - ok
00:45:31.0171 0x0f44  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
00:45:31.0187 0x0f44  UlSata - ok
00:45:31.0234 0x0f44  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
00:45:31.0234 0x0f44  ulsata2 - ok
00:45:31.0281 0x0f44  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
00:45:31.0296 0x0f44  umbus - ok
00:45:31.0359 0x0f44  [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService    C:\Windows\System32\umrdp.dll
00:45:31.0359 0x0f44  UmRdpService - ok
00:45:31.0453 0x0f44  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
00:45:31.0468 0x0f44  upnphost - ok
00:45:31.0546 0x0f44  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
00:45:31.0562 0x0f44  usbaudio - ok
00:45:31.0640 0x0f44  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:45:31.0656 0x0f44  usbccgp - ok
00:45:31.0718 0x0f44  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
00:45:31.0718 0x0f44  usbcir - ok
00:45:31.0781 0x0f44  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
00:45:31.0781 0x0f44  usbehci - ok
00:45:31.0828 0x0f44  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:45:31.0843 0x0f44  usbhub - ok
00:45:31.0906 0x0f44  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
00:45:31.0906 0x0f44  usbohci - ok
00:45:31.0968 0x0f44  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
00:45:31.0984 0x0f44  usbprint - ok
00:45:32.0046 0x0f44  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:45:32.0046 0x0f44  USBSTOR - ok
00:45:32.0093 0x0f44  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
00:45:32.0093 0x0f44  usbuhci - ok
00:45:32.0171 0x0f44  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
00:45:32.0171 0x0f44  usbvideo - ok
00:45:32.0234 0x0f44  [ 8D31A140B55021BBD3A608F5A7AA2E18 ] USB_RNDIS_XP    C:\Windows\system32\DRIVERS\usb8023.sys
00:45:32.0234 0x0f44  USB_RNDIS_XP - ok
00:45:32.0328 0x0f44  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
00:45:32.0328 0x0f44  UxSms - ok
00:45:32.0390 0x0f44  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
00:45:32.0437 0x0f44  vds - ok
00:45:32.0515 0x0f44  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:45:32.0515 0x0f44  vga - ok
00:45:32.0562 0x0f44  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:45:32.0562 0x0f44  VgaSave - ok
00:45:32.0625 0x0f44  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
00:45:32.0625 0x0f44  viaagp - ok
00:45:32.0687 0x0f44  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
00:45:32.0703 0x0f44  ViaC7 - ok
00:45:32.0734 0x0f44  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
00:45:32.0750 0x0f44  viaide - ok
00:45:32.0828 0x0f44  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:45:32.0828 0x0f44  volmgr - ok
00:45:32.0875 0x0f44  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:45:32.0906 0x0f44  volmgrx - ok
00:45:32.0968 0x0f44  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:45:32.0984 0x0f44  volsnap - ok
00:45:33.0062 0x0f44  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
00:45:33.0078 0x0f44  vsmraid - ok
00:45:33.0203 0x0f44  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
00:45:33.0265 0x0f44  VSS - ok
00:45:33.0296 0x0f44  vToolbarUpdater15.4.0 - ok
00:45:33.0375 0x0f44  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
00:45:33.0406 0x0f44  W32Time - ok
00:45:33.0500 0x0f44  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
00:45:33.0500 0x0f44  WacomPen - ok
00:45:33.0546 0x0f44  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
00:45:33.0562 0x0f44  Wanarp - ok
00:45:33.0593 0x0f44  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:45:33.0593 0x0f44  Wanarpv6 - ok
00:45:33.0687 0x0f44  [ 20B23332885DFB93FE0185362EE811E9 ] wbengine        C:\Windows\system32\wbengine.exe
00:45:33.0750 0x0f44  wbengine - ok
00:45:33.0812 0x0f44  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:45:33.0828 0x0f44  wcncsvc - ok
00:45:33.0906 0x0f44  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:45:33.0921 0x0f44  WcsPlugInService - ok
00:45:34.0015 0x0f44  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
00:45:34.0015 0x0f44  Wd - ok
00:45:34.0093 0x0f44  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:45:34.0125 0x0f44  Wdf01000 - ok
00:45:34.0203 0x0f44  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:45:34.0203 0x0f44  WdiServiceHost - ok
00:45:34.0250 0x0f44  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:45:34.0265 0x0f44  WdiSystemHost - ok
00:45:34.0328 0x0f44  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
00:45:34.0343 0x0f44  WebClient - ok
00:45:34.0421 0x0f44  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:45:34.0437 0x0f44  Wecsvc - ok
00:45:34.0500 0x0f44  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:45:34.0515 0x0f44  wercplsupport - ok
00:45:34.0593 0x0f44  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:45:34.0609 0x0f44  WerSvc - ok
00:45:34.0734 0x0f44  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
00:45:34.0781 0x0f44  WinDefend - ok
00:45:34.0812 0x0f44  WinHttpAutoProxySvc - ok
00:45:34.0953 0x0f44  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:45:34.0968 0x0f44  Winmgmt - ok
00:45:35.0093 0x0f44  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
00:45:35.0156 0x0f44  WinRM - ok
00:45:35.0328 0x0f44  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:45:35.0359 0x0f44  Wlansvc - ok
00:45:35.0468 0x0f44  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:45:35.0468 0x0f44  wlcrasvc - ok
00:45:35.0609 0x0f44  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:45:35.0671 0x0f44  wlidsvc - ok
00:45:35.0734 0x0f44  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
00:45:35.0734 0x0f44  WmiAcpi - ok
00:45:35.0843 0x0f44  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:45:35.0843 0x0f44  wmiApSrv - ok
00:45:35.0984 0x0f44  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
00:45:36.0031 0x0f44  WMPNetworkSvc - ok
00:45:36.0093 0x0f44  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:45:36.0109 0x0f44  WPDBusEnum - ok
00:45:36.0296 0x0f44  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:45:36.0328 0x0f44  WPFFontCache_v0400 - ok
00:45:36.0406 0x0f44  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:45:36.0406 0x0f44  ws2ifsl - ok
00:45:36.0468 0x0f44  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
00:45:36.0484 0x0f44  wscsvc - ok
00:45:36.0546 0x0f44  [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
00:45:36.0562 0x0f44  WSDPrintDevice - ok
00:45:36.0593 0x0f44  WSearch - ok
00:45:36.0765 0x0f44  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
00:45:36.0843 0x0f44  wuauserv - ok
00:45:36.0906 0x0f44  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:45:36.0921 0x0f44  WudfPf - ok
00:45:36.0968 0x0f44  [ 867C301E8B790040AE9CF6486E8041DF ] WudfRd          C:\Windows\system32\DRIVERS\wudfrd.sys
00:45:36.0984 0x0f44  WudfRd - ok
00:45:37.0046 0x0f44  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:45:37.0062 0x0f44  wudfsvc - ok
00:45:37.0187 0x0f44  [ 8098180B3F6C430A4E60333BC036F936 ] {95808DC4-FA4A-4c74-92FE-5B863F82066B} C:\Program Files\CyberLink\PowerDVD\000.fcl
00:45:37.0187 0x0f44  {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok
00:45:37.0218 0x0f44  ================ Scan global ===============================
00:45:37.0281 0x0f44  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
00:45:37.0359 0x0f44  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
00:45:37.0437 0x0f44  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
00:45:37.0515 0x0f44  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
00:45:37.0546 0x0f44  [Global] - ok
00:45:37.0562 0x0f44  ================ Scan MBR ==================================
00:45:37.0593 0x0f44  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
00:45:37.0906 0x0f44  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
00:45:37.0906 0x0f44  \Device\Harddisk0\DR0 - detected TDSS File System (1)
00:45:37.0921 0x0f44  ================ Scan VBR ==================================
00:45:37.0953 0x0f44  [ E29882C2115A7FEDB2E6CE8EC425F64B ] \Device\Harddisk0\DR0\Partition1
00:45:37.0968 0x0f44  \Device\Harddisk0\DR0\Partition1 - ok
00:45:37.0968 0x0f44  ============================================================
00:45:37.0968 0x0f44  Scan finished
00:45:37.0968 0x0f44  ============================================================
00:45:38.0031 0x0d4c  Detected object count: 1
00:45:38.0031 0x0d4c  Actual detected object count: 1
00:46:05.0234 0x0d4c  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
00:46:05.0250 0x0d4c  \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
00:46:05.0281 0x0d4c  \Device\Harddisk0\DR0\TDLFS\tdlwsp.dll - copied to quarantine
00:46:05.0296 0x0d4c  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
 

 

AdwCleaner: (forgot to run as administrator)

# AdwCleaner v3.000 - Report created22/08/2013at23:21:38
# Updated 13/08/2013 by Xplode
# Operating System : Windows Vista ™ Business Service Pack 2 (32 bits)
# Username : Admin - HASAN
# Running from : C:\Users\Admin\Downloads\adwcleaner.exe

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20121022-4AE3-4D99-AEFF-72026F6BD45B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41D42E90-86D2-4521-9847-625D114F7D30}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{622382CB-942C-4580-A2B3-7B06A58D8538}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F0FA81DA-7F8F-489A-873D-816A3C7BDC84}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4E09482-2C6A-44B2-8D40-ABC01B36BB9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4f78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\AVGRewards.AVGRewardsWorker
Key Deleted : HKLM\SOFTWARE\Classes\AVGRewards.AVGRewardsWorker.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502

Setting Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Setting Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://www.google.com/ie
Setting Reset : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v20.0.1 (en-US)

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

[ File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1t24j57b.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

*************************

AdwCleaner[0].txt - [4637 octets] - [22/08/2013 23:21:38]

########## EOF - C:\AdwCleaner\AdwCleaner[0].txt - [4696 octets] ##########
 

My log file from



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:35 PM

Posted 23 August 2013 - 09:39 AM

Hi the files are Hosted here at BC.. Site is very reputable.
http://www.webutation.net/go/review/bleepingcomputer.com
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 ummhasan

ummhasan
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:35 PM

Posted 23 August 2013 - 11:10 AM

Hi the files are Hosted here at BC.. Site is very reputable.
http://www.webutation.net/go/review/bleepingcomputer.com

 

Boopme, I have no doubts about BC, my question was regarding the site soft32.com because my norton won't allow me to download the miniToolBox. Norton thinks it's a heuristic virus. So, I did a search for miniToolBox on CnetDownloads and didn't find it. I then did a google search and found it on soft32.com. I want to be sure it is safe to download it from there or if it's best to disable my norton briefly to dl the miniToolBox from here.

 

Here is the results from my ESET scan and suprisingly, it quarintined the AdwCleaner! My norton also would not allow me to download that and I was able to dl it via a CNet download manager.  Anyway, here are the results of that scan:

 

ESET

C:\TDSSKiller_Quarantine\23.08.2013_00.44.37\tdlfs0000\tsk0001.dta    a variant of Win32/Olmarik.TY trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.08.2013_00.44.37\tdlfs0000\tsk0002.dta    a variant of Win32/Olmarik.TY trojan    cleaned by deleting - quarantined
C:\Users\Admin\Desktop\cbsidlm-tr1_14-AdwCleaner-SEO-75851221.exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
 

Thanks again for your time.



#7 ummhasan

ummhasan
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:35 PM

Posted 23 August 2013 - 11:56 AM

It also seems that the miniToolBox file has either been hijacked or infected - please have a look into it. I have screenshots but the forum will not allow me to add them here. Where can I send them or post them?

 

Okay, here is a link to the 1st screenshot: http://ummhasan.com/images/miniToolBox_Norton_removal_1.jpg

 

Link to the norton insight screenshot: http://ummhasan.com/images/miniToolBox_Norton_removal_insight.jpg


Edited by ummhasan, 23 August 2013 - 12:13 PM.


#8 ummhasan

ummhasan
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:35 PM

Posted 23 August 2013 - 12:08 PM

Okay, here is a link to the 1st screenshot: http://ummhasan.com/images/miniToolBox_Norton_removal_1.jpg

 

Link to the norton insight screenshot: http://ummhasan.com/images/miniToolBox_Norton_removal_insight.jpg



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:35 PM

Posted 23 August 2013 - 12:54 PM

BC link
http://www.bleepingcomputer.com/download/minitoolbox/dl/65/

Can you tell Norton to Allow it in the SHOW File Actions box?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 ummhasan

ummhasan
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:35 PM

Posted 23 August 2013 - 02:04 PM

BC link
http://www.bleepingcomputer.com/download/minitoolbox/dl/65/

Can you tell Norton to Allow it in the SHOW File Actions box?

No, it is not even the file, when I click save file, it changes the file name to some auto generated file name of alpha characters and comes in file parts - it is NOT the miniToolBox file being downloaded. The file that is being downloaded is a high risk cloud2 virus - you can see that from the links I posted.

 

Norton will not even allow me the option of making a stupid mistake by allowing it. In fact, after running these tools, I AVG safe guard toolbar has been reinstalled onto my system. As I said, the ESET program quarintined the AdwCleaner file too.

 

Somethings up with the downloads or on my computer - maybe there is something grabbing the dl in the browser cache before it saves and replacing it with an infected file. I don't know what type of set up BC has for passing the files from the database to the user but it's possibile that the host has been hijacked or there's a packet sniffer on there somewhere.

 

I'm no security expert but I have completed both security and adanced security classes so I'm no dumby either.

 

Anyway, I've checked out BC on both McAfee, Norton, and Malwarebytes and conclude it to be a reputable and very useful site. My intention here is no to accuse BC of infecting me; rather, my intention is to make you aware that there is currently a problem with those two downloads. AdwCleaner and MiniToolBox.

 

Since I noticed my browser was rehijacked, I've updated my Norton and my Malwarebytes and have dual scans going right now.

 

Based on the results that I've previously posted, could you please advise me further.



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:35 PM

Posted 23 August 2013 - 02:31 PM

I am looking into this.

I knew you weren't accusing but being confused. I needed to be sure you were getting our link.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:35 PM

Posted 23 August 2013 - 03:36 PM

The BC file ia safe, we just tested it. Some of our team also are getting flags from the SoftSoft32 download link: http://mini-toolbox.soft32.com/

 

I suspect Norton is blocking the Soft32 installer, which is a bundled installer.

 

 

Try disabling Norton for  a moment Download and run Mini. Turn Norton Back on.


Edited by boopme, 23 August 2013 - 03:37 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,592 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:35 PM

Posted 23 August 2013 - 03:56 PM

We have nothing to do with soft32 and none of our files are wrapped in an installer.  This is a false positive on the part of Norton.



#14 ummhasan

ummhasan
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:35 PM

Posted 23 August 2013 - 09:59 PM

We have nothing to do with soft32 and none of our files are wrapped in an installer.  This is a false positive on the part of Norton.

 

Boopme,

 

The BC file ia safe, we just tested it. Some of our team also are getting flags from the SoftSoft32 download link: http://mini-toolbox.soft32.com/

 

I suspect Norton is blocking the Soft32 installer, which is a bundled installer.

 

I did not dl it from soft32, that was the only place else I could find it and based on norton sight report, I figured I'd stay away from them. The warning I was getting from Norton was from the BC site download.

 

Anyway, I checked out the risk name (suspicious.cloud.2) on Nortons site and see that it's basiclly a 'catch all' for new malware in which signatures seem to be morphed. You can check out the forum from a questioner who got the same high risk warning from his companies valid software - http://www.symantec.com/connect/forums/suspiciouscloud2-sep-121

 

So, for users who have Norton, it may be worthwhile to submit an exception of both the miniToolBox and AdwCleaner so these users aren't scared off of BC.

 

I'll use the last link Bloopme submited for the miniToolBox and briefly disable Norton.

 

How about what I've already submitted and the fact that my browser was rehijacked by an AVG toolbar? Is that toolbar part of the ESET install? I cannot uninstall the tool bar.

 

Further, should I go in order once I install the MiniToolBox as you stated Bloopme? Does it matter the preference of order? ex. 1. miniToolBox, 2. TDSSkiller, 3. AdwCleaner, and 4. ESET or does the order not matter?

 

Thanks again.



#15 ummhasan

ummhasan
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:35 PM

Posted 24 August 2013 - 03:05 AM

Ok guys, I was able to get the right dl in safe mode and below is my report from miniToolBox. I'm concerned about putting all my network info out there where anyone can access it though, any suggestions regarding that?

 

There is one thing I'm VERY concerned about in the report - the fact that another computer on my network (AaminhHasan) attempted to act as the master browser of this computer. That would lead me to believe that my network has been penetrated. Any ideas on this? Problem: I have several kids that use these computers and no matter how much I warn them, they keep downloading things and clicking on things they shouldn't! Hence the position this computer is in! Can you all give me some guidance on how to prevent them from doing that? I have Norton, McAfee, or Microsoft virus scanner (only on one) on every computer, I update regularily, I update windows regularily, I have set them all to only standard users, and anytime things seem to be off, I run Spybot S&D and Malwarebytes. What else can I possibly do except smack them upside the head every time they click a stupid thing (just kidding of course - but hey - it's driving me nuts)!

 

So here's the results (and now the whole world knows my network setup but hey, the computers are all already in pretty bad shape):

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Admin (administrator) on 24-08-2013 at 03:38:50
Running from "C:\Users\Admin\Downloads"
Microsoft® Windows Vista™ Business  Service Pack 2 (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

D-Link WUA-2340 USB Adapter = Wireless Network Connection (Connected)
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Wireless Network Connection 5" address=0.0.0.0
add address name="Local Area Connection" address=0.0.0.0


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Hasan
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.mi.comcast.net.

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : hsd1.mi.comcast.net.
   Description . . . . . . . . . . . : D-Link WUA-2340 USB Adapter
   Physical Address. . . . . . . . . : 00-15-E9-FC-53-4F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:4:480:568:f133:b862:dfe9:67d8(Preferred)
   IPv6 Address. . . . . . . . . . . : 2601:4:480:568:f255:68a:daaa:d7ed(Preferred)
   Lease Obtained. . . . . . . . . . : Friday, August 23, 2013 11:22:18 PM
   Lease Expires . . . . . . . . . . : Tuesday, August 27, 2013 11:02:54 PM
   Temporary IPv6 Address. . . . . . : 2601:4:480:568:b191:ca00:24df:42f9(Preferred)
   Link-local IPv6 Address . . . . . : fe80::f133:b862:dfe9:67d8%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.13(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, August 23, 2013 11:21:55 PM
   Lease Expires . . . . . . . . . . : Friday, August 30, 2013 11:21:54 PM
   Default Gateway . . . . . . . . . : fe80::ba9b:c9ff:fe41:e372%12
                                       10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 201332201
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-29-20-4B-00-40-2B-69-9D-B5
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       75.75.76.76
                                       75.75.75.75
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.mi.comcast.net.
   Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
   Physical Address. . . . . . . . . : 00-40-2B-69-9D-B5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection*:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.hsd1.mi.comcast.net.
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{A7279DE4-302D-4105-8DAB-B2F54C891FD6}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  cdns01.comcast.net
Address:  2001:558:feed::1

Name:    google.com
Addresses:  2607:f8b0:4009:802::1008
      74.125.225.102
      74.125.225.101
      74.125.225.104
      74.125.225.98
      74.125.225.105
      74.125.225.96
      74.125.225.103
      74.125.225.110
      74.125.225.97
      74.125.225.100
      74.125.225.99



Pinging google.com [2607:f8b0:4009:802::100e] from 2601:4:480:568:b191:ca00:24df:42f9 with 32 bytes of data:

Reply from 2607:f8b0:4009:802::100e: time=20ms

Reply from 2607:f8b0:4009:802::100e: time=18ms



Ping statistics for 2607:f8b0:4009:802::100e:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 18ms, Maximum = 20ms, Average = 19ms

Server:  cdns01.comcast.net
Address:  2001:558:feed::1

Name:    yahoo.com
Addresses:  98.138.253.109
      206.190.36.45
      98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=61ms TTL=50

Reply from 98.139.183.24: bytes=32 time=102ms TTL=48



Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 61ms, Maximum = 102ms, Average = 81ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 12 ...00 15 e9 fc 53 4f ...... D-Link WUA-2340 USB Adapter
  9 ...00 40 2b 69 9d b5 ...... Realtek RTL8139/810x Family Fast Ethernet NIC
  1 ........................... Software Loopback Interface 1
 13 ...00 00 00 00 00 00 00 e0  isatap.hsd1.mi.comcast.net.
 14 ...00 00 00 00 00 00 00 e0  isatap.{A7279DE4-302D-4105-8DAB-B2F54C891FD6}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1        10.0.0.13     25
         10.0.0.0    255.255.255.0         On-link         10.0.0.13    281
        10.0.0.13  255.255.255.255         On-link         10.0.0.13    281
       10.0.0.255  255.255.255.255         On-link         10.0.0.13    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         10.0.0.13    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         10.0.0.13    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12    281 ::/0                     fe80::ba9b:c9ff:fe41:e372
  1    306 ::1/128                  On-link
 12     33 2601:4:480:568::/64      On-link
 12    281 2601:4:480:568:b191:ca00:24df:42f9/128
                                    On-link
 12    281 2601:4:480:568:f133:b862:dfe9:67d8/128
                                    On-link
 12    281 2601:4:480:568:f255:68a:daaa:d7ed/128
                                    On-link
 12    281 fe80::/64                On-link
 12    281 fe80::f133:b862:dfe9:67d8/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/23/2013 11:09:28 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 8007043c from line 45 of d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (08/23/2013 04:20:50 PM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x0003dd6d,
process id 0xf58, application start time 0xExplorer.EXE0.

Error: (08/23/2013 03:20:05 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {6d811722-9e6b-4cbc-b714-6c6979b8d01e}

Error: (08/22/2013 03:25:15 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {5fedeb49-4cff-40d3-8f5a-4cf37745aa0c}

Error: (08/21/2013 04:14:22 PM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e01da5, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x0003dd6d,
process id 0xcac, application start time 0xExplorer.EXE0.

Error: (08/21/2013 03:15:00 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {77c6059a-ca2b-4d47-9f88-8173d2afef21}

Error: (08/20/2013 05:21:05 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {6377b62b-1310-43b0-b1d5-e2b977ff1018}

Error: (08/20/2013 00:00:03 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {efb599e0-0424-4272-929e-5a14156e4df4}

Error: (08/19/2013 03:01:08 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid.  hr = 0x80070539.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {31a624f2-d5bc-4454-8de8-ba87c9c8ce8e}

Error: (08/19/2013 02:55:48 PM) (Source: Application Hang) (User: )
Description: The program SpybotSD.exe version 1.6.2.46 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: c20
Start Time: 01ce9cdcea025312
Termination Time: 31


System errors:
=============
Error: (08/23/2013 11:11:01 PM) (Source: Service Control Manager) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (08/23/2013 11:10:09 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx86
ccSet_N360
cpomy
eeCtrl
i8042prt
IDSVix86
spldr
sptd
SRTSPX
SymIRON
SYMTDIv
Wanarpv6

Error: (08/23/2013 11:10:09 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/23/2013 11:09:27 PM) (Source: DCOM) (User: )
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/23/2013 11:09:18 PM) (Source: DCOM) (User: )
Description: DCOM got error "%%1084" attempting to start the service ShellHWDetection with arguments ""
in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/23/2013 11:08:10 PM) (Source: sptd) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (08/23/2013 11:01:52 PM) (Source: Dhcp) (User: )
Description: The IP address lease 10.0.0.4 for the Network Card with network address 0015E9FC534F has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/23/2013 11:01:36 PM) (Source: Dhcp) (User: )
Description: The IP address lease 10.0.0.13 for the Network Card with network address 0015E9FC534F has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/23/2013 07:37:32 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (08/22/2013 10:46:13 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer AAMINHANDHASAN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A7279DE4-302D-4105-8DAB-B2F.
The master browser is stopping or an election is being forced.


Microsoft Office Sessions:
=========================
Error: (02/12/2013 10:36:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3293 seconds with 2520 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-08-24 03:37:15.544
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-24 03:37:14.826
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-24 03:37:14.013
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-24 03:37:12.919
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-24 03:37:12.232
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-24 03:37:11.544
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-24 03:37:08.201
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-24 03:37:07.513
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-24 03:37:06.232
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-24 03:37:05.279
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader 9.5.5 (Version: 9.5.5)
Adobe Shockwave Player 12.0 (Version: 12.0.0.112)
ANIWZCS2 Service
AVG SafeGuard toolbar (Version: 15.4.0.5)
Brother MFL-Pro Suite (Version: 1.00)
CCleaner (Version: 4.04)
D3DX10 (Version: 15.4.2368.0902)
ESET Online Scanner v3
Foxit Reader (Version: 5.4.5.124)
Google Talk Plugin (Version: 3.10.2.10212)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4413.1752)
Google Update Helper (Version: 1.3.21.153)
Intel® Extreme Graphics Driver
Junk Mail filter update (Version: 15.4.3502.0922)
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Norton Security Suite (Version: 20.4.0.40)
PowerDVD (Version: 7.30.0000)
RangeBooster G WUA-2340
Segoe UI (Version: 15.4.2271.0615)
Software Update for Web Folders (Version: 9.60.6715.0)
Spybot - Search & Destroy (Version: 1.6.2)
swMSM (Version: 12.0.0.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 2038.32 MB
Available physical RAM: 1338.12 MB
Total Pagefile: 4341.69 MB
Available Pagefile: 3828 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.38 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:37.26 GB) (Free:13.47 GB) NTFS

========================= Users: ========================================

User accounts for \\HASAN

Admin                    Administrator            Guest                    
HelpAssistant            SUPPORT_388945a0         


**** End of log ****
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users