View Full Version : Audio advertisements playing randomly
presario2100
2012-08-20, 05:06
This computer randomly plays audio advertisements.
Ran spybot S&D (no immdediate threats found) and Norton and no luck finding or removing it.
I read the sticky post on this forum and below are my logs.
Please Help!
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33
Run by Edward at 21:25:04 on 2012-08-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.879 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page =
uWindow Title = Windows Internet Explorer provided by Comcast
uSearch Bar =
mWindow Title = Windows Internet Explorer provided by Comcast
mSearchAssistant =
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.4.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.4.0.12\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - No File
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.4.0.12\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: @c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: amazon.com\www
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160276404140
DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://www.cyberlink.com/prog/aacs/UpdateAdvisor.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.ritzpix.com/net/Uploader/ImageUploader3.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15026/CTPID.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{11271C07-9F7F-462C-B7E1-29FD0D2C94FB} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{82EDC1A4-04B9-4896-AC88-0E835E17C438} : DhcpNameServer = 192.168.0.1
Filter: text/html - {183fed7a-c727-4071-afed-f84834afeefe} -
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\edward\application data\mozilla\firefox\profiles\gugob0kr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gametracker.com/player/Lets_R0ck/69.162.110.165:28960/|http://www.gametracker.com/server_info/216.52.148.141:28960/|http://forums.evolutionm.net/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn_2010_9_0_6\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\edward\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\msn toolbar\platform\6.3.2348.0\npwinext.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\IPSFFPlgn
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coFFPlgn_2010_9_0_6
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0404000.00c\symds.sys [2011-10-31 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0404000.00c\symefa.sys [2011-10-31 173176]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20120803.001\BHDrvx86.sys [2012-8-7 821920]
R1 canio;CanIO Port Service;c:\windows\system32\canio.sys [2006-2-9 3441]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0404000.00c\cchpx86.sys [2011-10-31 485512]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2009-1-12 16048]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0404000.00c\ironx86.sys [2011-10-31 116784]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2002-8-29 14336]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400]
R3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;c:\windows\system32\drivers\DLKRTS.SYS [2007-2-8 25434]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20120817.001\IDSXpx86.sys [2012-8-18 369632]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20120819.007\NAVENG.SYS [2012-8-19 87928]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20120819.007\NAVEX15.SYS [2012-8-19 1589752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-4 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-27 250056]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-5-30 100368]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2003-7-24 22821]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-4 135664]
S3 jbridgep;jbridgep;\??\c:\docume~1\edward\locals~1\temp\jbridgep.sys --> c:\docume~1\edward\locals~1\temp\jbridgep.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-9-8 16168]
S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]
S4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S4 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2011-9-8 4497704]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592]
S4 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2011-9-8 113448]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-08-18 16:17:46 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-18 16:17:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ------w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-25 17:10:15 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500KS-00MJB0 rev.02.01C03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-6
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A9B04B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a9b793c]; MOV EAX, [0x8a9b7ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8AA87AB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\00000077[0x8AAB6F18]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x8AAB5D98]
\Driver\atapi[0x8AAD3CA8] -> IRP_MJ_CREATE -> 0x8A9B04B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A9B02E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 21:27:03.95 ===============
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-19 21:33:21
-----------------------------
21:33:21.578 OS Version: Windows 5.1.2600 Service Pack 3
21:33:21.578 Number of processors: 2 586 0x2302
21:33:21.578 ComputerName: HD4850 UserName: Edward
21:33:22.328 Initialize success
21:34:39.921 AVAST engine defs: 12081900
21:34:48.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-6
21:34:48.531 Disk 0 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238475MB BusType: 3
21:34:48.531 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-19
21:34:48.546 Disk 1 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238475MB BusType: 3
21:34:48.546 Device \Driver\atapi -> DriverStartIo 8a9b02e2
21:34:48.546 Disk 0 MBR read successfully
21:34:48.546 Disk 0 MBR scan
21:34:48.578 Disk 0 Windows XP default MBR code
21:34:48.578 Disk 0 MBR hidden
21:34:48.578 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 238464 MB offset 63
21:34:48.593 Disk 0 scanning sectors +488376000
21:34:48.656 Disk 0 scanning C:\WINDOWS\system32\drivers
21:35:14.031 Service scanning
21:35:36.953 Modules scanning
21:35:46.218 Disk 0 trace - called modules:
21:35:46.218 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a9b04b1]<<
21:35:46.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa87ab8]
21:35:46.234 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000077[0x8aab6f18]
21:35:46.234 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8aab5d98]
21:35:46.234 \Driver\atapi[0x8aad3ca8] -> IRP_MJ_CREATE -> 0x8a9b04b1
21:35:47.109 AVAST engine scan C:\WINDOWS
21:36:07.171 AVAST engine scan C:\WINDOWS\system32
21:39:10.218 AVAST engine scan C:\WINDOWS\system32\drivers
21:39:29.250 AVAST engine scan C:\Documents and Settings\Edward
21:44:15.734 AVAST engine scan C:\Documents and Settings\All Users
21:59:08.843 Scan finished successfully
22:01:11.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Edward\Desktop\MBR.dat"
22:01:11.437 The log file has been saved successfully to "C:\Documents and Settings\Edward\Desktop\aswMBR.txt"
oldman960
2012-08-20, 11:45
Hi presario2100, welcome to the forum.
To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
Download the latest version of TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_1.jpg
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_2.jpg
Click the Start Scan button.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_3.jpg
If a suspicious object is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_4.jpg
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_5.jpg
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
presario2100
2012-08-21, 00:55
There where two logs generated. I think the first one was prior to the reboot and the second one generated after reboot?
Also, when I rebooted, before windows came up, there was a prompt box that said (and it would not let me continue booting without selecting Run or Cancel, I choose Run because it was from Kaspersky, I assumed it was for part of the reboot cleaning process):
Open File - Security Warning
Run file?
Name: CF616869-D4F6-4D43-94DF-3CA961942CEA.exe
Publisher: Kaspersky Lab
Type: Application
From: C:\Docume~1\Edward\Locals~1\Temp
17:21:24.0906 2180 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
17:21:25.0421 2180 ============================================================
17:21:25.0421 2180 Current date / time: 2012/08/20 17:21:25.0421
17:21:25.0421 2180 SystemInfo:
17:21:25.0421 2180
17:21:25.0421 2180 OS Version: 5.1.2600 ServicePack: 3.0
17:21:25.0421 2180 Product type: Workstation
17:21:25.0421 2180 ComputerName: HD4850
17:21:25.0421 2180 UserName: Edward
17:21:25.0421 2180 Windows directory: C:\WINDOWS
17:21:25.0421 2180 System windows directory: C:\WINDOWS
17:21:25.0421 2180 Processor architecture: Intel x86
17:21:25.0421 2180 Number of processors: 2
17:21:25.0421 2180 Page size: 0x1000
17:21:25.0421 2180 Boot type: Normal boot
17:21:25.0421 2180 ============================================================
17:21:27.0406 2180 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:21:27.0406 2180 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:21:27.0406 2180 ============================================================
17:21:27.0406 2180 \Device\Harddisk0\DR0:
17:21:27.0406 2180 MBR partitions:
17:21:27.0406 2180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
17:21:27.0406 2180 \Device\Harddisk1\DR1:
17:21:27.0406 2180 MBR partitions:
17:21:27.0406 2180 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
17:21:27.0406 2180 ============================================================
17:21:27.0468 2180 C: <-> \Device\Harddisk0\DR0\Partition1
17:21:27.0484 2180 F: <-> \Device\Harddisk1\DR1\Partition1
17:21:27.0484 2180 ============================================================
17:21:27.0484 2180 Initialize success
17:21:27.0484 2180 ============================================================
17:22:37.0656 2612 ============================================================
17:22:37.0656 2612 Scan started
17:22:37.0656 2612 Mode: Manual; SigCheck; TDLFS;
17:22:37.0656 2612 ============================================================
17:22:37.0937 2612 ================ Scan system memory ========================
17:22:37.0937 2612 System memory - ok
17:22:37.0937 2612 ================ Scan services =============================
17:22:38.0078 2612 Abiosdsk - ok
17:22:38.0078 2612 abp480n5 - ok
17:22:38.0109 2612 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:22:39.0796 2612 ACPI - ok
17:22:39.0812 2612 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:22:40.0015 2612 ACPIEC - ok
17:22:40.0062 2612 [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
17:22:40.0171 2612 AdobeActiveFileMonitor7.0 - ok
17:22:40.0218 2612 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:22:40.0328 2612 AdobeFlashPlayerUpdateSvc - ok
17:22:40.0343 2612 adpu160m - ok
17:22:40.0359 2612 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:22:40.0500 2612 aec - ok
17:22:40.0531 2612 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:22:40.0609 2612 AFD - ok
17:22:40.0609 2612 Aha154x - ok
17:22:40.0609 2612 aic78u2 - ok
17:22:40.0625 2612 aic78xx - ok
17:22:40.0781 2612 [ 29584F02A43E427C4227E3B1D9FF1B22 ] Akamai c:\program files\common files\akamai/netsession_win_4f7fccd.dll
17:22:40.0781 2612 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584F02A43E427C4227E3B1D9FF1B22
17:22:40.0796 2612 Akamai ( HiddenFile.Multi.Generic ) - warning
17:22:40.0796 2612 Akamai - detected HiddenFile.Multi.Generic (1)
17:22:40.0828 2612 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:22:40.0953 2612 Alerter - ok
17:22:40.0968 2612 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:22:41.0109 2612 ALG - ok
17:22:41.0140 2612 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
17:22:41.0281 2612 AliIde - ok
17:22:41.0312 2612 [ ACD2F2DF292B6CC28F58095BBA63A068 ] Alpham1 C:\WINDOWS\system32\DRIVERS\Alpham1.sys
17:22:41.0359 2612 Alpham1 ( UnsignedFile.Multi.Generic ) - warning
17:22:41.0359 2612 Alpham1 - detected UnsignedFile.Multi.Generic (1)
17:22:41.0375 2612 [ F4FAFB2E74B83A156408B1B02302799E ] Alpham2 C:\WINDOWS\system32\DRIVERS\Alpham2.sys
17:22:41.0421 2612 Alpham2 ( UnsignedFile.Multi.Generic ) - warning
17:22:41.0421 2612 Alpham2 - detected UnsignedFile.Multi.Generic (1)
17:22:41.0453 2612 [ EFBB0956BAED786E137351B5CA272AEF ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:22:41.0515 2612 AmdK8 - ok
17:22:41.0546 2612 [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
17:22:41.0609 2612 AmdLLD - ok
17:22:41.0625 2612 amsint - ok
17:22:41.0671 2612 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:22:41.0718 2612 Apple Mobile Device - ok
17:22:41.0765 2612 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:22:41.0921 2612 AppMgmt - ok
17:22:41.0953 2612 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:22:42.0078 2612 Arp1394 - ok
17:22:42.0078 2612 asc - ok
17:22:42.0093 2612 asc3350p - ok
17:22:42.0093 2612 asc3550 - ok
17:22:42.0125 2612 [ C959989E2CE8DA9BDE8CAFDDBA84BADF ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys
17:22:42.0140 2612 AsIO ( UnsignedFile.Multi.Generic ) - warning
17:22:42.0140 2612 AsIO - detected UnsignedFile.Multi.Generic (1)
17:22:42.0234 2612 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:22:42.0359 2612 aspnet_state - ok
17:22:42.0359 2612 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:22:42.0500 2612 AsyncMac - ok
17:22:42.0515 2612 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:22:42.0656 2612 atapi - ok
17:22:42.0656 2612 Atdisk - ok
17:22:42.0703 2612 [ 809B0EB83C75061C9DE2E528C65A1575 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:22:42.0875 2612 Ati HotKey Poller - ok
17:22:43.0125 2612 [ 032F23B133B680B06861329C5A176EE0 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:22:43.0625 2612 ati2mtag - ok
17:22:43.0656 2612 [ FED003FD00011946B0E4F8FB7A8B4307 ] ATIAVAIW C:\WINDOWS\system32\DRIVERS\atinavt2.sys
17:22:43.0734 2612 ATIAVAIW - ok
17:22:43.0765 2612 [ BD9CA8136738040D3257363ED12BE693 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
17:22:43.0828 2612 AtiHDAudioService - ok
17:22:43.0843 2612 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:22:43.0968 2612 Atmarpc - ok
17:22:44.0015 2612 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:22:44.0140 2612 AudioSrv - ok
17:22:44.0171 2612 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:22:44.0312 2612 audstub - ok
17:22:44.0343 2612 [ 694A022F3CA43BA0A75AB85A7223CF6C ] bcgame C:\WINDOWS\system32\drivers\bcgame.sys
17:22:44.0390 2612 bcgame - ok
17:22:44.0421 2612 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:22:44.0562 2612 Beep - ok
17:22:44.0750 2612 [ A9E111A358AC5F7EBA7AC61E43FC6725 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120803.001\BHDrvx86.sys
17:22:44.0828 2612 BHDrvx86 - ok
17:22:44.0859 2612 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:22:45.0031 2612 BITS - ok
17:22:45.0078 2612 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
17:22:45.0140 2612 Browser - ok
17:22:45.0171 2612 [ 4D9063930AF2FBCF1CAF7AF02B34DD2B ] canio C:\WINDOWS\system32\canio.sys
17:22:45.0203 2612 canio ( UnsignedFile.Multi.Generic ) - warning
17:22:45.0203 2612 canio - detected UnsignedFile.Multi.Generic (1)
17:22:45.0234 2612 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:22:45.0421 2612 cbidf2k - ok
17:22:45.0468 2612 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:22:45.0593 2612 CCDECODE - ok
17:22:45.0640 2612 [ 1FA1C0E73ECA849BED29A47C508F7F17 ] ccHP C:\WINDOWS\system32\drivers\N360\0404000.00C\ccHPx86.sys
17:22:45.0703 2612 ccHP - ok
17:22:45.0718 2612 cd20xrnt - ok
17:22:45.0734 2612 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:22:45.0890 2612 Cdaudio - ok
17:22:45.0906 2612 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:22:46.0015 2612 Cdfs - ok
17:22:46.0062 2612 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:22:46.0187 2612 Cdrom - ok
17:22:46.0203 2612 Changer - ok
17:22:46.0218 2612 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:22:46.0343 2612 CiSvc - ok
17:22:46.0375 2612 [ 3B15740F137B2B243FDAE2E7B9C391F7 ] CLBStor C:\WINDOWS\system32\drivers\CLBStor.sys
17:22:46.0406 2612 CLBStor - ok
17:22:46.0437 2612 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:22:46.0578 2612 ClipSrv - ok
17:22:46.0593 2612 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:22:46.0765 2612 clr_optimization_v2.0.50727_32 - ok
17:22:46.0781 2612 CmdIde - ok
17:22:46.0781 2612 COMSysApp - ok
17:22:46.0796 2612 Cpqarray - ok
17:22:46.0859 2612 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
17:22:46.0890 2612 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
17:22:46.0890 2612 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
17:22:46.0937 2612 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:22:47.0078 2612 CryptSvc - ok
17:22:47.0218 2612 [ 177BC4EE3840119A780EAFAD5A010F8F ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys
17:22:47.0296 2612 ctac32k - ok
17:22:47.0421 2612 [ EB0C0D62D8D2B8F41DA149C866E93397 ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys
17:22:47.0750 2612 ctaud2k - ok
17:22:47.0812 2612 [ F02E5E05AD79111F3B975E2A654AA050 ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys
17:22:53.0890 2612 ctdvda2k - ok
17:22:53.0906 2612 [ 7D7EEA7FFBC19E1B712D241490BE51ED ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys
17:22:53.0953 2612 ctprxy2k - ok
17:22:53.0968 2612 [ 538122D33DD4B04CC189D5CA72BD6706 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys
17:22:54.0031 2612 ctsfm2k - ok
17:22:54.0031 2612 dac2w2k - ok
17:22:54.0031 2612 dac960nt - ok
17:22:54.0109 2612 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
17:22:54.0140 2612 DAUpdaterSvc - ok
17:22:54.0171 2612 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:22:54.0281 2612 DcomLaunch - ok
17:22:54.0328 2612 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:22:54.0468 2612 Dhcp - ok
17:22:54.0500 2612 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:22:54.0625 2612 Disk - ok
17:22:54.0656 2612 [ 0E0F7D71E274D375C45DDB0E230E0049 ] DLKRTS C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS
17:22:54.0734 2612 DLKRTS - ok
17:22:54.0750 2612 dmadmin - ok
17:22:54.0796 2612 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:22:55.0000 2612 dmboot - ok
17:22:55.0015 2612 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:22:55.0171 2612 dmio - ok
17:22:55.0187 2612 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:22:55.0343 2612 dmload - ok
17:22:55.0390 2612 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:22:55.0515 2612 dmserver - ok
17:22:55.0546 2612 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:22:55.0671 2612 DMusic - ok
17:22:55.0703 2612 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:22:55.0796 2612 Dnscache - ok
17:22:55.0843 2612 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:22:55.0984 2612 Dot3svc - ok
17:22:55.0984 2612 dpti2o - ok
17:22:56.0015 2612 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:22:56.0140 2612 drmkaud - ok
17:22:56.0187 2612 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:22:56.0328 2612 EapHost - ok
17:22:56.0375 2612 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:22:56.0421 2612 eeCtrl - ok
17:22:56.0437 2612 [ 8E0EB62BE9F9BEE7C2E4C50685038E8D ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys
17:22:56.0484 2612 emupia - ok
17:22:56.0515 2612 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:22:56.0546 2612 EraserUtilRebootDrv - ok
17:22:56.0578 2612 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:22:56.0718 2612 ERSvc - ok
17:22:56.0734 2612 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:22:56.0812 2612 Eventlog - ok
17:22:56.0843 2612 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
17:22:56.0906 2612 EventSystem - ok
17:22:56.0937 2612 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:22:57.0078 2612 Fastfat - ok
17:22:57.0125 2612 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:22:57.0203 2612 FastUserSwitchingCompatibility - ok
17:22:57.0203 2612 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:22:57.0359 2612 Fdc - ok
17:22:57.0375 2612 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:22:57.0515 2612 Fips - ok
17:22:57.0562 2612 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:22:57.0625 2612 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:22:57.0625 2612 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:22:57.0640 2612 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:22:57.0781 2612 Flpydisk - ok
17:22:57.0812 2612 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:22:57.0953 2612 FltMgr - ok
17:22:58.0000 2612 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:22:58.0046 2612 FontCache3.0.0.0 - ok
17:22:58.0046 2612 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:22:58.0203 2612 Fs_Rec - ok
17:22:58.0234 2612 [ C9B7680CC721C44DFC0905986D0EC568 ] FTDIBUS C:\WINDOWS\system32\DRIVERS\ftdibus.sys
17:22:58.0296 2612 FTDIBUS ( UnsignedFile.Multi.Generic ) - warning
17:22:58.0296 2612 FTDIBUS - detected UnsignedFile.Multi.Generic (1)
17:22:58.0312 2612 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:22:58.0468 2612 Ftdisk - ok
17:22:58.0484 2612 [ 0245946B8AEE0EA1D3F53C9BD353CCEA ] FTSER2K C:\WINDOWS\system32\DRIVERS\ftser2k.sys
17:22:58.0515 2612 FTSER2K ( UnsignedFile.Multi.Generic ) - warning
17:22:58.0515 2612 FTSER2K - detected UnsignedFile.Multi.Generic (1)
17:22:58.0546 2612 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:22:58.0671 2612 gameenum - ok
17:22:58.0703 2612 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:22:58.0750 2612 GEARAspiWDM - ok
17:22:58.0781 2612 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:22:58.0921 2612 Gpc - ok
17:22:59.0015 2612 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:22:59.0078 2612 gupdate - ok
17:22:59.0078 2612 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:22:59.0109 2612 gupdatem - ok
17:22:59.0156 2612 [ AB32B39E45FB208614983A45DE16794F ] ha10kx2k C:\WINDOWS\system32\drivers\ha10kx2k.sys
17:22:59.0218 2612 ha10kx2k - ok
17:22:59.0265 2612 [ F2607D0D89F57D3564CF65A61A237F1A ] ha20x2k C:\WINDOWS\system32\drivers\ha20x2k.sys
17:22:59.0375 2612 ha20x2k - ok
17:22:59.0390 2612 [ D6861FC0CA96D3E69064C0ACD9DD736D ] hap16v2k C:\WINDOWS\system32\drivers\hap16v2k.sys
17:22:59.0437 2612 hap16v2k - ok
17:22:59.0453 2612 [ 15B18C86C078115D48A0C94882C51E78 ] hap17v2k C:\WINDOWS\system32\drivers\hap17v2k.sys
17:22:59.0500 2612 hap17v2k - ok
17:22:59.0546 2612 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:22:59.0671 2612 HDAudBus - ok
17:22:59.0750 2612 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:22:59.0984 2612 helpsvc - ok
17:23:00.0015 2612 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:23:00.0156 2612 HidServ - ok
17:23:00.0187 2612 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:23:00.0359 2612 hidusb - ok
17:23:00.0390 2612 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:23:00.0515 2612 hkmsvc - ok
17:23:00.0531 2612 hpn - ok
17:23:00.0562 2612 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:23:00.0593 2612 HTTP - ok
17:23:00.0640 2612 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:23:00.0781 2612 HTTPFilter - ok
17:23:00.0781 2612 i2omgmt - ok
17:23:00.0796 2612 i2omp - ok
17:23:00.0828 2612 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:23:00.0968 2612 i8042prt - ok
17:23:01.0031 2612 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:23:01.0078 2612 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:23:01.0078 2612 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:23:01.0125 2612 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:23:01.0218 2612 idsvc - ok
17:23:01.0296 2612 [ EEEBF3616DB90124C1C57019D39AA9A2 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120817.001\IDSxpx86.sys
17:23:01.0343 2612 IDSxpx86 - ok
17:23:01.0359 2612 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:23:01.0500 2612 Imapi - ok
17:23:01.0546 2612 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
17:23:01.0703 2612 ImapiService - ok
17:23:01.0734 2612 [ D8A77FC386F9297CE4B692FC83B4BA02 ] InCDfs C:\WINDOWS\system32\drivers\InCDfs.sys
17:23:01.0796 2612 InCDfs ( UnsignedFile.Multi.Generic ) - warning
17:23:01.0796 2612 InCDfs - detected UnsignedFile.Multi.Generic (1)
17:23:01.0812 2612 [ 433BB499BCEA1C88B55AA67D1B3EF1DC ] InCDPass C:\WINDOWS\system32\DRIVERS\InCDPass.sys
17:23:01.0859 2612 InCDPass ( UnsignedFile.Multi.Generic ) - warning
17:23:01.0859 2612 InCDPass - detected UnsignedFile.Multi.Generic (1)
17:23:01.0875 2612 [ 12DBB035CD2ED0313FAB864470F31C23 ] InCDrec C:\WINDOWS\system32\drivers\InCDrec.sys
17:23:01.0921 2612 InCDrec ( UnsignedFile.Multi.Generic ) - warning
17:23:01.0921 2612 InCDrec - detected UnsignedFile.Multi.Generic (1)
17:23:01.0953 2612 [ 9D1ADFE6CE5C2E2A42F3B8AA57821D87 ] incdrm C:\WINDOWS\system32\drivers\incdrm.sys
17:23:02.0000 2612 incdrm ( UnsignedFile.Multi.Generic ) - warning
17:23:02.0000 2612 incdrm - detected UnsignedFile.Multi.Generic (1)
17:23:02.0078 2612 [ 394BF2329AC168F253C74E1EEAD15FAC ] InCDsrv C:\Program Files\Ahead\InCD\InCDsrv.exe
17:23:02.0171 2612 InCDsrv ( UnsignedFile.Multi.Generic ) - warning
17:23:02.0171 2612 InCDsrv - detected UnsignedFile.Multi.Generic (1)
17:23:02.0187 2612 ini910u - ok
17:23:02.0187 2612 IntelIde - ok
17:23:02.0234 2612 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:23:02.0343 2612 ip6fw - ok
17:23:02.0375 2612 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:23:02.0531 2612 IpFilterDriver - ok
17:23:02.0562 2612 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:23:02.0671 2612 IpInIp - ok
17:23:02.0703 2612 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:23:02.0859 2612 IpNat - ok
17:23:02.0906 2612 [ 49918803B661367023BF325CF602AFDC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:23:03.0000 2612 iPod Service - ok
17:23:03.0015 2612 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:23:03.0171 2612 IPSec - ok
17:23:03.0187 2612 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:23:03.0328 2612 IRENUM - ok
17:23:03.0328 2612 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:23:03.0453 2612 isapnp - ok
17:23:03.0531 2612 [ DE5D05FD449798EF88CC34AD4B1E7F85 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
17:23:03.0562 2612 JavaQuickStarterService - ok
17:23:03.0625 2612 jbridgep - ok
17:23:03.0656 2612 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:23:03.0781 2612 Kbdclass - ok
17:23:03.0796 2612 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:23:03.0906 2612 kbdhid - ok
17:23:03.0953 2612 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:23:04.0093 2612 kmixer - ok
17:23:04.0109 2612 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:23:04.0187 2612 KSecDD - ok
17:23:04.0218 2612 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:23:04.0281 2612 lanmanserver - ok
17:23:04.0312 2612 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:23:04.0375 2612 lanmanworkstation - ok
17:23:04.0375 2612 lbrtfdc - ok
17:23:04.0406 2612 [ 3C357DFDBBF2B4B01AA4B9C8A26E4416 ] LHidFlt2 C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
17:23:04.0468 2612 LHidFlt2 - ok
17:23:04.0484 2612 [ FFB851B1B2F6596B7D3182B977A85206 ] LHidUsb C:\WINDOWS\system32\Drivers\LHidUsb.Sys
17:23:04.0562 2612 LHidUsb - ok
17:23:04.0609 2612 [ 9039717A906DA0AE38420918801D9AB3 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:23:04.0656 2612 LightScribeService - ok
17:23:04.0687 2612 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:23:04.0796 2612 LmHosts - ok
17:23:04.0812 2612 [ AEF09673376A4D93C09E8341854F1BF4 ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
17:23:04.0859 2612 LMouFlt2 - ok
17:23:04.0890 2612 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:23:05.0015 2612 Messenger - ok
17:23:05.0046 2612 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:23:05.0218 2612 mnmdd - ok
17:23:05.0250 2612 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
17:23:05.0406 2612 mnmsrvc - ok
17:23:05.0437 2612 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:23:05.0578 2612 Modem - ok
17:23:05.0609 2612 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:23:05.0750 2612 Mouclass - ok
17:23:05.0781 2612 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:23:05.0953 2612 mouhid - ok
17:23:05.0968 2612 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:23:06.0109 2612 MountMgr - ok
17:23:06.0125 2612 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
17:23:06.0250 2612 MPE - ok
17:23:06.0250 2612 mraid35x - ok
17:23:06.0250 2612 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:23:06.0390 2612 MRxDAV - ok
17:23:06.0437 2612 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:23:06.0515 2612 MRxSmb - ok
17:23:06.0562 2612 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
17:23:06.0687 2612 MSDTC - ok
17:23:06.0718 2612 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:23:06.0859 2612 Msfs - ok
17:23:06.0859 2612 MSIServer - ok
17:23:06.0890 2612 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:23:07.0000 2612 MSKSSRV - ok
17:23:07.0031 2612 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:23:07.0156 2612 MSPCLOCK - ok
17:23:07.0171 2612 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:23:07.0312 2612 MSPQM - ok
17:23:07.0328 2612 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:23:07.0453 2612 mssmbios - ok
17:23:07.0484 2612 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:23:07.0625 2612 MSTEE - ok
17:23:07.0640 2612 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:23:07.0718 2612 MTsensor - ok
17:23:07.0750 2612 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:23:07.0796 2612 Mup - ok
17:23:07.0859 2612 [ B4187346F54E362DAFFE647B25A58D50 ] N360 C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
17:23:07.0921 2612 N360 - ok
17:23:07.0937 2612 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:23:08.0062 2612 NABTSFEC - ok
17:23:08.0109 2612 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:23:08.0265 2612 napagent - ok
17:23:08.0328 2612 [ F11033730B38260B6892E837C457FB4B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120820.002\NAVENG.SYS
17:23:08.0359 2612 NAVENG - ok
17:23:08.0406 2612 [ 4E4E7C0259D3BB97DE24A636C0E06ABA ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120820.002\NAVEX15.SYS
17:23:08.0484 2612 NAVEX15 - ok
17:23:08.0515 2612 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:23:08.0640 2612 NDIS - ok
17:23:08.0656 2612 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:23:08.0796 2612 NdisIP - ok
17:23:08.0828 2612 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:23:08.0875 2612 NdisTapi - ok
17:23:08.0875 2612 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:23:09.0015 2612 Ndisuio - ok
17:23:09.0046 2612 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:23:09.0203 2612 NdisWan - ok
17:23:09.0250 2612 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:23:09.0296 2612 NDProxy - ok
17:23:09.0312 2612 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:23:09.0421 2612 NetBIOS - ok
17:23:09.0453 2612 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:23:09.0578 2612 NetBT - ok
17:23:09.0625 2612 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:23:09.0765 2612 NetDDE - ok
17:23:09.0781 2612 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:23:09.0890 2612 NetDDEdsdm - ok
17:23:09.0921 2612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
17:23:10.0046 2612 Netlogon - ok
17:23:10.0093 2612 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:23:10.0218 2612 Netman - ok
17:23:10.0250 2612 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:23:10.0312 2612 NetTcpPortSharing - ok
17:23:10.0343 2612 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:23:10.0468 2612 NIC1394 - ok
17:23:10.0500 2612 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:23:10.0562 2612 Nla - ok
17:23:10.0562 2612 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:23:10.0671 2612 Npfs - ok
17:23:10.0703 2612 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:23:10.0875 2612 Ntfs - ok
17:23:10.0890 2612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
17:23:10.0984 2612 NtLmSsp - ok
17:23:11.0031 2612 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:23:11.0218 2612 NtmsSvc - ok
17:23:11.0234 2612 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:23:11.0375 2612 Null - ok
17:23:11.0390 2612 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:23:11.0562 2612 NwlnkFlt - ok
17:23:11.0562 2612 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:23:11.0687 2612 NwlnkFwd - ok
17:23:11.0703 2612 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:23:11.0843 2612 ohci1394 - ok
17:23:11.0890 2612 [ 611B58C2FD89AA9E80743A197BA62277 ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys
17:23:11.0921 2612 ossrv - ok
17:23:11.0953 2612 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
17:23:12.0078 2612 Parport - ok
17:23:12.0093 2612 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:23:12.0218 2612 PartMgr - ok
17:23:12.0234 2612 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:23:12.0390 2612 ParVdm - ok
17:23:12.0421 2612 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:23:12.0531 2612 PCI - ok
17:23:12.0531 2612 PCIDump - ok
17:23:12.0546 2612 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:23:12.0687 2612 PCIIde - ok
17:23:12.0718 2612 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:23:12.0828 2612 Pcmcia - ok
17:23:12.0828 2612 PDCOMP - ok
17:23:12.0828 2612 PDFRAME - ok
17:23:12.0843 2612 PDRELI - ok
17:23:12.0843 2612 PDRFRAME - ok
17:23:12.0843 2612 perc2 - ok
17:23:12.0859 2612 perc2hib - ok
17:23:12.0890 2612 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:23:12.0937 2612 PlugPlay - ok
17:23:12.0953 2612 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
17:23:13.0000 2612 PnkBstrA - ok
17:23:13.0000 2612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
17:23:13.0109 2612 PolicyAgent - ok
17:23:13.0156 2612 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:23:13.0312 2612 PptpMiniport - ok
17:23:13.0328 2612 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
17:23:13.0453 2612 Processor - ok
17:23:13.0453 2612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:23:13.0562 2612 ProtectedStorage - ok
17:23:13.0578 2612 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:23:13.0703 2612 PSched - ok
17:23:13.0734 2612 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:23:13.0890 2612 Ptilink - ok
17:23:13.0906 2612 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:23:13.0953 2612 PxHelp20 - ok
17:23:13.0968 2612 ql1080 - ok
17:23:13.0968 2612 Ql10wnt - ok
17:23:13.0968 2612 ql12160 - ok
17:23:13.0984 2612 ql1240 - ok
17:23:13.0984 2612 ql1280 - ok
17:23:14.0015 2612 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:23:14.0140 2612 RasAcd - ok
17:23:14.0187 2612 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:23:14.0296 2612 RasAuto - ok
17:23:14.0312 2612 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:23:14.0453 2612 Rasl2tp - ok
17:23:14.0468 2612 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:23:14.0593 2612 RasMan - ok
17:23:14.0609 2612 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:23:14.0750 2612 RasPppoe - ok
17:23:14.0765 2612 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:23:14.0906 2612 Raspti - ok
17:23:14.0937 2612 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:23:15.0078 2612 Rdbss - ok
17:23:15.0093 2612 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:23:15.0218 2612 RDPCDD - ok
17:23:15.0265 2612 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:23:15.0390 2612 rdpdr - ok
17:23:15.0437 2612 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:23:15.0484 2612 RDPWD - ok
17:23:15.0531 2612 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:23:15.0671 2612 RDSessMgr - ok
17:23:15.0718 2612 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:23:15.0843 2612 redbook - ok
17:23:15.0875 2612 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:23:16.0000 2612 RemoteAccess - ok
17:23:16.0046 2612 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:23:16.0171 2612 RemoteRegistry - ok
17:23:16.0187 2612 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
17:23:16.0312 2612 RpcLocator - ok
17:23:16.0343 2612 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:23:16.0421 2612 RpcSs - ok
17:23:16.0453 2612 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
17:23:16.0656 2612 RSVP - ok
17:23:16.0687 2612 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:23:16.0796 2612 rtl8139 - ok
17:23:16.0828 2612 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:23:16.0921 2612 SamSs - ok
17:23:16.0937 2612 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:23:17.0093 2612 SCardSvr - ok
17:23:17.0140 2612 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:23:17.0265 2612 Schedule - ok
17:23:17.0296 2612 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:23:17.0421 2612 Secdrv - ok
17:23:17.0453 2612 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:23:17.0562 2612 seclogon - ok
17:23:17.0609 2612 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:23:17.0734 2612 SENS - ok
17:23:17.0765 2612 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:23:17.0906 2612 Serenum - ok
17:23:17.0921 2612 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
17:23:18.0031 2612 Serial - ok
17:23:18.0062 2612 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:23:18.0171 2612 Sfloppy - ok
17:23:18.0234 2612 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:23:18.0359 2612 SharedAccess - ok
17:23:18.0375 2612 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:23:18.0421 2612 ShellHWDetection - ok
17:23:18.0421 2612 Simbad - ok
17:23:18.0437 2612 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:23:18.0562 2612 SLIP - ok
17:23:18.0578 2612 Sparrow - ok
17:23:18.0593 2612 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:23:18.0718 2612 splitter - ok
17:23:18.0765 2612 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:23:18.0828 2612 Spooler - ok
17:23:18.0859 2612 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:23:18.0968 2612 sr - ok
17:23:19.0015 2612 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
17:23:19.0125 2612 srservice - ok
17:23:19.0187 2612 [ EC5C3C6260F4019B03DFAA03EC8CBF6A ] SRTSP C:\WINDOWS\System32\Drivers\N360\0404000.00C\SRTSP.SYS
17:23:19.0234 2612 SRTSP - ok
17:23:19.0250 2612 [ 55D5C37ED41231E3AC2063D16DF50840 ] SRTSPX C:\WINDOWS\system32\drivers\N360\0404000.00C\SRTSPX.SYS
17:23:19.0265 2612 SRTSPX - ok
17:23:19.0312 2612 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:23:19.0406 2612 Srv - ok
17:23:19.0437 2612 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:23:19.0562 2612 SSDPSRV - ok
17:23:19.0609 2612 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:23:19.0765 2612 stisvc - ok
17:23:19.0796 2612 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:23:19.0937 2612 streamip - ok
17:23:19.0968 2612 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:23:20.0109 2612 swenum - ok
17:23:20.0156 2612 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:23:20.0312 2612 swmidi - ok
17:23:20.0312 2612 SwPrv - ok
17:23:20.0328 2612 symc810 - ok
17:23:20.0328 2612 symc8xx - ok
17:23:20.0343 2612 [ 56890BF9D9204B93042089D4B45AE671 ] SymDS C:\WINDOWS\system32\drivers\N360\0404000.00C\SYMDS.SYS
17:23:20.0406 2612 SymDS - ok
17:23:20.0437 2612 [ 10BA64273FEFF4DF0A7CCB0FF3B9B26B ] SymEFA C:\WINDOWS\system32\drivers\N360\0404000.00C\SYMEFA.SYS
17:23:20.0500 2612 SymEFA - ok
17:23:20.0531 2612 [ 961B48B86F94D4CC8CEB483F8AA89374 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:23:20.0546 2612 SymEvent - ok
17:23:20.0562 2612 [ DC80FBF0A348E54853EF82EED4E11E35 ] SymIRON C:\WINDOWS\system32\drivers\N360\0404000.00C\Ironx86.SYS
17:23:20.0593 2612 SymIRON - ok
17:23:20.0625 2612 [ BE6DE8FBF2DF9F13A90B8B6E943871B7 ] SYMTDI C:\WINDOWS\System32\Drivers\N360\0404000.00C\SYMTDI.SYS
17:23:20.0671 2612 SYMTDI - ok
17:23:20.0687 2612 sym_hi - ok
17:23:20.0687 2612 sym_u3 - ok
17:23:20.0718 2612 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:23:20.0890 2612 sysaudio - ok
17:23:20.0906 2612 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:23:21.0062 2612 SysmonLog - ok
17:23:21.0203 2612 [ 099AEE120CAC4A43CE307A828998392F ] TabletServicePen C:\WINDOWS\system32\Pen_Tablet.exe
17:23:21.0578 2612 TabletServicePen - ok
17:23:21.0625 2612 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:23:21.0765 2612 TapiSrv - ok
17:23:21.0796 2612 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:23:21.0890 2612 Tcpip - ok
17:23:21.0906 2612 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:23:22.0062 2612 TDPIPE - ok
17:23:22.0078 2612 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:23:22.0218 2612 TDTCP - ok
17:23:22.0234 2612 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:23:22.0390 2612 TermDD - ok
17:23:22.0421 2612 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:23:22.0578 2612 TermService - ok
17:23:22.0593 2612 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:23:22.0625 2612 Themes - ok
17:23:22.0656 2612 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
17:23:22.0812 2612 TlntSvr - ok
17:23:22.0859 2612 [ 39BD95A9FE72AAF5C675AD146BE456A9 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
17:23:22.0921 2612 TomTomHOMEService - ok
17:23:22.0921 2612 TosIde - ok
17:23:22.0953 2612 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:23:23.0078 2612 TrkWks - ok
17:23:23.0109 2612 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:23:23.0250 2612 Udfs - ok
17:23:23.0265 2612 ultra - ok
17:23:23.0312 2612 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:23:23.0468 2612 Update - ok
17:23:23.0515 2612 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:23:23.0656 2612 upnphost - ok
17:23:23.0671 2612 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:23:23.0812 2612 UPS - ok
17:23:23.0843 2612 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
17:23:23.0906 2612 USBAAPL - ok
17:23:23.0906 2612 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:23:24.0031 2612 usbccgp - ok
17:23:24.0062 2612 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:23:24.0171 2612 usbehci - ok
17:23:24.0203 2612 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:23:24.0343 2612 usbhub - ok
17:23:24.0359 2612 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:23:24.0484 2612 usbohci - ok
17:23:24.0515 2612 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:23:24.0656 2612 usbprint - ok
17:23:24.0671 2612 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:23:24.0796 2612 usbscan - ok
17:23:24.0828 2612 [ CAAD3467FBFAE8A380F67E9C7150A85E ] usbsermpt C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
17:23:24.0875 2612 usbsermpt ( UnsignedFile.Multi.Generic ) - warning
17:23:24.0875 2612 usbsermpt - detected UnsignedFile.Multi.Generic (1)
17:23:24.0890 2612 [ 49106EE29074E6A3D3AC9E24C6D791D8 ] usbsermptxp C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys
17:23:25.0031 2612 usbsermptxp - ok
17:23:25.0046 2612 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:23:25.0171 2612 USBSTOR - ok
17:23:25.0187 2612 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:23:25.0312 2612 VgaSave - ok
17:23:25.0312 2612 ViaIde - ok
17:23:25.0343 2612 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:23:25.0468 2612 VolSnap - ok
17:23:25.0515 2612 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:23:25.0687 2612 VSS - ok
17:23:25.0703 2612 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
17:23:25.0828 2612 W32Time - ok
17:23:25.0859 2612 [ 8724531219AE3F9E3729012B61DCE527 ] wacmoumonitor C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
17:23:25.0906 2612 wacmoumonitor - ok
17:23:25.0937 2612 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
17:23:25.0968 2612 wacommousefilter - ok
17:23:26.0015 2612 [ 51D580F30D1A1F2EA4965AF6ABC2BCB2 ] wacomvhid C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
17:23:26.0031 2612 wacomvhid - ok
17:23:26.0046 2612 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:23:26.0156 2612 Wanarp - ok
17:23:26.0171 2612 WDICA - ok
17:23:26.0171 2612 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:23:26.0312 2612 wdmaud - ok
17:23:26.0359 2612 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:23:26.0484 2612 WebClient - ok
17:23:26.0546 2612 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:23:26.0671 2612 winmgmt - ok
17:23:26.0703 2612 [ 581176F60885AEF8F78C6E38DCC3CDF9 ] WMDM PMSP Service C:\WINDOWS\system32\MsPMSPSv.exe
17:23:26.0750 2612 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - warning
17:23:26.0750 2612 WMDM PMSP Service - detected UnsignedFile.Multi.Generic (1)
17:23:26.0781 2612 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
17:23:26.0859 2612 WmdmPmSN - ok
17:23:26.0890 2612 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:23:26.0968 2612 Wmi - ok
17:23:27.0000 2612 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:23:27.0156 2612 WmiApSrv - ok
17:23:27.0218 2612 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:23:27.0343 2612 WMPNetworkSvc - ok
17:23:27.0390 2612 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:23:27.0515 2612 wscsvc - ok
17:23:27.0531 2612 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:23:27.0671 2612 WSTCODEC - ok
17:23:27.0718 2612 [ 77A3988CF9B5848BCBC9FB6A79508A56 ] WTouchService C:\Program Files\WTouch\WTouchService.exe
17:23:27.0781 2612 WTouchService - ok
17:23:27.0812 2612 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:23:27.0921 2612 wuauserv - ok
17:23:27.0953 2612 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:23:28.0031 2612 WudfPf - ok
17:23:28.0046 2612 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:23:28.0093 2612 WudfRd - ok
17:23:28.0109 2612 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:23:28.0156 2612 WudfSvc - ok
17:23:28.0218 2612 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:23:28.0359 2612 WZCSVC - ok
17:23:28.0375 2612 XDva385 - ok
17:23:28.0406 2612 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:23:28.0531 2612 xmlprov - ok
17:23:28.0578 2612 [ 7D1DEF979B4E536E12882EE84F7C719A ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
17:23:28.0671 2612 yukonwxp - ok
17:23:28.0671 2612 ================ Scan global ===============================
17:23:28.0718 2612 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:23:28.0765 2612 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:23:28.0796 2612 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:23:28.0812 2612 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:23:28.0812 2612 [Global] - ok
17:23:28.0812 2612 ================ Scan MBR ==================================
17:23:28.0828 2612 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:23:28.0828 2612 Suspicious mbr (Forged): \Device\Harddisk0\DR0
17:23:28.0843 2612 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
17:23:28.0843 2612 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
17:23:28.0875 2612 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:23:28.0875 2612 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:23:28.0875 2612 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:23:28.0937 2612 \Device\Harddisk1\DR1 - ok
17:23:28.0937 2612 ================ Scan VBR ==================================
17:23:28.0937 2612 [ 8295BA046AF68D0E969920C96F67D006 ] \Device\Harddisk0\DR0\Partition1
17:23:28.0937 2612 \Device\Harddisk0\DR0\Partition1 - ok
17:23:28.0953 2612 [ 64BCBEC12D376C68D954B0BF43B4AE11 ] \Device\Harddisk1\DR1\Partition1
17:23:28.0953 2612 \Device\Harddisk1\DR1\Partition1 - ok
17:23:28.0953 2612 ============================================================
17:23:28.0953 2612 Scan finished
17:23:28.0953 2612 ============================================================
17:23:29.0062 0424 Detected object count: 19
17:23:29.0062 0424 Actual detected object count: 19
17:27:43.0234 0424 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
17:27:43.0234 0424 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
17:27:43.0234 0424 Alpham1 ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:43.0234 0424 Alpham1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:43.0234 0424 Alpham2 ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:43.0234 0424 Alpham2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:43.0234 0424 AsIO ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:43.0234 0424 AsIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:43.0234 0424 canio ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:43.0234 0424 canio ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:43.0250 0424 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:43.0250 0424 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:43.0250 0424 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:43.0250 0424 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:43.0250 0424 FTDIBUS ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:43.0250 0424 FTDIBUS ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:43.0250 0424 FTSER2K ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:43.0250 0424 FTSER2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:43.0250 0424 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:43.0250 0424 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:43.0250 0424 InCDfs ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:43.0250 0424 InCDfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:43.0250 0424 InCDPass ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:43.0250 0424 InCDPass ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:43.0250 0424 InCDrec ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:43.0250 0424 InCDrec ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:43.0265 0424 incdrm ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:43.0265 0424 incdrm ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:43.0265 0424 InCDsrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:43.0265 0424 InCDsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:43.0265 0424 usbsermpt ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:43.0265 0424 usbsermpt ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:43.0265 0424 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:43.0265 0424 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:43.0843 0424 \Device\Harddisk0\DR0\# - copied to quarantine
17:27:43.0859 0424 \Device\Harddisk0\DR0 - copied to quarantine
17:27:43.0906 0424 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
17:27:43.0921 0424 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:27:44.0640 0424 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:27:44.0671 0424 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:27:45.0312 0424 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:27:45.0328 0424 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
17:27:45.0328 0424 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:27:45.0343 0424 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:27:45.0359 0424 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:27:45.0375 0424 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:27:45.0390 0424 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:27:45.0406 0424 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:27:45.0500 0424 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:27:45.0609 0424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
17:27:45.0609 0424 \Device\Harddisk0\DR0 - ok
17:27:46.0750 0424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
17:27:46.0750 0424 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:27:46.0750 0424 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:31:18.0890 0212 Deinitialize success
presario2100
2012-08-21, 00:56
Both logs would not fit on one post, here is the 2nd log:
17:38:34.0406 3728 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
17:38:36.0406 3728 ============================================================
17:38:36.0406 3728 Current date / time: 2012/08/20 17:38:36.0406
17:38:36.0406 3728 SystemInfo:
17:38:36.0406 3728
17:38:36.0406 3728 OS Version: 5.1.2600 ServicePack: 3.0
17:38:36.0406 3728 Product type: Workstation
17:38:36.0406 3728 ComputerName: HD4850
17:38:36.0406 3728 UserName: Edward
17:38:36.0406 3728 Windows directory: C:\WINDOWS
17:38:36.0406 3728 System windows directory: C:\WINDOWS
17:38:36.0406 3728 Processor architecture: Intel x86
17:38:36.0406 3728 Number of processors: 2
17:38:36.0406 3728 Page size: 0x1000
17:38:36.0406 3728 Boot type: Normal boot
17:38:36.0406 3728 ============================================================
17:38:38.0781 3728 BG loaded
17:38:41.0015 3728 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:38:43.0062 3728 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:38:43.0062 3728 ============================================================
17:38:43.0062 3728 \Device\Harddisk0\DR0:
17:38:43.0484 3728 MBR partitions:
17:38:43.0484 3728 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
17:38:43.0484 3728 \Device\Harddisk1\DR1:
17:38:43.0484 3728 MBR partitions:
17:38:43.0484 3728 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
17:38:43.0484 3728 ============================================================
17:38:44.0750 3728 C: <-> \Device\Harddisk0\DR0\Partition1
17:38:44.0750 3728 F: <-> \Device\Harddisk1\DR1\Partition1
17:38:44.0859 3728 ============================================================
17:38:44.0859 3728 Initialize success
17:38:44.0859 3728 ============================================================
17:40:01.0187 3420 ============================================================
17:40:01.0187 3420 Scan started
17:40:01.0187 3420 Mode: Manual; SigCheck; TDLFS;
17:40:01.0187 3420 ============================================================
17:40:02.0187 3420 ================ Scan system memory ========================
17:40:02.0187 3420 System memory - ok
17:40:02.0187 3420 ================ Scan services =============================
17:40:02.0296 3420 Abiosdsk - ok
17:40:02.0312 3420 abp480n5 - ok
17:40:02.0343 3420 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:40:03.0953 3420 ACPI - ok
17:40:03.0984 3420 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:40:04.0156 3420 ACPIEC - ok
17:40:04.0218 3420 [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
17:40:04.0250 3420 AdobeActiveFileMonitor7.0 - ok
17:40:04.0312 3420 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:40:04.0375 3420 AdobeFlashPlayerUpdateSvc - ok
17:40:04.0390 3420 adpu160m - ok
17:40:04.0406 3420 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:40:04.0531 3420 aec - ok
17:40:04.0578 3420 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:40:04.0671 3420 AFD - ok
17:40:04.0671 3420 Aha154x - ok
17:40:04.0687 3420 aic78u2 - ok
17:40:04.0687 3420 aic78xx - ok
17:40:04.0843 3420 [ 29584F02A43E427C4227E3B1D9FF1B22 ] Akamai c:\program files\common files\akamai/netsession_win_4f7fccd.dll
17:40:04.0843 3420 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584F02A43E427C4227E3B1D9FF1B22
17:40:04.0859 3420 Akamai ( HiddenFile.Multi.Generic ) - warning
17:40:04.0859 3420 Akamai - detected HiddenFile.Multi.Generic (1)
17:40:04.0890 3420 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:40:05.0015 3420 Alerter - ok
17:40:05.0031 3420 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:40:05.0171 3420 ALG - ok
17:40:05.0187 3420 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
17:40:05.0328 3420 AliIde - ok
17:40:05.0359 3420 [ ACD2F2DF292B6CC28F58095BBA63A068 ] Alpham1 C:\WINDOWS\system32\DRIVERS\Alpham1.sys
17:40:05.0390 3420 Alpham1 ( UnsignedFile.Multi.Generic ) - warning
17:40:05.0390 3420 Alpham1 - detected UnsignedFile.Multi.Generic (1)
17:40:05.0406 3420 [ F4FAFB2E74B83A156408B1B02302799E ] Alpham2 C:\WINDOWS\system32\DRIVERS\Alpham2.sys
17:40:05.0421 3420 Alpham2 ( UnsignedFile.Multi.Generic ) - warning
17:40:05.0421 3420 Alpham2 - detected UnsignedFile.Multi.Generic (1)
17:40:05.0453 3420 [ EFBB0956BAED786E137351B5CA272AEF ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
17:40:05.0890 3420 AmdK8 - ok
17:40:05.0921 3420 [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
17:40:05.0968 3420 AmdLLD - ok
17:40:05.0984 3420 amsint - ok
17:40:06.0046 3420 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:40:06.0078 3420 Apple Mobile Device - ok
17:40:06.0109 3420 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:40:06.0250 3420 AppMgmt - ok
17:40:06.0281 3420 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:40:06.0406 3420 Arp1394 - ok
17:40:06.0421 3420 asc - ok
17:40:06.0421 3420 asc3350p - ok
17:40:06.0421 3420 asc3550 - ok
17:40:06.0453 3420 [ C959989E2CE8DA9BDE8CAFDDBA84BADF ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys
17:40:06.0468 3420 AsIO ( UnsignedFile.Multi.Generic ) - warning
17:40:06.0468 3420 AsIO - detected UnsignedFile.Multi.Generic (1)
17:40:06.0531 3420 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:40:06.0625 3420 aspnet_state - ok
17:40:06.0656 3420 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:40:06.0781 3420 AsyncMac - ok
17:40:06.0796 3420 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:40:06.0937 3420 atapi - ok
17:40:06.0937 3420 Atdisk - ok
17:40:06.0984 3420 [ 809B0EB83C75061C9DE2E528C65A1575 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:40:07.0125 3420 Ati HotKey Poller - ok
17:40:07.0343 3420 [ 032F23B133B680B06861329C5A176EE0 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:40:07.0593 3420 ati2mtag - ok
17:40:07.0640 3420 [ FED003FD00011946B0E4F8FB7A8B4307 ] ATIAVAIW C:\WINDOWS\system32\DRIVERS\atinavt2.sys
17:40:07.0718 3420 ATIAVAIW - ok
17:40:07.0765 3420 [ BD9CA8136738040D3257363ED12BE693 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdXP3.sys
17:40:07.0828 3420 AtiHDAudioService - ok
17:40:07.0843 3420 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:40:07.0968 3420 Atmarpc - ok
17:40:08.0000 3420 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:40:08.0109 3420 AudioSrv - ok
17:40:08.0140 3420 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:40:08.0281 3420 audstub - ok
17:40:08.0312 3420 [ 694A022F3CA43BA0A75AB85A7223CF6C ] bcgame C:\WINDOWS\system32\drivers\bcgame.sys
17:40:08.0343 3420 bcgame - ok
17:40:08.0359 3420 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:40:08.0500 3420 Beep - ok
17:40:08.0687 3420 [ A9E111A358AC5F7EBA7AC61E43FC6725 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120803.001\BHDrvx86.sys
17:40:08.0734 3420 BHDrvx86 - ok
17:40:08.0796 3420 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:40:09.0156 3420 BITS - ok
17:40:09.0187 3420 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
17:40:09.0234 3420 Browser - ok
17:40:09.0250 3420 [ 4D9063930AF2FBCF1CAF7AF02B34DD2B ] canio C:\WINDOWS\system32\canio.sys
17:40:09.0265 3420 canio ( UnsignedFile.Multi.Generic ) - warning
17:40:09.0265 3420 canio - detected UnsignedFile.Multi.Generic (1)
17:40:09.0296 3420 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:40:09.0421 3420 cbidf2k - ok
17:40:09.0453 3420 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:40:09.0578 3420 CCDECODE - ok
17:40:09.0671 3420 [ 1FA1C0E73ECA849BED29A47C508F7F17 ] ccHP C:\WINDOWS\system32\drivers\N360\0404000.00C\ccHPx86.sys
17:40:09.0718 3420 ccHP - ok
17:40:09.0718 3420 cd20xrnt - ok
17:40:09.0734 3420 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:40:09.0890 3420 Cdaudio - ok
17:40:09.0921 3420 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:40:10.0031 3420 Cdfs - ok
17:40:10.0078 3420 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:40:10.0203 3420 Cdrom - ok
17:40:10.0203 3420 Changer - ok
17:40:10.0218 3420 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:40:10.0343 3420 CiSvc - ok
17:40:10.0375 3420 [ 3B15740F137B2B243FDAE2E7B9C391F7 ] CLBStor C:\WINDOWS\system32\drivers\CLBStor.sys
17:40:10.0390 3420 CLBStor - ok
17:40:10.0437 3420 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:40:10.0562 3420 ClipSrv - ok
17:40:10.0578 3420 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:40:10.0703 3420 clr_optimization_v2.0.50727_32 - ok
17:40:10.0703 3420 CmdIde - ok
17:40:10.0718 3420 COMSysApp - ok
17:40:10.0718 3420 Cpqarray - ok
17:40:10.0765 3420 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
17:40:10.0796 3420 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
17:40:10.0796 3420 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
17:40:10.0828 3420 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:40:10.0953 3420 CryptSvc - ok
17:40:10.0984 3420 [ 177BC4EE3840119A780EAFAD5A010F8F ] ctac32k C:\WINDOWS\system32\drivers\ctac32k.sys
17:40:11.0015 3420 ctac32k - ok
17:40:11.0062 3420 [ EB0C0D62D8D2B8F41DA149C866E93397 ] ctaud2k C:\WINDOWS\system32\drivers\ctaud2k.sys
17:40:11.0187 3420 ctaud2k - ok
17:40:11.0203 3420 [ F02E5E05AD79111F3B975E2A654AA050 ] ctdvda2k C:\WINDOWS\system32\drivers\ctdvda2k.sys
17:40:13.0328 3420 ctdvda2k - ok
17:40:13.0359 3420 [ 7D7EEA7FFBC19E1B712D241490BE51ED ] ctprxy2k C:\WINDOWS\system32\drivers\ctprxy2k.sys
17:40:13.0375 3420 ctprxy2k - ok
17:40:13.0390 3420 [ 538122D33DD4B04CC189D5CA72BD6706 ] ctsfm2k C:\WINDOWS\system32\drivers\ctsfm2k.sys
17:40:13.0421 3420 ctsfm2k - ok
17:40:13.0421 3420 dac2w2k - ok
17:40:13.0421 3420 dac960nt - ok
17:40:13.0484 3420 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
17:40:13.0515 3420 DAUpdaterSvc - ok
17:40:13.0531 3420 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:40:13.0625 3420 DcomLaunch - ok
17:40:13.0656 3420 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:40:13.0781 3420 Dhcp - ok
17:40:13.0796 3420 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:40:13.0921 3420 Disk - ok
17:40:13.0953 3420 [ 0E0F7D71E274D375C45DDB0E230E0049 ] DLKRTS C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS
17:40:13.0984 3420 DLKRTS - ok
17:40:13.0984 3420 dmadmin - ok
17:40:14.0031 3420 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:40:14.0187 3420 dmboot - ok
17:40:14.0218 3420 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:40:14.0343 3420 dmio - ok
17:40:14.0359 3420 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:40:14.0500 3420 dmload - ok
17:40:14.0531 3420 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:40:14.0656 3420 dmserver - ok
17:40:14.0671 3420 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:40:14.0796 3420 DMusic - ok
17:40:14.0828 3420 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:40:14.0906 3420 Dnscache - ok
17:40:14.0968 3420 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:40:15.0093 3420 Dot3svc - ok
17:40:15.0093 3420 dpti2o - ok
17:40:15.0140 3420 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:40:15.0250 3420 drmkaud - ok
17:40:15.0312 3420 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:40:15.0421 3420 EapHost - ok
17:40:15.0453 3420 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:40:15.0484 3420 eeCtrl - ok
17:40:15.0500 3420 [ 8E0EB62BE9F9BEE7C2E4C50685038E8D ] emupia C:\WINDOWS\system32\drivers\emupia2k.sys
17:40:15.0531 3420 emupia - ok
17:40:15.0546 3420 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:40:15.0562 3420 EraserUtilRebootDrv - ok
17:40:15.0609 3420 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:40:15.0734 3420 ERSvc - ok
17:40:15.0750 3420 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:40:15.0843 3420 Eventlog - ok
17:40:15.0890 3420 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
17:40:15.0953 3420 EventSystem - ok
17:40:15.0984 3420 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:40:16.0093 3420 Fastfat - ok
17:40:16.0125 3420 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:40:16.0187 3420 FastUserSwitchingCompatibility - ok
17:40:16.0203 3420 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:40:16.0312 3420 Fdc - ok
17:40:16.0343 3420 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:40:16.0453 3420 Fips - ok
17:40:16.0515 3420 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:40:16.0578 3420 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:40:16.0578 3420 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:40:16.0625 3420 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:40:16.0750 3420 Flpydisk - ok
17:40:16.0781 3420 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:40:16.0890 3420 FltMgr - ok
17:40:16.0968 3420 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:40:16.0984 3420 FontCache3.0.0.0 - ok
17:40:17.0000 3420 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:40:17.0140 3420 Fs_Rec - ok
17:40:17.0171 3420 [ C9B7680CC721C44DFC0905986D0EC568 ] FTDIBUS C:\WINDOWS\system32\DRIVERS\ftdibus.sys
17:40:17.0203 3420 FTDIBUS ( UnsignedFile.Multi.Generic ) - warning
17:40:17.0203 3420 FTDIBUS - detected UnsignedFile.Multi.Generic (1)
17:40:17.0218 3420 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:40:17.0359 3420 Ftdisk - ok
17:40:17.0375 3420 [ 0245946B8AEE0EA1D3F53C9BD353CCEA ] FTSER2K C:\WINDOWS\system32\DRIVERS\ftser2k.sys
17:40:17.0390 3420 FTSER2K ( UnsignedFile.Multi.Generic ) - warning
17:40:17.0390 3420 FTSER2K - detected UnsignedFile.Multi.Generic (1)
17:40:17.0437 3420 [ 065639773D8B03F33577F6CDAEA21063 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:40:17.0546 3420 gameenum - ok
17:40:17.0578 3420 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:40:17.0593 3420 GEARAspiWDM - ok
17:40:17.0640 3420 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:40:17.0765 3420 Gpc - ok
17:40:17.0875 3420 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:40:17.0906 3420 gupdate - ok
17:40:17.0921 3420 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:40:17.0953 3420 gupdatem - ok
17:40:18.0000 3420 [ AB32B39E45FB208614983A45DE16794F ] ha10kx2k C:\WINDOWS\system32\drivers\ha10kx2k.sys
17:40:18.0062 3420 ha10kx2k - ok
17:40:18.0093 3420 [ F2607D0D89F57D3564CF65A61A237F1A ] ha20x2k C:\WINDOWS\system32\drivers\ha20x2k.sys
17:40:18.0156 3420 ha20x2k - ok
17:40:18.0171 3420 [ D6861FC0CA96D3E69064C0ACD9DD736D ] hap16v2k C:\WINDOWS\system32\drivers\hap16v2k.sys
17:40:18.0203 3420 hap16v2k - ok
17:40:18.0218 3420 [ 15B18C86C078115D48A0C94882C51E78 ] hap17v2k C:\WINDOWS\system32\drivers\hap17v2k.sys
17:40:18.0265 3420 hap17v2k - ok
17:40:18.0296 3420 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:40:18.0406 3420 HDAudBus - ok
17:40:18.0500 3420 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:40:18.0609 3420 helpsvc - ok
17:40:18.0656 3420 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:40:18.0765 3420 HidServ - ok
17:40:18.0812 3420 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:40:18.0921 3420 hidusb - ok
17:40:18.0984 3420 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:40:19.0093 3420 hkmsvc - ok
17:40:19.0093 3420 hpn - ok
17:40:19.0140 3420 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:40:19.0171 3420 HTTP - ok
17:40:19.0218 3420 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:40:19.0343 3420 HTTPFilter - ok
17:40:19.0343 3420 i2omgmt - ok
17:40:19.0343 3420 i2omp - ok
17:40:19.0390 3420 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:40:19.0515 3420 i8042prt - ok
17:40:19.0609 3420 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:40:19.0656 3420 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:40:19.0656 3420 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:40:19.0718 3420 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:40:19.0781 3420 idsvc - ok
17:40:19.0859 3420 [ EEEBF3616DB90124C1C57019D39AA9A2 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120817.001\IDSxpx86.sys
17:40:19.0890 3420 IDSxpx86 - ok
17:40:19.0906 3420 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:40:20.0031 3420 Imapi - ok
17:40:20.0078 3420 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
17:40:20.0203 3420 ImapiService - ok
17:40:20.0265 3420 [ D8A77FC386F9297CE4B692FC83B4BA02 ] InCDfs C:\WINDOWS\system32\drivers\InCDfs.sys
17:40:20.0281 3420 InCDfs ( UnsignedFile.Multi.Generic ) - warning
17:40:20.0281 3420 InCDfs - detected UnsignedFile.Multi.Generic (1)
17:40:20.0312 3420 [ 433BB499BCEA1C88B55AA67D1B3EF1DC ] InCDPass C:\WINDOWS\system32\DRIVERS\InCDPass.sys
17:40:20.0343 3420 InCDPass ( UnsignedFile.Multi.Generic ) - warning
17:40:20.0343 3420 InCDPass - detected UnsignedFile.Multi.Generic (1)
17:40:20.0375 3420 [ 12DBB035CD2ED0313FAB864470F31C23 ] InCDrec C:\WINDOWS\system32\drivers\InCDrec.sys
17:40:20.0390 3420 InCDrec ( UnsignedFile.Multi.Generic ) - warning
17:40:20.0390 3420 InCDrec - detected UnsignedFile.Multi.Generic (1)
17:40:20.0421 3420 [ 9D1ADFE6CE5C2E2A42F3B8AA57821D87 ] incdrm C:\WINDOWS\system32\drivers\incdrm.sys
17:40:20.0468 3420 incdrm ( UnsignedFile.Multi.Generic ) - warning
17:40:20.0468 3420 incdrm - detected UnsignedFile.Multi.Generic (1)
17:40:20.0656 3420 [ 394BF2329AC168F253C74E1EEAD15FAC ] InCDsrv C:\Program Files\Ahead\InCD\InCDsrv.exe
17:40:20.0796 3420 InCDsrv ( UnsignedFile.Multi.Generic ) - warning
17:40:20.0796 3420 InCDsrv - detected UnsignedFile.Multi.Generic (1)
17:40:20.0812 3420 ini910u - ok
17:40:20.0828 3420 IntelIde - ok
17:40:20.0859 3420 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:40:20.0968 3420 ip6fw - ok
17:40:20.0984 3420 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:40:21.0109 3420 IpFilterDriver - ok
17:40:21.0125 3420 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:40:21.0234 3420 IpInIp - ok
17:40:21.0281 3420 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:40:21.0390 3420 IpNat - ok
17:40:21.0437 3420 [ 49918803B661367023BF325CF602AFDC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:40:21.0515 3420 iPod Service - ok
17:40:21.0546 3420 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:40:21.0671 3420 IPSec - ok
17:40:21.0687 3420 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:40:21.0812 3420 IRENUM - ok
17:40:21.0828 3420 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:40:21.0921 3420 isapnp - ok
17:40:22.0000 3420 [ DE5D05FD449798EF88CC34AD4B1E7F85 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
17:40:22.0031 3420 JavaQuickStarterService - ok
17:40:22.0078 3420 jbridgep - ok
17:40:22.0109 3420 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:40:22.0218 3420 Kbdclass - ok
17:40:22.0234 3420 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:40:22.0343 3420 kbdhid - ok
17:40:22.0375 3420 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:40:22.0531 3420 kmixer - ok
17:40:22.0546 3420 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:40:22.0625 3420 KSecDD - ok
17:40:22.0703 3420 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:40:22.0750 3420 lanmanserver - ok
17:40:22.0765 3420 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:40:22.0812 3420 lanmanworkstation - ok
17:40:22.0812 3420 lbrtfdc - ok
17:40:22.0843 3420 [ 3C357DFDBBF2B4B01AA4B9C8A26E4416 ] LHidFlt2 C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
17:40:22.0890 3420 LHidFlt2 - ok
17:40:22.0906 3420 [ FFB851B1B2F6596B7D3182B977A85206 ] LHidUsb C:\WINDOWS\system32\Drivers\LHidUsb.Sys
17:40:22.0968 3420 LHidUsb - ok
17:40:23.0015 3420 [ 9039717A906DA0AE38420918801D9AB3 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:40:23.0046 3420 LightScribeService - ok
17:40:23.0078 3420 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:40:23.0187 3420 LmHosts - ok
17:40:23.0203 3420 [ AEF09673376A4D93C09E8341854F1BF4 ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
17:40:23.0234 3420 LMouFlt2 - ok
17:40:23.0265 3420 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:40:23.0375 3420 Messenger - ok
17:40:23.0421 3420 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:40:23.0546 3420 mnmdd - ok
17:40:23.0593 3420 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
17:40:23.0718 3420 mnmsrvc - ok
17:40:23.0750 3420 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:40:23.0875 3420 Modem - ok
17:40:23.0890 3420 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:40:24.0015 3420 Mouclass - ok
17:40:24.0031 3420 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:40:24.0187 3420 mouhid - ok
17:40:24.0250 3420 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:40:24.0359 3420 MountMgr - ok
17:40:24.0390 3420 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
17:40:24.0500 3420 MPE - ok
17:40:24.0500 3420 mraid35x - ok
17:40:24.0531 3420 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:40:24.0640 3420 MRxDAV - ok
17:40:24.0671 3420 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:40:24.0734 3420 MRxSmb - ok
17:40:24.0781 3420 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
17:40:24.0890 3420 MSDTC - ok
17:40:24.0906 3420 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:40:25.0031 3420 Msfs - ok
17:40:25.0031 3420 MSIServer - ok
17:40:25.0046 3420 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:40:25.0171 3420 MSKSSRV - ok
17:40:25.0187 3420 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:40:25.0296 3420 MSPCLOCK - ok
17:40:25.0312 3420 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:40:25.0437 3420 MSPQM - ok
17:40:25.0453 3420 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:40:25.0562 3420 mssmbios - ok
17:40:25.0609 3420 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:40:25.0718 3420 MSTEE - ok
17:40:25.0765 3420 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:40:25.0812 3420 MTsensor - ok
17:40:25.0828 3420 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:40:25.0875 3420 Mup - ok
17:40:25.0921 3420 [ B4187346F54E362DAFFE647B25A58D50 ] N360 C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
17:40:25.0968 3420 N360 - ok
17:40:25.0984 3420 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:40:26.0109 3420 NABTSFEC - ok
17:40:26.0140 3420 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:40:26.0281 3420 napagent - ok
17:40:26.0343 3420 [ F11033730B38260B6892E837C457FB4B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120820.002\NAVENG.SYS
17:40:26.0359 3420 NAVENG - ok
17:40:26.0406 3420 [ 4E4E7C0259D3BB97DE24A636C0E06ABA ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120820.002\NAVEX15.SYS
17:40:26.0468 3420 NAVEX15 - ok
17:40:26.0500 3420 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:40:26.0625 3420 NDIS - ok
17:40:26.0640 3420 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:40:26.0750 3420 NdisIP - ok
17:40:26.0765 3420 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:40:26.0796 3420 NdisTapi - ok
17:40:26.0812 3420 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:40:26.0937 3420 Ndisuio - ok
17:40:26.0968 3420 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:40:27.0093 3420 NdisWan - ok
17:40:27.0125 3420 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:40:27.0187 3420 NDProxy - ok
17:40:27.0218 3420 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:40:27.0328 3420 NetBIOS - ok
17:40:27.0359 3420 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:40:27.0468 3420 NetBT - ok
17:40:27.0515 3420 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:40:27.0625 3420 NetDDE - ok
17:40:27.0625 3420 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:40:27.0750 3420 NetDDEdsdm - ok
17:40:27.0781 3420 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
17:40:27.0890 3420 Netlogon - ok
17:40:27.0937 3420 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:40:28.0062 3420 Netman - ok
17:40:28.0093 3420 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:40:28.0125 3420 NetTcpPortSharing - ok
17:40:28.0156 3420 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:40:28.0265 3420 NIC1394 - ok
17:40:28.0296 3420 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:40:28.0359 3420 Nla - ok
17:40:28.0359 3420 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:40:28.0468 3420 Npfs - ok
17:40:28.0500 3420 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:40:28.0656 3420 Ntfs - ok
17:40:28.0656 3420 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
17:40:28.0765 3420 NtLmSsp - ok
17:40:28.0796 3420 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:40:28.0968 3420 NtmsSvc - ok
17:40:28.0984 3420 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:40:29.0109 3420 Null - ok
17:40:29.0125 3420 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:40:29.0281 3420 NwlnkFlt - ok
17:40:29.0281 3420 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:40:29.0421 3420 NwlnkFwd - ok
17:40:29.0437 3420 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:40:29.0562 3420 ohci1394 - ok
17:40:29.0593 3420 [ 611B58C2FD89AA9E80743A197BA62277 ] ossrv C:\WINDOWS\system32\drivers\ctoss2k.sys
17:40:29.0625 3420 ossrv - ok
17:40:29.0656 3420 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
17:40:29.0765 3420 Parport - ok
17:40:29.0796 3420 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:40:29.0906 3420 PartMgr - ok
17:40:29.0937 3420 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:40:30.0078 3420 ParVdm - ok
17:40:30.0109 3420 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:40:30.0203 3420 PCI - ok
17:40:30.0218 3420 PCIDump - ok
17:40:30.0218 3420 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:40:30.0359 3420 PCIIde - ok
17:40:30.0390 3420 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:40:30.0500 3420 Pcmcia - ok
17:40:30.0500 3420 PDCOMP - ok
17:40:30.0500 3420 PDFRAME - ok
17:40:30.0515 3420 PDRELI - ok
17:40:30.0515 3420 PDRFRAME - ok
17:40:30.0531 3420 perc2 - ok
17:40:30.0531 3420 perc2hib - ok
17:40:30.0562 3420 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:40:30.0609 3420 PlugPlay - ok
17:40:30.0656 3420 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
17:40:30.0687 3420 PnkBstrA - ok
17:40:30.0687 3420 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
17:40:30.0796 3420 PolicyAgent - ok
17:40:30.0828 3420 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:40:30.0953 3420 PptpMiniport - ok
17:40:30.0968 3420 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
17:40:31.0093 3420 Processor - ok
17:40:31.0093 3420 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:40:31.0203 3420 ProtectedStorage - ok
17:40:31.0218 3420 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:40:31.0328 3420 PSched - ok
17:40:31.0343 3420 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:40:31.0500 3420 Ptilink - ok
17:40:31.0515 3420 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:40:31.0531 3420 PxHelp20 - ok
17:40:31.0546 3420 ql1080 - ok
17:40:31.0546 3420 Ql10wnt - ok
17:40:31.0546 3420 ql12160 - ok
17:40:31.0562 3420 ql1240 - ok
17:40:31.0562 3420 ql1280 - ok
17:40:31.0578 3420 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:40:31.0703 3420 RasAcd - ok
17:40:31.0734 3420 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:40:31.0843 3420 RasAuto - ok
17:40:31.0859 3420 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:40:31.0984 3420 Rasl2tp - ok
17:40:32.0015 3420 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:40:32.0125 3420 RasMan - ok
17:40:32.0140 3420 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:40:32.0250 3420 RasPppoe - ok
17:40:32.0281 3420 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:40:32.0406 3420 Raspti - ok
17:40:32.0453 3420 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:40:32.0562 3420 Rdbss - ok
17:40:32.0578 3420 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:40:32.0703 3420 RDPCDD - ok
17:40:32.0734 3420 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:40:32.0859 3420 rdpdr - ok
17:40:32.0890 3420 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:40:32.0953 3420 RDPWD - ok
17:40:32.0984 3420 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:40:33.0109 3420 RDSessMgr - ok
17:40:33.0156 3420 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:40:33.0265 3420 redbook - ok
17:40:33.0312 3420 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:40:33.0437 3420 RemoteAccess - ok
17:40:33.0468 3420 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:40:33.0593 3420 RemoteRegistry - ok
17:40:33.0640 3420 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
17:40:33.0734 3420 RpcLocator - ok
17:40:33.0765 3420 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:40:33.0843 3420 RpcSs - ok
17:40:33.0875 3420 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
17:40:34.0046 3420 RSVP - ok
17:40:34.0078 3420 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
17:40:34.0171 3420 rtl8139 - ok
17:40:34.0187 3420 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:40:34.0296 3420 SamSs - ok
17:40:34.0312 3420 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:40:34.0421 3420 SCardSvr - ok
17:40:34.0468 3420 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:40:34.0593 3420 Schedule - ok
17:40:34.0640 3420 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:40:34.0750 3420 Secdrv - ok
17:40:34.0796 3420 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:40:34.0890 3420 seclogon - ok
17:40:34.0921 3420 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:40:35.0046 3420 SENS - ok
17:40:35.0078 3420 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:40:35.0187 3420 Serenum - ok
17:40:35.0203 3420 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
17:40:35.0296 3420 Serial - ok
17:40:35.0328 3420 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:40:35.0437 3420 Sfloppy - ok
17:40:35.0484 3420 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:40:35.0593 3420 SharedAccess - ok
17:40:35.0640 3420 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:40:35.0671 3420 ShellHWDetection - ok
17:40:35.0671 3420 Simbad - ok
17:40:35.0703 3420 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:40:35.0796 3420 SLIP - ok
17:40:35.0812 3420 Sparrow - ok
17:40:35.0843 3420 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:40:35.0953 3420 splitter - ok
17:40:35.0984 3420 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:40:36.0046 3420 Spooler - ok
17:40:36.0078 3420 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:40:36.0187 3420 sr - ok
17:40:36.0218 3420 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
17:40:36.0328 3420 srservice - ok
17:40:36.0390 3420 [ EC5C3C6260F4019B03DFAA03EC8CBF6A ] SRTSP C:\WINDOWS\System32\Drivers\N360\0404000.00C\SRTSP.SYS
17:40:36.0421 3420 SRTSP - ok
17:40:36.0437 3420 [ 55D5C37ED41231E3AC2063D16DF50840 ] SRTSPX C:\WINDOWS\system32\drivers\N360\0404000.00C\SRTSPX.SYS
17:40:36.0453 3420 SRTSPX - ok
17:40:36.0500 3420 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:40:36.0562 3420 Srv - ok
17:40:36.0609 3420 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:40:36.0734 3420 SSDPSRV - ok
17:40:36.0765 3420 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:40:36.0921 3420 stisvc - ok
17:40:36.0953 3420 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:40:37.0062 3420 streamip - ok
17:40:37.0109 3420 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:40:37.0218 3420 swenum - ok
17:40:37.0265 3420 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:40:37.0375 3420 swmidi - ok
17:40:37.0390 3420 SwPrv - ok
17:40:37.0390 3420 symc810 - ok
17:40:37.0406 3420 symc8xx - ok
17:40:37.0421 3420 [ 56890BF9D9204B93042089D4B45AE671 ] SymDS C:\WINDOWS\system32\drivers\N360\0404000.00C\SYMDS.SYS
17:40:37.0468 3420 SymDS - ok
17:40:37.0500 3420 [ 10BA64273FEFF4DF0A7CCB0FF3B9B26B ] SymEFA C:\WINDOWS\system32\drivers\N360\0404000.00C\SYMEFA.SYS
17:40:37.0531 3420 SymEFA - ok
17:40:37.0578 3420 [ 961B48B86F94D4CC8CEB483F8AA89374 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:40:37.0593 3420 SymEvent - ok
17:40:37.0640 3420 [ DC80FBF0A348E54853EF82EED4E11E35 ] SymIRON C:\WINDOWS\system32\drivers\N360\0404000.00C\Ironx86.SYS
17:40:37.0671 3420 SymIRON - ok
17:40:37.0703 3420 [ BE6DE8FBF2DF9F13A90B8B6E943871B7 ] SYMTDI C:\WINDOWS\System32\Drivers\N360\0404000.00C\SYMTDI.SYS
17:40:37.0734 3420 SYMTDI - ok
17:40:37.0734 3420 sym_hi - ok
17:40:37.0734 3420 sym_u3 - ok
17:40:37.0765 3420 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:40:37.0875 3420 sysaudio - ok
17:40:37.0906 3420 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:40:38.0015 3420 SysmonLog - ok
17:40:38.0156 3420 [ 099AEE120CAC4A43CE307A828998392F ] TabletServicePen C:\WINDOWS\system32\Pen_Tablet.exe
17:40:38.0421 3420 TabletServicePen - ok
17:40:38.0468 3420 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:40:38.0593 3420 TapiSrv - ok
17:40:38.0671 3420 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:40:38.0718 3420 Tcpip - ok
17:40:38.0734 3420 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:40:38.0843 3420 TDPIPE - ok
17:40:38.0859 3420 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:40:38.0968 3420 TDTCP - ok
17:40:38.0984 3420 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:40:39.0109 3420 TermDD - ok
17:40:39.0140 3420 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:40:39.0265 3420 TermService - ok
17:40:39.0281 3420 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:40:39.0312 3420 Themes - ok
17:40:39.0343 3420 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
17:40:39.0468 3420 TlntSvr - ok
17:40:39.0500 3420 [ 39BD95A9FE72AAF5C675AD146BE456A9 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
17:40:39.0531 3420 TomTomHOMEService - ok
17:40:39.0531 3420 TosIde - ok
17:40:39.0578 3420 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:40:39.0687 3420 TrkWks - ok
17:40:39.0718 3420 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:40:39.0812 3420 Udfs - ok
17:40:39.0812 3420 ultra - ok
17:40:39.0859 3420 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:40:40.0000 3420 Update - ok
17:40:40.0015 3420 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:40:40.0140 3420 upnphost - ok
17:40:40.0156 3420 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:40:40.0265 3420 UPS - ok
17:40:40.0312 3420 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
17:40:40.0343 3420 USBAAPL - ok
17:40:40.0343 3420 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:40:40.0468 3420 usbccgp - ok
17:40:40.0484 3420 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:40:40.0593 3420 usbehci - ok
17:40:40.0640 3420 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:40:40.0765 3420 usbhub - ok
17:40:40.0781 3420 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:40:40.0906 3420 usbohci - ok
17:40:40.0937 3420 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:40:41.0046 3420 usbprint - ok
17:40:41.0062 3420 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:40:41.0187 3420 usbscan - ok
17:40:41.0203 3420 [ CAAD3467FBFAE8A380F67E9C7150A85E ] usbsermpt C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
17:40:41.0234 3420 usbsermpt ( UnsignedFile.Multi.Generic ) - warning
17:40:41.0234 3420 usbsermpt - detected UnsignedFile.Multi.Generic (1)
17:40:41.0265 3420 [ 49106EE29074E6A3D3AC9E24C6D791D8 ] usbsermptxp C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys
17:40:41.0343 3420 usbsermptxp - ok
17:40:41.0359 3420 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:40:41.0484 3420 USBSTOR - ok
17:40:41.0500 3420 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:40:41.0593 3420 VgaSave - ok
17:40:41.0609 3420 ViaIde - ok
17:40:41.0640 3420 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:40:41.0734 3420 VolSnap - ok
17:40:41.0781 3420 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:40:41.0906 3420 VSS - ok
17:40:41.0921 3420 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
17:40:42.0046 3420 W32Time - ok
17:40:42.0062 3420 [ 8724531219AE3F9E3729012B61DCE527 ] wacmoumonitor C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
17:40:42.0093 3420 wacmoumonitor - ok
17:40:42.0109 3420 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
17:40:42.0125 3420 wacommousefilter - ok
17:40:42.0156 3420 [ 51D580F30D1A1F2EA4965AF6ABC2BCB2 ] wacomvhid C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
17:40:42.0171 3420 wacomvhid - ok
17:40:42.0187 3420 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:40:42.0281 3420 Wanarp - ok
17:40:42.0296 3420 WDICA - ok
17:40:42.0296 3420 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:40:42.0421 3420 wdmaud - ok
17:40:42.0453 3420 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:40:42.0562 3420 WebClient - ok
17:40:42.0625 3420 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:40:42.0734 3420 winmgmt - ok
17:40:42.0765 3420 [ 581176F60885AEF8F78C6E38DCC3CDF9 ] WMDM PMSP Service C:\WINDOWS\system32\MsPMSPSv.exe
17:40:42.0781 3420 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - warning
17:40:42.0781 3420 WMDM PMSP Service - detected UnsignedFile.Multi.Generic (1)
17:40:42.0812 3420 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
17:40:42.0890 3420 WmdmPmSN - ok
17:40:42.0937 3420 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:40:43.0031 3420 Wmi - ok
17:40:43.0062 3420 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:40:43.0171 3420 WmiApSrv - ok
17:40:43.0234 3420 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:40:43.0343 3420 WMPNetworkSvc - ok
17:40:43.0375 3420 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:40:43.0500 3420 wscsvc - ok
17:40:43.0531 3420 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:40:43.0640 3420 WSTCODEC - ok
17:40:43.0687 3420 [ 77A3988CF9B5848BCBC9FB6A79508A56 ] WTouchService C:\Program Files\WTouch\WTouchService.exe
17:40:43.0734 3420 WTouchService - ok
17:40:43.0765 3420 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:40:43.0906 3420 wuauserv - ok
17:40:43.0921 3420 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:40:43.0984 3420 WudfPf - ok
17:40:44.0000 3420 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:40:44.0031 3420 WudfRd - ok
17:40:44.0062 3420 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:40:44.0093 3420 WudfSvc - ok
17:40:44.0125 3420 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:40:44.0281 3420 WZCSVC - ok
17:40:44.0281 3420 XDva385 - ok
17:40:44.0328 3420 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:40:44.0468 3420 xmlprov - ok
17:40:44.0500 3420 [ 7D1DEF979B4E536E12882EE84F7C719A ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
17:40:44.0562 3420 yukonwxp - ok
17:40:44.0578 3420 ================ Scan global ===============================
17:40:44.0625 3420 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:40:44.0656 3420 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:40:44.0687 3420 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:40:44.0734 3420 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:40:44.0734 3420 [Global] - ok
17:40:44.0734 3420 ================ Scan MBR ==================================
17:40:44.0750 3420 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:40:44.0968 3420 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:40:44.0968 3420 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:40:44.0968 3420 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:40:45.0015 3420 \Device\Harddisk1\DR1 - ok
17:40:45.0015 3420 ================ Scan VBR ==================================
17:40:45.0031 3420 [ 8295BA046AF68D0E969920C96F67D006 ] \Device\Harddisk0\DR0\Partition1
17:40:45.0031 3420 \Device\Harddisk0\DR0\Partition1 - ok
17:40:45.0031 3420 [ 64BCBEC12D376C68D954B0BF43B4AE11 ] \Device\Harddisk1\DR1\Partition1
17:40:45.0031 3420 \Device\Harddisk1\DR1\Partition1 - ok
17:40:45.0031 3420 ============================================================
17:40:45.0031 3420 Scan finished
17:40:45.0031 3420 ============================================================
17:40:45.0140 3412 Detected object count: 18
17:40:45.0140 3412 Actual detected object count: 18
17:40:57.0859 3412 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
17:40:57.0859 3412 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
17:40:57.0859 3412 Alpham1 ( UnsignedFile.Multi.Generic ) - skipped by user
17:40:57.0859 3412 Alpham1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:40:57.0875 3412 Alpham2 ( UnsignedFile.Multi.Generic ) - skipped by user
17:40:57.0875 3412 Alpham2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:40:57.0875 3412 AsIO ( UnsignedFile.Multi.Generic ) - skipped by user
17:40:57.0875 3412 AsIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:40:57.0875 3412 canio ( UnsignedFile.Multi.Generic ) - skipped by user
17:40:57.0875 3412 canio ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:40:57.0875 3412 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
17:40:57.0875 3412 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:40:57.0875 3412 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:40:57.0875 3412 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:40:57.0875 3412 FTDIBUS ( UnsignedFile.Multi.Generic ) - skipped by user
17:40:57.0875 3412 FTDIBUS ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:40:57.0875 3412 FTSER2K ( UnsignedFile.Multi.Generic ) - skipped by user
17:40:57.0875 3412 FTSER2K ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:40:57.0875 3412 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:40:57.0875 3412 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:40:57.0875 3412 InCDfs ( UnsignedFile.Multi.Generic ) - skipped by user
17:40:57.0875 3412 InCDfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:40:57.0875 3412 InCDPass ( UnsignedFile.Multi.Generic ) - skipped by user
17:40:57.0875 3412 InCDPass ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:40:57.0890 3412 InCDrec ( UnsignedFile.Multi.Generic ) - skipped by user
17:40:57.0890 3412 InCDrec ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:40:57.0890 3412 incdrm ( UnsignedFile.Multi.Generic ) - skipped by user
17:40:57.0890 3412 incdrm ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:40:57.0890 3412 InCDsrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:40:57.0890 3412 InCDsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:40:57.0890 3412 usbsermpt ( UnsignedFile.Multi.Generic ) - skipped by user
17:40:57.0890 3412 usbsermpt ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:40:57.0890 3412 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:40:57.0890 3412 WMDM PMSP Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:40:57.0890 3412 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:40:57.0890 3412 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:41:02.0187 3692 Deinitialize success
oldman960
2012-08-21, 11:35
Hi presario2100,
How's the computer? Any more ads?
Please rerun aswMBR like you did before and post the log.
Thanks
presario2100
2012-08-23, 06:53
I haven't heard any ads today, but again it is random. Seems ok so far though...
Here is the log you asked for:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-22 22:59:04
-----------------------------
22:59:04.812 OS Version: Windows 5.1.2600 Service Pack 3
22:59:04.812 Number of processors: 2 586 0x2302
22:59:04.812 ComputerName: HD4850 UserName: Edward
22:59:05.437 Initialize success
23:01:12.312 AVAST engine defs: 12082201
23:01:25.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-6
23:01:25.593 Disk 0 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238475MB BusType: 3
23:01:25.593 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-19
23:01:25.593 Disk 1 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238475MB BusType: 3
23:01:26.640 Disk 0 MBR read successfully
23:01:26.640 Disk 0 MBR scan
23:01:26.687 Disk 0 Windows XP default MBR code
23:01:26.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
23:01:26.703 Disk 0 scanning sectors +488376000
23:01:26.765 Disk 0 scanning C:\WINDOWS\system32\drivers
23:02:03.796 Service scanning
23:02:30.625 Modules scanning
23:02:37.578 Disk 0 trace - called modules:
23:02:37.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:02:37.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aad2ab8]
23:02:37.609 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000077[0x8ab44f18]
23:02:37.609 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-6[0x8aab0940]
23:02:38.250 AVAST engine scan C:\WINDOWS
23:03:00.343 AVAST engine scan C:\WINDOWS\system32
23:07:03.687 AVAST engine scan C:\WINDOWS\system32\drivers
23:07:33.843 AVAST engine scan C:\Documents and Settings\Edward
23:17:17.578 AVAST engine scan C:\Documents and Settings\All Users
23:35:35.296 Scan finished successfully
23:51:19.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Edward\Desktop\MBR.dat"
23:51:19.515 The log file has been saved successfully to "C:\Documents and Settings\Edward\Desktop\aswMBR-2.txt"
oldman960
2012-08-23, 13:49
Hi presario2100,
Please rerun TDSSKiller the same way you did before. This time when presented with this line
17:27:46.0750 0424 \Device\Harddisk0\DR0 ( TDSS File System )
Please use the drop down menu and select delete.
Next
You have several old vulnerable versions of java installed. Click your start button > Control Panel > add/remove programs and uninstall the following
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Do not uninstall Java(TM) 6 Update 33
NextClick your start button, open Control panel.
Locate the Java icon (it looks like a coffee cup)
double click it to open it
click the Update tab
Click update now
Please decline any additional installs that may be offered.
Next
Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean
Next
Download and save to your desktop Malwarebytes Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Please post back with
TDSSK log
MBAM log
Computer still ok?