If you want to wait until you are one site to reboot that's fine.
Windows 2003 Server with Backdoor Trojan
Started by
rahanna
, Sep 01 2012 12:09 PM
#91
Posted 06 September 2012 - 11:36 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
If you want to wait until you are one site to reboot that's fine.
#92
Posted 06 September 2012 - 11:43 PM
rahanna
- Topic Starter
-
- Member
-
- 96 posts
Member
Ron ... Do you want me to run AutoRuns and send you the report before the reboot ???
#94
Posted 07 September 2012 - 12:39 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Going to bed now.
#95
Posted 07 September 2012 - 10:24 AM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
I've found a worm called morto that looks a lot like what you have so I expect yours is a new variation.
https://community.qu...itecture-review
http://www.f-secure....2_morto_a.shtml
Check for:
c:\windows\clb.dll
If the file exists, delete it. Ditto for:
C:\WINDOWS\Offline Web Pages\cache.txt
C:\WINDOWS\system32\Sens32.dll
Go into regedit.
Export HKLM\SYSTEM\WPA\ and attach it to your next post.
Export your HKLM\SYSTEM\CurrentControlSet\Services\Sens from the sick server and compare it to that of the good server. IF they are different, then try to merge the good one onto the sick server. Export again and compare. If they aren't the same then delete the Sens service first then try a merge again. Or just attach both to a reply and I will create a reg file to do it for you.
https://community.qu...itecture-review
http://www.f-secure....2_morto_a.shtml
Check for:
c:\windows\clb.dll
If the file exists, delete it. Ditto for:
C:\WINDOWS\Offline Web Pages\cache.txt
C:\WINDOWS\system32\Sens32.dll
Go into regedit.
Export HKLM\SYSTEM\WPA\ and attach it to your next post.
Export your HKLM\SYSTEM\CurrentControlSet\Services\Sens from the sick server and compare it to that of the good server. IF they are different, then try to merge the good one onto the sick server. Export again and compare. If they aren't the same then delete the Sens service first then try a merge again. Or just attach both to a reply and I will create a reg file to do it for you.
#96
Posted 07 September 2012 - 01:37 PM
rahanna
- Topic Starter
-
- Member
-
- 96 posts
Member
Ron,
I will be their on site in a couple of hours and will follow your last recommendations ...
Thanks,
I will be their on site in a couple of hours and will follow your last recommendations ...
Thanks,
#97
Posted 07 September 2012 - 06:02 PM
rahanna
- Topic Starter
-
- Member
-
- 96 posts
Member
Ron,
The file [ c:\windows\clb.dll ] doesn't exist ...
I did run AutoRuns and it still shows some suspicious keys as per attached ...
Now the Server is stable but as soon as I restart it, the bad stuff will kick in ...
How can we get rid of these Run keys that come back again ???
The file [ c:\windows\clb.dll ] doesn't exist ...
I did run AutoRuns and it still shows some suspicious keys as per attached ...
Now the Server is stable but as soon as I restart it, the bad stuff will kick in ...
How can we get rid of these Run keys that come back again ???
Attached Files
-
AutoRuns7.zip 50.78KB
139 downloads
#98
Posted 07 September 2012 - 06:29 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
Go into Autoruns and delete the entries we know are bad.
Export HKLM\SYSTEM\WPA\ and attach it to your next post.
Export your HKLM\SYSTEM\CurrentControlSet\Services\Sens from the sick server and attach it.
Download
http://ad13.geekstogo.com/MBRCheck.exe
Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.
See if you can get tdsskiller to run:
Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
Export HKLM\SYSTEM\WPA\ and attach it to your next post.
Export your HKLM\SYSTEM\CurrentControlSet\Services\Sens from the sick server and attach it.
Download
http://ad13.geekstogo.com/MBRCheck.exe
Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.
See if you can get tdsskiller to run:
Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
#99
Posted 07 September 2012 - 07:00 PM
rahanna
- Topic Starter
-
- Member
-
- 96 posts
Member
Ron,
OK ... I have deleted most of the suspicious keys under AutoRuns that indicate [File Not Found]
Attached you will find WAP & Sens Registry Export ... Just changed the extension from [.reg] to [.txt]
Ran MBRCheck and here are the results ...
While you are looking into that, I am downloading TDSKill and will run it too ...
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows Server 2003 R2, Standard Edition
Windows Information: Service Pack 2 (build 3790)
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: PowerEdge 2900
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 141):
0x80800000 \WINDOWS\system32\ntkrnlpa.exe
0x80A5A000 \WINDOWS\system32\hal.dll
0xF7707000 \WINDOWS\system32\KDCOM.DLL
0xF770F000 \WINDOWS\system32\BOOTVID.dll
0xF7352000 ACPI.sys
0xF7487000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF733C000 pci.sys
0xF7497000 isapnp.sys
0xF7717000 pciide.sys
0xF74A7000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74B7000 MountMgr.sys
0xF7315000 ftdisk.sys
0xF771F000 dmload.sys
0xF72E9000 dmio.sys
0xF72BF000 volsnap.sys
0xF74C7000 PartMgr.sys
0xF72A2000 atapi.sys
0xF74D7000 percsas.sys
0xF7284000 \WINDOWS\system32\drivers\storport.sys
0xF726B000 adpu160m.sys
0xF724C000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF74E7000 disk.sys
0xF7239000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7214000 fltmgr.sys
0xF74F7000 Dfs.sys
0xF71ED000 KSecDD.sys
0xF7507000 \WINDOWS\system32\DRIVERS\WDFLDR.SYS
0xF70E7000 Ntfs.sys
0xF70A8000 NDIS.sys
0xF703D000 timntr.sys
0xF7B64000 Wdf01000.sys
0xF701D000 snman380.sys
0xF76E8000 Mup.sys
0xF7517000 crcdisk.sys
0xF7557000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6A67000 \SystemRoot\system32\DRIVERS\bxvbdx.sys
0xF7777000 \SystemRoot\System32\Drivers\tpfilter.sys
0xF7577000 \SystemRoot\system32\DRIVERS\TAPE.SYS
0xF6999000 \SystemRoot\system32\DRIVERS\winachcf.sys
0xF7587000 \SystemRoot\System32\Drivers\Modem.SYS
0xF777F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF696F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7787000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6811000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF67F5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7597000 \SystemRoot\system32\DRIVERS\watchdog.sys
0xF75A7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6740000 \SystemRoot\system32\DRIVERS\serial.sys
0xF75B7000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7667000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF672B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6717000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF66F0000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7A97000 \SystemRoot\system32\DRIVERS\DamewareMini.sys
0xF75D7000 \SystemRoot\system32\DRIVERS\dwvkbd.sys
0xF75E7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF778F000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF66DC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF75F7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF66C3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7607000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF66B1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7617000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7627000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7637000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF665B000 \SystemRoot\system32\DRIVERS\wlbs.sys
0xF6624000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7647000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7657000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF798D000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6525000 \SystemRoot\system32\DRIVERS\update.sys
0xF7677000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7687000 \SystemRoot\system32\DRIVERS\dcdbas32.sys
0xF6513000 \SystemRoot\system32\DRIVERS\bxnd52x.sys
0xF7697000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF76B7000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF64C2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79AF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF779F000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF63B8000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xF620D000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF77B7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF67B5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF67A5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77BF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF6795000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF6785000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xF77CF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF77D7000 \SystemRoot\System32\Drivers\Null.SYS
0xF77DF000 \SystemRoot\System32\Drivers\Beep.SYS
0xF6775000 \SystemRoot\System32\drivers\vga.sys
0xF77E7000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF77EF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF6765000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF6755000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF77FF000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF6147000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF6614000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF60B3000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF6082000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF6058000 \SystemRoot\System32\drivers\afd.sys
0xF6604000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF5FEE000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xF65F4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF6F63000 \SystemRoot\System32\DRIVERS\scsichng.sys
0xF5F1E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF5EA8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF5E97000 \SystemRoot\System32\Drivers\Fips.SYS
0xF5E38000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF5E1A000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xF5DDD000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF65D4000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0xF65C4000 \SystemRoot\System32\Drivers\dump_percsas.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF65B4000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF9D4000 \SystemRoot\System32\drivers\dxg.sys
0xF7817000 \SystemRoot\System32\drivers\dxgthk.sys
0xF5DC5000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xF6402000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xF65E4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBFD8F000 \SystemRoot\System32\ATMFD.DLL
0xF7797000 \SystemRoot\System32\Drivers\WGX.SYS
0xF58F1000 \SystemRoot\system32\DRIVERS\srv.sys
0xF79DB000 \??\C:\Program Files\Broadcom\SNMP\BASFND.sys
0xF5558000 \SystemRoot\System32\Drivers\HTTP.sys
0xF5524000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF426A000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xF3EFF000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xF3C07000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xF3C47000 \SystemRoot\system32\DRIVERS\QLTOx32.sys
0xF3957000 \??\C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
0xBF9EB000 \SystemRoot\System32\ati2dvag.dll
0xBFA2B000 \SystemRoot\System32\ati2cqag.dll
0xBFA65000 \SystemRoot\System32\atikvmag.dll
0xBFA9B000 \SystemRoot\System32\ati3duag.dll
0xBFCFB000 \SystemRoot\System32\ativvaxx.dll
0xF30A4000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF315B000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120907.001\NAVEX15.SYS
0xF3146000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120907.001\NAVENG.SYS
0x7C800000 \WINDOWS\system32\ntdll.dll
Processes (total 73):
0 System Idle Process
4 System
360 C:\WINDOWS\system32\smss.exe
408 csrss.exe
436 C:\WINDOWS\system32\winlogon.exe
484 C:\WINDOWS\system32\services.exe
496 C:\WINDOWS\system32\lsass.exe
652 C:\WINDOWS\system32\svchost.exe
816 svchost.exe
880 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
920 svchost.exe
964 svchost.exe
1008 C:\WINDOWS\system32\svchost.exe
1544 C:\WINDOWS\system32\spoolsv.exe
1572 msdtc.exe
1656 C:\Program Files\Client Marketing Systems\Advisors Assistant Server Component\AASCServer.exe
1708 C:\Program Files\Symantec\Symantec Endpoint Protection Manager\ASA\win32\dbsrv9.exe
1756 D:\Program Files\Symantec\Backup Exec\beremote.exe
1788 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1864 C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
1880 C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
1900 C:\WINDOWS\system32\dfssvc.exe
1928 C:\WINDOWS\system32\dns.exe
1980 C:\WINDOWS\system32\svchost.exe
2060 C:\WINDOWS\system32\inetsrv\inetinfo.exe
2092 C:\WINDOWS\system32\ismserv.exe
2108 C:\Program Files\Java\jre7\bin\jqs.exe
2188 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2272 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
2292 C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
2316 C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\msftesql.exe
2344 C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
2404 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
2444 C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
2516 C:\Program Files\Microsoft SQL Server\MSSQL.5\MSSQL\Binn\sqlservr.exe
2628 C:\Program Files\Microsoft SQL Server\MSSQL.6\MSSQL\Binn\sqlservr.exe
2748 C:\WINDOWS\system32\ntfrs.exe
2804 C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe
2952 svchost.exe
3008 C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
3056 C:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe
3272 locator.exe
3300 C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
3328 C:\WINDOWS\system32\snmp.exe
3348 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
3368 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3400 C:\WINDOWS\system32\svchost.exe
3412 C:\Program Files\TeamViewer3\TeamViewer_Service.exe
3444 C:\WINDOWS\system32\lserver.exe
3592 svchost.exe
3756 D:\Program Files\Symantec\Backup Exec\pvlsvr.exe
3892 C:\Program Files\Exchsrvr\bin\exmgmt.exe
244 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
500 wmiprvse.exe
1232 C:\WINDOWS\system32\svchost.exe
1104 svchost.exe
1852 C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe
4464 beserver.exe
4912 C:\WINDOWS\system32\inetsrv\w3wp.exe
5216 benetns.exe
5280 D:\Program Files\Symantec\Backup Exec\bengine.exe
5532 C:\WINDOWS\system32\svchost.exe
3560 C:\WINDOWS\explorer.exe
476 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
4800 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
796 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
4440 C:\Program Files\Common Files\Java\Java Update\jusched.exe
5140 C:\WINDOWS\system32\ctfmon.exe
4232 C:\Program Files\TeamViewer3\TeamViewer.exe
264 C:\WINDOWS\system32\dllhost.exe
4976 C:\Dell\SysInternals_AutoRuns\autoruns.exe
4592 C:\WINDOWS\regedit.exe
3112 C:\Dell\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`04699200 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: DELLPERC 5/i, Rev: 1.03
PhysicalDrive1 Model Number: DELLPERC 5/i, Rev: 1.03
Size Device Name MBR Status
--------------------------------------------
135 GB \\.\PhysicalDrive0 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
544 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
OK ... I have deleted most of the suspicious keys under AutoRuns that indicate [File Not Found]
Attached you will find WAP & Sens Registry Export ... Just changed the extension from [.reg] to [.txt]
Ran MBRCheck and here are the results ...
While you are looking into that, I am downloading TDSKill and will run it too ...
MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows Server 2003 R2, Standard Edition
Windows Information: Service Pack 2 (build 3790)
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: PowerEdge 2900
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 141):
0x80800000 \WINDOWS\system32\ntkrnlpa.exe
0x80A5A000 \WINDOWS\system32\hal.dll
0xF7707000 \WINDOWS\system32\KDCOM.DLL
0xF770F000 \WINDOWS\system32\BOOTVID.dll
0xF7352000 ACPI.sys
0xF7487000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF733C000 pci.sys
0xF7497000 isapnp.sys
0xF7717000 pciide.sys
0xF74A7000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74B7000 MountMgr.sys
0xF7315000 ftdisk.sys
0xF771F000 dmload.sys
0xF72E9000 dmio.sys
0xF72BF000 volsnap.sys
0xF74C7000 PartMgr.sys
0xF72A2000 atapi.sys
0xF74D7000 percsas.sys
0xF7284000 \WINDOWS\system32\drivers\storport.sys
0xF726B000 adpu160m.sys
0xF724C000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF74E7000 disk.sys
0xF7239000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7214000 fltmgr.sys
0xF74F7000 Dfs.sys
0xF71ED000 KSecDD.sys
0xF7507000 \WINDOWS\system32\DRIVERS\WDFLDR.SYS
0xF70E7000 Ntfs.sys
0xF70A8000 NDIS.sys
0xF703D000 timntr.sys
0xF7B64000 Wdf01000.sys
0xF701D000 snman380.sys
0xF76E8000 Mup.sys
0xF7517000 crcdisk.sys
0xF7557000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6A67000 \SystemRoot\system32\DRIVERS\bxvbdx.sys
0xF7777000 \SystemRoot\System32\Drivers\tpfilter.sys
0xF7577000 \SystemRoot\system32\DRIVERS\TAPE.SYS
0xF6999000 \SystemRoot\system32\DRIVERS\winachcf.sys
0xF7587000 \SystemRoot\System32\Drivers\Modem.SYS
0xF777F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF696F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7787000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6811000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF67F5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7597000 \SystemRoot\system32\DRIVERS\watchdog.sys
0xF75A7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6740000 \SystemRoot\system32\DRIVERS\serial.sys
0xF75B7000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7667000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF672B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6717000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF66F0000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7A97000 \SystemRoot\system32\DRIVERS\DamewareMini.sys
0xF75D7000 \SystemRoot\system32\DRIVERS\dwvkbd.sys
0xF75E7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF778F000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF66DC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF75F7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF66C3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7607000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF66B1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7617000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7627000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7637000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF665B000 \SystemRoot\system32\DRIVERS\wlbs.sys
0xF6624000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7647000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7657000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF798D000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6525000 \SystemRoot\system32\DRIVERS\update.sys
0xF7677000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7687000 \SystemRoot\system32\DRIVERS\dcdbas32.sys
0xF6513000 \SystemRoot\system32\DRIVERS\bxnd52x.sys
0xF7697000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF76B7000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF64C2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79AF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF779F000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF63B8000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xF620D000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF77B7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF67B5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF67A5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77BF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF6795000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF6785000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xF77CF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF77D7000 \SystemRoot\System32\Drivers\Null.SYS
0xF77DF000 \SystemRoot\System32\Drivers\Beep.SYS
0xF6775000 \SystemRoot\System32\drivers\vga.sys
0xF77E7000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF77EF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF6765000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF6755000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF77FF000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF6147000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF6614000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF60B3000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF6082000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF6058000 \SystemRoot\System32\drivers\afd.sys
0xF6604000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF5FEE000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xF65F4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF6F63000 \SystemRoot\System32\DRIVERS\scsichng.sys
0xF5F1E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF5EA8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF5E97000 \SystemRoot\System32\Drivers\Fips.SYS
0xF5E38000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF5E1A000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xF5DDD000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF65D4000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0xF65C4000 \SystemRoot\System32\Drivers\dump_percsas.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF65B4000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF9D4000 \SystemRoot\System32\drivers\dxg.sys
0xF7817000 \SystemRoot\System32\drivers\dxgthk.sys
0xF5DC5000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xF6402000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xF65E4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBFD8F000 \SystemRoot\System32\ATMFD.DLL
0xF7797000 \SystemRoot\System32\Drivers\WGX.SYS
0xF58F1000 \SystemRoot\system32\DRIVERS\srv.sys
0xF79DB000 \??\C:\Program Files\Broadcom\SNMP\BASFND.sys
0xF5558000 \SystemRoot\System32\Drivers\HTTP.sys
0xF5524000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF426A000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xF3EFF000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xF3C07000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xF3C47000 \SystemRoot\system32\DRIVERS\QLTOx32.sys
0xF3957000 \??\C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
0xBF9EB000 \SystemRoot\System32\ati2dvag.dll
0xBFA2B000 \SystemRoot\System32\ati2cqag.dll
0xBFA65000 \SystemRoot\System32\atikvmag.dll
0xBFA9B000 \SystemRoot\System32\ati3duag.dll
0xBFCFB000 \SystemRoot\System32\ativvaxx.dll
0xF30A4000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF315B000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120907.001\NAVEX15.SYS
0xF3146000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120907.001\NAVENG.SYS
0x7C800000 \WINDOWS\system32\ntdll.dll
Processes (total 73):
0 System Idle Process
4 System
360 C:\WINDOWS\system32\smss.exe
408 csrss.exe
436 C:\WINDOWS\system32\winlogon.exe
484 C:\WINDOWS\system32\services.exe
496 C:\WINDOWS\system32\lsass.exe
652 C:\WINDOWS\system32\svchost.exe
816 svchost.exe
880 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
920 svchost.exe
964 svchost.exe
1008 C:\WINDOWS\system32\svchost.exe
1544 C:\WINDOWS\system32\spoolsv.exe
1572 msdtc.exe
1656 C:\Program Files\Client Marketing Systems\Advisors Assistant Server Component\AASCServer.exe
1708 C:\Program Files\Symantec\Symantec Endpoint Protection Manager\ASA\win32\dbsrv9.exe
1756 D:\Program Files\Symantec\Backup Exec\beremote.exe
1788 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1864 C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
1880 C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
1900 C:\WINDOWS\system32\dfssvc.exe
1928 C:\WINDOWS\system32\dns.exe
1980 C:\WINDOWS\system32\svchost.exe
2060 C:\WINDOWS\system32\inetsrv\inetinfo.exe
2092 C:\WINDOWS\system32\ismserv.exe
2108 C:\Program Files\Java\jre7\bin\jqs.exe
2188 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2272 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
2292 C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
2316 C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\msftesql.exe
2344 C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
2404 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
2444 C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
2516 C:\Program Files\Microsoft SQL Server\MSSQL.5\MSSQL\Binn\sqlservr.exe
2628 C:\Program Files\Microsoft SQL Server\MSSQL.6\MSSQL\Binn\sqlservr.exe
2748 C:\WINDOWS\system32\ntfrs.exe
2804 C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe
2952 svchost.exe
3008 C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
3056 C:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe
3272 locator.exe
3300 C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
3328 C:\WINDOWS\system32\snmp.exe
3348 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
3368 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3400 C:\WINDOWS\system32\svchost.exe
3412 C:\Program Files\TeamViewer3\TeamViewer_Service.exe
3444 C:\WINDOWS\system32\lserver.exe
3592 svchost.exe
3756 D:\Program Files\Symantec\Backup Exec\pvlsvr.exe
3892 C:\Program Files\Exchsrvr\bin\exmgmt.exe
244 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
500 wmiprvse.exe
1232 C:\WINDOWS\system32\svchost.exe
1104 svchost.exe
1852 C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe
4464 beserver.exe
4912 C:\WINDOWS\system32\inetsrv\w3wp.exe
5216 benetns.exe
5280 D:\Program Files\Symantec\Backup Exec\bengine.exe
5532 C:\WINDOWS\system32\svchost.exe
3560 C:\WINDOWS\explorer.exe
476 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
4800 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
796 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
4440 C:\Program Files\Common Files\Java\Java Update\jusched.exe
5140 C:\WINDOWS\system32\ctfmon.exe
4232 C:\Program Files\TeamViewer3\TeamViewer.exe
264 C:\WINDOWS\system32\dllhost.exe
4976 C:\Dell\SysInternals_AutoRuns\autoruns.exe
4592 C:\WINDOWS\regedit.exe
3112 C:\Dell\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`04699200 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: DELLPERC 5/i, Rev: 1.03
PhysicalDrive1 Model Number: DELLPERC 5/i, Rev: 1.03
Size Device Name MBR Status
--------------------------------------------
135 GB \\.\PhysicalDrive0 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
544 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
Attached Thumbnails
Attached Files
-
Sens.txt 3.87KB
108 downloads
#100
Posted 07 September 2012 - 07:19 PM
rahanna
- Topic Starter
-
- Member
-
- 96 posts
Member
TDSKiller came back clean with no threats ...
Here is the first log file:
18:03:34.0202 5548 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:03:34.0640 5548 ============================================================
18:03:34.0640 5548 Current date / time: 2012/09/07 18:03:34.0640
18:03:34.0640 5548 SystemInfo:
18:03:34.0640 5548
18:03:34.0640 5548 OS Version: 5.2.3790 ServicePack: 2.0
18:03:34.0640 5548 Product type: Domain controller
18:03:34.0640 5548 ComputerName: ST-SERVER
18:03:34.0640 5548 UserName: st_admin
18:03:34.0640 5548 Windows directory: C:\WINDOWS
18:03:34.0640 5548 System windows directory: C:\WINDOWS
18:03:34.0640 5548 Processor architecture: Intel x86
18:03:34.0640 5548 Number of processors: 2
18:03:34.0640 5548 Page size: 0x1000
18:03:34.0640 5548 Boot type: Normal boot
18:03:34.0640 5548 ============================================================
18:03:36.0234 5548 Drive \Device\Harddisk0\DR0 - Size: 0x21E0000000 (135.50 Gb), SectorSize: 0x200, Cylinders: 0x4518, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:03:36.0234 5548 Drive \Device\Harddisk1\DR1 - Size: 0x8820000000 (544.50 Gb), SectorSize: 0x200, Cylinders: 0x115A7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:03:36.0249 5548 ============================================================
18:03:36.0249 5548 \Device\Harddisk0\DR0:
18:03:36.0249 5548 MBR partitions:
18:03:36.0249 5548 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x10ED34CD
18:03:36.0249 5548 \Device\Harddisk1\DR1:
18:03:36.0249 5548 MBR partitions:
18:03:36.0249 5548 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x440FC4A8
18:03:36.0249 5548 ============================================================
18:03:36.0265 5548 C: <-> \Device\Harddisk0\DR0\Partition1
18:03:36.0296 5548 D: <-> \Device\Harddisk1\DR1\Partition1
18:03:36.0296 5548 ============================================================
18:03:36.0296 5548 Initialize success
18:03:36.0296 5548 ============================================================
18:03:49.0609 1536 ============================================================
18:03:49.0609 1536 Scan started
18:03:49.0609 1536 Mode: Manual;
18:03:49.0609 1536 ============================================================
18:03:51.0421 1536 ================ Scan system memory ========================
18:04:00.0078 1536 System memory - ok
18:04:00.0078 1536 ================ Scan services =============================
18:04:00.0125 1536 [ E1C38CAB3C1CCAE77DB139988902F639 ] AAService C:\Program Files\Client Marketing Systems\Advisors Assistant Server Component\AASCServer.exe
18:04:00.0125 1536 AAService - ok
18:04:00.0203 1536 Abiosdsk - ok
18:04:00.0219 1536 [ A0A850BAC6F8A88AD0FC964C6BEA170D ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:04:00.0219 1536 ACPI - ok
18:04:00.0234 1536 [ 043C89CC533FF546D835CB998B95B198 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:04:00.0312 1536 ACPIEC - ok
18:04:00.0344 1536 Acronis VSS Provider - ok
18:04:00.0390 1536 [ BA73574247E4F3F50A19C9B09D1F759B ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
18:04:00.0390 1536 AcrSch2Svc - ok
18:04:00.0422 1536 [ BBE35985C5E9E5ED87B8C1DAD5B7D725 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:04:00.0422 1536 adpu160m - ok
18:04:00.0453 1536 [ 5A23754571BBFA93564C04E7A20B1762 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys
18:04:00.0469 1536 adpu320 - ok
18:04:00.0484 1536 [ D01968EDEBF1DC11E4C93517C98CDF7C ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
18:04:00.0484 1536 AeLookupSvc - ok
18:04:00.0500 1536 [ 2DAD567D6C05B12DB4567860A6256AC2 ] afcnt C:\WINDOWS\system32\DRIVERS\afcnt.sys
18:04:00.0515 1536 afcnt - ok
18:04:00.0531 1536 [ 317E75D96065AC6AF5EF8857CE2E399B ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:04:00.0531 1536 AFD - ok
18:04:00.0562 1536 [ B9985042687A43685FC64B282B627653 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
18:04:00.0578 1536 agp440 - ok
18:04:00.0578 1536 [ 4139C312858D6050489ADE2984CEB648 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:04:00.0594 1536 agpCPQ - ok
18:04:00.0625 1536 [ B06E2A2A7CEB0EF894520CAFC2F1FEAF ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:04:00.0625 1536 aic78u2 - ok
18:04:00.0640 1536 [ EC7D7F96E97BAD83A0B8A96969D19F2D ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:04:00.0656 1536 aic78xx - ok
18:04:00.0672 1536 [ 055318E373B45AD6C3F518732809EF4E ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:04:00.0687 1536 Alerter - ok
18:04:00.0703 1536 [ 8E89CB0283D7DED092D76AE53D123C40 ] ALG C:\WINDOWS\System32\alg.exe
18:04:00.0703 1536 ALG - ok
18:04:00.0719 1536 [ 4790A743B00358C186E19F6B49791D6A ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
18:04:00.0719 1536 AliIde - ok
18:04:00.0797 1536 [ 91B0A16EF9FC504865A94BBDB4623A1F ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:04:00.0797 1536 alim1541 - ok
18:04:00.0828 1536 [ 557EAEA1343554571456DC363FEED2EE ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:04:00.0828 1536 amdagp - ok
18:04:00.0859 1536 [ D175D3C400A412B9CB2095E452AFBBB0 ] AmdIde C:\WINDOWS\system32\DRIVERS\amdide.sys
18:04:00.0859 1536 AmdIde - ok
18:04:00.0875 1536 [ 8A5AD4CFE2D84371ABADFCF9E21954F6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:04:00.0890 1536 AppMgmt - ok
18:04:00.0906 1536 [ A9C7273645A06A01AC2CA070D7D7EC87 ] arc C:\WINDOWS\system32\DRIVERS\arc.sys
18:04:00.0906 1536 arc - ok
18:04:00.0953 1536 ASANYs_sem5 - ok
18:04:01.0062 1536 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:04:01.0078 1536 aspnet_state - ok
18:04:01.0094 1536 [ A35B971F631D4DFDEB68D71E770D2CE9 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:04:01.0094 1536 AsyncMac - ok
18:04:01.0109 1536 [ FF953A8F08CA3F822127654375786BBE ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:04:01.0125 1536 atapi - ok
18:04:01.0125 1536 Atdisk - ok
18:04:01.0140 1536 [ 8032016269422141C762552D5836D7AD ] ati2mpad C:\WINDOWS\system32\DRIVERS\ati2mpad.sys
18:04:01.0140 1536 ati2mpad - ok
18:04:01.0187 1536 [ 42B40211F0EAF6A08E943FE2848CA24E ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:04:01.0187 1536 ati2mtag - ok
18:04:01.0219 1536 [ D12DAD5032285343CE3AA4906F661181 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:04:01.0219 1536 Atmarpc - ok
18:04:01.0234 1536 [ 754A448D5B87CBEDE41A0F0E0B237B03 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:04:01.0234 1536 AudioSrv - ok
18:04:01.0250 1536 [ 5BFD980C2107D88101D1DC14055526FC ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:04:01.0250 1536 audstub - ok
18:04:01.0265 1536 [ 781CB2EF3AFECEED195A56D9E5EFD718 ] b06bdrv C:\WINDOWS\system32\DRIVERS\bxvbdx.sys
18:04:01.0281 1536 b06bdrv - ok
18:04:01.0375 1536 [ 339272D067A028A19683EDED9481D84A ] BackupExecAgentAccelerator D:\Program Files\Symantec\Backup Exec\beremote.exe
18:04:01.0469 1536 BackupExecAgentAccelerator - ok
18:04:01.0484 1536 [ BD23400D1D8C00E8C3EC9326C3ABAEC7 ] BackupExecAgentBrowser D:\Program Files\Symantec\Backup Exec\benetns.exe
18:04:01.0484 1536 BackupExecAgentBrowser - ok
18:04:01.0515 1536 [ CFF9DE03B1FBDCBE63E6826EAB15094B ] BackupExecDeviceMediaService D:\Program Files\Symantec\Backup Exec\pvlsvr.exe
18:04:01.0609 1536 BackupExecDeviceMediaService - ok
18:04:01.0703 1536 [ 3C25A77B01A571DDFAFC88586BF55DCA ] BackupExecJobEngine D:\Program Files\Symantec\Backup Exec\bengine.exe
18:04:01.0750 1536 BackupExecJobEngine - ok
18:04:01.0828 1536 [ 5A315C37D09EF52526437A63B4118574 ] BackupExecRPCService D:\Program Files\Symantec\Backup Exec\beserver.exe
18:04:01.0906 1536 BackupExecRPCService - ok
18:04:01.0969 1536 [ 5C68AC6F3E5B3E6D6A78E97D05E42C3A ] BASFND C:\Program Files\Broadcom\SNMP\BASFND.sys
18:04:01.0969 1536 BASFND - ok
18:04:02.0015 1536 [ 99572503E15A3D10239B7B9887CBAF89 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:04:02.0015 1536 Beep - ok
18:04:02.0062 1536 [ 9D7A318B2C7AE51E9D5374F8EEDE856C ] BITS C:\WINDOWS\system32\qmgr.dll
18:04:02.0062 1536 BITS - ok
18:04:02.0109 1536 [ 083CEFF111E13E0A5464FFF22C3FAD37 ] Blfp C:\WINDOWS\system32\DRIVERS\baspxp32.sys
18:04:02.0109 1536 Blfp - ok
18:04:02.0140 1536 [ 5251A868FB1C6C8B774DA42F3C107C82 ] Browser C:\WINDOWS\System32\browser.dll
18:04:02.0140 1536 Browser - ok
18:04:02.0172 1536 [ 1342877DE604A5A6BFF986E288E3A8A7 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:04:02.0187 1536 cbidf - ok
18:04:02.0187 1536 [ 1342877DE604A5A6BFF986E288E3A8A7 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:04:02.0187 1536 cbidf2k - ok
18:04:02.0219 1536 [ 4AA730BB7B79B7BA70B1E30ACF97D6AB ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
18:04:02.0219 1536 ccEvtMgr - ok
18:04:02.0234 1536 [ 4AA730BB7B79B7BA70B1E30ACF97D6AB ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
18:04:02.0234 1536 ccSetMgr - ok
18:04:02.0250 1536 [ 431D1B3DC3DE617DA27055C87B424A21 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:04:02.0265 1536 cd20xrnt - ok
18:04:02.0297 1536 [ E6D72780C957B69C48BFC66BC3ECDAD4 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:04:02.0297 1536 Cdfs - ok
18:04:02.0312 1536 [ 825AA877A852ECC731FA0C39C8C37744 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:04:02.0312 1536 Cdrom - ok
18:04:02.0328 1536 Changer - ok
18:04:02.0344 1536 [ 934EE973E9EE6AC414E9A0F07AB73D6E ] cisvc C:\WINDOWS\system32\cisvc.exe
18:04:02.0344 1536 cisvc - ok
18:04:02.0375 1536 [ E53196BA56081F154E2D7A9E50A1D33F ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:04:02.0390 1536 ClipSrv - ok
18:04:02.0406 1536 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:04:02.0469 1536 clr_optimization_v2.0.50727_32 - ok
18:04:02.0484 1536 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:04:02.0531 1536 clr_optimization_v4.0.30319_32 - ok
18:04:02.0547 1536 [ 54308CDF97622FAE1620BB1EC39EF014 ] ClusDisk C:\WINDOWS\system32\DRIVERS\ClusDisk.sys
18:04:02.0562 1536 ClusDisk - ok
18:04:02.0578 1536 [ C40FB2610969B282CB0873CA8030A884 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:04:02.0594 1536 CmdIde - ok
18:04:02.0594 1536 COMSysApp - ok
18:04:02.0640 1536 [ 126D049A6E6B6CB8DF1C69D3E2A8C0C4 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:04:02.0656 1536 Cpqarray - ok
18:04:02.0687 1536 [ D31CB94A4ACAD58ABB6CF74B7EF1CE1F ] cpqarry2 C:\WINDOWS\system32\DRIVERS\cpqarry2.sys
18:04:02.0687 1536 cpqarry2 - ok
18:04:02.0719 1536 [ 0C5DCC2DF112B7352B9427D943CF56BC ] cpqcissm C:\WINDOWS\system32\DRIVERS\cpqcissm.sys
18:04:02.0734 1536 cpqcissm - ok
18:04:02.0797 1536 [ FED86C9F250FC641B37C933E4C214A8A ] cpqfcalm C:\WINDOWS\system32\DRIVERS\cpqfcalm.sys
18:04:02.0797 1536 cpqfcalm - ok
18:04:02.0922 1536 cpuz133 - ok
18:04:02.0953 1536 [ 0EE27D9DBB208C13314F3C60F66AED26 ] crcdisk C:\WINDOWS\system32\DRIVERS\crcdisk.sys
18:04:02.0953 1536 crcdisk - ok
18:04:03.0000 1536 [ FEB85DA744DD3F41A427CF6D2BC04FE4 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:04:03.0000 1536 CryptSvc - ok
18:04:03.0031 1536 [ 8CE90C5C311592273AB0FB39A2D23896 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:04:03.0031 1536 dac2w2k - ok
18:04:03.0047 1536 [ 19B8202934B660C4EC2E64354437A854 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:04:03.0062 1536 dac960nt - ok
18:04:03.0078 1536 [ 2E1499B98177D93552E8971E63F01E9A ] dcdbas C:\WINDOWS\system32\DRIVERS\dcdbas32.sys
18:04:03.0078 1536 dcdbas - ok
18:04:03.0125 1536 [ 0DD50B633418EA7A463C1F9A4046A20C ] dcevt32 C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
18:04:03.0140 1536 dcevt32 - ok
18:04:03.0156 1536 [ 305A8757D66B5D416B47C497C27A01FE ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:04:03.0172 1536 DcomLaunch - ok
18:04:03.0187 1536 [ 82AA01CCE9E5DD89DF26700BD1EDD36F ] dcstor32 C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
18:04:03.0203 1536 dcstor32 - ok
18:04:03.0219 1536 [ 264E592A99801B682C98984588A7D7B5 ] dellcerc C:\WINDOWS\system32\DRIVERS\dellcerc.sys
18:04:03.0281 1536 dellcerc - ok
18:04:03.0297 1536 [ 6217AA084EF7E052F3B5D7C3F67F68AF ] Dfs C:\WINDOWS\system32\Dfssvc.exe
18:04:03.0297 1536 Dfs - ok
18:04:03.0312 1536 [ 444726B01C31D29C70E60F7C35DE43E5 ] DfsDriver C:\WINDOWS\system32\drivers\Dfs.sys
18:04:03.0312 1536 DfsDriver - ok
18:04:03.0328 1536 [ 1201DF9A11FBB0F69EBD22E503D3BC87 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:04:03.0328 1536 Dhcp - ok
18:04:03.0359 1536 [ E0BE3E7F71415351F90AF4CE21ED9DD7 ] DHCPServer C:\WINDOWS\system32\tcpsvcs.exe
18:04:03.0375 1536 DHCPServer - ok
18:04:03.0390 1536 [ 98433302C02F1168EFB7364F8111A179 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:04:03.0390 1536 Disk - ok
18:04:03.0406 1536 dmadmin - ok
18:04:03.0422 1536 [ 89FA376D83042F6F1AED505106A5719D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:04:03.0437 1536 dmboot - ok
18:04:03.0453 1536 [ 15081421EE62DC1C95ABB387D9081571 ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
18:04:03.0453 1536 dmio - ok
18:04:03.0469 1536 [ 3D9BFA13B6F1CD2D91C50C52B32E91A2 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:04:03.0469 1536 dmload - ok
18:04:03.0484 1536 [ 78A11666307820AF94B5712D53DECC55 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:04:03.0484 1536 dmserver - ok
18:04:03.0515 1536 [ A2023CCDF44AFDB476AD310A42444DEC ] DNS C:\WINDOWS\System32\dns.exe
18:04:03.0531 1536 DNS - ok
18:04:03.0547 1536 [ E927F3B46F85D934C8F420FE08593D1B ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:04:03.0547 1536 Dnscache - ok
18:04:03.0547 1536 [ 110406BC22A72E2DCBB0A86E0542AB1C ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:04:03.0562 1536 dpti2o - ok
18:04:03.0578 1536 [ 383182215A2C238E76B86E3B5EDE40EB ] DwMirror C:\WINDOWS\system32\DRIVERS\DamewareMini.sys
18:04:03.0578 1536 DwMirror - ok
18:04:03.0594 1536 DWMRCS - ok
18:04:03.0625 1536 [ 5A402C57F621114C99F813C6AE7BC37A ] dwvkbd C:\WINDOWS\system32\DRIVERS\dwvkbd.sys
18:04:03.0625 1536 dwvkbd - ok
18:04:03.0656 1536 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:04:03.0656 1536 eeCtrl - ok
18:04:03.0672 1536 elxstor - ok
18:04:03.0687 1536 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:04:03.0687 1536 EraserUtilRebootDrv - ok
18:04:03.0719 1536 [ 6F09AE902663735B6BD24198D25F453A ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:04:03.0719 1536 ERSvc - ok
18:04:03.0765 1536 [ CF500580CDD83B145646A4DCFCE1CF3C ] Eventlog C:\WINDOWS\system32\services.exe
18:04:03.0765 1536 Eventlog - ok
18:04:03.0797 1536 [ C17C56E91045E14DF45D62DD89AED50C ] EventSystem C:\WINDOWS\system32\es.dll
18:04:03.0812 1536 EventSystem - ok
18:04:03.0844 1536 [ E792A18ABDC32286212DCE8E75BAA124 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:04:03.0844 1536 Fastfat - ok
18:04:03.0875 1536 [ 5090CD3F6AB1D71AD507953CFF556EA9 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:04:03.0875 1536 Fdc - ok
18:04:03.0922 1536 [ B485AC2EDC466C538BDFF32BC3F2E506 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:04:03.0922 1536 Fips - ok
18:04:03.0953 1536 [ C621A51F415419A3145A5939ABDE39FA ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:04:03.0953 1536 Flpydisk - ok
18:04:04.0000 1536 [ F978277EF786532195CDD9F88E908632 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:04:04.0000 1536 FltMgr - ok
18:04:04.0062 1536 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:04:04.0062 1536 FontCache3.0.0.0 - ok
18:04:04.0078 1536 [ AEBFF3D810B74971B91B2B77B289A98B ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:04:04.0094 1536 Fs_Rec - ok
18:04:04.0125 1536 [ 4C533B70AFA917416AEC57FCBEECB57D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:04:04.0125 1536 Ftdisk - ok
18:04:04.0156 1536 [ 30B1653A955F548352024A5FEE203CC3 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:04:04.0156 1536 Gpc - ok
18:04:04.0172 1536 [ 4CCAD1B9C65695CC6006093E02CBA50D ] halfinchVRTS C:\WINDOWS\system32\DRIVERS\halfinch.sys
18:04:04.0172 1536 halfinchVRTS - ok
18:04:04.0219 1536 [ 90A325E14F9B95F17712707B1A7181B5 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:04:04.0219 1536 HidUsb - ok
18:04:04.0234 1536 [ C9A96F4D46767E65042E7B6C531FB526 ] HP Port Resolver C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
18:04:04.0234 1536 HP Port Resolver - ok
18:04:04.0281 1536 [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
18:04:04.0281 1536 HP Status Server - ok
18:04:04.0297 1536 [ 8A445379D6E73731A6A37318DBB0C880 ] hpcisss C:\WINDOWS\system32\DRIVERS\hpcisss.sys
18:04:04.0312 1536 hpcisss - ok
18:04:04.0328 1536 [ CF54B5F4192FA5F669D13EE700FC9DCE ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
18:04:04.0328 1536 hpn - ok
18:04:04.0344 1536 [ D3704DA43183412DFA0DC1F31051D447 ] hpt3xx C:\WINDOWS\system32\DRIVERS\hpt3xx.sys
18:04:04.0359 1536 hpt3xx - ok
18:04:04.0375 1536 [ 7A5D176C4B43F0A47DA4051C96C56439 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:04:04.0375 1536 HTTP - ok
18:04:04.0406 1536 [ D4B61A935670C57A0DEA81B4F4A12169 ] HTTPFilter C:\WINDOWS\System32\lsass.exe
18:04:04.0406 1536 HTTPFilter - ok
18:04:04.0422 1536 [ F198C5BA41CD0F3983DDAD09EAF77300 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
18:04:04.0422 1536 i2omgmt - ok
18:04:04.0437 1536 [ 615395FC46EEEA7E7E822D4BE8006862 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:04:04.0437 1536 i2omp - ok
18:04:04.0469 1536 [ 68E8FF9EEAF8B37A66CAC2C57835FFBD ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:04:04.0469 1536 i8042prt - ok
18:04:04.0500 1536 Ias - ok
18:04:04.0531 1536 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:04:04.0531 1536 idsvc - ok
18:04:04.0547 1536 [ AA9AB3B793401463BB938ADEF5FA8266 ] iirsp C:\WINDOWS\system32\DRIVERS\iirsp.sys
18:04:04.0562 1536 iirsp - ok
18:04:04.0578 1536 [ 58AC18BC908A78FBA5430D23066D183A ] IISADMIN C:\WINDOWS\system32\inetsrv\inetinfo.exe
18:04:04.0594 1536 IISADMIN - ok
18:04:04.0594 1536 [ 44C132B35921B54B4A9AC64369D86D83 ] imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:04:04.0594 1536 imapi - ok
18:04:04.0609 1536 [ 5DA3013244229422C9CBD91A16A477C4 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:04:04.0625 1536 ImapiService - ok
18:04:04.0656 1536 [ 1690A4BE249BA6195BA7258943CADA58 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
18:04:04.0672 1536 IntelIde - ok
18:04:04.0703 1536 [ 7D7575B971B3A0FE26FAC6F5D58F5180 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:04:04.0703 1536 intelppm - ok
18:04:04.0703 1536 [ D7E7E7898A05C53DD862B49828747C1E ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:04:04.0719 1536 Ip6Fw - ok
18:04:04.0765 1536 [ 5A41F207B7C39EE4918F7496A4F19B14 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:04:04.0765 1536 IpFilterDriver - ok
18:04:04.0797 1536 [ 890E7A14A63AEC2EA9257A79A88BE784 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:04:04.0797 1536 IpNat - ok
18:04:04.0797 1536 Iprip - ok
18:04:04.0859 1536 [ 1A9AEAC49683B32DF55B7FB1516F3028 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:04:04.0859 1536 IPSec - ok
18:04:04.0890 1536 [ C8594550880B16A31C99EC42B106E14F ] ipsraidn C:\WINDOWS\system32\DRIVERS\ipsraidn.sys
18:04:04.0890 1536 ipsraidn - ok
18:04:04.0922 1536 [ 11407EE682A2D5B0248DE8AF0F1A6996 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:04:04.0922 1536 IRENUM - ok
18:04:04.0953 1536 Irmon - ok
18:04:04.0984 1536 [ B71BA04A3B5D4404225CCDBF1969078F ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:04:04.0984 1536 isapnp - ok
18:04:05.0015 1536 [ 1B1A2084540CC1F2E9A297A263D69D23 ] IsmServ C:\WINDOWS\System32\ismserv.exe
18:04:05.0015 1536 IsmServ - ok
18:04:05.0172 1536 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
18:04:05.0187 1536 JavaQuickStarterService - ok
18:04:05.0203 1536 [ E5097A07E14F36ABC21FA18D88F93655 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:04:05.0203 1536 Kbdclass - ok
18:04:05.0234 1536 [ 665F2AE9286DBB05B045CCC02F7BC2F8 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:04:05.0234 1536 kbdhid - ok
18:04:05.0250 1536 [ D4B61A935670C57A0DEA81B4F4A12169 ] kdc C:\WINDOWS\System32\lsass.exe
18:04:05.0250 1536 kdc - ok
18:04:05.0281 1536 [ 7516B5F53A258BF152901554A005B7C4 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:04:05.0281 1536 KSecDD - ok
18:04:05.0312 1536 [ 836EF0055FE63FAD9BD2B899014F9631 ] l2nd C:\WINDOWS\system32\DRIVERS\bxnd52x.sys
18:04:05.0312 1536 l2nd - ok
18:04:05.0344 1536 [ DFC5B13F931461ACC025D76D39AFEC0D ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:04:05.0344 1536 lanmanserver - ok
18:04:05.0359 1536 [ 5E8A9C4673B194DD1181B3F003D4F996 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:04:05.0359 1536 lanmanworkstation - ok
18:04:05.0375 1536 [ 647945B72994E7B4A07F6DA10F1DCD79 ] LicenseService C:\WINDOWS\System32\llssrv.exe
18:04:05.0390 1536 LicenseService - ok
18:04:05.0453 1536 [ 6293E44F4AA06F7FCDA06F4B07CDC0C2 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
18:04:05.0515 1536 LiveUpdate - ok
18:04:05.0531 1536 [ 1916D44188853A53DB93AECC6E6197D0 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:04:05.0531 1536 LmHosts - ok
18:04:05.0547 1536 [ FDD8BA3317E07F2E5AF608468821A093 ] lp6nds35 C:\WINDOWS\system32\DRIVERS\lp6nds35.sys
18:04:05.0562 1536 lp6nds35 - ok
18:04:05.0625 1536 [ 2B85B40189BD301B71A946B62AB3D5D7 ] ManageEngineOpManagerApache C:\PROGRA~1\ADVENT~1\ME\OPMANA~1\apache\bin\Apache.exe
18:04:05.0625 1536 ManageEngineOpManagerApache - ok
18:04:05.0640 1536 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
18:04:05.0640 1536 MBAMProtector - ok
18:04:05.0687 1536 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:04:05.0687 1536 MBAMService - ok
18:04:05.0734 1536 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:04:05.0750 1536 MDM - ok
18:04:05.0781 1536 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:04:05.0781 1536 mdmxsdk - ok
18:04:05.0812 1536 [ C35BB38904D843C0465858195B30DAB7 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:04:05.0812 1536 mnmdd - ok
18:04:05.0875 1536 [ E2D859FA2E90FD1F12CA0806DF8A4B3E ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:04:05.0875 1536 mnmsrvc - ok
18:04:05.0906 1536 [ 81EC1C6D3798B36A92A6D7A355BA2C62 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:04:05.0906 1536 Modem - ok
18:04:05.0937 1536 [ 1D0E6FE331A7B0017DC8F624CB9E16EF ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:04:05.0937 1536 MODEMCSA - ok
18:04:05.0953 1536 [ AA50DA5AB638CE0BAB5F7D5D633110C2 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:04:05.0953 1536 Mouclass - ok
18:04:05.0984 1536 [ 6824B20127716121B53A2EC2BD6739B7 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:04:05.0984 1536 mouhid - ok
18:04:06.0000 1536 [ FC43A7A34309C750B9DAEADF2F6EC9B9 ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:04:06.0000 1536 MountMgr - ok
18:04:06.0047 1536 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:04:06.0047 1536 MozillaMaintenance - ok
18:04:06.0109 1536 [ 91EBE05CA28A514FD563E79DC5466F5E ] mr2kserv C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
18:04:06.0109 1536 mr2kserv - ok
18:04:06.0140 1536 [ 4FA93BA7AE719FB6C0A2BE09AC357863 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:04:06.0156 1536 mraid35x - ok
18:04:06.0187 1536 [ AB6DB63A1791F8E86B085291686464FD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:04:06.0187 1536 MRxDAV - ok
18:04:06.0219 1536 [ 16936142FA1D989CF63FD22C8B9D4A6D ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:04:06.0219 1536 MRxSmb - ok
18:04:06.0265 1536 [ 2EAA1763A77BE385B9A71A843C7F159E ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:04:06.0265 1536 MSDTC - ok
18:04:06.0406 1536 [ B4CDB17C573E06DDBFA700CF99158515 ] MSExchangeMGMT C:\Program Files\Exchsrvr\bin\exmgmt.exe
18:04:06.0453 1536 MSExchangeMGMT - ok
18:04:06.0484 1536 [ 8F50B87361585763841C6B603D23260C ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:04:06.0484 1536 Msfs - ok
18:04:06.0531 1536 [ 54819FC5C79E4B2C6E896F9DE440494D ] msftesql$ADVISORSASSIST C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\msftesql.exe
18:04:06.0531 1536 msftesql$ADVISORSASSIST - ok
18:04:06.0547 1536 [ 58AC18BC908A78FBA5430D23066D183A ] MSFtpsvc C:\WINDOWS\system32\inetsrv\inetinfo.exe
18:04:06.0547 1536 MSFtpsvc - ok
18:04:06.0547 1536 MSIServer - ok
18:04:06.0578 1536 [ BAA279ECAAFF6564BA289D38BE2E1E83 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:04:06.0578 1536 MSKSSRV - ok
18:04:06.0594 1536 [ 5D3DE11AF7F2ADF006FB723B0F6B2AFA ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:04:06.0594 1536 MSPCLOCK - ok
18:04:06.0609 1536 [ EE4171D3F3CEAA7386561AAD262F8BD3 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:04:06.0609 1536 MSPQM - ok
18:04:06.0625 1536 [ 92AFAB2F216CE8FFBAD3BC510FCF4A33 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:04:06.0625 1536 mssmbios - ok
18:04:06.0656 1536 MSSQL$ADVISORSASSIST - ok
18:04:06.0687 1536 MSSQL$BKUPEXEC - ok
18:04:06.0719 1536 MSSQL$PRESENTS - ok
18:04:06.0766 1536 MSSQL$SQLEXPRESS - ok
18:04:06.0828 1536 MSSQLSERVER - ok
18:04:06.0875 1536 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:04:06.0906 1536 MSSQLServerADHelper - ok
18:04:06.0937 1536 [ 834560ABEE4EAE62620F4026263AA051 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:04:06.0937 1536 Mup - ok
18:04:07.0031 1536 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120907.001\NAVENG.SYS
18:04:07.0047 1536 NAVENG - ok
18:04:07.0141 1536 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120907.001\NAVEX15.SYS
18:04:07.0187 1536 NAVEX15 - ok
18:04:07.0203 1536 [ 33739AB31D36184772AF1EE132D5C2E2 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:04:07.0219 1536 NDIS - ok
18:04:07.0250 1536 [ 888B08F81B7D8428A37439D15C27F419 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:04:07.0250 1536 NdisTapi - ok
18:04:07.0266 1536 [ 8B8E682B03483092E17AB9DFE70FEDFF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:04:07.0266 1536 Ndisuio - ok
18:04:07.0281 1536 [ 1B397EEF4614419BE5679E0209F7848B ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:04:07.0281 1536 NdisWan - ok
18:04:07.0312 1536 [ 5298ED90BBE5C5EEEDC363EED2888A25 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:04:07.0312 1536 NDProxy - ok
18:04:07.0328 1536 [ A0D5D6AE530CA78A062FC0471F1E6F78 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:04:07.0328 1536 NetBIOS - ok
18:04:07.0359 1536 [ 5CD7CCA08498EC8753B22E92D367CA11 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:04:07.0359 1536 NetBT - ok
18:04:07.0391 1536 [ 13D9A8B63A2A99A88339C0E00B702C92 ] NetDDE C:\WINDOWS\system32\netdde.exe
18:04:07.0406 1536 NetDDE - ok
18:04:07.0422 1536 [ 13D9A8B63A2A99A88339C0E00B702C92 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:04:07.0422 1536 NetDDEdsdm - ok
18:04:07.0453 1536 netflowanalyzer - ok
18:04:07.0469 1536 [ D4B61A935670C57A0DEA81B4F4A12169 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:04:07.0469 1536 Netlogon - ok
18:04:07.0484 1536 [ 12BCFB57162AD17CEA545E362CD886A8 ] Netman C:\WINDOWS\System32\netman.dll
18:04:07.0500 1536 Netman - ok
18:04:07.0531 1536 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:04:07.0531 1536 NetTcpPortSharing - ok
18:04:07.0531 1536 [ 802AB2E85621288FE716A8C91DF733FB ] nfrd960 C:\WINDOWS\system32\DRIVERS\nfrd960.sys
18:04:07.0547 1536 nfrd960 - ok
18:04:07.0578 1536 [ 9C0BF64484E9D297CB3E96DC22765A82 ] Nla C:\WINDOWS\System32\mswsock.dll
18:04:07.0578 1536 Nla - ok
18:04:07.0609 1536 [ BDA076E263A1C2BF190A3DDDD504B3EA ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
18:04:07.0609 1536 nm - ok
18:04:07.0625 1536 [ D5BB605F6DCBDFE0129670C8DE57913E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:04:07.0625 1536 Npfs - ok
18:04:07.0656 1536 [ 981756F0532439AA3A1A4AE9DA9F930E ] NtFrs C:\WINDOWS\system32\ntfrs.exe
18:04:07.0672 1536 NtFrs - ok
18:04:07.0687 1536 [ 482EA51AADB8763A0F67588C394EC693 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:04:07.0719 1536 Ntfs - ok
18:04:07.0750 1536 [ D4B61A935670C57A0DEA81B4F4A12169 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:04:07.0750 1536 NtLmSsp - ok
18:04:07.0797 1536 [ FEA5225EF80D5930B86D7A6570BCBBDF ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:04:07.0797 1536 NtmsSvc - ok
18:04:07.0812 1536 [ 5DB0EDE7AAF3A7BC9110D18C12524BE0 ] Null C:\WINDOWS\system32\drivers\Null.sys
18:04:07.0812 1536 Null - ok
18:04:07.0859 1536 [ 238114D2B9DA5A26CD4F6AA7C7687B29 ] nv_agp C:\WINDOWS\system32\DRIVERS\nv_agp.sys
18:04:07.0859 1536 nv_agp - ok
18:04:07.0875 1536 NWCWorkstation - ok
18:04:07.0891 1536 Nwsapagent - ok
18:04:07.0969 1536 [ D52FA9AF66F997057734194CD64E6A85 ] omsad C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe
18:04:07.0984 1536 omsad - ok
18:04:07.0984 1536 OpManager - ok
18:04:08.0016 1536 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:04:08.0016 1536 ose - ok
18:04:08.0078 1536 [ EE3333B36DEB86A0D472F037172DA10A ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:04:08.0078 1536 Parport - ok
18:04:08.0109 1536 [ 4EB6F7418959444A06D3C51EB81BFF04 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:04:08.0109 1536 PartMgr - ok
18:04:08.0141 1536 [ A9D29F3D7AE71B7EA721B53A0C436C66 ] Parvdm C:\WINDOWS\system32\DRIVERS\parvdm.sys
18:04:08.0141 1536 Parvdm - ok
18:04:08.0187 1536 [ 8217000E5C53CE823B3111F339E47C41 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:04:08.0187 1536 PCI - ok
18:04:08.0203 1536 [ 7E3FB50AA22D4ED883C6ABDD40E9C60B ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:04:08.0203 1536 PCIIde - ok
18:04:08.0219 1536 [ FC9F4C9C73E9698357C836BE4628A299 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:04:08.0234 1536 Pcmcia - ok
18:04:08.0250 1536 [ 3472492C0F61F4C5E5E79EE5617ACF31 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
18:04:08.0266 1536 perc2 - ok
18:04:08.0281 1536 [ F7A93284FD163F337C931863C95BDD23 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:04:08.0359 1536 perc2hib - ok
18:04:08.0391 1536 [ 1D743B0D029F9A155BCDD18227FB8CF4 ] percsas C:\WINDOWS\system32\drivers\percsas.sys
18:04:08.0391 1536 percsas - ok
18:04:08.0437 1536 [ CF500580CDD83B145646A4DCFCE1CF3C ] PlugPlay C:\WINDOWS\system32\services.exe
18:04:08.0437 1536 PlugPlay - ok
18:04:08.0453 1536 [ 75CF9DE0A67AF916ED591743DFB69694 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
18:04:08.0453 1536 Pml Driver HPZ12 - ok
18:04:08.0469 1536 [ D4B61A935670C57A0DEA81B4F4A12169 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:04:08.0469 1536 PolicyAgent - ok
18:04:08.0484 1536 [ 4454F2639BCCA93BE86A45137E427277 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:04:08.0484 1536 PptpMiniport - ok
18:04:08.0516 1536 [ D4B61A935670C57A0DEA81B4F4A12169 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:04:08.0516 1536 ProtectedStorage - ok
18:04:08.0531 1536 [ 0320FD91FB5ED4298355977CECFC0EB4 ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:04:08.0531 1536 Ptilink - ok
18:04:08.0547 1536 [ EC6AEE81F80FF7003FCB3697B057E6C7 ] QDLTx32 C:\WINDOWS\system32\DRIVERS\QDLTx32.sys
18:04:08.0547 1536 QDLTx32 - ok
18:04:08.0578 1536 [ 8485BD4C7A781FD1754FF42B1DC36A9A ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:04:08.0578 1536 ql1080 - ok
18:04:08.0609 1536 [ FE6256E7714E96DF9E8DF44A9F3DB791 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:04:08.0625 1536 Ql10wnt - ok
18:04:08.0641 1536 [ CA811EAEB772D19A8D37DB71564368F9 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:04:08.0641 1536 ql12160 - ok
18:04:08.0672 1536 [ 7E88FD1BAA8B3E6510E83A62040582D6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:04:08.0687 1536 ql1240 - ok
18:04:08.0703 1536 [ D78E91DACE023A05FAAF5EE6CE7F289C ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:04:08.0703 1536 ql1280 - ok
18:04:08.0719 1536 [ E6BDB78D0F8108487709EAD87AC848DA ] ql2100 C:\WINDOWS\system32\DRIVERS\ql2100.sys
18:04:08.0734 1536 ql2100 - ok
18:04:08.0750 1536 [ C6587711B694FEB0521AE2639307CF59 ] ql2200 C:\WINDOWS\system32\DRIVERS\ql2200.sys
18:04:08.0781 1536 ql2200 - ok
18:04:08.0828 1536 [ 5D60B4DB95D1A85FE102217F815696A3 ] ql2300 C:\WINDOWS\system32\DRIVERS\ql2300.sys
18:04:08.0859 1536 ql2300 - ok
18:04:08.0891 1536 [ BC56C5CDE66F67A4911A823163FBF16C ] QLTOx32 C:\WINDOWS\system32\DRIVERS\QLTOx32.sys
18:04:08.0891 1536 QLTOx32 - ok
18:04:08.0922 1536 [ 48EE7B6802C0306F9A66F34DB7E9EF75 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:04:08.0922 1536 RasAcd - ok
18:04:08.0953 1536 [ ED67FA5DC9CE0BFC5CCCE4296C684A57 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:04:08.0953 1536 RasAuto - ok
18:04:08.0984 1536 [ 3633175613E052ECB41776DEE2777A89 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:04:08.0984 1536 Rasl2tp - ok
18:04:09.0016 1536 [ 02BC610CC90CA5415EB2C9409E77D583 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:04:09.0016 1536 RasMan - ok
18:04:09.0047 1536 [ 59842F0A22216A71CADE6F89FE84C973 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:04:09.0047 1536 RasPppoe - ok
18:04:09.0062 1536 [ 5B11871DE804D3ED28BBDCC65FE14EDE ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:04:09.0062 1536 Raspti - ok
18:04:09.0078 1536 [ 4496B15C44CCB703FBC54F2CF5B67F15 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:04:09.0078 1536 Rdbss - ok
18:04:09.0109 1536 [ AC5BB528ECD2BEA4FF4BFF9DF9BAF749 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:04:09.0109 1536 RDPCDD - ok
18:04:09.0141 1536 [ FF678596B761E1CCBA79F49981EF51BC ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:04:09.0141 1536 rdpdr - ok
18:04:09.0172 1536 [ 28FDAB66B0378842522FA693B60B6234 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:04:09.0172 1536 RDPWD - ok
18:04:09.0203 1536 [ 81F1CF0ED96E58A391FF83F792C87F3E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:04:09.0219 1536 RDSessMgr - ok
18:04:09.0234 1536 [ C6F8751F3263603935866E71629CFAE4 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:04:09.0234 1536 redbook - ok
18:04:09.0234 1536 [ D8F172C1CA72666D8193E226DA7225F4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:04:09.0250 1536 RemoteAccess - ok
18:04:09.0281 1536 [ 55EFA91D1C0DE44C22D2D83413B06510 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:04:09.0281 1536 RemoteRegistry - ok
18:04:09.0328 1536 [ BB3E59A8FD9747B2D0819124C3ED1CBC ] Reporting C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
18:04:09.0344 1536 Reporting - ok
18:04:09.0375 1536 [ 9645EE0A9C91381A50D99BCEFD92F6CC ] ReportServer$ADVISORSASSIST C:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe
18:04:09.0391 1536 ReportServer$ADVISORSASSIST - ok
18:04:09.0406 1536 [ A83414D7A45555274E99793AA22D54AB ] RpcLocator C:\WINDOWS\system32\locator.exe
18:04:09.0422 1536 RpcLocator - ok
18:04:09.0437 1536 [ 305A8757D66B5D416B47C497C27A01FE ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:04:09.0437 1536 RpcSs - ok
18:04:09.0484 1536 [ 3357C6EDD71E73110C83F54E35ECDE4D ] RSoPProv C:\WINDOWS\system32\RSoPProv.exe
18:04:09.0484 1536 RSoPProv - ok
18:04:09.0500 1536 [ 34D79729D6E4D1289E08322405045085 ] sacdrv C:\WINDOWS\system32\drivers\sacdrv.sys
18:04:09.0516 1536 sacdrv - ok
18:04:09.0531 1536 [ 77919394900DEC12C8E65CB35D6272FE ] sacsvr C:\WINDOWS\system32\sacsvr.dll
18:04:09.0531 1536 sacsvr - ok
18:04:09.0547 1536 [ D4B61A935670C57A0DEA81B4F4A12169 ] SamSs C:\WINDOWS\system32\lsass.exe
18:04:09.0547 1536 SamSs - ok
18:04:09.0578 1536 [ EDF6B1852A55581ECC6BA18B4E2C6E8E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:04:09.0578 1536 SCardSvr - ok
18:04:09.0609 1536 [ 7E60F04AE424401A14D153CA6E851A85 ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:04:09.0609 1536 Schedule - ok
18:04:09.0625 1536 [ 2B19AFFD072B27FA3DE205E697CD68A8 ] SCSIChanger C:\WINDOWS\system32\DRIVERS\scsichng.sys
18:04:09.0625 1536 SCSIChanger - ok
18:04:09.0656 1536 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:04:09.0656 1536 Secdrv - ok
18:04:09.0687 1536 [ 03911D9A5D15A80301E767F787C0B015 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:04:09.0687 1536 seclogon - ok
18:04:09.0734 1536 [ FF96C3AB41030996FD0F596E22CF4B1B ] semsrv C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe
18:04:09.0750 1536 semsrv - ok
18:04:09.0766 1536 [ 97B6172283112AF7451E4ABE83DD6F24 ] SENS C:\WINDOWS\system32\Sens32.dll
18:04:09.0766 1536 SENS - ok
18:04:09.0797 1536 [ B261D4597BF9A2723B7020207260C72A ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:04:09.0797 1536 serenum - ok
18:04:09.0812 1536 [ 95768FDE08DD34089AA90DCCB5537704 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:04:09.0812 1536 Serial - ok
18:04:09.0891 1536 [ B5A2859FAA8D8D37D24D4F3D6E95D9C2 ] Server Administrator C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
18:04:09.0891 1536 Server Administrator - ok
18:04:09.0984 1536 [ 831826DC54FA225F0B654EF2F1E13AF9 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
18:04:09.0984 1536 Sfloppy - ok
18:04:10.0031 1536 [ 0AF6401BDBD41A8B7AED5C923B8FDF4D ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:04:10.0031 1536 ShellHWDetection - ok
18:04:10.0047 1536 Simbad - ok
18:04:10.0062 1536 [ E7A36BE30C0BD75EEEFC4099CA5429AA ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:04:10.0078 1536 sisagp - ok
18:04:10.0125 1536 [ D916A094DC3B5332CF53F50BDE0D0FAE ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
18:04:10.0156 1536 SmcService - ok
18:04:10.0187 1536 [ D3B6133B0BF6620643E5F36DE1F54AB6 ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
18:04:10.0187 1536 SNAC - ok
18:04:10.0219 1536 [ 5CE1CF27620B144E212D407CDB14D339 ] snapman380 C:\WINDOWS\system32\DRIVERS\snman380.sys
18:04:10.0234 1536 snapman380 - ok
18:04:10.0250 1536 [ E649D2345614E56249CE3F0B64849547 ] SNMP C:\WINDOWS\System32\snmp.exe
18:04:10.0250 1536 SNMP - ok
18:04:10.0266 1536 [ B2A7B19F00D6DD8671FF5EDC142C151B ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
18:04:10.0266 1536 SNMPTRAP - ok
18:04:10.0328 1536 [ D7BB213566E16BCA372E2CB517EDA907 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
18:04:10.0328 1536 SPBBCDrv - ok
18:04:10.0359 1536 [ 30B32E3127D9BBAA1E32394134718070 ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:04:10.0359 1536 Spooler - ok
18:04:10.0375 1536 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:04:10.0375 1536 SQLBrowser - ok
18:04:10.0406 1536 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:04:10.0406 1536 SQLWriter - ok
18:04:10.0422 1536 [ 522651A0E7DC6415E083317370B609CC ] SRTSP C:\WINDOWS\system32\Drivers\SRTSP.SYS
18:04:10.0422 1536 SRTSP - ok
18:04:10.0453 1536 [ 34E823B8D730099D032608FCCCBC6A25 ] SRTSPL C:\WINDOWS\system32\Drivers\SRTSPL.SYS
18:04:10.0453 1536 SRTSPL - ok
18:04:10.0469 1536 [ 469006E15F5B0FE8AE94184A18A81586 ] SRTSPX C:\WINDOWS\system32\Drivers\SRTSPX.SYS
18:04:10.0469 1536 SRTSPX - ok
18:04:10.0500 1536 [ E8B1A07774A9E4FEC3105CBAD49BF289 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:04:10.0500 1536 Srv - ok
18:04:10.0516 1536 [ 0DF3C24094F68A5E5FA77A681E438A46 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:04:10.0531 1536 stisvc - ok
18:04:10.0547 1536 [ 93965919785102BA847545AB460CE2DF ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:04:10.0547 1536 swenum - ok
18:04:10.0578 1536 [ 0BA2F4D23D62F7475A70D1988142D6BD ] swprv C:\WINDOWS\System32\swprv.dll
18:04:10.0594 1536 swprv - ok
18:04:10.0641 1536 [ DD10CB8AA990F89091BC267370FD0843 ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
18:04:10.0687 1536 Symantec AntiVirus - ok
18:04:10.0687 1536 [ 3D05BFDAEF2D2D7EED998BA126FB3466 ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
18:04:10.0703 1536 symc810 - ok
18:04:10.0719 1536 [ 57F992062E8FF2D37572EC5823F956E7 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:04:10.0719 1536 symc8xx - ok
18:04:10.0766 1536 [ E03EE3EF1037099554D17BED99545A5E ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:04:10.0766 1536 SymEvent - ok
18:04:10.0781 1536 [ 868204832E011E2D64281D7EABEE572E ] symmpi C:\WINDOWS\system32\DRIVERS\symmpi.sys
18:04:10.0797 1536 symmpi - ok
18:04:10.0844 1536 [ 1FBDDF0DC4583922C904195823EBD795 ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:04:10.0859 1536 sym_hi - ok
18:04:10.0875 1536 [ EBD31469527AFA05814B3D1A140C24E2 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:04:10.0891 1536 sym_u3 - ok
18:04:10.0906 1536 [ CC8610D2FFAFF19D5C9CF8CE9FFAD71A ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:04:10.0906 1536 SysmonLog - ok
18:04:10.0953 1536 [ CE1FCAF92F06BB8549C9E1B8605B90CC ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:04:10.0953 1536 TapiSrv - ok
18:04:10.0969 1536 [ 238DC2B879D1B37B91F8D5D44F3815D3 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:04:10.0984 1536 Tcpip - ok
18:04:11.0000 1536 [ 45D49FB800463DE84D1CC2E231319AD5 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:04:11.0000 1536 TDPIPE - ok
18:04:11.0016 1536 [ D7C31008DE209B8B11CED207580E9C91 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:04:11.0016 1536 TDTCP - ok
18:04:11.0047 1536 [ DD0C015ABED0A6D8A91A5A221A001014 ] TeamViewer C:\Program Files\TeamViewer3\TeamViewer_Service.exe
18:04:11.0047 1536 TeamViewer - ok
18:04:11.0062 1536 [ A01E46FFF445A38D35DB188C5458582C ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:04:11.0062 1536 TermDD - ok
18:04:11.0078 1536 [ 5F0BD29CBD95465A3AA3CA319BC591A9 ] TermService C:\WINDOWS\System32\termsrv.dll
18:04:11.0094 1536 TermService - ok
18:04:11.0109 1536 [ BC18BEE62E7AEC10B33C149CA3B64EAE ] TermServLicensing C:\WINDOWS\system32\lserver.exe
18:04:11.0125 1536 TermServLicensing - ok
18:04:11.0156 1536 [ E52011FFE8E8947078AC797DF216E5A6 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
18:04:11.0156 1536 tifsfilter - ok
18:04:11.0172 1536 [ F644B9EBA05806EB5D6F2A8716CE0EEE ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
18:04:11.0172 1536 timounter - ok
18:04:11.0187 1536 [ FE7FF05A90C1A24855B1CDC066B959E0 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:04:11.0203 1536 TlntSvr - ok
18:04:11.0234 1536 [ D5A95A19CA6E79633AFDE86FB8D039FD ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
18:04:11.0250 1536 TosIde - ok
18:04:11.0266 1536 [ E21DFFCA5DCB3414BF59433E7288D15B ] tpfilter C:\WINDOWS\System32\Drivers\tpfilter.sys
18:04:11.0266 1536 tpfilter - ok
18:04:11.0281 1536 [ 671FC35E995FFDBCED00202771C6D169 ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:04:11.0281 1536 TrkWks - ok
18:04:11.0312 1536 [ 43992245309838EACD05506B474985E5 ] Tssdis C:\WINDOWS\System32\tssdis.exe
18:04:11.0328 1536 Tssdis - ok
18:04:11.0344 1536 [ C26024265A7523312A5D06FC33AA57AA ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:04:11.0359 1536 Udfs - ok
18:04:11.0375 1536 [ CBA54E96B4F5BA978B325AE4CC58D392 ] uliagpkx C:\WINDOWS\system32\DRIVERS\uliagpkx.sys
18:04:11.0391 1536 uliagpkx - ok
18:04:11.0406 1536 [ B4BFEE4AE295853065F1695A196D9790 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
18:04:11.0406 1536 ultra - ok
18:04:11.0437 1536 [ 997FE835C85D0FB0501DF6664D6FD072 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
18:04:11.0437 1536 UMWdf - ok
18:04:11.0484 1536 [ 4847639D852763EE39415C929470F672 ] UnlockerDriver5 D:\Program Files\Unlocker\UnlockerDriver5.sys
18:04:11.0484 1536 UnlockerDriver5 - ok
18:04:11.0500 1536 [ B0E133858E63940755B496761834F334 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:04:11.0500 1536 Update - ok
18:04:11.0531 1536 [ 92C3A632E963A8224FE62AA37C9508F6 ] UPS C:\WINDOWS\System32\ups.exe
18:04:11.0531 1536 UPS - ok
18:04:11.0547 1536 [ 185959A7FCCFD38AA71A274AE6252B88 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:04:11.0547 1536 usbccgp - ok
18:04:11.0562 1536 [ 9DD4ABA9462938734BCBF51D8669C884 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:04:11.0562 1536 usbehci - ok
18:04:11.0594 1536 [ 17859937740BC0D422FE71A588D6DDF7 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:04:11.0594 1536 usbhub - ok
18:04:11.0609 1536 [ 910B3B46DA0FB5520988F351D0719342 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:04:11.0609 1536 usbohci - ok
18:04:11.0609 1536 [ D0740FF9F7E819486E88096826B4DC37 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:04:11.0609 1536 USBSTOR - ok
18:04:11.0641 1536 [ CBD3053337BB475F442A892EDF671312 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:04:11.0641 1536 usbuhci - ok
18:04:11.0672 1536 [ 5CE9331DC4C9E3B1FA4AAEF1B212701F ] vds C:\WINDOWS\System32\vds.exe
18:04:11.0672 1536 vds - ok
18:04:11.0703 1536 [ 2EB062B434792BB6BB614F107DD3A5CF ] vga C:\WINDOWS\system32\DRIVERS\vgapnp.sys
18:04:11.0719 1536 vga - ok
18:04:11.0719 1536 [ 062FBC10147FD837D819F94AA394E661 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:04:11.0719 1536 VgaSave - ok
18:04:11.0766 1536 [ 8F411DF1FC53E2F8581F125B40674EE1 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:04:11.0766 1536 viaagp - ok
18:04:11.0797 1536 [ 19A9A290823D0FDF7316440922DA175E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
18:04:11.0812 1536 ViaIde - ok
18:04:11.0844 1536 [ EA59BE46EE97C0A9C328709CAF8514CB ] VirtFile C:\WINDOWS\system32\DRIVERS\VirtFile.sys
18:04:11.0844 1536 VirtFile - ok
18:04:11.0875 1536 [ 45AE67C387A640EC6E228F30D421F088 ] VolSnap C:\WINDOWS\system32\DRIVERS\volsnap.sys
18:04:11.0875 1536 VolSnap - ok
18:04:11.0953 1536 [ 74A6820792E5BCA5EE4D0CC4595C6916 ] VSS C:\WINDOWS\System32\vssvc.exe
18:04:12.0016 1536 VSS - ok
18:04:12.0031 1536 [ 42CDAE64DA5BEABB51C0C0F613658545 ] W32Time C:\WINDOWS\system32\w32time.dll
18:04:12.0047 1536 W32Time - ok
18:04:12.0094 1536 [ DB0E023EE673896AD1780ACAD3BAB393 ] W3SVC C:\WINDOWS\system32\inetsrv\iisw3adm.dll
18:04:12.0094 1536 W3SVC - ok
18:04:12.0141 1536 [ CE030B1D05A01FA012D32F2D25676B1C ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:04:12.0141 1536 Wanarp - ok
18:04:12.0156 1536 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:04:12.0172 1536 Wdf01000 - ok
18:04:12.0172 1536 WDICA - ok
18:04:12.0203 1536 [ 6F66E66AB1C25C0BD363F2252DB04360 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:04:12.0266 1536 WebClient - ok
18:04:12.0312 1536 [ 52B7C88EE18C31AEA1078671CAEC5FED ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
18:04:12.0312 1536 Wecsvc - ok
18:04:12.0328 1536 [ 5CC011033B758376B6CDF0487649547E ] WGX C:\WINDOWS\system32\Drivers\WGX.SYS
18:04:12.0328 1536 WGX - ok
18:04:12.0359 1536 [ DDB6B2D33BB299664F1470ED4E83C389 ] Winachcf C:\WINDOWS\system32\DRIVERS\winachcf.sys
18:04:12.0359 1536 Winachcf - ok
18:04:12.0391 1536 [ F8D5B9C1A26C933B9EA7740BAB35BCF5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:04:12.0391 1536 winmgmt - ok
18:04:12.0437 1536 [ CE2D930B9B80F16EA0BF7C177B5F4F2D ] WinRM C:\WINDOWS\system32\WsmSvc.dll
18:04:12.0453 1536 WinRM - ok
18:04:12.0453 1536 WINS - ok
18:04:12.0516 1536 [ D346E2F289F23E557DDFB9132D1DAB35 ] WLBS C:\WINDOWS\system32\DRIVERS\wlbs.sys
18:04:12.0516 1536 WLBS - ok
18:04:12.0531 1536 [ 4D32F7BDBF325792AE28D5380DDF6BCF ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
18:04:12.0531 1536 WmdmPmSN - ok
18:04:12.0547 1536 WmdmPmSp - ok
18:04:12.0594 1536 [ 2085B957FB56927A8F3768DE740612C4 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:04:12.0609 1536 Wmi - ok
18:04:12.0641 1536 [ 796D30C693F7B8A717499A9ABEB3AF39 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:04:12.0641 1536 WmiApSrv - ok
18:04:12.0703 1536 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:04:12.0703 1536 WPFFontCache_v0400 - ok
18:04:12.0781 1536 [ 996CEC79B1662044E8462E130A65739E ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:04:12.0781 1536 wuauserv - ok
18:04:12.0859 1536 [ E21B2D0A0D4AB1D2441FE9FCC961C392 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:04:12.0891 1536 WZCSVC - ok
18:04:12.0938 1536 [ C5B83F9A09A3EBFE8A931472F6DA4E38 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:04:12.0938 1536 xmlprov - ok
18:04:12.0969 1536 ================ Scan global ===============================
18:04:13.0000 1536 [ CF34734715FAADCF38BFDAA9E65DCC57 ] C:\WINDOWS\system32\basesrv.dll
18:04:13.0047 1536 [ 829491617349A73A68A4BAD75C4E7AE2 ] C:\WINDOWS\system32\winsrv.dll
18:04:13.0063 1536 [ 829491617349A73A68A4BAD75C4E7AE2 ] C:\WINDOWS\system32\winsrv.dll
18:04:13.0094 1536 [ CF500580CDD83B145646A4DCFCE1CF3C ] C:\WINDOWS\system32\services.exe
18:04:13.0094 1536 [Global] - ok
18:04:13.0094 1536 ================ Scan MBR ==================================
18:04:13.0109 1536 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:04:13.0984 1536 \Device\Harddisk0\DR0 - ok
18:04:13.0984 1536 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
18:04:14.0219 1536 \Device\Harddisk1\DR1 - ok
18:04:14.0219 1536 ================ Scan VBR ==================================
18:04:14.0219 1536 [ DA0379EBBD88DF8D3DD5245BF22E023B ] \Device\Harddisk0\DR0\Partition1
18:04:14.0219 1536 \Device\Harddisk0\DR0\Partition1 - ok
18:04:14.0219 1536 [ 408532AB54C9145E49C4E9A1D99BA6C8 ] \Device\Harddisk1\DR1\Partition1
18:04:14.0219 1536 \Device\Harddisk1\DR1\Partition1 - ok
18:04:14.0219 1536 ============================================================
18:04:14.0219 1536 Scan finished
18:04:14.0219 1536 ============================================================
18:04:14.0234 2972 Detected object count: 0
18:04:14.0234 2972 Actual detected object count: 0
18:14:17.0933 5576 Deinitialize success
Here is the first log file:
18:03:34.0202 5548 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:03:34.0640 5548 ============================================================
18:03:34.0640 5548 Current date / time: 2012/09/07 18:03:34.0640
18:03:34.0640 5548 SystemInfo:
18:03:34.0640 5548
18:03:34.0640 5548 OS Version: 5.2.3790 ServicePack: 2.0
18:03:34.0640 5548 Product type: Domain controller
18:03:34.0640 5548 ComputerName: ST-SERVER
18:03:34.0640 5548 UserName: st_admin
18:03:34.0640 5548 Windows directory: C:\WINDOWS
18:03:34.0640 5548 System windows directory: C:\WINDOWS
18:03:34.0640 5548 Processor architecture: Intel x86
18:03:34.0640 5548 Number of processors: 2
18:03:34.0640 5548 Page size: 0x1000
18:03:34.0640 5548 Boot type: Normal boot
18:03:34.0640 5548 ============================================================
18:03:36.0234 5548 Drive \Device\Harddisk0\DR0 - Size: 0x21E0000000 (135.50 Gb), SectorSize: 0x200, Cylinders: 0x4518, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:03:36.0234 5548 Drive \Device\Harddisk1\DR1 - Size: 0x8820000000 (544.50 Gb), SectorSize: 0x200, Cylinders: 0x115A7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:03:36.0249 5548 ============================================================
18:03:36.0249 5548 \Device\Harddisk0\DR0:
18:03:36.0249 5548 MBR partitions:
18:03:36.0249 5548 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x10ED34CD
18:03:36.0249 5548 \Device\Harddisk1\DR1:
18:03:36.0249 5548 MBR partitions:
18:03:36.0249 5548 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x440FC4A8
18:03:36.0249 5548 ============================================================
18:03:36.0265 5548 C: <-> \Device\Harddisk0\DR0\Partition1
18:03:36.0296 5548 D: <-> \Device\Harddisk1\DR1\Partition1
18:03:36.0296 5548 ============================================================
18:03:36.0296 5548 Initialize success
18:03:36.0296 5548 ============================================================
18:03:49.0609 1536 ============================================================
18:03:49.0609 1536 Scan started
18:03:49.0609 1536 Mode: Manual;
18:03:49.0609 1536 ============================================================
18:03:51.0421 1536 ================ Scan system memory ========================
18:04:00.0078 1536 System memory - ok
18:04:00.0078 1536 ================ Scan services =============================
18:04:00.0125 1536 [ E1C38CAB3C1CCAE77DB139988902F639 ] AAService C:\Program Files\Client Marketing Systems\Advisors Assistant Server Component\AASCServer.exe
18:04:00.0125 1536 AAService - ok
18:04:00.0203 1536 Abiosdsk - ok
18:04:00.0219 1536 [ A0A850BAC6F8A88AD0FC964C6BEA170D ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:04:00.0219 1536 ACPI - ok
18:04:00.0234 1536 [ 043C89CC533FF546D835CB998B95B198 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:04:00.0312 1536 ACPIEC - ok
18:04:00.0344 1536 Acronis VSS Provider - ok
18:04:00.0390 1536 [ BA73574247E4F3F50A19C9B09D1F759B ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
18:04:00.0390 1536 AcrSch2Svc - ok
18:04:00.0422 1536 [ BBE35985C5E9E5ED87B8C1DAD5B7D725 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:04:00.0422 1536 adpu160m - ok
18:04:00.0453 1536 [ 5A23754571BBFA93564C04E7A20B1762 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys
18:04:00.0469 1536 adpu320 - ok
18:04:00.0484 1536 [ D01968EDEBF1DC11E4C93517C98CDF7C ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
18:04:00.0484 1536 AeLookupSvc - ok
18:04:00.0500 1536 [ 2DAD567D6C05B12DB4567860A6256AC2 ] afcnt C:\WINDOWS\system32\DRIVERS\afcnt.sys
18:04:00.0515 1536 afcnt - ok
18:04:00.0531 1536 [ 317E75D96065AC6AF5EF8857CE2E399B ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:04:00.0531 1536 AFD - ok
18:04:00.0562 1536 [ B9985042687A43685FC64B282B627653 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
18:04:00.0578 1536 agp440 - ok
18:04:00.0578 1536 [ 4139C312858D6050489ADE2984CEB648 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:04:00.0594 1536 agpCPQ - ok
18:04:00.0625 1536 [ B06E2A2A7CEB0EF894520CAFC2F1FEAF ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:04:00.0625 1536 aic78u2 - ok
18:04:00.0640 1536 [ EC7D7F96E97BAD83A0B8A96969D19F2D ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:04:00.0656 1536 aic78xx - ok
18:04:00.0672 1536 [ 055318E373B45AD6C3F518732809EF4E ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:04:00.0687 1536 Alerter - ok
18:04:00.0703 1536 [ 8E89CB0283D7DED092D76AE53D123C40 ] ALG C:\WINDOWS\System32\alg.exe
18:04:00.0703 1536 ALG - ok
18:04:00.0719 1536 [ 4790A743B00358C186E19F6B49791D6A ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
18:04:00.0719 1536 AliIde - ok
18:04:00.0797 1536 [ 91B0A16EF9FC504865A94BBDB4623A1F ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:04:00.0797 1536 alim1541 - ok
18:04:00.0828 1536 [ 557EAEA1343554571456DC363FEED2EE ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:04:00.0828 1536 amdagp - ok
18:04:00.0859 1536 [ D175D3C400A412B9CB2095E452AFBBB0 ] AmdIde C:\WINDOWS\system32\DRIVERS\amdide.sys
18:04:00.0859 1536 AmdIde - ok
18:04:00.0875 1536 [ 8A5AD4CFE2D84371ABADFCF9E21954F6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:04:00.0890 1536 AppMgmt - ok
18:04:00.0906 1536 [ A9C7273645A06A01AC2CA070D7D7EC87 ] arc C:\WINDOWS\system32\DRIVERS\arc.sys
18:04:00.0906 1536 arc - ok
18:04:00.0953 1536 ASANYs_sem5 - ok
18:04:01.0062 1536 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:04:01.0078 1536 aspnet_state - ok
18:04:01.0094 1536 [ A35B971F631D4DFDEB68D71E770D2CE9 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:04:01.0094 1536 AsyncMac - ok
18:04:01.0109 1536 [ FF953A8F08CA3F822127654375786BBE ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:04:01.0125 1536 atapi - ok
18:04:01.0125 1536 Atdisk - ok
18:04:01.0140 1536 [ 8032016269422141C762552D5836D7AD ] ati2mpad C:\WINDOWS\system32\DRIVERS\ati2mpad.sys
18:04:01.0140 1536 ati2mpad - ok
18:04:01.0187 1536 [ 42B40211F0EAF6A08E943FE2848CA24E ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:04:01.0187 1536 ati2mtag - ok
18:04:01.0219 1536 [ D12DAD5032285343CE3AA4906F661181 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:04:01.0219 1536 Atmarpc - ok
18:04:01.0234 1536 [ 754A448D5B87CBEDE41A0F0E0B237B03 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:04:01.0234 1536 AudioSrv - ok
18:04:01.0250 1536 [ 5BFD980C2107D88101D1DC14055526FC ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:04:01.0250 1536 audstub - ok
18:04:01.0265 1536 [ 781CB2EF3AFECEED195A56D9E5EFD718 ] b06bdrv C:\WINDOWS\system32\DRIVERS\bxvbdx.sys
18:04:01.0281 1536 b06bdrv - ok
18:04:01.0375 1536 [ 339272D067A028A19683EDED9481D84A ] BackupExecAgentAccelerator D:\Program Files\Symantec\Backup Exec\beremote.exe
18:04:01.0469 1536 BackupExecAgentAccelerator - ok
18:04:01.0484 1536 [ BD23400D1D8C00E8C3EC9326C3ABAEC7 ] BackupExecAgentBrowser D:\Program Files\Symantec\Backup Exec\benetns.exe
18:04:01.0484 1536 BackupExecAgentBrowser - ok
18:04:01.0515 1536 [ CFF9DE03B1FBDCBE63E6826EAB15094B ] BackupExecDeviceMediaService D:\Program Files\Symantec\Backup Exec\pvlsvr.exe
18:04:01.0609 1536 BackupExecDeviceMediaService - ok
18:04:01.0703 1536 [ 3C25A77B01A571DDFAFC88586BF55DCA ] BackupExecJobEngine D:\Program Files\Symantec\Backup Exec\bengine.exe
18:04:01.0750 1536 BackupExecJobEngine - ok
18:04:01.0828 1536 [ 5A315C37D09EF52526437A63B4118574 ] BackupExecRPCService D:\Program Files\Symantec\Backup Exec\beserver.exe
18:04:01.0906 1536 BackupExecRPCService - ok
18:04:01.0969 1536 [ 5C68AC6F3E5B3E6D6A78E97D05E42C3A ] BASFND C:\Program Files\Broadcom\SNMP\BASFND.sys
18:04:01.0969 1536 BASFND - ok
18:04:02.0015 1536 [ 99572503E15A3D10239B7B9887CBAF89 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:04:02.0015 1536 Beep - ok
18:04:02.0062 1536 [ 9D7A318B2C7AE51E9D5374F8EEDE856C ] BITS C:\WINDOWS\system32\qmgr.dll
18:04:02.0062 1536 BITS - ok
18:04:02.0109 1536 [ 083CEFF111E13E0A5464FFF22C3FAD37 ] Blfp C:\WINDOWS\system32\DRIVERS\baspxp32.sys
18:04:02.0109 1536 Blfp - ok
18:04:02.0140 1536 [ 5251A868FB1C6C8B774DA42F3C107C82 ] Browser C:\WINDOWS\System32\browser.dll
18:04:02.0140 1536 Browser - ok
18:04:02.0172 1536 [ 1342877DE604A5A6BFF986E288E3A8A7 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:04:02.0187 1536 cbidf - ok
18:04:02.0187 1536 [ 1342877DE604A5A6BFF986E288E3A8A7 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:04:02.0187 1536 cbidf2k - ok
18:04:02.0219 1536 [ 4AA730BB7B79B7BA70B1E30ACF97D6AB ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
18:04:02.0219 1536 ccEvtMgr - ok
18:04:02.0234 1536 [ 4AA730BB7B79B7BA70B1E30ACF97D6AB ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
18:04:02.0234 1536 ccSetMgr - ok
18:04:02.0250 1536 [ 431D1B3DC3DE617DA27055C87B424A21 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:04:02.0265 1536 cd20xrnt - ok
18:04:02.0297 1536 [ E6D72780C957B69C48BFC66BC3ECDAD4 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:04:02.0297 1536 Cdfs - ok
18:04:02.0312 1536 [ 825AA877A852ECC731FA0C39C8C37744 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:04:02.0312 1536 Cdrom - ok
18:04:02.0328 1536 Changer - ok
18:04:02.0344 1536 [ 934EE973E9EE6AC414E9A0F07AB73D6E ] cisvc C:\WINDOWS\system32\cisvc.exe
18:04:02.0344 1536 cisvc - ok
18:04:02.0375 1536 [ E53196BA56081F154E2D7A9E50A1D33F ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:04:02.0390 1536 ClipSrv - ok
18:04:02.0406 1536 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:04:02.0469 1536 clr_optimization_v2.0.50727_32 - ok
18:04:02.0484 1536 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:04:02.0531 1536 clr_optimization_v4.0.30319_32 - ok
18:04:02.0547 1536 [ 54308CDF97622FAE1620BB1EC39EF014 ] ClusDisk C:\WINDOWS\system32\DRIVERS\ClusDisk.sys
18:04:02.0562 1536 ClusDisk - ok
18:04:02.0578 1536 [ C40FB2610969B282CB0873CA8030A884 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:04:02.0594 1536 CmdIde - ok
18:04:02.0594 1536 COMSysApp - ok
18:04:02.0640 1536 [ 126D049A6E6B6CB8DF1C69D3E2A8C0C4 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:04:02.0656 1536 Cpqarray - ok
18:04:02.0687 1536 [ D31CB94A4ACAD58ABB6CF74B7EF1CE1F ] cpqarry2 C:\WINDOWS\system32\DRIVERS\cpqarry2.sys
18:04:02.0687 1536 cpqarry2 - ok
18:04:02.0719 1536 [ 0C5DCC2DF112B7352B9427D943CF56BC ] cpqcissm C:\WINDOWS\system32\DRIVERS\cpqcissm.sys
18:04:02.0734 1536 cpqcissm - ok
18:04:02.0797 1536 [ FED86C9F250FC641B37C933E4C214A8A ] cpqfcalm C:\WINDOWS\system32\DRIVERS\cpqfcalm.sys
18:04:02.0797 1536 cpqfcalm - ok
18:04:02.0922 1536 cpuz133 - ok
18:04:02.0953 1536 [ 0EE27D9DBB208C13314F3C60F66AED26 ] crcdisk C:\WINDOWS\system32\DRIVERS\crcdisk.sys
18:04:02.0953 1536 crcdisk - ok
18:04:03.0000 1536 [ FEB85DA744DD3F41A427CF6D2BC04FE4 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:04:03.0000 1536 CryptSvc - ok
18:04:03.0031 1536 [ 8CE90C5C311592273AB0FB39A2D23896 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:04:03.0031 1536 dac2w2k - ok
18:04:03.0047 1536 [ 19B8202934B660C4EC2E64354437A854 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:04:03.0062 1536 dac960nt - ok
18:04:03.0078 1536 [ 2E1499B98177D93552E8971E63F01E9A ] dcdbas C:\WINDOWS\system32\DRIVERS\dcdbas32.sys
18:04:03.0078 1536 dcdbas - ok
18:04:03.0125 1536 [ 0DD50B633418EA7A463C1F9A4046A20C ] dcevt32 C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
18:04:03.0140 1536 dcevt32 - ok
18:04:03.0156 1536 [ 305A8757D66B5D416B47C497C27A01FE ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:04:03.0172 1536 DcomLaunch - ok
18:04:03.0187 1536 [ 82AA01CCE9E5DD89DF26700BD1EDD36F ] dcstor32 C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
18:04:03.0203 1536 dcstor32 - ok
18:04:03.0219 1536 [ 264E592A99801B682C98984588A7D7B5 ] dellcerc C:\WINDOWS\system32\DRIVERS\dellcerc.sys
18:04:03.0281 1536 dellcerc - ok
18:04:03.0297 1536 [ 6217AA084EF7E052F3B5D7C3F67F68AF ] Dfs C:\WINDOWS\system32\Dfssvc.exe
18:04:03.0297 1536 Dfs - ok
18:04:03.0312 1536 [ 444726B01C31D29C70E60F7C35DE43E5 ] DfsDriver C:\WINDOWS\system32\drivers\Dfs.sys
18:04:03.0312 1536 DfsDriver - ok
18:04:03.0328 1536 [ 1201DF9A11FBB0F69EBD22E503D3BC87 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:04:03.0328 1536 Dhcp - ok
18:04:03.0359 1536 [ E0BE3E7F71415351F90AF4CE21ED9DD7 ] DHCPServer C:\WINDOWS\system32\tcpsvcs.exe
18:04:03.0375 1536 DHCPServer - ok
18:04:03.0390 1536 [ 98433302C02F1168EFB7364F8111A179 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:04:03.0390 1536 Disk - ok
18:04:03.0406 1536 dmadmin - ok
18:04:03.0422 1536 [ 89FA376D83042F6F1AED505106A5719D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:04:03.0437 1536 dmboot - ok
18:04:03.0453 1536 [ 15081421EE62DC1C95ABB387D9081571 ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
18:04:03.0453 1536 dmio - ok
18:04:03.0469 1536 [ 3D9BFA13B6F1CD2D91C50C52B32E91A2 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:04:03.0469 1536 dmload - ok
18:04:03.0484 1536 [ 78A11666307820AF94B5712D53DECC55 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:04:03.0484 1536 dmserver - ok
18:04:03.0515 1536 [ A2023CCDF44AFDB476AD310A42444DEC ] DNS C:\WINDOWS\System32\dns.exe
18:04:03.0531 1536 DNS - ok
18:04:03.0547 1536 [ E927F3B46F85D934C8F420FE08593D1B ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:04:03.0547 1536 Dnscache - ok
18:04:03.0547 1536 [ 110406BC22A72E2DCBB0A86E0542AB1C ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:04:03.0562 1536 dpti2o - ok
18:04:03.0578 1536 [ 383182215A2C238E76B86E3B5EDE40EB ] DwMirror C:\WINDOWS\system32\DRIVERS\DamewareMini.sys
18:04:03.0578 1536 DwMirror - ok
18:04:03.0594 1536 DWMRCS - ok
18:04:03.0625 1536 [ 5A402C57F621114C99F813C6AE7BC37A ] dwvkbd C:\WINDOWS\system32\DRIVERS\dwvkbd.sys
18:04:03.0625 1536 dwvkbd - ok
18:04:03.0656 1536 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:04:03.0656 1536 eeCtrl - ok
18:04:03.0672 1536 elxstor - ok
18:04:03.0687 1536 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:04:03.0687 1536 EraserUtilRebootDrv - ok
18:04:03.0719 1536 [ 6F09AE902663735B6BD24198D25F453A ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:04:03.0719 1536 ERSvc - ok
18:04:03.0765 1536 [ CF500580CDD83B145646A4DCFCE1CF3C ] Eventlog C:\WINDOWS\system32\services.exe
18:04:03.0765 1536 Eventlog - ok
18:04:03.0797 1536 [ C17C56E91045E14DF45D62DD89AED50C ] EventSystem C:\WINDOWS\system32\es.dll
18:04:03.0812 1536 EventSystem - ok
18:04:03.0844 1536 [ E792A18ABDC32286212DCE8E75BAA124 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:04:03.0844 1536 Fastfat - ok
18:04:03.0875 1536 [ 5090CD3F6AB1D71AD507953CFF556EA9 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:04:03.0875 1536 Fdc - ok
18:04:03.0922 1536 [ B485AC2EDC466C538BDFF32BC3F2E506 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:04:03.0922 1536 Fips - ok
18:04:03.0953 1536 [ C621A51F415419A3145A5939ABDE39FA ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:04:03.0953 1536 Flpydisk - ok
18:04:04.0000 1536 [ F978277EF786532195CDD9F88E908632 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:04:04.0000 1536 FltMgr - ok
18:04:04.0062 1536 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:04:04.0062 1536 FontCache3.0.0.0 - ok
18:04:04.0078 1536 [ AEBFF3D810B74971B91B2B77B289A98B ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:04:04.0094 1536 Fs_Rec - ok
18:04:04.0125 1536 [ 4C533B70AFA917416AEC57FCBEECB57D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:04:04.0125 1536 Ftdisk - ok
18:04:04.0156 1536 [ 30B1653A955F548352024A5FEE203CC3 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:04:04.0156 1536 Gpc - ok
18:04:04.0172 1536 [ 4CCAD1B9C65695CC6006093E02CBA50D ] halfinchVRTS C:\WINDOWS\system32\DRIVERS\halfinch.sys
18:04:04.0172 1536 halfinchVRTS - ok
18:04:04.0219 1536 [ 90A325E14F9B95F17712707B1A7181B5 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:04:04.0219 1536 HidUsb - ok
18:04:04.0234 1536 [ C9A96F4D46767E65042E7B6C531FB526 ] HP Port Resolver C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
18:04:04.0234 1536 HP Port Resolver - ok
18:04:04.0281 1536 [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
18:04:04.0281 1536 HP Status Server - ok
18:04:04.0297 1536 [ 8A445379D6E73731A6A37318DBB0C880 ] hpcisss C:\WINDOWS\system32\DRIVERS\hpcisss.sys
18:04:04.0312 1536 hpcisss - ok
18:04:04.0328 1536 [ CF54B5F4192FA5F669D13EE700FC9DCE ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
18:04:04.0328 1536 hpn - ok
18:04:04.0344 1536 [ D3704DA43183412DFA0DC1F31051D447 ] hpt3xx C:\WINDOWS\system32\DRIVERS\hpt3xx.sys
18:04:04.0359 1536 hpt3xx - ok
18:04:04.0375 1536 [ 7A5D176C4B43F0A47DA4051C96C56439 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:04:04.0375 1536 HTTP - ok
18:04:04.0406 1536 [ D4B61A935670C57A0DEA81B4F4A12169 ] HTTPFilter C:\WINDOWS\System32\lsass.exe
18:04:04.0406 1536 HTTPFilter - ok
18:04:04.0422 1536 [ F198C5BA41CD0F3983DDAD09EAF77300 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
18:04:04.0422 1536 i2omgmt - ok
18:04:04.0437 1536 [ 615395FC46EEEA7E7E822D4BE8006862 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:04:04.0437 1536 i2omp - ok
18:04:04.0469 1536 [ 68E8FF9EEAF8B37A66CAC2C57835FFBD ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:04:04.0469 1536 i8042prt - ok
18:04:04.0500 1536 Ias - ok
18:04:04.0531 1536 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:04:04.0531 1536 idsvc - ok
18:04:04.0547 1536 [ AA9AB3B793401463BB938ADEF5FA8266 ] iirsp C:\WINDOWS\system32\DRIVERS\iirsp.sys
18:04:04.0562 1536 iirsp - ok
18:04:04.0578 1536 [ 58AC18BC908A78FBA5430D23066D183A ] IISADMIN C:\WINDOWS\system32\inetsrv\inetinfo.exe
18:04:04.0594 1536 IISADMIN - ok
18:04:04.0594 1536 [ 44C132B35921B54B4A9AC64369D86D83 ] imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:04:04.0594 1536 imapi - ok
18:04:04.0609 1536 [ 5DA3013244229422C9CBD91A16A477C4 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:04:04.0625 1536 ImapiService - ok
18:04:04.0656 1536 [ 1690A4BE249BA6195BA7258943CADA58 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
18:04:04.0672 1536 IntelIde - ok
18:04:04.0703 1536 [ 7D7575B971B3A0FE26FAC6F5D58F5180 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:04:04.0703 1536 intelppm - ok
18:04:04.0703 1536 [ D7E7E7898A05C53DD862B49828747C1E ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:04:04.0719 1536 Ip6Fw - ok
18:04:04.0765 1536 [ 5A41F207B7C39EE4918F7496A4F19B14 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:04:04.0765 1536 IpFilterDriver - ok
18:04:04.0797 1536 [ 890E7A14A63AEC2EA9257A79A88BE784 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:04:04.0797 1536 IpNat - ok
18:04:04.0797 1536 Iprip - ok
18:04:04.0859 1536 [ 1A9AEAC49683B32DF55B7FB1516F3028 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:04:04.0859 1536 IPSec - ok
18:04:04.0890 1536 [ C8594550880B16A31C99EC42B106E14F ] ipsraidn C:\WINDOWS\system32\DRIVERS\ipsraidn.sys
18:04:04.0890 1536 ipsraidn - ok
18:04:04.0922 1536 [ 11407EE682A2D5B0248DE8AF0F1A6996 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:04:04.0922 1536 IRENUM - ok
18:04:04.0953 1536 Irmon - ok
18:04:04.0984 1536 [ B71BA04A3B5D4404225CCDBF1969078F ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:04:04.0984 1536 isapnp - ok
18:04:05.0015 1536 [ 1B1A2084540CC1F2E9A297A263D69D23 ] IsmServ C:\WINDOWS\System32\ismserv.exe
18:04:05.0015 1536 IsmServ - ok
18:04:05.0172 1536 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
18:04:05.0187 1536 JavaQuickStarterService - ok
18:04:05.0203 1536 [ E5097A07E14F36ABC21FA18D88F93655 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:04:05.0203 1536 Kbdclass - ok
18:04:05.0234 1536 [ 665F2AE9286DBB05B045CCC02F7BC2F8 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:04:05.0234 1536 kbdhid - ok
18:04:05.0250 1536 [ D4B61A935670C57A0DEA81B4F4A12169 ] kdc C:\WINDOWS\System32\lsass.exe
18:04:05.0250 1536 kdc - ok
18:04:05.0281 1536 [ 7516B5F53A258BF152901554A005B7C4 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:04:05.0281 1536 KSecDD - ok
18:04:05.0312 1536 [ 836EF0055FE63FAD9BD2B899014F9631 ] l2nd C:\WINDOWS\system32\DRIVERS\bxnd52x.sys
18:04:05.0312 1536 l2nd - ok
18:04:05.0344 1536 [ DFC5B13F931461ACC025D76D39AFEC0D ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:04:05.0344 1536 lanmanserver - ok
18:04:05.0359 1536 [ 5E8A9C4673B194DD1181B3F003D4F996 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:04:05.0359 1536 lanmanworkstation - ok
18:04:05.0375 1536 [ 647945B72994E7B4A07F6DA10F1DCD79 ] LicenseService C:\WINDOWS\System32\llssrv.exe
18:04:05.0390 1536 LicenseService - ok
18:04:05.0453 1536 [ 6293E44F4AA06F7FCDA06F4B07CDC0C2 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
18:04:05.0515 1536 LiveUpdate - ok
18:04:05.0531 1536 [ 1916D44188853A53DB93AECC6E6197D0 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:04:05.0531 1536 LmHosts - ok
18:04:05.0547 1536 [ FDD8BA3317E07F2E5AF608468821A093 ] lp6nds35 C:\WINDOWS\system32\DRIVERS\lp6nds35.sys
18:04:05.0562 1536 lp6nds35 - ok
18:04:05.0625 1536 [ 2B85B40189BD301B71A946B62AB3D5D7 ] ManageEngineOpManagerApache C:\PROGRA~1\ADVENT~1\ME\OPMANA~1\apache\bin\Apache.exe
18:04:05.0625 1536 ManageEngineOpManagerApache - ok
18:04:05.0640 1536 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
18:04:05.0640 1536 MBAMProtector - ok
18:04:05.0687 1536 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:04:05.0687 1536 MBAMService - ok
18:04:05.0734 1536 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:04:05.0750 1536 MDM - ok
18:04:05.0781 1536 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:04:05.0781 1536 mdmxsdk - ok
18:04:05.0812 1536 [ C35BB38904D843C0465858195B30DAB7 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:04:05.0812 1536 mnmdd - ok
18:04:05.0875 1536 [ E2D859FA2E90FD1F12CA0806DF8A4B3E ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:04:05.0875 1536 mnmsrvc - ok
18:04:05.0906 1536 [ 81EC1C6D3798B36A92A6D7A355BA2C62 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:04:05.0906 1536 Modem - ok
18:04:05.0937 1536 [ 1D0E6FE331A7B0017DC8F624CB9E16EF ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:04:05.0937 1536 MODEMCSA - ok
18:04:05.0953 1536 [ AA50DA5AB638CE0BAB5F7D5D633110C2 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:04:05.0953 1536 Mouclass - ok
18:04:05.0984 1536 [ 6824B20127716121B53A2EC2BD6739B7 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:04:05.0984 1536 mouhid - ok
18:04:06.0000 1536 [ FC43A7A34309C750B9DAEADF2F6EC9B9 ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:04:06.0000 1536 MountMgr - ok
18:04:06.0047 1536 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:04:06.0047 1536 MozillaMaintenance - ok
18:04:06.0109 1536 [ 91EBE05CA28A514FD563E79DC5466F5E ] mr2kserv C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
18:04:06.0109 1536 mr2kserv - ok
18:04:06.0140 1536 [ 4FA93BA7AE719FB6C0A2BE09AC357863 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:04:06.0156 1536 mraid35x - ok
18:04:06.0187 1536 [ AB6DB63A1791F8E86B085291686464FD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:04:06.0187 1536 MRxDAV - ok
18:04:06.0219 1536 [ 16936142FA1D989CF63FD22C8B9D4A6D ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:04:06.0219 1536 MRxSmb - ok
18:04:06.0265 1536 [ 2EAA1763A77BE385B9A71A843C7F159E ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:04:06.0265 1536 MSDTC - ok
18:04:06.0406 1536 [ B4CDB17C573E06DDBFA700CF99158515 ] MSExchangeMGMT C:\Program Files\Exchsrvr\bin\exmgmt.exe
18:04:06.0453 1536 MSExchangeMGMT - ok
18:04:06.0484 1536 [ 8F50B87361585763841C6B603D23260C ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:04:06.0484 1536 Msfs - ok
18:04:06.0531 1536 [ 54819FC5C79E4B2C6E896F9DE440494D ] msftesql$ADVISORSASSIST C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\msftesql.exe
18:04:06.0531 1536 msftesql$ADVISORSASSIST - ok
18:04:06.0547 1536 [ 58AC18BC908A78FBA5430D23066D183A ] MSFtpsvc C:\WINDOWS\system32\inetsrv\inetinfo.exe
18:04:06.0547 1536 MSFtpsvc - ok
18:04:06.0547 1536 MSIServer - ok
18:04:06.0578 1536 [ BAA279ECAAFF6564BA289D38BE2E1E83 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:04:06.0578 1536 MSKSSRV - ok
18:04:06.0594 1536 [ 5D3DE11AF7F2ADF006FB723B0F6B2AFA ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:04:06.0594 1536 MSPCLOCK - ok
18:04:06.0609 1536 [ EE4171D3F3CEAA7386561AAD262F8BD3 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:04:06.0609 1536 MSPQM - ok
18:04:06.0625 1536 [ 92AFAB2F216CE8FFBAD3BC510FCF4A33 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:04:06.0625 1536 mssmbios - ok
18:04:06.0656 1536 MSSQL$ADVISORSASSIST - ok
18:04:06.0687 1536 MSSQL$BKUPEXEC - ok
18:04:06.0719 1536 MSSQL$PRESENTS - ok
18:04:06.0766 1536 MSSQL$SQLEXPRESS - ok
18:04:06.0828 1536 MSSQLSERVER - ok
18:04:06.0875 1536 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:04:06.0906 1536 MSSQLServerADHelper - ok
18:04:06.0937 1536 [ 834560ABEE4EAE62620F4026263AA051 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:04:06.0937 1536 Mup - ok
18:04:07.0031 1536 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120907.001\NAVENG.SYS
18:04:07.0047 1536 NAVENG - ok
18:04:07.0141 1536 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120907.001\NAVEX15.SYS
18:04:07.0187 1536 NAVEX15 - ok
18:04:07.0203 1536 [ 33739AB31D36184772AF1EE132D5C2E2 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:04:07.0219 1536 NDIS - ok
18:04:07.0250 1536 [ 888B08F81B7D8428A37439D15C27F419 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:04:07.0250 1536 NdisTapi - ok
18:04:07.0266 1536 [ 8B8E682B03483092E17AB9DFE70FEDFF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:04:07.0266 1536 Ndisuio - ok
18:04:07.0281 1536 [ 1B397EEF4614419BE5679E0209F7848B ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:04:07.0281 1536 NdisWan - ok
18:04:07.0312 1536 [ 5298ED90BBE5C5EEEDC363EED2888A25 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:04:07.0312 1536 NDProxy - ok
18:04:07.0328 1536 [ A0D5D6AE530CA78A062FC0471F1E6F78 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:04:07.0328 1536 NetBIOS - ok
18:04:07.0359 1536 [ 5CD7CCA08498EC8753B22E92D367CA11 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:04:07.0359 1536 NetBT - ok
18:04:07.0391 1536 [ 13D9A8B63A2A99A88339C0E00B702C92 ] NetDDE C:\WINDOWS\system32\netdde.exe
18:04:07.0406 1536 NetDDE - ok
18:04:07.0422 1536 [ 13D9A8B63A2A99A88339C0E00B702C92 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:04:07.0422 1536 NetDDEdsdm - ok
18:04:07.0453 1536 netflowanalyzer - ok
18:04:07.0469 1536 [ D4B61A935670C57A0DEA81B4F4A12169 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:04:07.0469 1536 Netlogon - ok
18:04:07.0484 1536 [ 12BCFB57162AD17CEA545E362CD886A8 ] Netman C:\WINDOWS\System32\netman.dll
18:04:07.0500 1536 Netman - ok
18:04:07.0531 1536 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:04:07.0531 1536 NetTcpPortSharing - ok
18:04:07.0531 1536 [ 802AB2E85621288FE716A8C91DF733FB ] nfrd960 C:\WINDOWS\system32\DRIVERS\nfrd960.sys
18:04:07.0547 1536 nfrd960 - ok
18:04:07.0578 1536 [ 9C0BF64484E9D297CB3E96DC22765A82 ] Nla C:\WINDOWS\System32\mswsock.dll
18:04:07.0578 1536 Nla - ok
18:04:07.0609 1536 [ BDA076E263A1C2BF190A3DDDD504B3EA ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
18:04:07.0609 1536 nm - ok
18:04:07.0625 1536 [ D5BB605F6DCBDFE0129670C8DE57913E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:04:07.0625 1536 Npfs - ok
18:04:07.0656 1536 [ 981756F0532439AA3A1A4AE9DA9F930E ] NtFrs C:\WINDOWS\system32\ntfrs.exe
18:04:07.0672 1536 NtFrs - ok
18:04:07.0687 1536 [ 482EA51AADB8763A0F67588C394EC693 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:04:07.0719 1536 Ntfs - ok
18:04:07.0750 1536 [ D4B61A935670C57A0DEA81B4F4A12169 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:04:07.0750 1536 NtLmSsp - ok
18:04:07.0797 1536 [ FEA5225EF80D5930B86D7A6570BCBBDF ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:04:07.0797 1536 NtmsSvc - ok
18:04:07.0812 1536 [ 5DB0EDE7AAF3A7BC9110D18C12524BE0 ] Null C:\WINDOWS\system32\drivers\Null.sys
18:04:07.0812 1536 Null - ok
18:04:07.0859 1536 [ 238114D2B9DA5A26CD4F6AA7C7687B29 ] nv_agp C:\WINDOWS\system32\DRIVERS\nv_agp.sys
18:04:07.0859 1536 nv_agp - ok
18:04:07.0875 1536 NWCWorkstation - ok
18:04:07.0891 1536 Nwsapagent - ok
18:04:07.0969 1536 [ D52FA9AF66F997057734194CD64E6A85 ] omsad C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe
18:04:07.0984 1536 omsad - ok
18:04:07.0984 1536 OpManager - ok
18:04:08.0016 1536 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:04:08.0016 1536 ose - ok
18:04:08.0078 1536 [ EE3333B36DEB86A0D472F037172DA10A ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:04:08.0078 1536 Parport - ok
18:04:08.0109 1536 [ 4EB6F7418959444A06D3C51EB81BFF04 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:04:08.0109 1536 PartMgr - ok
18:04:08.0141 1536 [ A9D29F3D7AE71B7EA721B53A0C436C66 ] Parvdm C:\WINDOWS\system32\DRIVERS\parvdm.sys
18:04:08.0141 1536 Parvdm - ok
18:04:08.0187 1536 [ 8217000E5C53CE823B3111F339E47C41 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:04:08.0187 1536 PCI - ok
18:04:08.0203 1536 [ 7E3FB50AA22D4ED883C6ABDD40E9C60B ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:04:08.0203 1536 PCIIde - ok
18:04:08.0219 1536 [ FC9F4C9C73E9698357C836BE4628A299 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:04:08.0234 1536 Pcmcia - ok
18:04:08.0250 1536 [ 3472492C0F61F4C5E5E79EE5617ACF31 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
18:04:08.0266 1536 perc2 - ok
18:04:08.0281 1536 [ F7A93284FD163F337C931863C95BDD23 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:04:08.0359 1536 perc2hib - ok
18:04:08.0391 1536 [ 1D743B0D029F9A155BCDD18227FB8CF4 ] percsas C:\WINDOWS\system32\drivers\percsas.sys
18:04:08.0391 1536 percsas - ok
18:04:08.0437 1536 [ CF500580CDD83B145646A4DCFCE1CF3C ] PlugPlay C:\WINDOWS\system32\services.exe
18:04:08.0437 1536 PlugPlay - ok
18:04:08.0453 1536 [ 75CF9DE0A67AF916ED591743DFB69694 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
18:04:08.0453 1536 Pml Driver HPZ12 - ok
18:04:08.0469 1536 [ D4B61A935670C57A0DEA81B4F4A12169 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:04:08.0469 1536 PolicyAgent - ok
18:04:08.0484 1536 [ 4454F2639BCCA93BE86A45137E427277 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:04:08.0484 1536 PptpMiniport - ok
18:04:08.0516 1536 [ D4B61A935670C57A0DEA81B4F4A12169 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:04:08.0516 1536 ProtectedStorage - ok
18:04:08.0531 1536 [ 0320FD91FB5ED4298355977CECFC0EB4 ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:04:08.0531 1536 Ptilink - ok
18:04:08.0547 1536 [ EC6AEE81F80FF7003FCB3697B057E6C7 ] QDLTx32 C:\WINDOWS\system32\DRIVERS\QDLTx32.sys
18:04:08.0547 1536 QDLTx32 - ok
18:04:08.0578 1536 [ 8485BD4C7A781FD1754FF42B1DC36A9A ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:04:08.0578 1536 ql1080 - ok
18:04:08.0609 1536 [ FE6256E7714E96DF9E8DF44A9F3DB791 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:04:08.0625 1536 Ql10wnt - ok
18:04:08.0641 1536 [ CA811EAEB772D19A8D37DB71564368F9 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:04:08.0641 1536 ql12160 - ok
18:04:08.0672 1536 [ 7E88FD1BAA8B3E6510E83A62040582D6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:04:08.0687 1536 ql1240 - ok
18:04:08.0703 1536 [ D78E91DACE023A05FAAF5EE6CE7F289C ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:04:08.0703 1536 ql1280 - ok
18:04:08.0719 1536 [ E6BDB78D0F8108487709EAD87AC848DA ] ql2100 C:\WINDOWS\system32\DRIVERS\ql2100.sys
18:04:08.0734 1536 ql2100 - ok
18:04:08.0750 1536 [ C6587711B694FEB0521AE2639307CF59 ] ql2200 C:\WINDOWS\system32\DRIVERS\ql2200.sys
18:04:08.0781 1536 ql2200 - ok
18:04:08.0828 1536 [ 5D60B4DB95D1A85FE102217F815696A3 ] ql2300 C:\WINDOWS\system32\DRIVERS\ql2300.sys
18:04:08.0859 1536 ql2300 - ok
18:04:08.0891 1536 [ BC56C5CDE66F67A4911A823163FBF16C ] QLTOx32 C:\WINDOWS\system32\DRIVERS\QLTOx32.sys
18:04:08.0891 1536 QLTOx32 - ok
18:04:08.0922 1536 [ 48EE7B6802C0306F9A66F34DB7E9EF75 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:04:08.0922 1536 RasAcd - ok
18:04:08.0953 1536 [ ED67FA5DC9CE0BFC5CCCE4296C684A57 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:04:08.0953 1536 RasAuto - ok
18:04:08.0984 1536 [ 3633175613E052ECB41776DEE2777A89 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:04:08.0984 1536 Rasl2tp - ok
18:04:09.0016 1536 [ 02BC610CC90CA5415EB2C9409E77D583 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:04:09.0016 1536 RasMan - ok
18:04:09.0047 1536 [ 59842F0A22216A71CADE6F89FE84C973 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:04:09.0047 1536 RasPppoe - ok
18:04:09.0062 1536 [ 5B11871DE804D3ED28BBDCC65FE14EDE ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:04:09.0062 1536 Raspti - ok
18:04:09.0078 1536 [ 4496B15C44CCB703FBC54F2CF5B67F15 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:04:09.0078 1536 Rdbss - ok
18:04:09.0109 1536 [ AC5BB528ECD2BEA4FF4BFF9DF9BAF749 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:04:09.0109 1536 RDPCDD - ok
18:04:09.0141 1536 [ FF678596B761E1CCBA79F49981EF51BC ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:04:09.0141 1536 rdpdr - ok
18:04:09.0172 1536 [ 28FDAB66B0378842522FA693B60B6234 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:04:09.0172 1536 RDPWD - ok
18:04:09.0203 1536 [ 81F1CF0ED96E58A391FF83F792C87F3E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:04:09.0219 1536 RDSessMgr - ok
18:04:09.0234 1536 [ C6F8751F3263603935866E71629CFAE4 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:04:09.0234 1536 redbook - ok
18:04:09.0234 1536 [ D8F172C1CA72666D8193E226DA7225F4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:04:09.0250 1536 RemoteAccess - ok
18:04:09.0281 1536 [ 55EFA91D1C0DE44C22D2D83413B06510 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:04:09.0281 1536 RemoteRegistry - ok
18:04:09.0328 1536 [ BB3E59A8FD9747B2D0819124C3ED1CBC ] Reporting C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
18:04:09.0344 1536 Reporting - ok
18:04:09.0375 1536 [ 9645EE0A9C91381A50D99BCEFD92F6CC ] ReportServer$ADVISORSASSIST C:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe
18:04:09.0391 1536 ReportServer$ADVISORSASSIST - ok
18:04:09.0406 1536 [ A83414D7A45555274E99793AA22D54AB ] RpcLocator C:\WINDOWS\system32\locator.exe
18:04:09.0422 1536 RpcLocator - ok
18:04:09.0437 1536 [ 305A8757D66B5D416B47C497C27A01FE ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:04:09.0437 1536 RpcSs - ok
18:04:09.0484 1536 [ 3357C6EDD71E73110C83F54E35ECDE4D ] RSoPProv C:\WINDOWS\system32\RSoPProv.exe
18:04:09.0484 1536 RSoPProv - ok
18:04:09.0500 1536 [ 34D79729D6E4D1289E08322405045085 ] sacdrv C:\WINDOWS\system32\drivers\sacdrv.sys
18:04:09.0516 1536 sacdrv - ok
18:04:09.0531 1536 [ 77919394900DEC12C8E65CB35D6272FE ] sacsvr C:\WINDOWS\system32\sacsvr.dll
18:04:09.0531 1536 sacsvr - ok
18:04:09.0547 1536 [ D4B61A935670C57A0DEA81B4F4A12169 ] SamSs C:\WINDOWS\system32\lsass.exe
18:04:09.0547 1536 SamSs - ok
18:04:09.0578 1536 [ EDF6B1852A55581ECC6BA18B4E2C6E8E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:04:09.0578 1536 SCardSvr - ok
18:04:09.0609 1536 [ 7E60F04AE424401A14D153CA6E851A85 ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:04:09.0609 1536 Schedule - ok
18:04:09.0625 1536 [ 2B19AFFD072B27FA3DE205E697CD68A8 ] SCSIChanger C:\WINDOWS\system32\DRIVERS\scsichng.sys
18:04:09.0625 1536 SCSIChanger - ok
18:04:09.0656 1536 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:04:09.0656 1536 Secdrv - ok
18:04:09.0687 1536 [ 03911D9A5D15A80301E767F787C0B015 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:04:09.0687 1536 seclogon - ok
18:04:09.0734 1536 [ FF96C3AB41030996FD0F596E22CF4B1B ] semsrv C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe
18:04:09.0750 1536 semsrv - ok
18:04:09.0766 1536 [ 97B6172283112AF7451E4ABE83DD6F24 ] SENS C:\WINDOWS\system32\Sens32.dll
18:04:09.0766 1536 SENS - ok
18:04:09.0797 1536 [ B261D4597BF9A2723B7020207260C72A ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:04:09.0797 1536 serenum - ok
18:04:09.0812 1536 [ 95768FDE08DD34089AA90DCCB5537704 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:04:09.0812 1536 Serial - ok
18:04:09.0891 1536 [ B5A2859FAA8D8D37D24D4F3D6E95D9C2 ] Server Administrator C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
18:04:09.0891 1536 Server Administrator - ok
18:04:09.0984 1536 [ 831826DC54FA225F0B654EF2F1E13AF9 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
18:04:09.0984 1536 Sfloppy - ok
18:04:10.0031 1536 [ 0AF6401BDBD41A8B7AED5C923B8FDF4D ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:04:10.0031 1536 ShellHWDetection - ok
18:04:10.0047 1536 Simbad - ok
18:04:10.0062 1536 [ E7A36BE30C0BD75EEEFC4099CA5429AA ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:04:10.0078 1536 sisagp - ok
18:04:10.0125 1536 [ D916A094DC3B5332CF53F50BDE0D0FAE ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
18:04:10.0156 1536 SmcService - ok
18:04:10.0187 1536 [ D3B6133B0BF6620643E5F36DE1F54AB6 ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
18:04:10.0187 1536 SNAC - ok
18:04:10.0219 1536 [ 5CE1CF27620B144E212D407CDB14D339 ] snapman380 C:\WINDOWS\system32\DRIVERS\snman380.sys
18:04:10.0234 1536 snapman380 - ok
18:04:10.0250 1536 [ E649D2345614E56249CE3F0B64849547 ] SNMP C:\WINDOWS\System32\snmp.exe
18:04:10.0250 1536 SNMP - ok
18:04:10.0266 1536 [ B2A7B19F00D6DD8671FF5EDC142C151B ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
18:04:10.0266 1536 SNMPTRAP - ok
18:04:10.0328 1536 [ D7BB213566E16BCA372E2CB517EDA907 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
18:04:10.0328 1536 SPBBCDrv - ok
18:04:10.0359 1536 [ 30B32E3127D9BBAA1E32394134718070 ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:04:10.0359 1536 Spooler - ok
18:04:10.0375 1536 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:04:10.0375 1536 SQLBrowser - ok
18:04:10.0406 1536 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:04:10.0406 1536 SQLWriter - ok
18:04:10.0422 1536 [ 522651A0E7DC6415E083317370B609CC ] SRTSP C:\WINDOWS\system32\Drivers\SRTSP.SYS
18:04:10.0422 1536 SRTSP - ok
18:04:10.0453 1536 [ 34E823B8D730099D032608FCCCBC6A25 ] SRTSPL C:\WINDOWS\system32\Drivers\SRTSPL.SYS
18:04:10.0453 1536 SRTSPL - ok
18:04:10.0469 1536 [ 469006E15F5B0FE8AE94184A18A81586 ] SRTSPX C:\WINDOWS\system32\Drivers\SRTSPX.SYS
18:04:10.0469 1536 SRTSPX - ok
18:04:10.0500 1536 [ E8B1A07774A9E4FEC3105CBAD49BF289 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:04:10.0500 1536 Srv - ok
18:04:10.0516 1536 [ 0DF3C24094F68A5E5FA77A681E438A46 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:04:10.0531 1536 stisvc - ok
18:04:10.0547 1536 [ 93965919785102BA847545AB460CE2DF ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:04:10.0547 1536 swenum - ok
18:04:10.0578 1536 [ 0BA2F4D23D62F7475A70D1988142D6BD ] swprv C:\WINDOWS\System32\swprv.dll
18:04:10.0594 1536 swprv - ok
18:04:10.0641 1536 [ DD10CB8AA990F89091BC267370FD0843 ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
18:04:10.0687 1536 Symantec AntiVirus - ok
18:04:10.0687 1536 [ 3D05BFDAEF2D2D7EED998BA126FB3466 ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
18:04:10.0703 1536 symc810 - ok
18:04:10.0719 1536 [ 57F992062E8FF2D37572EC5823F956E7 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:04:10.0719 1536 symc8xx - ok
18:04:10.0766 1536 [ E03EE3EF1037099554D17BED99545A5E ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:04:10.0766 1536 SymEvent - ok
18:04:10.0781 1536 [ 868204832E011E2D64281D7EABEE572E ] symmpi C:\WINDOWS\system32\DRIVERS\symmpi.sys
18:04:10.0797 1536 symmpi - ok
18:04:10.0844 1536 [ 1FBDDF0DC4583922C904195823EBD795 ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:04:10.0859 1536 sym_hi - ok
18:04:10.0875 1536 [ EBD31469527AFA05814B3D1A140C24E2 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:04:10.0891 1536 sym_u3 - ok
18:04:10.0906 1536 [ CC8610D2FFAFF19D5C9CF8CE9FFAD71A ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:04:10.0906 1536 SysmonLog - ok
18:04:10.0953 1536 [ CE1FCAF92F06BB8549C9E1B8605B90CC ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:04:10.0953 1536 TapiSrv - ok
18:04:10.0969 1536 [ 238DC2B879D1B37B91F8D5D44F3815D3 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:04:10.0984 1536 Tcpip - ok
18:04:11.0000 1536 [ 45D49FB800463DE84D1CC2E231319AD5 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:04:11.0000 1536 TDPIPE - ok
18:04:11.0016 1536 [ D7C31008DE209B8B11CED207580E9C91 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:04:11.0016 1536 TDTCP - ok
18:04:11.0047 1536 [ DD0C015ABED0A6D8A91A5A221A001014 ] TeamViewer C:\Program Files\TeamViewer3\TeamViewer_Service.exe
18:04:11.0047 1536 TeamViewer - ok
18:04:11.0062 1536 [ A01E46FFF445A38D35DB188C5458582C ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:04:11.0062 1536 TermDD - ok
18:04:11.0078 1536 [ 5F0BD29CBD95465A3AA3CA319BC591A9 ] TermService C:\WINDOWS\System32\termsrv.dll
18:04:11.0094 1536 TermService - ok
18:04:11.0109 1536 [ BC18BEE62E7AEC10B33C149CA3B64EAE ] TermServLicensing C:\WINDOWS\system32\lserver.exe
18:04:11.0125 1536 TermServLicensing - ok
18:04:11.0156 1536 [ E52011FFE8E8947078AC797DF216E5A6 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
18:04:11.0156 1536 tifsfilter - ok
18:04:11.0172 1536 [ F644B9EBA05806EB5D6F2A8716CE0EEE ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
18:04:11.0172 1536 timounter - ok
18:04:11.0187 1536 [ FE7FF05A90C1A24855B1CDC066B959E0 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:04:11.0203 1536 TlntSvr - ok
18:04:11.0234 1536 [ D5A95A19CA6E79633AFDE86FB8D039FD ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
18:04:11.0250 1536 TosIde - ok
18:04:11.0266 1536 [ E21DFFCA5DCB3414BF59433E7288D15B ] tpfilter C:\WINDOWS\System32\Drivers\tpfilter.sys
18:04:11.0266 1536 tpfilter - ok
18:04:11.0281 1536 [ 671FC35E995FFDBCED00202771C6D169 ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:04:11.0281 1536 TrkWks - ok
18:04:11.0312 1536 [ 43992245309838EACD05506B474985E5 ] Tssdis C:\WINDOWS\System32\tssdis.exe
18:04:11.0328 1536 Tssdis - ok
18:04:11.0344 1536 [ C26024265A7523312A5D06FC33AA57AA ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:04:11.0359 1536 Udfs - ok
18:04:11.0375 1536 [ CBA54E96B4F5BA978B325AE4CC58D392 ] uliagpkx C:\WINDOWS\system32\DRIVERS\uliagpkx.sys
18:04:11.0391 1536 uliagpkx - ok
18:04:11.0406 1536 [ B4BFEE4AE295853065F1695A196D9790 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
18:04:11.0406 1536 ultra - ok
18:04:11.0437 1536 [ 997FE835C85D0FB0501DF6664D6FD072 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
18:04:11.0437 1536 UMWdf - ok
18:04:11.0484 1536 [ 4847639D852763EE39415C929470F672 ] UnlockerDriver5 D:\Program Files\Unlocker\UnlockerDriver5.sys
18:04:11.0484 1536 UnlockerDriver5 - ok
18:04:11.0500 1536 [ B0E133858E63940755B496761834F334 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:04:11.0500 1536 Update - ok
18:04:11.0531 1536 [ 92C3A632E963A8224FE62AA37C9508F6 ] UPS C:\WINDOWS\System32\ups.exe
18:04:11.0531 1536 UPS - ok
18:04:11.0547 1536 [ 185959A7FCCFD38AA71A274AE6252B88 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:04:11.0547 1536 usbccgp - ok
18:04:11.0562 1536 [ 9DD4ABA9462938734BCBF51D8669C884 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:04:11.0562 1536 usbehci - ok
18:04:11.0594 1536 [ 17859937740BC0D422FE71A588D6DDF7 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:04:11.0594 1536 usbhub - ok
18:04:11.0609 1536 [ 910B3B46DA0FB5520988F351D0719342 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:04:11.0609 1536 usbohci - ok
18:04:11.0609 1536 [ D0740FF9F7E819486E88096826B4DC37 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:04:11.0609 1536 USBSTOR - ok
18:04:11.0641 1536 [ CBD3053337BB475F442A892EDF671312 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:04:11.0641 1536 usbuhci - ok
18:04:11.0672 1536 [ 5CE9331DC4C9E3B1FA4AAEF1B212701F ] vds C:\WINDOWS\System32\vds.exe
18:04:11.0672 1536 vds - ok
18:04:11.0703 1536 [ 2EB062B434792BB6BB614F107DD3A5CF ] vga C:\WINDOWS\system32\DRIVERS\vgapnp.sys
18:04:11.0719 1536 vga - ok
18:04:11.0719 1536 [ 062FBC10147FD837D819F94AA394E661 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:04:11.0719 1536 VgaSave - ok
18:04:11.0766 1536 [ 8F411DF1FC53E2F8581F125B40674EE1 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:04:11.0766 1536 viaagp - ok
18:04:11.0797 1536 [ 19A9A290823D0FDF7316440922DA175E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
18:04:11.0812 1536 ViaIde - ok
18:04:11.0844 1536 [ EA59BE46EE97C0A9C328709CAF8514CB ] VirtFile C:\WINDOWS\system32\DRIVERS\VirtFile.sys
18:04:11.0844 1536 VirtFile - ok
18:04:11.0875 1536 [ 45AE67C387A640EC6E228F30D421F088 ] VolSnap C:\WINDOWS\system32\DRIVERS\volsnap.sys
18:04:11.0875 1536 VolSnap - ok
18:04:11.0953 1536 [ 74A6820792E5BCA5EE4D0CC4595C6916 ] VSS C:\WINDOWS\System32\vssvc.exe
18:04:12.0016 1536 VSS - ok
18:04:12.0031 1536 [ 42CDAE64DA5BEABB51C0C0F613658545 ] W32Time C:\WINDOWS\system32\w32time.dll
18:04:12.0047 1536 W32Time - ok
18:04:12.0094 1536 [ DB0E023EE673896AD1780ACAD3BAB393 ] W3SVC C:\WINDOWS\system32\inetsrv\iisw3adm.dll
18:04:12.0094 1536 W3SVC - ok
18:04:12.0141 1536 [ CE030B1D05A01FA012D32F2D25676B1C ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:04:12.0141 1536 Wanarp - ok
18:04:12.0156 1536 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:04:12.0172 1536 Wdf01000 - ok
18:04:12.0172 1536 WDICA - ok
18:04:12.0203 1536 [ 6F66E66AB1C25C0BD363F2252DB04360 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:04:12.0266 1536 WebClient - ok
18:04:12.0312 1536 [ 52B7C88EE18C31AEA1078671CAEC5FED ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
18:04:12.0312 1536 Wecsvc - ok
18:04:12.0328 1536 [ 5CC011033B758376B6CDF0487649547E ] WGX C:\WINDOWS\system32\Drivers\WGX.SYS
18:04:12.0328 1536 WGX - ok
18:04:12.0359 1536 [ DDB6B2D33BB299664F1470ED4E83C389 ] Winachcf C:\WINDOWS\system32\DRIVERS\winachcf.sys
18:04:12.0359 1536 Winachcf - ok
18:04:12.0391 1536 [ F8D5B9C1A26C933B9EA7740BAB35BCF5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:04:12.0391 1536 winmgmt - ok
18:04:12.0437 1536 [ CE2D930B9B80F16EA0BF7C177B5F4F2D ] WinRM C:\WINDOWS\system32\WsmSvc.dll
18:04:12.0453 1536 WinRM - ok
18:04:12.0453 1536 WINS - ok
18:04:12.0516 1536 [ D346E2F289F23E557DDFB9132D1DAB35 ] WLBS C:\WINDOWS\system32\DRIVERS\wlbs.sys
18:04:12.0516 1536 WLBS - ok
18:04:12.0531 1536 [ 4D32F7BDBF325792AE28D5380DDF6BCF ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
18:04:12.0531 1536 WmdmPmSN - ok
18:04:12.0547 1536 WmdmPmSp - ok
18:04:12.0594 1536 [ 2085B957FB56927A8F3768DE740612C4 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:04:12.0609 1536 Wmi - ok
18:04:12.0641 1536 [ 796D30C693F7B8A717499A9ABEB3AF39 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:04:12.0641 1536 WmiApSrv - ok
18:04:12.0703 1536 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:04:12.0703 1536 WPFFontCache_v0400 - ok
18:04:12.0781 1536 [ 996CEC79B1662044E8462E130A65739E ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:04:12.0781 1536 wuauserv - ok
18:04:12.0859 1536 [ E21B2D0A0D4AB1D2441FE9FCC961C392 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:04:12.0891 1536 WZCSVC - ok
18:04:12.0938 1536 [ C5B83F9A09A3EBFE8A931472F6DA4E38 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:04:12.0938 1536 xmlprov - ok
18:04:12.0969 1536 ================ Scan global ===============================
18:04:13.0000 1536 [ CF34734715FAADCF38BFDAA9E65DCC57 ] C:\WINDOWS\system32\basesrv.dll
18:04:13.0047 1536 [ 829491617349A73A68A4BAD75C4E7AE2 ] C:\WINDOWS\system32\winsrv.dll
18:04:13.0063 1536 [ 829491617349A73A68A4BAD75C4E7AE2 ] C:\WINDOWS\system32\winsrv.dll
18:04:13.0094 1536 [ CF500580CDD83B145646A4DCFCE1CF3C ] C:\WINDOWS\system32\services.exe
18:04:13.0094 1536 [Global] - ok
18:04:13.0094 1536 ================ Scan MBR ==================================
18:04:13.0109 1536 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:04:13.0984 1536 \Device\Harddisk0\DR0 - ok
18:04:13.0984 1536 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
18:04:14.0219 1536 \Device\Harddisk1\DR1 - ok
18:04:14.0219 1536 ================ Scan VBR ==================================
18:04:14.0219 1536 [ DA0379EBBD88DF8D3DD5245BF22E023B ] \Device\Harddisk0\DR0\Partition1
18:04:14.0219 1536 \Device\Harddisk0\DR0\Partition1 - ok
18:04:14.0219 1536 [ 408532AB54C9145E49C4E9A1D99BA6C8 ] \Device\Harddisk1\DR1\Partition1
18:04:14.0219 1536 \Device\Harddisk1\DR1\Partition1 - ok
18:04:14.0219 1536 ============================================================
18:04:14.0219 1536 Scan finished
18:04:14.0219 1536 ============================================================
18:04:14.0234 2972 Detected object count: 0
18:04:14.0234 2972 Actual detected object count: 0
18:14:17.0933 5576 Deinitialize success
#101
Posted 07 September 2012 - 07:26 PM
rahanna
- Topic Starter
-
- Member
-
- 96 posts
Member
Ron ...
Here are the results of the TDSKiller 2nd scan after changing the parameters ...
18:17:00.0858 1216 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:17:02.0546 1216 ============================================================
18:17:02.0546 1216 Current date / time: 2012/09/07 18:17:02.0546
18:17:02.0546 1216 SystemInfo:
18:17:02.0546 1216
18:17:02.0546 1216 OS Version: 5.2.3790 ServicePack: 2.0
18:17:02.0546 1216 Product type: Domain controller
18:17:02.0546 1216 ComputerName: ST-SERVER
18:17:02.0546 1216 UserName: st_admin
18:17:02.0546 1216 Windows directory: C:\WINDOWS
18:17:02.0546 1216 System windows directory: C:\WINDOWS
18:17:02.0546 1216 Processor architecture: Intel x86
18:17:02.0546 1216 Number of processors: 2
18:17:02.0546 1216 Page size: 0x1000
18:17:02.0546 1216 Boot type: Normal boot
18:17:02.0546 1216 ============================================================
18:17:09.0546 1216 Drive \Device\Harddisk0\DR0 - Size: 0x21E0000000 (135.50 Gb), SectorSize: 0x200, Cylinders: 0x4518, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:17:09.0562 1216 Drive \Device\Harddisk1\DR1 - Size: 0x8820000000 (544.50 Gb), SectorSize: 0x200, Cylinders: 0x115A7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:17:09.0562 1216 ============================================================
18:17:09.0562 1216 \Device\Harddisk0\DR0:
18:17:09.0577 1216 MBR partitions:
18:17:09.0577 1216 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x10ED34CD
18:17:09.0593 1216 \Device\Harddisk1\DR1:
18:17:09.0593 1216 MBR partitions:
18:17:09.0593 1216 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x440FC4A8
18:17:09.0593 1216 ============================================================
18:17:09.0702 1216 C: <-> \Device\Harddisk0\DR0\Partition1
18:17:09.0734 1216 D: <-> \Device\Harddisk1\DR1\Partition1
18:17:09.0734 1216 ============================================================
18:17:09.0734 1216 Initialize success
18:17:09.0734 1216 ============================================================
18:19:41.0471 5824 ============================================================
18:19:41.0471 5824 Scan started
18:19:41.0471 5824 Mode: Manual; SigCheck; TDLFS;
18:19:41.0471 5824 ============================================================
18:19:45.0377 5824 ================ Scan system memory ========================
18:19:58.0534 5824 System memory - ok
18:19:58.0534 5824 ================ Scan services =============================
18:19:58.0628 5824 [ E1C38CAB3C1CCAE77DB139988902F639 ] AAService C:\Program Files\Client Marketing Systems\Advisors Assistant Server Component\AASCServer.exe
18:20:00.0096 5824 AAService ( UnsignedFile.Multi.Generic ) - warning
18:20:00.0096 5824 AAService - detected UnsignedFile.Multi.Generic (1)
18:20:00.0456 5824 Abiosdsk - ok
18:20:00.0471 5824 [ A0A850BAC6F8A88AD0FC964C6BEA170D ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:20:01.0331 5824 ACPI - ok
18:20:01.0362 5824 [ 043C89CC533FF546D835CB998B95B198 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:20:01.0549 5824 ACPIEC - ok
18:20:01.0565 5824 Acronis VSS Provider - ok
18:20:01.0643 5824 [ BA73574247E4F3F50A19C9B09D1F759B ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
18:20:02.0018 5824 AcrSch2Svc - ok
18:20:02.0096 5824 [ BBE35985C5E9E5ED87B8C1DAD5B7D725 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:20:02.0221 5824 adpu160m - ok
18:20:02.0237 5824 [ 5A23754571BBFA93564C04E7A20B1762 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys
18:20:02.0362 5824 adpu320 - ok
18:20:02.0378 5824 [ D01968EDEBF1DC11E4C93517C98CDF7C ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
18:20:02.0487 5824 AeLookupSvc - ok
18:20:02.0503 5824 [ 2DAD567D6C05B12DB4567860A6256AC2 ] afcnt C:\WINDOWS\system32\DRIVERS\afcnt.sys
18:20:02.0581 5824 afcnt - ok
18:20:02.0612 5824 [ 317E75D96065AC6AF5EF8857CE2E399B ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:20:02.0706 5824 AFD - ok
18:20:02.0721 5824 [ B9985042687A43685FC64B282B627653 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
18:20:02.0831 5824 agp440 - ok
18:20:02.0846 5824 [ 4139C312858D6050489ADE2984CEB648 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:20:02.0940 5824 agpCPQ - ok
18:20:02.0971 5824 [ B06E2A2A7CEB0EF894520CAFC2F1FEAF ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:20:03.0190 5824 aic78u2 - ok
18:20:03.0237 5824 [ EC7D7F96E97BAD83A0B8A96969D19F2D ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:20:03.0378 5824 aic78xx - ok
18:20:03.0409 5824 [ 055318E373B45AD6C3F518732809EF4E ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:20:06.0128 5824 Alerter - ok
18:20:06.0159 5824 [ 8E89CB0283D7DED092D76AE53D123C40 ] ALG C:\WINDOWS\System32\alg.exe
18:20:06.0456 5824 ALG - ok
18:20:06.0471 5824 [ 4790A743B00358C186E19F6B49791D6A ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
18:20:06.0565 5824 AliIde - ok
18:20:06.0596 5824 [ 91B0A16EF9FC504865A94BBDB4623A1F ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:20:06.0706 5824 alim1541 - ok
18:20:06.0737 5824 [ 557EAEA1343554571456DC363FEED2EE ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:20:06.0846 5824 amdagp - ok
18:20:06.0878 5824 [ D175D3C400A412B9CB2095E452AFBBB0 ] AmdIde C:\WINDOWS\system32\DRIVERS\amdide.sys
18:20:06.0987 5824 AmdIde - ok
18:20:07.0003 5824 [ 8A5AD4CFE2D84371ABADFCF9E21954F6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:20:07.0128 5824 AppMgmt - ok
18:20:07.0143 5824 [ A9C7273645A06A01AC2CA070D7D7EC87 ] arc C:\WINDOWS\system32\DRIVERS\arc.sys
18:20:07.0237 5824 arc - ok
18:20:07.0315 5824 ASANYs_sem5 - ok
18:20:07.0456 5824 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:20:07.0596 5824 aspnet_state - ok
18:20:07.0643 5824 [ A35B971F631D4DFDEB68D71E770D2CE9 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:20:07.0753 5824 AsyncMac - ok
18:20:07.0800 5824 [ FF953A8F08CA3F822127654375786BBE ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:20:07.0909 5824 atapi - ok
18:20:07.0909 5824 Atdisk - ok
18:20:07.0925 5824 [ 8032016269422141C762552D5836D7AD ] ati2mpad C:\WINDOWS\system32\DRIVERS\ati2mpad.sys
18:20:08.0096 5824 ati2mpad - ok
18:20:08.0175 5824 [ 42B40211F0EAF6A08E943FE2848CA24E ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:20:08.0393 5824 ati2mtag - ok
18:20:08.0409 5824 [ D12DAD5032285343CE3AA4906F661181 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:20:08.0518 5824 Atmarpc - ok
18:20:08.0534 5824 [ 754A448D5B87CBEDE41A0F0E0B237B03 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:20:08.0643 5824 AudioSrv - ok
18:20:08.0659 5824 [ 5BFD980C2107D88101D1DC14055526FC ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:20:08.0768 5824 audstub - ok
18:20:08.0784 5824 [ 781CB2EF3AFECEED195A56D9E5EFD718 ] b06bdrv C:\WINDOWS\system32\DRIVERS\bxvbdx.sys
18:20:09.0534 5824 b06bdrv - ok
18:20:09.0675 5824 [ 339272D067A028A19683EDED9481D84A ] BackupExecAgentAccelerator D:\Program Files\Symantec\Backup Exec\beremote.exe
18:20:10.0253 5824 BackupExecAgentAccelerator - ok
18:20:10.0268 5824 [ BD23400D1D8C00E8C3EC9326C3ABAEC7 ] BackupExecAgentBrowser D:\Program Files\Symantec\Backup Exec\benetns.exe
18:20:10.0409 5824 BackupExecAgentBrowser - ok
18:20:10.0440 5824 [ CFF9DE03B1FBDCBE63E6826EAB15094B ] BackupExecDeviceMediaService D:\Program Files\Symantec\Backup Exec\pvlsvr.exe
18:20:11.0300 5824 BackupExecDeviceMediaService - ok
18:20:11.0347 5824 [ 3C25A77B01A571DDFAFC88586BF55DCA ] BackupExecJobEngine D:\Program Files\Symantec\Backup Exec\bengine.exe
18:20:12.0175 5824 BackupExecJobEngine - ok
18:20:12.0253 5824 [ 5A315C37D09EF52526437A63B4118574 ] BackupExecRPCService D:\Program Files\Symantec\Backup Exec\beserver.exe
18:20:15.0737 5824 BackupExecRPCService - ok
18:20:15.0784 5824 [ 5C68AC6F3E5B3E6D6A78E97D05E42C3A ] BASFND C:\Program Files\Broadcom\SNMP\BASFND.sys
18:20:15.0862 5824 BASFND ( UnsignedFile.Multi.Generic ) - warning
18:20:15.0862 5824 BASFND - detected UnsignedFile.Multi.Generic (1)
18:20:15.0909 5824 [ 99572503E15A3D10239B7B9887CBAF89 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:20:16.0050 5824 Beep - ok
18:20:16.0065 5824 [ 9D7A318B2C7AE51E9D5374F8EEDE856C ] BITS C:\WINDOWS\system32\qmgr.dll
18:20:16.0300 5824 BITS - ok
18:20:16.0315 5824 [ 083CEFF111E13E0A5464FFF22C3FAD37 ] Blfp C:\WINDOWS\system32\DRIVERS\baspxp32.sys
18:20:16.0347 5824 Blfp - ok
18:20:16.0393 5824 [ 5251A868FB1C6C8B774DA42F3C107C82 ] Browser C:\WINDOWS\System32\browser.dll
18:20:16.0425 5824 Browser - ok
18:20:16.0440 5824 [ 1342877DE604A5A6BFF986E288E3A8A7 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:20:16.0550 5824 cbidf - ok
18:20:16.0565 5824 [ 1342877DE604A5A6BFF986E288E3A8A7 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:20:16.0690 5824 cbidf2k - ok
18:20:16.0722 5824 [ 4AA730BB7B79B7BA70B1E30ACF97D6AB ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
18:20:16.0800 5824 ccEvtMgr - ok
18:20:16.0831 5824 [ 4AA730BB7B79B7BA70B1E30ACF97D6AB ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
18:20:16.0878 5824 ccSetMgr - ok
18:20:16.0894 5824 [ 431D1B3DC3DE617DA27055C87B424A21 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:20:16.0956 5824 cd20xrnt - ok
18:20:16.0987 5824 [ E6D72780C957B69C48BFC66BC3ECDAD4 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:20:17.0097 5824 Cdfs - ok
18:20:17.0128 5824 [ 825AA877A852ECC731FA0C39C8C37744 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:20:17.0237 5824 Cdrom - ok
18:20:17.0253 5824 Changer - ok
18:20:17.0284 5824 [ 934EE973E9EE6AC414E9A0F07AB73D6E ] cisvc C:\WINDOWS\system32\cisvc.exe
18:20:17.0378 5824 cisvc - ok
18:20:17.0409 5824 [ E53196BA56081F154E2D7A9E50A1D33F ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:20:17.0503 5824 ClipSrv - ok
18:20:17.0565 5824 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:20:17.0675 5824 clr_optimization_v2.0.50727_32 - ok
18:20:17.0706 5824 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:20:17.0862 5824 clr_optimization_v4.0.30319_32 - ok
18:20:17.0894 5824 [ 54308CDF97622FAE1620BB1EC39EF014 ] ClusDisk C:\WINDOWS\system32\DRIVERS\ClusDisk.sys
18:20:18.0019 5824 ClusDisk - ok
18:20:18.0081 5824 [ C40FB2610969B282CB0873CA8030A884 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:20:18.0190 5824 CmdIde - ok
18:20:18.0206 5824 COMSysApp - ok
18:20:18.0222 5824 [ 126D049A6E6B6CB8DF1C69D3E2A8C0C4 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:20:18.0331 5824 Cpqarray - ok
18:20:18.0347 5824 [ D31CB94A4ACAD58ABB6CF74B7EF1CE1F ] cpqarry2 C:\WINDOWS\system32\DRIVERS\cpqarry2.sys
18:20:18.0409 5824 cpqarry2 - ok
18:20:18.0456 5824 [ 0C5DCC2DF112B7352B9427D943CF56BC ] cpqcissm C:\WINDOWS\system32\DRIVERS\cpqcissm.sys
18:20:18.0565 5824 cpqcissm - ok
18:20:18.0581 5824 [ FED86C9F250FC641B37C933E4C214A8A ] cpqfcalm C:\WINDOWS\system32\DRIVERS\cpqfcalm.sys
18:20:18.0644 5824 cpqfcalm - ok
18:20:18.0690 5824 cpuz133 - ok
18:20:18.0690 5824 [ 0EE27D9DBB208C13314F3C60F66AED26 ] crcdisk C:\WINDOWS\system32\DRIVERS\crcdisk.sys
18:20:18.0815 5824 crcdisk - ok
18:20:18.0831 5824 [ FEB85DA744DD3F41A427CF6D2BC04FE4 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:20:18.0940 5824 CryptSvc - ok
18:20:18.0956 5824 [ 8CE90C5C311592273AB0FB39A2D23896 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:20:19.0144 5824 dac2w2k - ok
18:20:19.0175 5824 [ 19B8202934B660C4EC2E64354437A854 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:20:19.0284 5824 dac960nt - ok
18:20:19.0315 5824 [ 2E1499B98177D93552E8971E63F01E9A ] dcdbas C:\WINDOWS\system32\DRIVERS\dcdbas32.sys
18:20:19.0331 5824 dcdbas - ok
18:20:19.0378 5824 [ 0DD50B633418EA7A463C1F9A4046A20C ] dcevt32 C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
18:20:19.0503 5824 dcevt32 - ok
18:20:19.0534 5824 [ 305A8757D66B5D416B47C497C27A01FE ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:20:19.0753 5824 DcomLaunch - ok
18:20:19.0769 5824 [ 82AA01CCE9E5DD89DF26700BD1EDD36F ] dcstor32 C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
18:20:19.0878 5824 dcstor32 - ok
18:20:19.0894 5824 [ 264E592A99801B682C98984588A7D7B5 ] dellcerc C:\WINDOWS\system32\DRIVERS\dellcerc.sys
18:20:20.0003 5824 dellcerc - ok
18:20:20.0019 5824 [ 6217AA084EF7E052F3B5D7C3F67F68AF ] Dfs C:\WINDOWS\system32\Dfssvc.exe
18:20:20.0128 5824 Dfs - ok
18:20:20.0144 5824 [ 444726B01C31D29C70E60F7C35DE43E5 ] DfsDriver C:\WINDOWS\system32\drivers\Dfs.sys
18:20:20.0253 5824 DfsDriver - ok
18:20:20.0269 5824 [ 1201DF9A11FBB0F69EBD22E503D3BC87 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:20:20.0378 5824 Dhcp - ok
18:20:20.0394 5824 [ E0BE3E7F71415351F90AF4CE21ED9DD7 ] DHCPServer C:\WINDOWS\system32\tcpsvcs.exe
18:20:20.0503 5824 DHCPServer - ok
18:20:20.0519 5824 [ 98433302C02F1168EFB7364F8111A179 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:20:20.0628 5824 Disk - ok
18:20:20.0644 5824 dmadmin - ok
18:20:20.0659 5824 [ 89FA376D83042F6F1AED505106A5719D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:20:20.0769 5824 dmboot - ok
18:20:20.0784 5824 [ 15081421EE62DC1C95ABB387D9081571 ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
18:20:20.0894 5824 dmio - ok
18:20:20.0940 5824 [ 3D9BFA13B6F1CD2D91C50C52B32E91A2 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:20:21.0190 5824 dmload - ok
18:20:21.0237 5824 [ 78A11666307820AF94B5712D53DECC55 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:20:21.0347 5824 dmserver - ok
18:20:21.0378 5824 [ A2023CCDF44AFDB476AD310A42444DEC ] DNS C:\WINDOWS\System32\dns.exe
18:20:23.0925 5824 DNS - ok
18:20:23.0956 5824 [ E927F3B46F85D934C8F420FE08593D1B ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:20:23.0972 5824 Dnscache - ok
18:20:24.0003 5824 [ 110406BC22A72E2DCBB0A86E0542AB1C ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:20:24.0097 5824 dpti2o - ok
18:20:24.0128 5824 [ 383182215A2C238E76B86E3B5EDE40EB ] DwMirror C:\WINDOWS\system32\DRIVERS\DamewareMini.sys
18:20:24.0159 5824 DwMirror - ok
18:20:24.0175 5824 DWMRCS - ok
18:20:24.0206 5824 [ 5A402C57F621114C99F813C6AE7BC37A ] dwvkbd C:\WINDOWS\system32\DRIVERS\dwvkbd.sys
18:20:24.0237 5824 dwvkbd - ok
18:20:24.0284 5824 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:20:24.0503 5824 eeCtrl - ok
18:20:24.0519 5824 elxstor - ok
18:20:24.0534 5824 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:20:24.0597 5824 EraserUtilRebootDrv - ok
18:20:24.0753 5824 [ 6F09AE902663735B6BD24198D25F453A ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:20:24.0878 5824 ERSvc - ok
18:20:24.0894 5824 [ CF500580CDD83B145646A4DCFCE1CF3C ] Eventlog C:\WINDOWS\system32\services.exe
18:20:24.0925 5824 Eventlog - ok
18:20:24.0956 5824 [ C17C56E91045E14DF45D62DD89AED50C ] EventSystem C:\WINDOWS\system32\es.dll
18:20:24.0972 5824 EventSystem - ok
18:20:24.0987 5824 [ E792A18ABDC32286212DCE8E75BAA124 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:20:25.0112 5824 Fastfat - ok
18:20:25.0144 5824 [ 5090CD3F6AB1D71AD507953CFF556EA9 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:20:25.0237 5824 Fdc - ok
18:20:25.0284 5824 [ B485AC2EDC466C538BDFF32BC3F2E506 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:20:25.0394 5824 Fips - ok
18:20:25.0409 5824 [ C621A51F415419A3145A5939ABDE39FA ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:20:25.0503 5824 Flpydisk - ok
18:20:25.0534 5824 [ F978277EF786532195CDD9F88E908632 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:20:25.0628 5824 FltMgr - ok
18:20:25.0675 5824 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:20:25.0753 5824 FontCache3.0.0.0 - ok
18:20:25.0784 5824 [ AEBFF3D810B74971B91B2B77B289A98B ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:20:25.0878 5824 Fs_Rec - ok
18:20:25.0894 5824 [ 4C533B70AFA917416AEC57FCBEECB57D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:20:25.0987 5824 Ftdisk - ok
18:20:26.0003 5824 [ 30B1653A955F548352024A5FEE203CC3 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:20:26.0191 5824 Gpc - ok
18:20:26.0237 5824 [ 4CCAD1B9C65695CC6006093E02CBA50D ] halfinchVRTS C:\WINDOWS\system32\DRIVERS\halfinch.sys
18:20:26.0347 5824 halfinchVRTS - ok
18:20:26.0409 5824 [ 90A325E14F9B95F17712707B1A7181B5 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:20:26.0503 5824 HidUsb - ok
18:20:26.0831 5824 [ C9A96F4D46767E65042E7B6C531FB526 ] HP Port Resolver C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
18:20:26.0894 5824 HP Port Resolver - ok
18:20:26.0909 5824 [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
18:20:26.0956 5824 HP Status Server - ok
18:20:27.0003 5824 [ 8A445379D6E73731A6A37318DBB0C880 ] hpcisss C:\WINDOWS\system32\DRIVERS\hpcisss.sys
18:20:27.0128 5824 hpcisss - ok
18:20:27.0144 5824 [ CF54B5F4192FA5F669D13EE700FC9DCE ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
18:20:27.0237 5824 hpn - ok
18:20:27.0253 5824 [ D3704DA43183412DFA0DC1F31051D447 ] hpt3xx C:\WINDOWS\system32\DRIVERS\hpt3xx.sys
18:20:27.0347 5824 hpt3xx - ok
18:20:27.0378 5824 [ 7A5D176C4B43F0A47DA4051C96C56439 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:20:27.0394 5824 HTTP - ok
18:20:27.0409 5824 [ D4B61A935670C57A0DEA81B4F4A12169 ] HTTPFilter C:\WINDOWS\System32\lsass.exe
18:20:27.0503 5824 HTTPFilter - ok
18:20:27.0519 5824 [ F198C5BA41CD0F3983DDAD09EAF77300 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
18:20:27.0612 5824 i2omgmt - ok
18:20:27.0644 5824 [ 615395FC46EEEA7E7E822D4BE8006862 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:20:27.0753 5824 i2omp - ok
18:20:27.0769 5824 [ 68E8FF9EEAF8B37A66CAC2C57835FFBD ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:20:27.0862 5824 i8042prt - ok
18:20:27.0878 5824 Ias - ok
18:20:27.0925 5824 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:20:28.0144 5824 idsvc - ok
18:20:28.0175 5824 [ AA9AB3B793401463BB938ADEF5FA8266 ] iirsp C:\WINDOWS\system32\DRIVERS\iirsp.sys
18:20:28.0269 5824 iirsp - ok
18:20:28.0300 5824 [ 58AC18BC908A78FBA5430D23066D183A ] IISADMIN C:\WINDOWS\system32\inetsrv\inetinfo.exe
18:20:28.0394 5824 IISADMIN - ok
18:20:28.0409 5824 [ 44C132B35921B54B4A9AC64369D86D83 ] imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:20:28.0503 5824 imapi - ok
18:20:28.0519 5824 [ 5DA3013244229422C9CBD91A16A477C4 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:20:28.0612 5824 ImapiService - ok
18:20:28.0675 5824 [ 1690A4BE249BA6195BA7258943CADA58 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
18:20:28.0784 5824 IntelIde - ok
18:20:28.0816 5824 [ 7D7575B971B3A0FE26FAC6F5D58F5180 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:20:28.0925 5824 intelppm - ok
18:20:28.0941 5824 [ D7E7E7898A05C53DD862B49828747C1E ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:20:29.0081 5824 Ip6Fw - ok
18:20:29.0097 5824 [ 5A41F207B7C39EE4918F7496A4F19B14 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:20:29.0206 5824 IpFilterDriver - ok
18:20:29.0222 5824 [ 890E7A14A63AEC2EA9257A79A88BE784 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:20:29.0316 5824 IpNat - ok
18:20:29.0316 5824 Iprip - ok
18:20:29.0347 5824 [ 1A9AEAC49683B32DF55B7FB1516F3028 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:20:29.0472 5824 IPSec - ok
18:20:29.0503 5824 [ C8594550880B16A31C99EC42B106E14F ] ipsraidn C:\WINDOWS\system32\DRIVERS\ipsraidn.sys
18:20:29.0613 5824 ipsraidn - ok
18:20:29.0628 5824 [ 11407EE682A2D5B0248DE8AF0F1A6996 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:20:30.0706 5824 IRENUM - ok
18:20:30.0738 5824 Irmon - ok
18:20:30.0753 5824 [ B71BA04A3B5D4404225CCDBF1969078F ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:20:30.0863 5824 isapnp - ok
18:20:30.0878 5824 [ 1B1A2084540CC1F2E9A297A263D69D23 ] IsmServ C:\WINDOWS\System32\ismserv.exe
18:20:30.0988 5824 IsmServ - ok
18:20:31.0050 5824 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
18:20:31.0159 5824 JavaQuickStarterService - ok
18:20:31.0159 5824 [ E5097A07E14F36ABC21FA18D88F93655 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:20:31.0269 5824 Kbdclass - ok
18:20:31.0316 5824 [ 665F2AE9286DBB05B045CCC02F7BC2F8 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:20:31.0425 5824 kbdhid - ok
18:20:31.0441 5824 [ D4B61A935670C57A0DEA81B4F4A12169 ] kdc C:\WINDOWS\System32\lsass.exe
18:20:31.0534 5824 kdc - ok
18:20:31.0566 5824 [ 7516B5F53A258BF152901554A005B7C4 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:20:31.0581 5824 KSecDD - ok
18:20:31.0613 5824 [ 836EF0055FE63FAD9BD2B899014F9631 ] l2nd C:\WINDOWS\system32\DRIVERS\bxnd52x.sys
18:20:31.0644 5824 l2nd - ok
18:20:31.0675 5824 [ DFC5B13F931461ACC025D76D39AFEC0D ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:20:31.0691 5824 lanmanserver - ok
18:20:31.0706 5824 [ 5E8A9C4673B194DD1181B3F003D4F996 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:20:31.0738 5824 lanmanworkstation - ok
18:20:31.0769 5824 [ 647945B72994E7B4A07F6DA10F1DCD79 ] LicenseService C:\WINDOWS\System32\llssrv.exe
18:20:31.0878 5824 LicenseService - ok
18:20:31.0941 5824 [ 6293E44F4AA06F7FCDA06F4B07CDC0C2 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
18:20:32.0472 5824 LiveUpdate - ok
18:20:32.0503 5824 [ 1916D44188853A53DB93AECC6E6197D0 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:20:32.0613 5824 LmHosts - ok
18:20:32.0644 5824 [ FDD8BA3317E07F2E5AF608468821A093 ] lp6nds35 C:\WINDOWS\system32\DRIVERS\lp6nds35.sys
18:20:32.0738 5824 lp6nds35 - ok
18:20:32.0769 5824 [ 2B85B40189BD301B71A946B62AB3D5D7 ] ManageEngineOpManagerApache C:\PROGRA~1\ADVENT~1\ME\OPMANA~1\apache\bin\Apache.exe
18:20:32.0784 5824 ManageEngineOpManagerApache ( UnsignedFile.Multi.Generic ) - warning
18:20:32.0800 5824 ManageEngineOpManagerApache - detected UnsignedFile.Multi.Generic (1)
18:20:32.0816 5824 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
18:20:32.0863 5824 MBAMProtector - ok
18:20:32.0878 5824 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:20:33.0097 5824 MBAMService - ok
18:20:33.0144 5824 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:20:33.0222 5824 MDM - ok
18:20:33.0253 5824 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:20:33.0284 5824 mdmxsdk - ok
18:20:33.0300 5824 [ C35BB38904D843C0465858195B30DAB7 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:20:33.0394 5824 mnmdd - ok
18:20:33.0409 5824 [ E2D859FA2E90FD1F12CA0806DF8A4B3E ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:20:33.0503 5824 mnmsrvc - ok
18:20:33.0519 5824 [ 81EC1C6D3798B36A92A6D7A355BA2C62 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:20:33.0613 5824 Modem - ok
18:20:33.0628 5824 [ 1D0E6FE331A7B0017DC8F624CB9E16EF ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:20:33.0722 5824 MODEMCSA - ok
18:20:33.0753 5824 [ AA50DA5AB638CE0BAB5F7D5D633110C2 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:20:33.0847 5824 Mouclass - ok
18:20:33.0863 5824 [ 6824B20127716121B53A2EC2BD6739B7 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:20:33.0956 5824 mouhid - ok
18:20:33.0988 5824 [ FC43A7A34309C750B9DAEADF2F6EC9B9 ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:20:34.0097 5824 MountMgr - ok
18:20:34.0113 5824 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:20:34.0191 5824 MozillaMaintenance - ok
18:20:34.0206 5824 [ 91EBE05CA28A514FD563E79DC5466F5E ] mr2kserv C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
18:20:34.0238 5824 mr2kserv ( UnsignedFile.Multi.Generic ) - warning
18:20:34.0238 5824 mr2kserv - detected UnsignedFile.Multi.Generic (1)
18:20:34.0253 5824 [ 4FA93BA7AE719FB6C0A2BE09AC357863 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:20:34.0347 5824 mraid35x - ok
18:20:34.0363 5824 [ AB6DB63A1791F8E86B085291686464FD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:20:34.0378 5824 MRxDAV - ok
18:20:34.0409 5824 [ 16936142FA1D989CF63FD22C8B9D4A6D ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:20:34.0472 5824 MRxSmb - ok
18:20:34.0488 5824 [ 2EAA1763A77BE385B9A71A843C7F159E ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:20:34.0519 5824 MSDTC - ok
18:20:34.0613 5824 [ B4CDB17C573E06DDBFA700CF99158515 ] MSExchangeMGMT C:\Program Files\Exchsrvr\bin\exmgmt.exe
18:20:35.0128 5824 MSExchangeMGMT ( UnsignedFile.Multi.Generic ) - warning
18:20:35.0128 5824 MSExchangeMGMT - detected UnsignedFile.Multi.Generic (1)
18:20:35.0159 5824 [ 8F50B87361585763841C6B603D23260C ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:20:35.0253 5824 Msfs - ok
18:20:35.0300 5824 [ 54819FC5C79E4B2C6E896F9DE440494D ] msftesql$ADVISORSASSIST C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\msftesql.exe
18:20:35.0394 5824 msftesql$ADVISORSASSIST - ok
18:20:35.0425 5824 [ 58AC18BC908A78FBA5430D23066D183A ] MSFtpsvc C:\WINDOWS\system32\inetsrv\inetinfo.exe
18:20:35.0519 5824 MSFtpsvc - ok
18:20:35.0534 5824 MSIServer - ok
18:20:35.0550 5824 [ BAA279ECAAFF6564BA289D38BE2E1E83 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:20:35.0644 5824 MSKSSRV - ok
18:20:35.0675 5824 [ 5D3DE11AF7F2ADF006FB723B0F6B2AFA ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:20:35.0769 5824 MSPCLOCK - ok
18:20:35.0784 5824 [ EE4171D3F3CEAA7386561AAD262F8BD3 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:20:35.0878 5824 MSPQM - ok
18:20:35.0925 5824 [ 92AFAB2F216CE8FFBAD3BC510FCF4A33 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:20:36.0097 5824 mssmbios - ok
18:20:36.0113 5824 MSSQL$ADVISORSASSIST - ok
18:20:36.0128 5824 MSSQL$BKUPEXEC - ok
18:20:36.0160 5824 MSSQL$PRESENTS - ok
18:20:36.0175 5824 MSSQL$SQLEXPRESS - ok
18:20:36.0206 5824 MSSQLSERVER - ok
18:20:36.0238 5824 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:20:36.0300 5824 MSSQLServerADHelper - ok
18:20:36.0331 5824 [ 834560ABEE4EAE62620F4026263AA051 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:20:36.0363 5824 Mup - ok
18:20:36.0456 5824 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120907.020\NAVENG.SYS
18:20:36.0488 5824 NAVENG - ok
18:20:36.0566 5824 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120907.020\NAVEX15.SYS
18:20:37.0222 5824 NAVEX15 - ok
18:20:37.0238 5824 [ 33739AB31D36184772AF1EE132D5C2E2 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:20:37.0347 5824 NDIS - ok
18:20:37.0363 5824 [ 888B08F81B7D8428A37439D15C27F419 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:20:37.0394 5824 NdisTapi - ok
18:20:37.0410 5824 [ 8B8E682B03483092E17AB9DFE70FEDFF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:20:37.0503 5824 Ndisuio - ok
18:20:37.0519 5824 [ 1B397EEF4614419BE5679E0209F7848B ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:20:37.0628 5824 NdisWan - ok
18:20:37.0644 5824 [ 5298ED90BBE5C5EEEDC363EED2888A25 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:20:37.0675 5824 NDProxy - ok
18:20:37.0691 5824 [ A0D5D6AE530CA78A062FC0471F1E6F78 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:20:37.0785 5824 NetBIOS - ok
18:20:37.0800 5824 [ 5CD7CCA08498EC8753B22E92D367CA11 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:20:37.0894 5824 NetBT - ok
18:20:37.0925 5824 [ 13D9A8B63A2A99A88339C0E00B702C92 ] NetDDE C:\WINDOWS\system32\netdde.exe
18:20:38.0019 5824 NetDDE - ok
18:20:38.0035 5824 [ 13D9A8B63A2A99A88339C0E00B702C92 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:20:38.0128 5824 NetDDEdsdm - ok
18:20:38.0160 5824 netflowanalyzer - ok
18:20:38.0175 5824 [ D4B61A935670C57A0DEA81B4F4A12169 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:20:38.0269 5824 Netlogon - ok
18:20:38.0285 5824 [ 12BCFB57162AD17CEA545E362CD886A8 ] Netman C:\WINDOWS\System32\netman.dll
18:20:38.0394 5824 Netman - ok
18:20:38.0410 5824 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:20:38.0535 5824 NetTcpPortSharing - ok
18:20:38.0550 5824 [ 802AB2E85621288FE716A8C91DF733FB ] nfrd960 C:\WINDOWS\system32\DRIVERS\nfrd960.sys
18:20:38.0644 5824 nfrd960 - ok
18:20:38.0660 5824 [ 9C0BF64484E9D297CB3E96DC22765A82 ] Nla C:\WINDOWS\System32\mswsock.dll
18:20:38.0691 5824 Nla - ok
18:20:38.0706 5824 [ BDA076E263A1C2BF190A3DDDD504B3EA ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
18:20:38.0816 5824 nm - ok
18:20:38.0831 5824 [ D5BB605F6DCBDFE0129670C8DE57913E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:20:38.0941 5824 Npfs - ok
18:20:38.0972 5824 [ 981756F0532439AA3A1A4AE9DA9F930E ] NtFrs C:\WINDOWS\system32\ntfrs.exe
18:20:39.0175 5824 NtFrs - ok
18:20:39.0222 5824 [ 482EA51AADB8763A0F67588C394EC693 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:20:39.0456 5824 Ntfs - ok
18:20:39.0472 5824 [ D4B61A935670C57A0DEA81B4F4A12169 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:20:39.0566 5824 NtLmSsp - ok
18:20:39.0581 5824 [ FEA5225EF80D5930B86D7A6570BCBBDF ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:20:39.0753 5824 NtmsSvc - ok
18:20:39.0769 5824 [ 5DB0EDE7AAF3A7BC9110D18C12524BE0 ] Null C:\WINDOWS\system32\drivers\Null.sys
18:20:39.0847 5824 Null - ok
18:20:39.0878 5824 [ 238114D2B9DA5A26CD4F6AA7C7687B29 ] nv_agp C:\WINDOWS\system32\DRIVERS\nv_agp.sys
18:20:39.0972 5824 nv_agp - ok
18:20:39.0972 5824 NWCWorkstation - ok
18:20:39.0988 5824 Nwsapagent - ok
18:20:40.0019 5824 [ D52FA9AF66F997057734194CD64E6A85 ] omsad C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe
18:20:40.0144 5824 omsad - ok
18:20:40.0144 5824 OpManager - ok
18:20:40.0160 5824 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:20:40.0191 5824 ose - ok
18:20:40.0238 5824 [ EE3333B36DEB86A0D472F037172DA10A ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:20:40.0331 5824 Parport - ok
18:20:40.0363 5824 [ 4EB6F7418959444A06D3C51EB81BFF04 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:20:40.0456 5824 PartMgr - ok
18:20:40.0503 5824 [ A9D29F3D7AE71B7EA721B53A0C436C66 ] Parvdm C:\WINDOWS\system32\DRIVERS\parvdm.sys
18:20:40.0597 5824 Parvdm - ok
18:20:40.0613 5824 [ 8217000E5C53CE823B3111F339E47C41 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:20:40.0722 5824 PCI - ok
18:20:40.0738 5824 [ 7E3FB50AA22D4ED883C6ABDD40E9C60B ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:20:40.0816 5824 PCIIde - ok
18:20:40.0847 5824 [ FC9F4C9C73E9698357C836BE4628A299 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:20:40.0956 5824 Pcmcia - ok
18:20:40.0972 5824 [ 3472492C0F61F4C5E5E79EE5617ACF31 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
18:20:41.0113 5824 perc2 - ok
18:20:41.0128 5824 [ F7A93284FD163F337C931863C95BDD23 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:20:41.0206 5824 perc2hib - ok
18:20:41.0253 5824 [ 1D743B0D029F9A155BCDD18227FB8CF4 ] percsas C:\WINDOWS\system32\drivers\percsas.sys
18:20:41.0269 5824 percsas - ok
18:20:41.0331 5824 [ CF500580CDD83B145646A4DCFCE1CF3C ] PlugPlay C:\WINDOWS\system32\services.exe
18:20:41.0347 5824 PlugPlay - ok
18:20:41.0363 5824 [ 75CF9DE0A67AF916ED591743DFB69694 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
18:20:41.0410 5824 Pml Driver HPZ12 - ok
18:20:41.0425 5824 [ D4B61A935670C57A0DEA81B4F4A12169 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:20:41.0519 5824 PolicyAgent - ok
18:20:41.0535 5824 [ 4454F2639BCCA93BE86A45137E427277 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:20:41.0628 5824 PptpMiniport - ok
18:20:41.0644 5824 [ D4B61A935670C57A0DEA81B4F4A12169 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:20:41.0722 5824 ProtectedStorage - ok
18:20:41.0738 5824 [ 0320FD91FB5ED4298355977CECFC0EB4 ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:20:41.0847 5824 Ptilink - ok
18:20:41.0878 5824 [ EC6AEE81F80FF7003FCB3697B057E6C7 ] QDLTx32 C:\WINDOWS\system32\DRIVERS\QDLTx32.sys
18:20:41.0894 5824 QDLTx32 - ok
18:20:41.0925 5824 [ 8485BD4C7A781FD1754FF42B1DC36A9A ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:20:42.0019 5824 ql1080 - ok
18:20:42.0066 5824 [ FE6256E7714E96DF9E8DF44A9F3DB791 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:20:42.0191 5824 Ql10wnt - ok
18:20:42.0206 5824 [ CA811EAEB772D19A8D37DB71564368F9 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:20:42.0300 5824 ql12160 - ok
18:20:42.0300 5824 [ 7E88FD1BAA8B3E6510E83A62040582D6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:20:42.0410 5824 ql1240 - ok
18:20:42.0425 5824 [ D78E91DACE023A05FAAF5EE6CE7F289C ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:20:42.0941 5824 ql1280 - ok
18:20:42.0972 5824 [ E6BDB78D0F8108487709EAD87AC848DA ] ql2100 C:\WINDOWS\system32\DRIVERS\ql2100.sys
18:20:43.0082 5824 ql2100 - ok
18:20:43.0160 5824 [ C6587711B694FEB0521AE2639307CF59 ] ql2200 C:\WINDOWS\system32\DRIVERS\ql2200.sys
18:20:43.0222 5824 ql2200 - ok
18:20:43.0238 5824 [ 5D60B4DB95D1A85FE102217F815696A3 ] ql2300 C:\WINDOWS\system32\DRIVERS\ql2300.sys
18:20:43.0425 5824 ql2300 - ok
18:20:43.0441 5824 [ BC56C5CDE66F67A4911A823163FBF16C ] QLTOx32 C:\WINDOWS\system32\DRIVERS\QLTOx32.sys
18:20:43.0503 5824 QLTOx32 - ok
18:20:43.0535 5824 [ 48EE7B6802C0306F9A66F34DB7E9EF75 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:20:43.0628 5824 RasAcd - ok
18:20:43.0644 5824 [ ED67FA5DC9CE0BFC5CCCE4296C684A57 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:20:43.0738 5824 RasAuto - ok
18:20:43.0769 5824 [ 3633175613E052ECB41776DEE2777A89 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:20:43.0863 5824 Rasl2tp - ok
18:20:43.0878 5824 [ 02BC610CC90CA5415EB2C9409E77D583 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:20:43.0988 5824 RasMan - ok
18:20:44.0003 5824 [ 59842F0A22216A71CADE6F89FE84C973 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:20:44.0097 5824 RasPppoe - ok
18:20:44.0113 5824 [ 5B11871DE804D3ED28BBDCC65FE14EDE ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:20:44.0207 5824 Raspti - ok
18:20:44.0222 5824 [ 4496B15C44CCB703FBC54F2CF5B67F15 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:20:44.0253 5824 Rdbss - ok
18:20:44.0269 5824 [ AC5BB528ECD2BEA4FF4BFF9DF9BAF749 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:20:44.0394 5824 RDPCDD - ok
18:20:44.0410 5824 [ FF678596B761E1CCBA79F49981EF51BC ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:20:44.0503 5824 rdpdr - ok
18:20:44.0550 5824 [ 28FDAB66B0378842522FA693B60B6234 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:20:44.0628 5824 RDPWD - ok
18:20:44.0644 5824 [ 81F1CF0ED96E58A391FF83F792C87F3E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:20:44.0753 5824 RDSessMgr - ok
18:20:44.0785 5824 [ C6F8751F3263603935866E71629CFAE4 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:20:44.0863 5824 redbook - ok
18:20:44.0894 5824 [ D8F172C1CA72666D8193E226DA7225F4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:20:44.0988 5824 RemoteAccess - ok
18:20:45.0003 5824 [ 55EFA91D1C0DE44C22D2D83413B06510 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:20:45.0113 5824 RemoteRegistry - ok
18:20:45.0144 5824 [ BB3E59A8FD9747B2D0819124C3ED1CBC ] Reporting C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
18:20:45.0441 5824 Reporting - ok
18:20:45.0488 5824 [ 9645EE0A9C91381A50D99BCEFD92F6CC ] ReportServer$ADVISORSASSIST C:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe
18:20:45.0535 5824 ReportServer$ADVISORSASSIST - ok
18:20:45.0566 5824 [ A83414D7A45555274E99793AA22D54AB ] RpcLocator C:\WINDOWS\system32\locator.exe
18:20:45.0660 5824 RpcLocator - ok
18:20:45.0675 5824 [ 305A8757D66B5D416B47C497C27A01FE ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:20:45.0738 5824 RpcSs - ok
18:20:45.0800 5824 [ 3357C6EDD71E73110C83F54E35ECDE4D ] RSoPProv C:\WINDOWS\system32\RSoPProv.exe
18:20:45.0894 5824 RSoPProv - ok
18:20:45.0910 5824 [ 34D79729D6E4D1289E08322405045085 ] sacdrv C:\WINDOWS\system32\drivers\sacdrv.sys
18:20:46.0019 5824 sacdrv - ok
18:20:46.0050 5824 [ 77919394900DEC12C8E65CB35D6272FE ] sacsvr C:\WINDOWS\system32\sacsvr.dll
18:20:46.0113 5824 sacsvr - ok
18:20:46.0128 5824 [ D4B61A935670C57A0DEA81B4F4A12169 ] SamSs C:\WINDOWS\system32\lsass.exe
18:20:46.0222 5824 SamSs - ok
18:20:46.0253 5824 [ EDF6B1852A55581ECC6BA18B4E2C6E8E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:20:46.0347 5824 SCardSvr - ok
18:20:46.0378 5824 [ 7E60F04AE424401A14D153CA6E851A85 ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:20:46.0472 5824 Schedule - ok
18:20:46.0488 5824 [ 2B19AFFD072B27FA3DE205E697CD68A8 ] SCSIChanger C:\WINDOWS\system32\DRIVERS\scsichng.sys
18:20:46.0566 5824 SCSIChanger - ok
18:20:46.0582 5824 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:20:46.0613 5824 Secdrv - ok
18:20:46.0628 5824 [ 03911D9A5D15A80301E767F787C0B015 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:20:46.0722 5824 seclogon - ok
18:20:46.0769 5824 [ FF96C3AB41030996FD0F596E22CF4B1B ] semsrv C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe
18:20:46.0863 5824 semsrv - ok
18:20:46.0878 5824 [ 97B6172283112AF7451E4ABE83DD6F24 ] SENS C:\WINDOWS\system32\Sens32.dll
18:20:46.0988 5824 SENS - ok
18:20:47.0003 5824 [ B261D4597BF9A2723B7020207260C72A ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:20:47.0113 5824 serenum - ok
18:20:47.0128 5824 [ 95768FDE08DD34089AA90DCCB5537704 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:20:47.0222 5824 Serial - ok
18:20:47.0238 5824 [ B5A2859FAA8D8D37D24D4F3D6E95D9C2 ] Server Administrator C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
18:20:47.0300 5824 Server Administrator - ok
18:20:47.0378 5824 [ 831826DC54FA225F0B654EF2F1E13AF9 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
18:20:47.0457 5824 Sfloppy - ok
18:20:47.0488 5824 [ 0AF6401BDBD41A8B7AED5C923B8FDF4D ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:20:47.0519 5824 ShellHWDetection - ok
18:20:47.0519 5824 Simbad - ok
18:20:47.0550 5824 [ E7A36BE30C0BD75EEEFC4099CA5429AA ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:20:47.0644 5824 sisagp - ok
18:20:47.0691 5824 [ D916A094DC3B5332CF53F50BDE0D0FAE ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
18:20:48.0003 5824 SmcService - ok
18:20:48.0050 5824 [ D3B6133B0BF6620643E5F36DE1F54AB6 ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
18:20:48.0144 5824 SNAC - ok
18:20:48.0175 5824 [ 5CE1CF27620B144E212D407CDB14D339 ] snapman380 C:\WINDOWS\system32\DRIVERS\snman380.sys
18:20:48.0222 5824 snapman380 - ok
18:20:48.0253 5824 [ E649D2345614E56249CE3F0B64849547 ] SNMP C:\WINDOWS\System32\snmp.exe
18:20:48.0378 5824 SNMP - ok
18:20:48.0394 5824 [ B2A7B19F00D6DD8671FF5EDC142C151B ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
18:20:48.0488 5824 SNMPTRAP - ok
18:20:48.0566 5824 [ D7BB213566E16BCA372E2CB517EDA907 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
18:20:48.0691 5824 SPBBCDrv - ok
18:20:48.0738 5824 [ 30B32E3127D9BBAA1E32394134718070 ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:20:48.0769 5824 Spooler - ok
18:20:48.0785 5824 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:20:48.0910 5824 SQLBrowser - ok
18:20:48.0925 5824 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:20:48.0972 5824 SQLWriter - ok
18:20:49.0004 5824 [ 522651A0E7DC6415E083317370B609CC ] SRTSP C:\WINDOWS\system32\Drivers\SRTSP.SYS
18:20:49.0129 5824 SRTSP - ok
18:20:49.0144 5824 [ 34E823B8D730099D032608FCCCBC6A25 ] SRTSPL C:\WINDOWS\system32\Drivers\SRTSPL.SYS
18:20:49.0222 5824 SRTSPL - ok
18:20:49.0238 5824 [ 469006E15F5B0FE8AE94184A18A81586 ] SRTSPX C:\WINDOWS\system32\Drivers\SRTSPX.SYS
18:20:49.0285 5824 SRTSPX - ok
18:20:49.0300 5824 [ E8B1A07774A9E4FEC3105CBAD49BF289 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:20:49.0379 5824 Srv - ok
18:20:49.0394 5824 [ 0DF3C24094F68A5E5FA77A681E438A46 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:20:49.0535 5824 stisvc - ok
18:20:49.0566 5824 [ 93965919785102BA847545AB460CE2DF ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:20:49.0707 5824 swenum - ok
18:20:49.0722 5824 [ 0BA2F4D23D62F7475A70D1988142D6BD ] swprv C:\WINDOWS\System32\swprv.dll
18:20:49.0832 5824 swprv - ok
18:20:49.0894 5824 [ DD10CB8AA990F89091BC267370FD0843 ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
18:20:50.0316 5824 Symantec AntiVirus - ok
18:20:50.0347 5824 [ 3D05BFDAEF2D2D7EED998BA126FB3466 ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
18:20:50.0441 5824 symc810 - ok
18:20:50.0457 5824 [ 57F992062E8FF2D37572EC5823F956E7 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:20:50.0550 5824 symc8xx - ok
18:20:50.0566 5824 [ E03EE3EF1037099554D17BED99545A5E ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:20:50.0644 5824 SymEvent - ok
18:20:50.0660 5824 [ 868204832E011E2D64281D7EABEE572E ] symmpi C:\WINDOWS\system32\DRIVERS\symmpi.sys
18:20:50.0754 5824 symmpi - ok
18:20:50.0769 5824 [ 1FBDDF0DC4583922C904195823EBD795 ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:20:50.0894 5824 sym_hi - ok
18:20:50.0925 5824 [ EBD31469527AFA05814B3D1A140C24E2 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:20:51.0004 5824 sym_u3 - ok
18:20:51.0050 5824 [ CC8610D2FFAFF19D5C9CF8CE9FFAD71A ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:20:51.0144 5824 SysmonLog - ok
18:20:51.0160 5824 [ CE1FCAF92F06BB8549C9E1B8605B90CC ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:20:51.0269 5824 TapiSrv - ok
18:20:51.0300 5824 [ 238DC2B879D1B37B91F8D5D44F3815D3 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:20:51.0363 5824 Tcpip - ok
18:20:51.0379 5824 [ 45D49FB800463DE84D1CC2E231319AD5 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:20:51.0519 5824 TDPIPE - ok
18:20:51.0519 5824 [ D7C31008DE209B8B11CED207580E9C91 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:20:52.0097 5824 TDTCP - ok
18:20:52.0129 5824 [ DD0C015ABED0A6D8A91A5A221A001014 ] TeamViewer C:\Program Files\TeamViewer3\TeamViewer_Service.exe
18:20:52.0191 5824 TeamViewer - ok
18:20:52.0207 5824 [ A01E46FFF445A38D35DB188C5458582C ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:20:52.0363 5824 TermDD - ok
18:20:52.0394 5824 [ 5F0BD29CBD95465A3AA3CA319BC591A9 ] TermService C:\WINDOWS\System32\termsrv.dll
18:20:52.0504 5824 TermService - ok
18:20:52.0535 5824 [ BC18BEE62E7AEC10B33C149CA3B64EAE ] TermServLicensing C:\WINDOWS\system32\lserver.exe
18:20:52.0691 5824 TermServLicensing - ok
18:20:52.0722 5824 [ E52011FFE8E8947078AC797DF216E5A6 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
18:20:52.0800 5824 tifsfilter - ok
18:20:52.0816 5824 [ F644B9EBA05806EB5D6F2A8716CE0EEE ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
18:20:52.0910 5824 timounter - ok
18:20:52.0941 5824 [ FE7FF05A90C1A24855B1CDC066B959E0 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:20:53.0082 5824 TlntSvr - ok
18:20:53.0097 5824 [ D5A95A19CA6E79633AFDE86FB8D039FD ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
18:20:53.0191 5824 TosIde - ok
18:20:53.0222 5824 [ E21DFFCA5DCB3414BF59433E7288D15B ] tpfilter C:\WINDOWS\System32\Drivers\tpfilter.sys
18:20:53.0269 5824 tpfilter - ok
18:20:53.0300 5824 [ 671FC35E995FFDBCED00202771C6D169 ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:20:53.0394 5824 TrkWks - ok
18:20:53.0425 5824 [ 43992245309838EACD05506B474985E5 ] Tssdis C:\WINDOWS\System32\tssdis.exe
18:20:53.0535 5824 Tssdis - ok
18:20:53.0535 5824 [ C26024265A7523312A5D06FC33AA57AA ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:20:53.0629 5824 Udfs - ok
18:20:53.0675 5824 [ CBA54E96B4F5BA978B325AE4CC58D392 ] uliagpkx C:\WINDOWS\system32\DRIVERS\uliagpkx.sys
18:20:53.0769 5824 uliagpkx - ok
18:20:53.0785 5824 [ B4BFEE4AE295853065F1695A196D9790 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
18:20:53.0879 5824 ultra - ok
18:20:53.0910 5824 [ 997FE835C85D0FB0501DF6664D6FD072 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
18:20:54.0004 5824 UMWdf - ok
18:20:54.0050 5824 [ 4847639D852763EE39415C929470F672 ] UnlockerDriver5 D:\Program Files\Unlocker\UnlockerDriver5.sys
18:20:54.0066 5824 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
18:20:54.0066 5824 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
18:20:54.0082 5824 [ B0E133858E63940755B496761834F334 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:20:54.0238 5824 Update - ok
18:20:54.0254 5824 [ 92C3A632E963A8224FE62AA37C9508F6 ] UPS C:\WINDOWS\System32\ups.exe
18:20:54.0347 5824 UPS - ok
18:20:54.0363 5824 [ 185959A7FCCFD38AA71A274AE6252B88 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:20:54.0457 5824 usbccgp - ok
18:20:54.0472 5824 [ 9DD4ABA9462938734BCBF51D8669C884 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:20:54.0566 5824 usbehci - ok
18:20:54.0566 5824 [ 17859937740BC0D422FE71A588D6DDF7 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:20:54.0675 5824 usbhub - ok
18:20:54.0707 5824 [ 910B3B46DA0FB5520988F351D0719342 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:20:54.0816 5824 usbohci - ok
18:20:54.0816 5824 [ D0740FF9F7E819486E88096826B4DC37 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:20:54.0910 5824 USBSTOR - ok
18:20:54.0925 5824 [ CBD3053337BB475F442A892EDF671312 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:20:55.0019 5824 usbuhci - ok
18:20:55.0066 5824 [ 5CE9331DC4C9E3B1FA4AAEF1B212701F ] vds C:\WINDOWS\System32\vds.exe
18:20:55.0207 5824 vds - ok
18:20:55.0222 5824 [ 2EB062B434792BB6BB614F107DD3A5CF ] vga C:\WINDOWS\system32\DRIVERS\vgapnp.sys
18:20:55.0316 5824 vga - ok
18:20:55.0332 5824 [ 062FBC10147FD837D819F94AA394E661 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:20:55.0425 5824 VgaSave - ok
18:20:55.0425 5824 [ 8F411DF1FC53E2F8581F125B40674EE1 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:20:55.0519 5824 viaagp - ok
18:20:55.0535 5824 [ 19A9A290823D0FDF7316440922DA175E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
18:20:55.0629 5824 ViaIde - ok
18:20:55.0644 5824 [ EA59BE46EE97C0A9C328709CAF8514CB ] VirtFile C:\WINDOWS\system32\DRIVERS\VirtFile.sys
18:20:55.0769 5824 VirtFile - ok
18:20:55.0785 5824 [ 45AE67C387A640EC6E228F30D421F088 ] VolSnap C:\WINDOWS\system32\DRIVERS\volsnap.sys
18:20:55.0879 5824 VolSnap - ok
18:20:55.0910 5824 [ 74A6820792E5BCA5EE4D0CC4595C6916 ] VSS C:\WINDOWS\System32\vssvc.exe
18:20:56.0097 5824 VSS - ok
18:20:56.0129 5824 [ 42CDAE64DA5BEABB51C0C0F613658545 ] W32Time C:\WINDOWS\system32\w32time.dll
18:20:56.0238 5824 W32Time - ok
18:20:56.0269 5824 [ DB0E023EE673896AD1780ACAD3BAB393 ] W3SVC C:\WINDOWS\system32\inetsrv\iisw3adm.dll
18:20:56.0379 5824 W3SVC - ok
18:20:56.0394 5824 [ CE030B1D05A01FA012D32F2D25676B1C ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:20:56.0488 5824 Wanarp - ok
18:20:56.0519 5824 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:20:56.0957 5824 Wdf01000 - ok
18:20:56.0972 5824 WDICA - ok
18:20:56.0988 5824 [ 6F66E66AB1C25C0BD363F2252DB04360 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:20:57.0082 5824 WebClient - ok
18:20:57.0129 5824 [ 52B7C88EE18C31AEA1078671CAEC5FED ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
18:20:57.0160 5824 Wecsvc - ok
18:20:57.0176 5824 [ 5CC011033B758376B6CDF0487649547E ] WGX C:\WINDOWS\system32\Drivers\WGX.SYS
18:20:57.0238 5824 WGX - ok
18:20:57.0285 5824 [ DDB6B2D33BB299664F1470ED4E83C389 ] Winachcf C:\WINDOWS\system32\DRIVERS\winachcf.sys
18:20:57.0441 5824 Winachcf - ok
18:20:57.0472 5824 [ F8D5B9C1A26C933B9EA7740BAB35BCF5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:20:57.0566 5824 winmgmt - ok
18:20:57.0644 5824 [ CE2D930B9B80F16EA0BF7C177B5F4F2D ] WinRM C:\WINDOWS\system32\WsmSvc.dll
18:20:57.0816 5824 WinRM - ok
18:20:57.0832 5824 WINS - ok
18:20:57.0894 5824 [ D346E2F289F23E557DDFB9132D1DAB35 ] WLBS C:\WINDOWS\system32\DRIVERS\wlbs.sys
18:20:58.0035 5824 WLBS - ok
18:20:58.0051 5824 [ 4D32F7BDBF325792AE28D5380DDF6BCF ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
18:20:58.0144 5824 WmdmPmSN - ok
18:20:58.0144 5824 WmdmPmSp - ok
18:20:58.0176 5824 [ 2085B957FB56927A8F3768DE740612C4 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:20:58.0285 5824 Wmi - ok
18:20:58.0301 5824 [ 796D30C693F7B8A717499A9ABEB3AF39 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:20:58.0394 5824 WmiApSrv - ok
18:20:58.0472 5824 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:20:58.0941 5824 WPFFontCache_v0400 - ok
18:20:58.0972 5824 [ 996CEC79B1662044E8462E130A65739E ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:20:59.0066 5824 wuauserv - ok
18:20:59.0113 5824 [ E21B2D0A0D4AB1D2441FE9FCC961C392 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:20:59.0285 5824 WZCSVC - ok
18:20:59.0301 5824 [ C5B83F9A09A3EBFE8A931472F6DA4E38 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:20:59.0394 5824 xmlprov - ok
18:20:59.0426 5824 ================ Scan global ===============================
18:20:59.0426 5824 [ CF34734715FAADCF38BFDAA9E65DCC57 ] C:\WINDOWS\system32\basesrv.dll
18:20:59.0457 5824 [ 829491617349A73A68A4BAD75C4E7AE2 ] C:\WINDOWS\system32\winsrv.dll
18:20:59.0488 5824 [ 829491617349A73A68A4BAD75C4E7AE2 ] C:\WINDOWS\system32\winsrv.dll
18:20:59.0488 5824 [ CF500580CDD83B145646A4DCFCE1CF3C ] C:\WINDOWS\system32\services.exe
18:20:59.0488 5824 [Global] - ok
18:20:59.0488 5824 ================ Scan MBR ==================================
18:20:59.0504 5824 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:20:59.0676 5824 \Device\Harddisk0\DR0 - ok
18:20:59.0691 5824 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
18:20:59.0988 5824 \Device\Harddisk1\DR1 - ok
18:20:59.0988 5824 ================ Scan VBR ==================================
18:20:59.0988 5824 [ DA0379EBBD88DF8D3DD5245BF22E023B ] \Device\Harddisk0\DR0\Partition1
18:20:59.0988 5824 \Device\Harddisk0\DR0\Partition1 - ok
18:21:00.0004 5824 [ 408532AB54C9145E49C4E9A1D99BA6C8 ] \Device\Harddisk1\DR1\Partition1
18:21:00.0004 5824 \Device\Harddisk1\DR1\Partition1 - ok
18:21:00.0004 5824 ============================================================
18:21:00.0004 5824 Scan finished
18:21:00.0004 5824 ============================================================
18:21:00.0113 4476 Detected object count: 6
18:21:00.0113 4476 Actual detected object count: 6
Here are the results of the TDSKiller 2nd scan after changing the parameters ...
18:17:00.0858 1216 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:17:02.0546 1216 ============================================================
18:17:02.0546 1216 Current date / time: 2012/09/07 18:17:02.0546
18:17:02.0546 1216 SystemInfo:
18:17:02.0546 1216
18:17:02.0546 1216 OS Version: 5.2.3790 ServicePack: 2.0
18:17:02.0546 1216 Product type: Domain controller
18:17:02.0546 1216 ComputerName: ST-SERVER
18:17:02.0546 1216 UserName: st_admin
18:17:02.0546 1216 Windows directory: C:\WINDOWS
18:17:02.0546 1216 System windows directory: C:\WINDOWS
18:17:02.0546 1216 Processor architecture: Intel x86
18:17:02.0546 1216 Number of processors: 2
18:17:02.0546 1216 Page size: 0x1000
18:17:02.0546 1216 Boot type: Normal boot
18:17:02.0546 1216 ============================================================
18:17:09.0546 1216 Drive \Device\Harddisk0\DR0 - Size: 0x21E0000000 (135.50 Gb), SectorSize: 0x200, Cylinders: 0x4518, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:17:09.0562 1216 Drive \Device\Harddisk1\DR1 - Size: 0x8820000000 (544.50 Gb), SectorSize: 0x200, Cylinders: 0x115A7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:17:09.0562 1216 ============================================================
18:17:09.0562 1216 \Device\Harddisk0\DR0:
18:17:09.0577 1216 MBR partitions:
18:17:09.0577 1216 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x10ED34CD
18:17:09.0593 1216 \Device\Harddisk1\DR1:
18:17:09.0593 1216 MBR partitions:
18:17:09.0593 1216 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x440FC4A8
18:17:09.0593 1216 ============================================================
18:17:09.0702 1216 C: <-> \Device\Harddisk0\DR0\Partition1
18:17:09.0734 1216 D: <-> \Device\Harddisk1\DR1\Partition1
18:17:09.0734 1216 ============================================================
18:17:09.0734 1216 Initialize success
18:17:09.0734 1216 ============================================================
18:19:41.0471 5824 ============================================================
18:19:41.0471 5824 Scan started
18:19:41.0471 5824 Mode: Manual; SigCheck; TDLFS;
18:19:41.0471 5824 ============================================================
18:19:45.0377 5824 ================ Scan system memory ========================
18:19:58.0534 5824 System memory - ok
18:19:58.0534 5824 ================ Scan services =============================
18:19:58.0628 5824 [ E1C38CAB3C1CCAE77DB139988902F639 ] AAService C:\Program Files\Client Marketing Systems\Advisors Assistant Server Component\AASCServer.exe
18:20:00.0096 5824 AAService ( UnsignedFile.Multi.Generic ) - warning
18:20:00.0096 5824 AAService - detected UnsignedFile.Multi.Generic (1)
18:20:00.0456 5824 Abiosdsk - ok
18:20:00.0471 5824 [ A0A850BAC6F8A88AD0FC964C6BEA170D ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:20:01.0331 5824 ACPI - ok
18:20:01.0362 5824 [ 043C89CC533FF546D835CB998B95B198 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:20:01.0549 5824 ACPIEC - ok
18:20:01.0565 5824 Acronis VSS Provider - ok
18:20:01.0643 5824 [ BA73574247E4F3F50A19C9B09D1F759B ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
18:20:02.0018 5824 AcrSch2Svc - ok
18:20:02.0096 5824 [ BBE35985C5E9E5ED87B8C1DAD5B7D725 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:20:02.0221 5824 adpu160m - ok
18:20:02.0237 5824 [ 5A23754571BBFA93564C04E7A20B1762 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys
18:20:02.0362 5824 adpu320 - ok
18:20:02.0378 5824 [ D01968EDEBF1DC11E4C93517C98CDF7C ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
18:20:02.0487 5824 AeLookupSvc - ok
18:20:02.0503 5824 [ 2DAD567D6C05B12DB4567860A6256AC2 ] afcnt C:\WINDOWS\system32\DRIVERS\afcnt.sys
18:20:02.0581 5824 afcnt - ok
18:20:02.0612 5824 [ 317E75D96065AC6AF5EF8857CE2E399B ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:20:02.0706 5824 AFD - ok
18:20:02.0721 5824 [ B9985042687A43685FC64B282B627653 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
18:20:02.0831 5824 agp440 - ok
18:20:02.0846 5824 [ 4139C312858D6050489ADE2984CEB648 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:20:02.0940 5824 agpCPQ - ok
18:20:02.0971 5824 [ B06E2A2A7CEB0EF894520CAFC2F1FEAF ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:20:03.0190 5824 aic78u2 - ok
18:20:03.0237 5824 [ EC7D7F96E97BAD83A0B8A96969D19F2D ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:20:03.0378 5824 aic78xx - ok
18:20:03.0409 5824 [ 055318E373B45AD6C3F518732809EF4E ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:20:06.0128 5824 Alerter - ok
18:20:06.0159 5824 [ 8E89CB0283D7DED092D76AE53D123C40 ] ALG C:\WINDOWS\System32\alg.exe
18:20:06.0456 5824 ALG - ok
18:20:06.0471 5824 [ 4790A743B00358C186E19F6B49791D6A ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
18:20:06.0565 5824 AliIde - ok
18:20:06.0596 5824 [ 91B0A16EF9FC504865A94BBDB4623A1F ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:20:06.0706 5824 alim1541 - ok
18:20:06.0737 5824 [ 557EAEA1343554571456DC363FEED2EE ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:20:06.0846 5824 amdagp - ok
18:20:06.0878 5824 [ D175D3C400A412B9CB2095E452AFBBB0 ] AmdIde C:\WINDOWS\system32\DRIVERS\amdide.sys
18:20:06.0987 5824 AmdIde - ok
18:20:07.0003 5824 [ 8A5AD4CFE2D84371ABADFCF9E21954F6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:20:07.0128 5824 AppMgmt - ok
18:20:07.0143 5824 [ A9C7273645A06A01AC2CA070D7D7EC87 ] arc C:\WINDOWS\system32\DRIVERS\arc.sys
18:20:07.0237 5824 arc - ok
18:20:07.0315 5824 ASANYs_sem5 - ok
18:20:07.0456 5824 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:20:07.0596 5824 aspnet_state - ok
18:20:07.0643 5824 [ A35B971F631D4DFDEB68D71E770D2CE9 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:20:07.0753 5824 AsyncMac - ok
18:20:07.0800 5824 [ FF953A8F08CA3F822127654375786BBE ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:20:07.0909 5824 atapi - ok
18:20:07.0909 5824 Atdisk - ok
18:20:07.0925 5824 [ 8032016269422141C762552D5836D7AD ] ati2mpad C:\WINDOWS\system32\DRIVERS\ati2mpad.sys
18:20:08.0096 5824 ati2mpad - ok
18:20:08.0175 5824 [ 42B40211F0EAF6A08E943FE2848CA24E ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:20:08.0393 5824 ati2mtag - ok
18:20:08.0409 5824 [ D12DAD5032285343CE3AA4906F661181 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:20:08.0518 5824 Atmarpc - ok
18:20:08.0534 5824 [ 754A448D5B87CBEDE41A0F0E0B237B03 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:20:08.0643 5824 AudioSrv - ok
18:20:08.0659 5824 [ 5BFD980C2107D88101D1DC14055526FC ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:20:08.0768 5824 audstub - ok
18:20:08.0784 5824 [ 781CB2EF3AFECEED195A56D9E5EFD718 ] b06bdrv C:\WINDOWS\system32\DRIVERS\bxvbdx.sys
18:20:09.0534 5824 b06bdrv - ok
18:20:09.0675 5824 [ 339272D067A028A19683EDED9481D84A ] BackupExecAgentAccelerator D:\Program Files\Symantec\Backup Exec\beremote.exe
18:20:10.0253 5824 BackupExecAgentAccelerator - ok
18:20:10.0268 5824 [ BD23400D1D8C00E8C3EC9326C3ABAEC7 ] BackupExecAgentBrowser D:\Program Files\Symantec\Backup Exec\benetns.exe
18:20:10.0409 5824 BackupExecAgentBrowser - ok
18:20:10.0440 5824 [ CFF9DE03B1FBDCBE63E6826EAB15094B ] BackupExecDeviceMediaService D:\Program Files\Symantec\Backup Exec\pvlsvr.exe
18:20:11.0300 5824 BackupExecDeviceMediaService - ok
18:20:11.0347 5824 [ 3C25A77B01A571DDFAFC88586BF55DCA ] BackupExecJobEngine D:\Program Files\Symantec\Backup Exec\bengine.exe
18:20:12.0175 5824 BackupExecJobEngine - ok
18:20:12.0253 5824 [ 5A315C37D09EF52526437A63B4118574 ] BackupExecRPCService D:\Program Files\Symantec\Backup Exec\beserver.exe
18:20:15.0737 5824 BackupExecRPCService - ok
18:20:15.0784 5824 [ 5C68AC6F3E5B3E6D6A78E97D05E42C3A ] BASFND C:\Program Files\Broadcom\SNMP\BASFND.sys
18:20:15.0862 5824 BASFND ( UnsignedFile.Multi.Generic ) - warning
18:20:15.0862 5824 BASFND - detected UnsignedFile.Multi.Generic (1)
18:20:15.0909 5824 [ 99572503E15A3D10239B7B9887CBAF89 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:20:16.0050 5824 Beep - ok
18:20:16.0065 5824 [ 9D7A318B2C7AE51E9D5374F8EEDE856C ] BITS C:\WINDOWS\system32\qmgr.dll
18:20:16.0300 5824 BITS - ok
18:20:16.0315 5824 [ 083CEFF111E13E0A5464FFF22C3FAD37 ] Blfp C:\WINDOWS\system32\DRIVERS\baspxp32.sys
18:20:16.0347 5824 Blfp - ok
18:20:16.0393 5824 [ 5251A868FB1C6C8B774DA42F3C107C82 ] Browser C:\WINDOWS\System32\browser.dll
18:20:16.0425 5824 Browser - ok
18:20:16.0440 5824 [ 1342877DE604A5A6BFF986E288E3A8A7 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:20:16.0550 5824 cbidf - ok
18:20:16.0565 5824 [ 1342877DE604A5A6BFF986E288E3A8A7 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:20:16.0690 5824 cbidf2k - ok
18:20:16.0722 5824 [ 4AA730BB7B79B7BA70B1E30ACF97D6AB ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
18:20:16.0800 5824 ccEvtMgr - ok
18:20:16.0831 5824 [ 4AA730BB7B79B7BA70B1E30ACF97D6AB ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
18:20:16.0878 5824 ccSetMgr - ok
18:20:16.0894 5824 [ 431D1B3DC3DE617DA27055C87B424A21 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:20:16.0956 5824 cd20xrnt - ok
18:20:16.0987 5824 [ E6D72780C957B69C48BFC66BC3ECDAD4 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:20:17.0097 5824 Cdfs - ok
18:20:17.0128 5824 [ 825AA877A852ECC731FA0C39C8C37744 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:20:17.0237 5824 Cdrom - ok
18:20:17.0253 5824 Changer - ok
18:20:17.0284 5824 [ 934EE973E9EE6AC414E9A0F07AB73D6E ] cisvc C:\WINDOWS\system32\cisvc.exe
18:20:17.0378 5824 cisvc - ok
18:20:17.0409 5824 [ E53196BA56081F154E2D7A9E50A1D33F ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:20:17.0503 5824 ClipSrv - ok
18:20:17.0565 5824 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:20:17.0675 5824 clr_optimization_v2.0.50727_32 - ok
18:20:17.0706 5824 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:20:17.0862 5824 clr_optimization_v4.0.30319_32 - ok
18:20:17.0894 5824 [ 54308CDF97622FAE1620BB1EC39EF014 ] ClusDisk C:\WINDOWS\system32\DRIVERS\ClusDisk.sys
18:20:18.0019 5824 ClusDisk - ok
18:20:18.0081 5824 [ C40FB2610969B282CB0873CA8030A884 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:20:18.0190 5824 CmdIde - ok
18:20:18.0206 5824 COMSysApp - ok
18:20:18.0222 5824 [ 126D049A6E6B6CB8DF1C69D3E2A8C0C4 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:20:18.0331 5824 Cpqarray - ok
18:20:18.0347 5824 [ D31CB94A4ACAD58ABB6CF74B7EF1CE1F ] cpqarry2 C:\WINDOWS\system32\DRIVERS\cpqarry2.sys
18:20:18.0409 5824 cpqarry2 - ok
18:20:18.0456 5824 [ 0C5DCC2DF112B7352B9427D943CF56BC ] cpqcissm C:\WINDOWS\system32\DRIVERS\cpqcissm.sys
18:20:18.0565 5824 cpqcissm - ok
18:20:18.0581 5824 [ FED86C9F250FC641B37C933E4C214A8A ] cpqfcalm C:\WINDOWS\system32\DRIVERS\cpqfcalm.sys
18:20:18.0644 5824 cpqfcalm - ok
18:20:18.0690 5824 cpuz133 - ok
18:20:18.0690 5824 [ 0EE27D9DBB208C13314F3C60F66AED26 ] crcdisk C:\WINDOWS\system32\DRIVERS\crcdisk.sys
18:20:18.0815 5824 crcdisk - ok
18:20:18.0831 5824 [ FEB85DA744DD3F41A427CF6D2BC04FE4 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:20:18.0940 5824 CryptSvc - ok
18:20:18.0956 5824 [ 8CE90C5C311592273AB0FB39A2D23896 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:20:19.0144 5824 dac2w2k - ok
18:20:19.0175 5824 [ 19B8202934B660C4EC2E64354437A854 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:20:19.0284 5824 dac960nt - ok
18:20:19.0315 5824 [ 2E1499B98177D93552E8971E63F01E9A ] dcdbas C:\WINDOWS\system32\DRIVERS\dcdbas32.sys
18:20:19.0331 5824 dcdbas - ok
18:20:19.0378 5824 [ 0DD50B633418EA7A463C1F9A4046A20C ] dcevt32 C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe
18:20:19.0503 5824 dcevt32 - ok
18:20:19.0534 5824 [ 305A8757D66B5D416B47C497C27A01FE ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:20:19.0753 5824 DcomLaunch - ok
18:20:19.0769 5824 [ 82AA01CCE9E5DD89DF26700BD1EDD36F ] dcstor32 C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe
18:20:19.0878 5824 dcstor32 - ok
18:20:19.0894 5824 [ 264E592A99801B682C98984588A7D7B5 ] dellcerc C:\WINDOWS\system32\DRIVERS\dellcerc.sys
18:20:20.0003 5824 dellcerc - ok
18:20:20.0019 5824 [ 6217AA084EF7E052F3B5D7C3F67F68AF ] Dfs C:\WINDOWS\system32\Dfssvc.exe
18:20:20.0128 5824 Dfs - ok
18:20:20.0144 5824 [ 444726B01C31D29C70E60F7C35DE43E5 ] DfsDriver C:\WINDOWS\system32\drivers\Dfs.sys
18:20:20.0253 5824 DfsDriver - ok
18:20:20.0269 5824 [ 1201DF9A11FBB0F69EBD22E503D3BC87 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:20:20.0378 5824 Dhcp - ok
18:20:20.0394 5824 [ E0BE3E7F71415351F90AF4CE21ED9DD7 ] DHCPServer C:\WINDOWS\system32\tcpsvcs.exe
18:20:20.0503 5824 DHCPServer - ok
18:20:20.0519 5824 [ 98433302C02F1168EFB7364F8111A179 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:20:20.0628 5824 Disk - ok
18:20:20.0644 5824 dmadmin - ok
18:20:20.0659 5824 [ 89FA376D83042F6F1AED505106A5719D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:20:20.0769 5824 dmboot - ok
18:20:20.0784 5824 [ 15081421EE62DC1C95ABB387D9081571 ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
18:20:20.0894 5824 dmio - ok
18:20:20.0940 5824 [ 3D9BFA13B6F1CD2D91C50C52B32E91A2 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:20:21.0190 5824 dmload - ok
18:20:21.0237 5824 [ 78A11666307820AF94B5712D53DECC55 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:20:21.0347 5824 dmserver - ok
18:20:21.0378 5824 [ A2023CCDF44AFDB476AD310A42444DEC ] DNS C:\WINDOWS\System32\dns.exe
18:20:23.0925 5824 DNS - ok
18:20:23.0956 5824 [ E927F3B46F85D934C8F420FE08593D1B ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:20:23.0972 5824 Dnscache - ok
18:20:24.0003 5824 [ 110406BC22A72E2DCBB0A86E0542AB1C ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:20:24.0097 5824 dpti2o - ok
18:20:24.0128 5824 [ 383182215A2C238E76B86E3B5EDE40EB ] DwMirror C:\WINDOWS\system32\DRIVERS\DamewareMini.sys
18:20:24.0159 5824 DwMirror - ok
18:20:24.0175 5824 DWMRCS - ok
18:20:24.0206 5824 [ 5A402C57F621114C99F813C6AE7BC37A ] dwvkbd C:\WINDOWS\system32\DRIVERS\dwvkbd.sys
18:20:24.0237 5824 dwvkbd - ok
18:20:24.0284 5824 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:20:24.0503 5824 eeCtrl - ok
18:20:24.0519 5824 elxstor - ok
18:20:24.0534 5824 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:20:24.0597 5824 EraserUtilRebootDrv - ok
18:20:24.0753 5824 [ 6F09AE902663735B6BD24198D25F453A ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:20:24.0878 5824 ERSvc - ok
18:20:24.0894 5824 [ CF500580CDD83B145646A4DCFCE1CF3C ] Eventlog C:\WINDOWS\system32\services.exe
18:20:24.0925 5824 Eventlog - ok
18:20:24.0956 5824 [ C17C56E91045E14DF45D62DD89AED50C ] EventSystem C:\WINDOWS\system32\es.dll
18:20:24.0972 5824 EventSystem - ok
18:20:24.0987 5824 [ E792A18ABDC32286212DCE8E75BAA124 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:20:25.0112 5824 Fastfat - ok
18:20:25.0144 5824 [ 5090CD3F6AB1D71AD507953CFF556EA9 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:20:25.0237 5824 Fdc - ok
18:20:25.0284 5824 [ B485AC2EDC466C538BDFF32BC3F2E506 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:20:25.0394 5824 Fips - ok
18:20:25.0409 5824 [ C621A51F415419A3145A5939ABDE39FA ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:20:25.0503 5824 Flpydisk - ok
18:20:25.0534 5824 [ F978277EF786532195CDD9F88E908632 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:20:25.0628 5824 FltMgr - ok
18:20:25.0675 5824 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:20:25.0753 5824 FontCache3.0.0.0 - ok
18:20:25.0784 5824 [ AEBFF3D810B74971B91B2B77B289A98B ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:20:25.0878 5824 Fs_Rec - ok
18:20:25.0894 5824 [ 4C533B70AFA917416AEC57FCBEECB57D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:20:25.0987 5824 Ftdisk - ok
18:20:26.0003 5824 [ 30B1653A955F548352024A5FEE203CC3 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:20:26.0191 5824 Gpc - ok
18:20:26.0237 5824 [ 4CCAD1B9C65695CC6006093E02CBA50D ] halfinchVRTS C:\WINDOWS\system32\DRIVERS\halfinch.sys
18:20:26.0347 5824 halfinchVRTS - ok
18:20:26.0409 5824 [ 90A325E14F9B95F17712707B1A7181B5 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:20:26.0503 5824 HidUsb - ok
18:20:26.0831 5824 [ C9A96F4D46767E65042E7B6C531FB526 ] HP Port Resolver C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
18:20:26.0894 5824 HP Port Resolver - ok
18:20:26.0909 5824 [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
18:20:26.0956 5824 HP Status Server - ok
18:20:27.0003 5824 [ 8A445379D6E73731A6A37318DBB0C880 ] hpcisss C:\WINDOWS\system32\DRIVERS\hpcisss.sys
18:20:27.0128 5824 hpcisss - ok
18:20:27.0144 5824 [ CF54B5F4192FA5F669D13EE700FC9DCE ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
18:20:27.0237 5824 hpn - ok
18:20:27.0253 5824 [ D3704DA43183412DFA0DC1F31051D447 ] hpt3xx C:\WINDOWS\system32\DRIVERS\hpt3xx.sys
18:20:27.0347 5824 hpt3xx - ok
18:20:27.0378 5824 [ 7A5D176C4B43F0A47DA4051C96C56439 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:20:27.0394 5824 HTTP - ok
18:20:27.0409 5824 [ D4B61A935670C57A0DEA81B4F4A12169 ] HTTPFilter C:\WINDOWS\System32\lsass.exe
18:20:27.0503 5824 HTTPFilter - ok
18:20:27.0519 5824 [ F198C5BA41CD0F3983DDAD09EAF77300 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
18:20:27.0612 5824 i2omgmt - ok
18:20:27.0644 5824 [ 615395FC46EEEA7E7E822D4BE8006862 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:20:27.0753 5824 i2omp - ok
18:20:27.0769 5824 [ 68E8FF9EEAF8B37A66CAC2C57835FFBD ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:20:27.0862 5824 i8042prt - ok
18:20:27.0878 5824 Ias - ok
18:20:27.0925 5824 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:20:28.0144 5824 idsvc - ok
18:20:28.0175 5824 [ AA9AB3B793401463BB938ADEF5FA8266 ] iirsp C:\WINDOWS\system32\DRIVERS\iirsp.sys
18:20:28.0269 5824 iirsp - ok
18:20:28.0300 5824 [ 58AC18BC908A78FBA5430D23066D183A ] IISADMIN C:\WINDOWS\system32\inetsrv\inetinfo.exe
18:20:28.0394 5824 IISADMIN - ok
18:20:28.0409 5824 [ 44C132B35921B54B4A9AC64369D86D83 ] imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:20:28.0503 5824 imapi - ok
18:20:28.0519 5824 [ 5DA3013244229422C9CBD91A16A477C4 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:20:28.0612 5824 ImapiService - ok
18:20:28.0675 5824 [ 1690A4BE249BA6195BA7258943CADA58 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
18:20:28.0784 5824 IntelIde - ok
18:20:28.0816 5824 [ 7D7575B971B3A0FE26FAC6F5D58F5180 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:20:28.0925 5824 intelppm - ok
18:20:28.0941 5824 [ D7E7E7898A05C53DD862B49828747C1E ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:20:29.0081 5824 Ip6Fw - ok
18:20:29.0097 5824 [ 5A41F207B7C39EE4918F7496A4F19B14 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:20:29.0206 5824 IpFilterDriver - ok
18:20:29.0222 5824 [ 890E7A14A63AEC2EA9257A79A88BE784 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:20:29.0316 5824 IpNat - ok
18:20:29.0316 5824 Iprip - ok
18:20:29.0347 5824 [ 1A9AEAC49683B32DF55B7FB1516F3028 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:20:29.0472 5824 IPSec - ok
18:20:29.0503 5824 [ C8594550880B16A31C99EC42B106E14F ] ipsraidn C:\WINDOWS\system32\DRIVERS\ipsraidn.sys
18:20:29.0613 5824 ipsraidn - ok
18:20:29.0628 5824 [ 11407EE682A2D5B0248DE8AF0F1A6996 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:20:30.0706 5824 IRENUM - ok
18:20:30.0738 5824 Irmon - ok
18:20:30.0753 5824 [ B71BA04A3B5D4404225CCDBF1969078F ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:20:30.0863 5824 isapnp - ok
18:20:30.0878 5824 [ 1B1A2084540CC1F2E9A297A263D69D23 ] IsmServ C:\WINDOWS\System32\ismserv.exe
18:20:30.0988 5824 IsmServ - ok
18:20:31.0050 5824 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
18:20:31.0159 5824 JavaQuickStarterService - ok
18:20:31.0159 5824 [ E5097A07E14F36ABC21FA18D88F93655 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:20:31.0269 5824 Kbdclass - ok
18:20:31.0316 5824 [ 665F2AE9286DBB05B045CCC02F7BC2F8 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:20:31.0425 5824 kbdhid - ok
18:20:31.0441 5824 [ D4B61A935670C57A0DEA81B4F4A12169 ] kdc C:\WINDOWS\System32\lsass.exe
18:20:31.0534 5824 kdc - ok
18:20:31.0566 5824 [ 7516B5F53A258BF152901554A005B7C4 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:20:31.0581 5824 KSecDD - ok
18:20:31.0613 5824 [ 836EF0055FE63FAD9BD2B899014F9631 ] l2nd C:\WINDOWS\system32\DRIVERS\bxnd52x.sys
18:20:31.0644 5824 l2nd - ok
18:20:31.0675 5824 [ DFC5B13F931461ACC025D76D39AFEC0D ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:20:31.0691 5824 lanmanserver - ok
18:20:31.0706 5824 [ 5E8A9C4673B194DD1181B3F003D4F996 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:20:31.0738 5824 lanmanworkstation - ok
18:20:31.0769 5824 [ 647945B72994E7B4A07F6DA10F1DCD79 ] LicenseService C:\WINDOWS\System32\llssrv.exe
18:20:31.0878 5824 LicenseService - ok
18:20:31.0941 5824 [ 6293E44F4AA06F7FCDA06F4B07CDC0C2 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
18:20:32.0472 5824 LiveUpdate - ok
18:20:32.0503 5824 [ 1916D44188853A53DB93AECC6E6197D0 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:20:32.0613 5824 LmHosts - ok
18:20:32.0644 5824 [ FDD8BA3317E07F2E5AF608468821A093 ] lp6nds35 C:\WINDOWS\system32\DRIVERS\lp6nds35.sys
18:20:32.0738 5824 lp6nds35 - ok
18:20:32.0769 5824 [ 2B85B40189BD301B71A946B62AB3D5D7 ] ManageEngineOpManagerApache C:\PROGRA~1\ADVENT~1\ME\OPMANA~1\apache\bin\Apache.exe
18:20:32.0784 5824 ManageEngineOpManagerApache ( UnsignedFile.Multi.Generic ) - warning
18:20:32.0800 5824 ManageEngineOpManagerApache - detected UnsignedFile.Multi.Generic (1)
18:20:32.0816 5824 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
18:20:32.0863 5824 MBAMProtector - ok
18:20:32.0878 5824 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:20:33.0097 5824 MBAMService - ok
18:20:33.0144 5824 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:20:33.0222 5824 MDM - ok
18:20:33.0253 5824 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:20:33.0284 5824 mdmxsdk - ok
18:20:33.0300 5824 [ C35BB38904D843C0465858195B30DAB7 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:20:33.0394 5824 mnmdd - ok
18:20:33.0409 5824 [ E2D859FA2E90FD1F12CA0806DF8A4B3E ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:20:33.0503 5824 mnmsrvc - ok
18:20:33.0519 5824 [ 81EC1C6D3798B36A92A6D7A355BA2C62 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:20:33.0613 5824 Modem - ok
18:20:33.0628 5824 [ 1D0E6FE331A7B0017DC8F624CB9E16EF ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:20:33.0722 5824 MODEMCSA - ok
18:20:33.0753 5824 [ AA50DA5AB638CE0BAB5F7D5D633110C2 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:20:33.0847 5824 Mouclass - ok
18:20:33.0863 5824 [ 6824B20127716121B53A2EC2BD6739B7 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:20:33.0956 5824 mouhid - ok
18:20:33.0988 5824 [ FC43A7A34309C750B9DAEADF2F6EC9B9 ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:20:34.0097 5824 MountMgr - ok
18:20:34.0113 5824 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:20:34.0191 5824 MozillaMaintenance - ok
18:20:34.0206 5824 [ 91EBE05CA28A514FD563E79DC5466F5E ] mr2kserv C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
18:20:34.0238 5824 mr2kserv ( UnsignedFile.Multi.Generic ) - warning
18:20:34.0238 5824 mr2kserv - detected UnsignedFile.Multi.Generic (1)
18:20:34.0253 5824 [ 4FA93BA7AE719FB6C0A2BE09AC357863 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:20:34.0347 5824 mraid35x - ok
18:20:34.0363 5824 [ AB6DB63A1791F8E86B085291686464FD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:20:34.0378 5824 MRxDAV - ok
18:20:34.0409 5824 [ 16936142FA1D989CF63FD22C8B9D4A6D ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:20:34.0472 5824 MRxSmb - ok
18:20:34.0488 5824 [ 2EAA1763A77BE385B9A71A843C7F159E ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:20:34.0519 5824 MSDTC - ok
18:20:34.0613 5824 [ B4CDB17C573E06DDBFA700CF99158515 ] MSExchangeMGMT C:\Program Files\Exchsrvr\bin\exmgmt.exe
18:20:35.0128 5824 MSExchangeMGMT ( UnsignedFile.Multi.Generic ) - warning
18:20:35.0128 5824 MSExchangeMGMT - detected UnsignedFile.Multi.Generic (1)
18:20:35.0159 5824 [ 8F50B87361585763841C6B603D23260C ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:20:35.0253 5824 Msfs - ok
18:20:35.0300 5824 [ 54819FC5C79E4B2C6E896F9DE440494D ] msftesql$ADVISORSASSIST C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\msftesql.exe
18:20:35.0394 5824 msftesql$ADVISORSASSIST - ok
18:20:35.0425 5824 [ 58AC18BC908A78FBA5430D23066D183A ] MSFtpsvc C:\WINDOWS\system32\inetsrv\inetinfo.exe
18:20:35.0519 5824 MSFtpsvc - ok
18:20:35.0534 5824 MSIServer - ok
18:20:35.0550 5824 [ BAA279ECAAFF6564BA289D38BE2E1E83 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:20:35.0644 5824 MSKSSRV - ok
18:20:35.0675 5824 [ 5D3DE11AF7F2ADF006FB723B0F6B2AFA ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:20:35.0769 5824 MSPCLOCK - ok
18:20:35.0784 5824 [ EE4171D3F3CEAA7386561AAD262F8BD3 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:20:35.0878 5824 MSPQM - ok
18:20:35.0925 5824 [ 92AFAB2F216CE8FFBAD3BC510FCF4A33 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:20:36.0097 5824 mssmbios - ok
18:20:36.0113 5824 MSSQL$ADVISORSASSIST - ok
18:20:36.0128 5824 MSSQL$BKUPEXEC - ok
18:20:36.0160 5824 MSSQL$PRESENTS - ok
18:20:36.0175 5824 MSSQL$SQLEXPRESS - ok
18:20:36.0206 5824 MSSQLSERVER - ok
18:20:36.0238 5824 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:20:36.0300 5824 MSSQLServerADHelper - ok
18:20:36.0331 5824 [ 834560ABEE4EAE62620F4026263AA051 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:20:36.0363 5824 Mup - ok
18:20:36.0456 5824 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120907.020\NAVENG.SYS
18:20:36.0488 5824 NAVENG - ok
18:20:36.0566 5824 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120907.020\NAVEX15.SYS
18:20:37.0222 5824 NAVEX15 - ok
18:20:37.0238 5824 [ 33739AB31D36184772AF1EE132D5C2E2 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:20:37.0347 5824 NDIS - ok
18:20:37.0363 5824 [ 888B08F81B7D8428A37439D15C27F419 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:20:37.0394 5824 NdisTapi - ok
18:20:37.0410 5824 [ 8B8E682B03483092E17AB9DFE70FEDFF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:20:37.0503 5824 Ndisuio - ok
18:20:37.0519 5824 [ 1B397EEF4614419BE5679E0209F7848B ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:20:37.0628 5824 NdisWan - ok
18:20:37.0644 5824 [ 5298ED90BBE5C5EEEDC363EED2888A25 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:20:37.0675 5824 NDProxy - ok
18:20:37.0691 5824 [ A0D5D6AE530CA78A062FC0471F1E6F78 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:20:37.0785 5824 NetBIOS - ok
18:20:37.0800 5824 [ 5CD7CCA08498EC8753B22E92D367CA11 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:20:37.0894 5824 NetBT - ok
18:20:37.0925 5824 [ 13D9A8B63A2A99A88339C0E00B702C92 ] NetDDE C:\WINDOWS\system32\netdde.exe
18:20:38.0019 5824 NetDDE - ok
18:20:38.0035 5824 [ 13D9A8B63A2A99A88339C0E00B702C92 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:20:38.0128 5824 NetDDEdsdm - ok
18:20:38.0160 5824 netflowanalyzer - ok
18:20:38.0175 5824 [ D4B61A935670C57A0DEA81B4F4A12169 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:20:38.0269 5824 Netlogon - ok
18:20:38.0285 5824 [ 12BCFB57162AD17CEA545E362CD886A8 ] Netman C:\WINDOWS\System32\netman.dll
18:20:38.0394 5824 Netman - ok
18:20:38.0410 5824 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:20:38.0535 5824 NetTcpPortSharing - ok
18:20:38.0550 5824 [ 802AB2E85621288FE716A8C91DF733FB ] nfrd960 C:\WINDOWS\system32\DRIVERS\nfrd960.sys
18:20:38.0644 5824 nfrd960 - ok
18:20:38.0660 5824 [ 9C0BF64484E9D297CB3E96DC22765A82 ] Nla C:\WINDOWS\System32\mswsock.dll
18:20:38.0691 5824 Nla - ok
18:20:38.0706 5824 [ BDA076E263A1C2BF190A3DDDD504B3EA ] nm C:\WINDOWS\system32\DRIVERS\NMnt.sys
18:20:38.0816 5824 nm - ok
18:20:38.0831 5824 [ D5BB605F6DCBDFE0129670C8DE57913E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:20:38.0941 5824 Npfs - ok
18:20:38.0972 5824 [ 981756F0532439AA3A1A4AE9DA9F930E ] NtFrs C:\WINDOWS\system32\ntfrs.exe
18:20:39.0175 5824 NtFrs - ok
18:20:39.0222 5824 [ 482EA51AADB8763A0F67588C394EC693 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:20:39.0456 5824 Ntfs - ok
18:20:39.0472 5824 [ D4B61A935670C57A0DEA81B4F4A12169 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:20:39.0566 5824 NtLmSsp - ok
18:20:39.0581 5824 [ FEA5225EF80D5930B86D7A6570BCBBDF ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:20:39.0753 5824 NtmsSvc - ok
18:20:39.0769 5824 [ 5DB0EDE7AAF3A7BC9110D18C12524BE0 ] Null C:\WINDOWS\system32\drivers\Null.sys
18:20:39.0847 5824 Null - ok
18:20:39.0878 5824 [ 238114D2B9DA5A26CD4F6AA7C7687B29 ] nv_agp C:\WINDOWS\system32\DRIVERS\nv_agp.sys
18:20:39.0972 5824 nv_agp - ok
18:20:39.0972 5824 NWCWorkstation - ok
18:20:39.0988 5824 Nwsapagent - ok
18:20:40.0019 5824 [ D52FA9AF66F997057734194CD64E6A85 ] omsad C:\Program Files\Dell\SysMgt\oma\bin\dsm_om_shrsvc32.exe
18:20:40.0144 5824 omsad - ok
18:20:40.0144 5824 OpManager - ok
18:20:40.0160 5824 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:20:40.0191 5824 ose - ok
18:20:40.0238 5824 [ EE3333B36DEB86A0D472F037172DA10A ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:20:40.0331 5824 Parport - ok
18:20:40.0363 5824 [ 4EB6F7418959444A06D3C51EB81BFF04 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:20:40.0456 5824 PartMgr - ok
18:20:40.0503 5824 [ A9D29F3D7AE71B7EA721B53A0C436C66 ] Parvdm C:\WINDOWS\system32\DRIVERS\parvdm.sys
18:20:40.0597 5824 Parvdm - ok
18:20:40.0613 5824 [ 8217000E5C53CE823B3111F339E47C41 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:20:40.0722 5824 PCI - ok
18:20:40.0738 5824 [ 7E3FB50AA22D4ED883C6ABDD40E9C60B ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:20:40.0816 5824 PCIIde - ok
18:20:40.0847 5824 [ FC9F4C9C73E9698357C836BE4628A299 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:20:40.0956 5824 Pcmcia - ok
18:20:40.0972 5824 [ 3472492C0F61F4C5E5E79EE5617ACF31 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
18:20:41.0113 5824 perc2 - ok
18:20:41.0128 5824 [ F7A93284FD163F337C931863C95BDD23 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:20:41.0206 5824 perc2hib - ok
18:20:41.0253 5824 [ 1D743B0D029F9A155BCDD18227FB8CF4 ] percsas C:\WINDOWS\system32\drivers\percsas.sys
18:20:41.0269 5824 percsas - ok
18:20:41.0331 5824 [ CF500580CDD83B145646A4DCFCE1CF3C ] PlugPlay C:\WINDOWS\system32\services.exe
18:20:41.0347 5824 PlugPlay - ok
18:20:41.0363 5824 [ 75CF9DE0A67AF916ED591743DFB69694 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
18:20:41.0410 5824 Pml Driver HPZ12 - ok
18:20:41.0425 5824 [ D4B61A935670C57A0DEA81B4F4A12169 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:20:41.0519 5824 PolicyAgent - ok
18:20:41.0535 5824 [ 4454F2639BCCA93BE86A45137E427277 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:20:41.0628 5824 PptpMiniport - ok
18:20:41.0644 5824 [ D4B61A935670C57A0DEA81B4F4A12169 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:20:41.0722 5824 ProtectedStorage - ok
18:20:41.0738 5824 [ 0320FD91FB5ED4298355977CECFC0EB4 ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:20:41.0847 5824 Ptilink - ok
18:20:41.0878 5824 [ EC6AEE81F80FF7003FCB3697B057E6C7 ] QDLTx32 C:\WINDOWS\system32\DRIVERS\QDLTx32.sys
18:20:41.0894 5824 QDLTx32 - ok
18:20:41.0925 5824 [ 8485BD4C7A781FD1754FF42B1DC36A9A ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:20:42.0019 5824 ql1080 - ok
18:20:42.0066 5824 [ FE6256E7714E96DF9E8DF44A9F3DB791 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:20:42.0191 5824 Ql10wnt - ok
18:20:42.0206 5824 [ CA811EAEB772D19A8D37DB71564368F9 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:20:42.0300 5824 ql12160 - ok
18:20:42.0300 5824 [ 7E88FD1BAA8B3E6510E83A62040582D6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:20:42.0410 5824 ql1240 - ok
18:20:42.0425 5824 [ D78E91DACE023A05FAAF5EE6CE7F289C ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:20:42.0941 5824 ql1280 - ok
18:20:42.0972 5824 [ E6BDB78D0F8108487709EAD87AC848DA ] ql2100 C:\WINDOWS\system32\DRIVERS\ql2100.sys
18:20:43.0082 5824 ql2100 - ok
18:20:43.0160 5824 [ C6587711B694FEB0521AE2639307CF59 ] ql2200 C:\WINDOWS\system32\DRIVERS\ql2200.sys
18:20:43.0222 5824 ql2200 - ok
18:20:43.0238 5824 [ 5D60B4DB95D1A85FE102217F815696A3 ] ql2300 C:\WINDOWS\system32\DRIVERS\ql2300.sys
18:20:43.0425 5824 ql2300 - ok
18:20:43.0441 5824 [ BC56C5CDE66F67A4911A823163FBF16C ] QLTOx32 C:\WINDOWS\system32\DRIVERS\QLTOx32.sys
18:20:43.0503 5824 QLTOx32 - ok
18:20:43.0535 5824 [ 48EE7B6802C0306F9A66F34DB7E9EF75 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:20:43.0628 5824 RasAcd - ok
18:20:43.0644 5824 [ ED67FA5DC9CE0BFC5CCCE4296C684A57 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:20:43.0738 5824 RasAuto - ok
18:20:43.0769 5824 [ 3633175613E052ECB41776DEE2777A89 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:20:43.0863 5824 Rasl2tp - ok
18:20:43.0878 5824 [ 02BC610CC90CA5415EB2C9409E77D583 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:20:43.0988 5824 RasMan - ok
18:20:44.0003 5824 [ 59842F0A22216A71CADE6F89FE84C973 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:20:44.0097 5824 RasPppoe - ok
18:20:44.0113 5824 [ 5B11871DE804D3ED28BBDCC65FE14EDE ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:20:44.0207 5824 Raspti - ok
18:20:44.0222 5824 [ 4496B15C44CCB703FBC54F2CF5B67F15 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:20:44.0253 5824 Rdbss - ok
18:20:44.0269 5824 [ AC5BB528ECD2BEA4FF4BFF9DF9BAF749 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:20:44.0394 5824 RDPCDD - ok
18:20:44.0410 5824 [ FF678596B761E1CCBA79F49981EF51BC ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:20:44.0503 5824 rdpdr - ok
18:20:44.0550 5824 [ 28FDAB66B0378842522FA693B60B6234 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:20:44.0628 5824 RDPWD - ok
18:20:44.0644 5824 [ 81F1CF0ED96E58A391FF83F792C87F3E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:20:44.0753 5824 RDSessMgr - ok
18:20:44.0785 5824 [ C6F8751F3263603935866E71629CFAE4 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:20:44.0863 5824 redbook - ok
18:20:44.0894 5824 [ D8F172C1CA72666D8193E226DA7225F4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:20:44.0988 5824 RemoteAccess - ok
18:20:45.0003 5824 [ 55EFA91D1C0DE44C22D2D83413B06510 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:20:45.0113 5824 RemoteRegistry - ok
18:20:45.0144 5824 [ BB3E59A8FD9747B2D0819124C3ED1CBC ] Reporting C:\Program Files\Common Files\Symantec Shared\Reporting Agents\Win32\ReporterSvc.exe
18:20:45.0441 5824 Reporting - ok
18:20:45.0488 5824 [ 9645EE0A9C91381A50D99BCEFD92F6CC ] ReportServer$ADVISORSASSIST C:\Program Files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe
18:20:45.0535 5824 ReportServer$ADVISORSASSIST - ok
18:20:45.0566 5824 [ A83414D7A45555274E99793AA22D54AB ] RpcLocator C:\WINDOWS\system32\locator.exe
18:20:45.0660 5824 RpcLocator - ok
18:20:45.0675 5824 [ 305A8757D66B5D416B47C497C27A01FE ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:20:45.0738 5824 RpcSs - ok
18:20:45.0800 5824 [ 3357C6EDD71E73110C83F54E35ECDE4D ] RSoPProv C:\WINDOWS\system32\RSoPProv.exe
18:20:45.0894 5824 RSoPProv - ok
18:20:45.0910 5824 [ 34D79729D6E4D1289E08322405045085 ] sacdrv C:\WINDOWS\system32\drivers\sacdrv.sys
18:20:46.0019 5824 sacdrv - ok
18:20:46.0050 5824 [ 77919394900DEC12C8E65CB35D6272FE ] sacsvr C:\WINDOWS\system32\sacsvr.dll
18:20:46.0113 5824 sacsvr - ok
18:20:46.0128 5824 [ D4B61A935670C57A0DEA81B4F4A12169 ] SamSs C:\WINDOWS\system32\lsass.exe
18:20:46.0222 5824 SamSs - ok
18:20:46.0253 5824 [ EDF6B1852A55581ECC6BA18B4E2C6E8E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:20:46.0347 5824 SCardSvr - ok
18:20:46.0378 5824 [ 7E60F04AE424401A14D153CA6E851A85 ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:20:46.0472 5824 Schedule - ok
18:20:46.0488 5824 [ 2B19AFFD072B27FA3DE205E697CD68A8 ] SCSIChanger C:\WINDOWS\system32\DRIVERS\scsichng.sys
18:20:46.0566 5824 SCSIChanger - ok
18:20:46.0582 5824 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:20:46.0613 5824 Secdrv - ok
18:20:46.0628 5824 [ 03911D9A5D15A80301E767F787C0B015 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:20:46.0722 5824 seclogon - ok
18:20:46.0769 5824 [ FF96C3AB41030996FD0F596E22CF4B1B ] semsrv C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe
18:20:46.0863 5824 semsrv - ok
18:20:46.0878 5824 [ 97B6172283112AF7451E4ABE83DD6F24 ] SENS C:\WINDOWS\system32\Sens32.dll
18:20:46.0988 5824 SENS - ok
18:20:47.0003 5824 [ B261D4597BF9A2723B7020207260C72A ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:20:47.0113 5824 serenum - ok
18:20:47.0128 5824 [ 95768FDE08DD34089AA90DCCB5537704 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:20:47.0222 5824 Serial - ok
18:20:47.0238 5824 [ B5A2859FAA8D8D37D24D4F3D6E95D9C2 ] Server Administrator C:\Program Files\Dell\SysMgt\iws\bin\win32\dsm_om_connsvc32.exe
18:20:47.0300 5824 Server Administrator - ok
18:20:47.0378 5824 [ 831826DC54FA225F0B654EF2F1E13AF9 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
18:20:47.0457 5824 Sfloppy - ok
18:20:47.0488 5824 [ 0AF6401BDBD41A8B7AED5C923B8FDF4D ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:20:47.0519 5824 ShellHWDetection - ok
18:20:47.0519 5824 Simbad - ok
18:20:47.0550 5824 [ E7A36BE30C0BD75EEEFC4099CA5429AA ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:20:47.0644 5824 sisagp - ok
18:20:47.0691 5824 [ D916A094DC3B5332CF53F50BDE0D0FAE ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
18:20:48.0003 5824 SmcService - ok
18:20:48.0050 5824 [ D3B6133B0BF6620643E5F36DE1F54AB6 ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
18:20:48.0144 5824 SNAC - ok
18:20:48.0175 5824 [ 5CE1CF27620B144E212D407CDB14D339 ] snapman380 C:\WINDOWS\system32\DRIVERS\snman380.sys
18:20:48.0222 5824 snapman380 - ok
18:20:48.0253 5824 [ E649D2345614E56249CE3F0B64849547 ] SNMP C:\WINDOWS\System32\snmp.exe
18:20:48.0378 5824 SNMP - ok
18:20:48.0394 5824 [ B2A7B19F00D6DD8671FF5EDC142C151B ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
18:20:48.0488 5824 SNMPTRAP - ok
18:20:48.0566 5824 [ D7BB213566E16BCA372E2CB517EDA907 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
18:20:48.0691 5824 SPBBCDrv - ok
18:20:48.0738 5824 [ 30B32E3127D9BBAA1E32394134718070 ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:20:48.0769 5824 Spooler - ok
18:20:48.0785 5824 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:20:48.0910 5824 SQLBrowser - ok
18:20:48.0925 5824 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:20:48.0972 5824 SQLWriter - ok
18:20:49.0004 5824 [ 522651A0E7DC6415E083317370B609CC ] SRTSP C:\WINDOWS\system32\Drivers\SRTSP.SYS
18:20:49.0129 5824 SRTSP - ok
18:20:49.0144 5824 [ 34E823B8D730099D032608FCCCBC6A25 ] SRTSPL C:\WINDOWS\system32\Drivers\SRTSPL.SYS
18:20:49.0222 5824 SRTSPL - ok
18:20:49.0238 5824 [ 469006E15F5B0FE8AE94184A18A81586 ] SRTSPX C:\WINDOWS\system32\Drivers\SRTSPX.SYS
18:20:49.0285 5824 SRTSPX - ok
18:20:49.0300 5824 [ E8B1A07774A9E4FEC3105CBAD49BF289 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:20:49.0379 5824 Srv - ok
18:20:49.0394 5824 [ 0DF3C24094F68A5E5FA77A681E438A46 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:20:49.0535 5824 stisvc - ok
18:20:49.0566 5824 [ 93965919785102BA847545AB460CE2DF ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:20:49.0707 5824 swenum - ok
18:20:49.0722 5824 [ 0BA2F4D23D62F7475A70D1988142D6BD ] swprv C:\WINDOWS\System32\swprv.dll
18:20:49.0832 5824 swprv - ok
18:20:49.0894 5824 [ DD10CB8AA990F89091BC267370FD0843 ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
18:20:50.0316 5824 Symantec AntiVirus - ok
18:20:50.0347 5824 [ 3D05BFDAEF2D2D7EED998BA126FB3466 ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
18:20:50.0441 5824 symc810 - ok
18:20:50.0457 5824 [ 57F992062E8FF2D37572EC5823F956E7 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:20:50.0550 5824 symc8xx - ok
18:20:50.0566 5824 [ E03EE3EF1037099554D17BED99545A5E ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:20:50.0644 5824 SymEvent - ok
18:20:50.0660 5824 [ 868204832E011E2D64281D7EABEE572E ] symmpi C:\WINDOWS\system32\DRIVERS\symmpi.sys
18:20:50.0754 5824 symmpi - ok
18:20:50.0769 5824 [ 1FBDDF0DC4583922C904195823EBD795 ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:20:50.0894 5824 sym_hi - ok
18:20:50.0925 5824 [ EBD31469527AFA05814B3D1A140C24E2 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:20:51.0004 5824 sym_u3 - ok
18:20:51.0050 5824 [ CC8610D2FFAFF19D5C9CF8CE9FFAD71A ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:20:51.0144 5824 SysmonLog - ok
18:20:51.0160 5824 [ CE1FCAF92F06BB8549C9E1B8605B90CC ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:20:51.0269 5824 TapiSrv - ok
18:20:51.0300 5824 [ 238DC2B879D1B37B91F8D5D44F3815D3 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:20:51.0363 5824 Tcpip - ok
18:20:51.0379 5824 [ 45D49FB800463DE84D1CC2E231319AD5 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:20:51.0519 5824 TDPIPE - ok
18:20:51.0519 5824 [ D7C31008DE209B8B11CED207580E9C91 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:20:52.0097 5824 TDTCP - ok
18:20:52.0129 5824 [ DD0C015ABED0A6D8A91A5A221A001014 ] TeamViewer C:\Program Files\TeamViewer3\TeamViewer_Service.exe
18:20:52.0191 5824 TeamViewer - ok
18:20:52.0207 5824 [ A01E46FFF445A38D35DB188C5458582C ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:20:52.0363 5824 TermDD - ok
18:20:52.0394 5824 [ 5F0BD29CBD95465A3AA3CA319BC591A9 ] TermService C:\WINDOWS\System32\termsrv.dll
18:20:52.0504 5824 TermService - ok
18:20:52.0535 5824 [ BC18BEE62E7AEC10B33C149CA3B64EAE ] TermServLicensing C:\WINDOWS\system32\lserver.exe
18:20:52.0691 5824 TermServLicensing - ok
18:20:52.0722 5824 [ E52011FFE8E8947078AC797DF216E5A6 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
18:20:52.0800 5824 tifsfilter - ok
18:20:52.0816 5824 [ F644B9EBA05806EB5D6F2A8716CE0EEE ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
18:20:52.0910 5824 timounter - ok
18:20:52.0941 5824 [ FE7FF05A90C1A24855B1CDC066B959E0 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:20:53.0082 5824 TlntSvr - ok
18:20:53.0097 5824 [ D5A95A19CA6E79633AFDE86FB8D039FD ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
18:20:53.0191 5824 TosIde - ok
18:20:53.0222 5824 [ E21DFFCA5DCB3414BF59433E7288D15B ] tpfilter C:\WINDOWS\System32\Drivers\tpfilter.sys
18:20:53.0269 5824 tpfilter - ok
18:20:53.0300 5824 [ 671FC35E995FFDBCED00202771C6D169 ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:20:53.0394 5824 TrkWks - ok
18:20:53.0425 5824 [ 43992245309838EACD05506B474985E5 ] Tssdis C:\WINDOWS\System32\tssdis.exe
18:20:53.0535 5824 Tssdis - ok
18:20:53.0535 5824 [ C26024265A7523312A5D06FC33AA57AA ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:20:53.0629 5824 Udfs - ok
18:20:53.0675 5824 [ CBA54E96B4F5BA978B325AE4CC58D392 ] uliagpkx C:\WINDOWS\system32\DRIVERS\uliagpkx.sys
18:20:53.0769 5824 uliagpkx - ok
18:20:53.0785 5824 [ B4BFEE4AE295853065F1695A196D9790 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
18:20:53.0879 5824 ultra - ok
18:20:53.0910 5824 [ 997FE835C85D0FB0501DF6664D6FD072 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
18:20:54.0004 5824 UMWdf - ok
18:20:54.0050 5824 [ 4847639D852763EE39415C929470F672 ] UnlockerDriver5 D:\Program Files\Unlocker\UnlockerDriver5.sys
18:20:54.0066 5824 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
18:20:54.0066 5824 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
18:20:54.0082 5824 [ B0E133858E63940755B496761834F334 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:20:54.0238 5824 Update - ok
18:20:54.0254 5824 [ 92C3A632E963A8224FE62AA37C9508F6 ] UPS C:\WINDOWS\System32\ups.exe
18:20:54.0347 5824 UPS - ok
18:20:54.0363 5824 [ 185959A7FCCFD38AA71A274AE6252B88 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:20:54.0457 5824 usbccgp - ok
18:20:54.0472 5824 [ 9DD4ABA9462938734BCBF51D8669C884 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:20:54.0566 5824 usbehci - ok
18:20:54.0566 5824 [ 17859937740BC0D422FE71A588D6DDF7 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:20:54.0675 5824 usbhub - ok
18:20:54.0707 5824 [ 910B3B46DA0FB5520988F351D0719342 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:20:54.0816 5824 usbohci - ok
18:20:54.0816 5824 [ D0740FF9F7E819486E88096826B4DC37 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:20:54.0910 5824 USBSTOR - ok
18:20:54.0925 5824 [ CBD3053337BB475F442A892EDF671312 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:20:55.0019 5824 usbuhci - ok
18:20:55.0066 5824 [ 5CE9331DC4C9E3B1FA4AAEF1B212701F ] vds C:\WINDOWS\System32\vds.exe
18:20:55.0207 5824 vds - ok
18:20:55.0222 5824 [ 2EB062B434792BB6BB614F107DD3A5CF ] vga C:\WINDOWS\system32\DRIVERS\vgapnp.sys
18:20:55.0316 5824 vga - ok
18:20:55.0332 5824 [ 062FBC10147FD837D819F94AA394E661 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:20:55.0425 5824 VgaSave - ok
18:20:55.0425 5824 [ 8F411DF1FC53E2F8581F125B40674EE1 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:20:55.0519 5824 viaagp - ok
18:20:55.0535 5824 [ 19A9A290823D0FDF7316440922DA175E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
18:20:55.0629 5824 ViaIde - ok
18:20:55.0644 5824 [ EA59BE46EE97C0A9C328709CAF8514CB ] VirtFile C:\WINDOWS\system32\DRIVERS\VirtFile.sys
18:20:55.0769 5824 VirtFile - ok
18:20:55.0785 5824 [ 45AE67C387A640EC6E228F30D421F088 ] VolSnap C:\WINDOWS\system32\DRIVERS\volsnap.sys
18:20:55.0879 5824 VolSnap - ok
18:20:55.0910 5824 [ 74A6820792E5BCA5EE4D0CC4595C6916 ] VSS C:\WINDOWS\System32\vssvc.exe
18:20:56.0097 5824 VSS - ok
18:20:56.0129 5824 [ 42CDAE64DA5BEABB51C0C0F613658545 ] W32Time C:\WINDOWS\system32\w32time.dll
18:20:56.0238 5824 W32Time - ok
18:20:56.0269 5824 [ DB0E023EE673896AD1780ACAD3BAB393 ] W3SVC C:\WINDOWS\system32\inetsrv\iisw3adm.dll
18:20:56.0379 5824 W3SVC - ok
18:20:56.0394 5824 [ CE030B1D05A01FA012D32F2D25676B1C ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:20:56.0488 5824 Wanarp - ok
18:20:56.0519 5824 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:20:56.0957 5824 Wdf01000 - ok
18:20:56.0972 5824 WDICA - ok
18:20:56.0988 5824 [ 6F66E66AB1C25C0BD363F2252DB04360 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:20:57.0082 5824 WebClient - ok
18:20:57.0129 5824 [ 52B7C88EE18C31AEA1078671CAEC5FED ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
18:20:57.0160 5824 Wecsvc - ok
18:20:57.0176 5824 [ 5CC011033B758376B6CDF0487649547E ] WGX C:\WINDOWS\system32\Drivers\WGX.SYS
18:20:57.0238 5824 WGX - ok
18:20:57.0285 5824 [ DDB6B2D33BB299664F1470ED4E83C389 ] Winachcf C:\WINDOWS\system32\DRIVERS\winachcf.sys
18:20:57.0441 5824 Winachcf - ok
18:20:57.0472 5824 [ F8D5B9C1A26C933B9EA7740BAB35BCF5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:20:57.0566 5824 winmgmt - ok
18:20:57.0644 5824 [ CE2D930B9B80F16EA0BF7C177B5F4F2D ] WinRM C:\WINDOWS\system32\WsmSvc.dll
18:20:57.0816 5824 WinRM - ok
18:20:57.0832 5824 WINS - ok
18:20:57.0894 5824 [ D346E2F289F23E557DDFB9132D1DAB35 ] WLBS C:\WINDOWS\system32\DRIVERS\wlbs.sys
18:20:58.0035 5824 WLBS - ok
18:20:58.0051 5824 [ 4D32F7BDBF325792AE28D5380DDF6BCF ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
18:20:58.0144 5824 WmdmPmSN - ok
18:20:58.0144 5824 WmdmPmSp - ok
18:20:58.0176 5824 [ 2085B957FB56927A8F3768DE740612C4 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:20:58.0285 5824 Wmi - ok
18:20:58.0301 5824 [ 796D30C693F7B8A717499A9ABEB3AF39 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:20:58.0394 5824 WmiApSrv - ok
18:20:58.0472 5824 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:20:58.0941 5824 WPFFontCache_v0400 - ok
18:20:58.0972 5824 [ 996CEC79B1662044E8462E130A65739E ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:20:59.0066 5824 wuauserv - ok
18:20:59.0113 5824 [ E21B2D0A0D4AB1D2441FE9FCC961C392 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:20:59.0285 5824 WZCSVC - ok
18:20:59.0301 5824 [ C5B83F9A09A3EBFE8A931472F6DA4E38 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:20:59.0394 5824 xmlprov - ok
18:20:59.0426 5824 ================ Scan global ===============================
18:20:59.0426 5824 [ CF34734715FAADCF38BFDAA9E65DCC57 ] C:\WINDOWS\system32\basesrv.dll
18:20:59.0457 5824 [ 829491617349A73A68A4BAD75C4E7AE2 ] C:\WINDOWS\system32\winsrv.dll
18:20:59.0488 5824 [ 829491617349A73A68A4BAD75C4E7AE2 ] C:\WINDOWS\system32\winsrv.dll
18:20:59.0488 5824 [ CF500580CDD83B145646A4DCFCE1CF3C ] C:\WINDOWS\system32\services.exe
18:20:59.0488 5824 [Global] - ok
18:20:59.0488 5824 ================ Scan MBR ==================================
18:20:59.0504 5824 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:20:59.0676 5824 \Device\Harddisk0\DR0 - ok
18:20:59.0691 5824 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
18:20:59.0988 5824 \Device\Harddisk1\DR1 - ok
18:20:59.0988 5824 ================ Scan VBR ==================================
18:20:59.0988 5824 [ DA0379EBBD88DF8D3DD5245BF22E023B ] \Device\Harddisk0\DR0\Partition1
18:20:59.0988 5824 \Device\Harddisk0\DR0\Partition1 - ok
18:21:00.0004 5824 [ 408532AB54C9145E49C4E9A1D99BA6C8 ] \Device\Harddisk1\DR1\Partition1
18:21:00.0004 5824 \Device\Harddisk1\DR1\Partition1 - ok
18:21:00.0004 5824 ============================================================
18:21:00.0004 5824 Scan finished
18:21:00.0004 5824 ============================================================
18:21:00.0113 4476 Detected object count: 6
18:21:00.0113 4476 Actual detected object count: 6
#102
Posted 07 September 2012 - 07:31 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
It's definitely a version of Morto.
Go into regedit and navigate to
[HKEY_LOCAL_MACHINE\SYSTEM\WPA]
Click on WPA and look in the right pane. You should see these values.
"it"=
"id"=
"ie"=
"md"=
Click on md and right click and Delete. It's the payload of the virus. The id one tells it that it's already infected so let's leave the rest. Maybe we will fool it.
Do an export of HKLM\SYSTEM\CurrentControlSet\Services\Sens from the good server and attach it.
the bad sens depends on the 0 service (zero) which autorun is not seeing. Let's see if we can do an sc delete on 0
sc delete 0
Go into regedit and navigate to
[HKEY_LOCAL_MACHINE\SYSTEM\WPA]
Click on WPA and look in the right pane. You should see these values.
"it"=
"id"=
"ie"=
"md"=
Click on md and right click and Delete. It's the payload of the virus. The id one tells it that it's already infected so let's leave the rest. Maybe we will fool it.
Do an export of HKLM\SYSTEM\CurrentControlSet\Services\Sens from the good server and attach it.
the bad sens depends on the 0 service (zero) which autorun is not seeing. Let's see if we can do an sc delete on 0
sc delete 0
#103
Posted 07 September 2012 - 07:42 PM
rahanna
- Topic Starter
-
- Member
-
- 96 posts
Member
Ron,
Before I proceed with your last steps, I have noticed a very strange thing ...
I was waiting for you to respond and took a look at RegEdit and browse to:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
The first [6] lines of the screenshot were there ... Closed RegEdit
Then I launched MalwareBytes to check its log ... Then Closed MalwareBytes
When you responded and I reopened RegEdit and extra line was added with the bad stuff as per my arrow:
XXXXXX87FC2E28
that points to that strange [ xiaopu$ ] user ...
Does that mean anything ??? .... What is going on ???
Before I proceed with your last steps, I have noticed a very strange thing ...
I was waiting for you to respond and took a look at RegEdit and browse to:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
The first [6] lines of the screenshot were there ... Closed RegEdit
Then I launched MalwareBytes to check its log ... Then Closed MalwareBytes
When you responded and I reopened RegEdit and extra line was added with the bad stuff as per my arrow:
XXXXXX87FC2E28
that points to that strange [ xiaopu$ ] user ...
Does that mean anything ??? .... What is going on ???
#104
Posted 07 September 2012 - 07:47 PM
RKinner
-
- Expert
-
- 24,624 posts
Malware Expert
I expect that the file c:\windows\clb.dll is there but you can't see it. When you run regedit it calls clb.dll but stupidly doesn't say where to get it. Windows looks in c:\windows before it looks in c:\windows\system32 so it picks up the malware version. There should be another file C:\windows\system32\clb.dll. See if you can copy it to c:\windows\clb.dll and overwrite the hidden one.
#105
Posted 07 September 2012 - 07:54 PM
rahanna
- Topic Starter
-
- Member
-
- 96 posts
Member
The files clb.dll doesn't exist under c:\Windows
I found it under C:\Windows\System32 as you said dated 2/18/2007
Should I copy it now to c:\Windows ???
I found it under C:\Windows\System32 as you said dated 2/18/2007
Should I copy it now to c:\Windows ???
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
