Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C0000135 %hs reboot loop and Smart HDD virus


  • This topic is locked This topic is locked
49 replies to this topic

#1 mcwhirtj

mcwhirtj

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 19 April 2012 - 08:03 AM

Hi All -

Been reading other posts related to this similar issue and see that many of the recommendations and fixes are somewhat custom to the specific pc/user so....I had a laptop with the SMart HDD as wll as maybe 50 other malware issues on it. I ran Malware bytes and antivirus software to get rid of most of them. During a final recheck and the last pass with Malwarebytes it still tagged about 4 more items that would not seem to go away (get removed) and after attempting one more try at removing those, the laptop will not now startup and is in the endless boot loop with the C0000135 %hs error.....am dead in the water at the moment so looking for next steps.

I saw one entry that had the user started the fix by using the FRST.exe.....but cannot find where to get this program....

Either way, looking for what to do next...and appreciate any help!

PS this site rocks, it has helped me in the past on some other issues!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 AM

Posted 19 April 2012 - 10:34 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mcwhirtj

mcwhirtj
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 20 April 2012 - 06:37 PM

Here are the scan results....

Scan result of Farbar Recovery Scan Tool Version: 19-04-2012
Ran by SYSTEM at 20-04-2012 19:31:58
Running from F:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet [x]
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436224 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [atchk] "C:\Program Files (x86)\Intel\AMT\atchk.exe" [408088 2007-11-09] (Intel Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM [206120 2011-02-01] (SupportSoft, Inc.)
HKLM-x32\...\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2010-12-13] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [115560 2010-07-08] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [624056 2011-08-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKU\jmcwhirt\...\Run: [DW6] [x]
HKU\jmcwhirt\...\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [218032 2006-09-11] (Macrovision Corporation)
HKU\jmcwhirt\...\Run: [baedfbabfbebcedct] "C:\ProgramData\baedfbabfbebcedct.exe" [86016 2012-04-18] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1082440 2012-04-04] (Malwarebytes Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 AEADIFilters; C:\Windows\System32\AEADISRV.EXE [80384 2007-02-06] (Andrea Electronics Corporation)
2 atashost; "C:\Windows\SysWOW64\atashost.exe" [20360 2010-10-29] (WebEx Communications, Inc.)
2 atchksrv; C:\Program Files (x86)\Intel\AMT\atchksrv.exe [182808 2007-11-09] (Intel Corporation)
2 ccEvtMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2010-07-08] (Symantec Corporation)
2 ccSetMgr; "C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2010-07-08] (Symantec Corporation)
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [654848 2009-11-16] (Macrovision Europe Ltd.)
2 hpsrv; C:\Windows\System32\Hpservice.exe [30520 2010-06-15] (Hewlett-Packard Company)
3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
2 IHA_MessageCenter; "C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [151552 2011-07-01] ()
2 IntuitUpdateService; "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)
3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093880 2010-02-17] (Symantec Corporation)
2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [121368 2007-11-09] (Intel Corporation)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [65888 2008-10-25] (Microsoft Corporation)
2 NVIDIA Performance Driver Service; "C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe" [6810728 2009-12-08] ()
2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.)
3 OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe "OracleMTSRecoveryService" [57616 2006-02-01] (Oracle Corporation)
3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe agent_sid=CLRExtProc max_dispatchers=2 tcp_dispatchers=0 max_task_threads=6 max_sessions=25 [45056 2006-02-01] ()
2 OracleXETNSListener; C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [204800 2006-02-01] ()
2 ptumlcmsvc; C:\Windows\system32\ptumlcmsvc64.exe [134144 2011-05-11] (DEVGURU Co., LTD)
2 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe" [3217344 2010-07-08] (Symantec Corporation)
4 SNAC; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE" [419656 2010-07-08] (Symantec Corporation)
2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe /service /p verizondm [206120 2011-02-01] (SupportSoft, Inc.)
2 Symantec AntiVirus; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe" [1822296 2010-07-08] (Symantec Corporation)
2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe /p verizondm [185640 2011-02-01] (SupportSoft, Inc.)
2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [1464856 2007-11-09] (Intel Corporation)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [x]
2 OracleServiceXE; c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [x]

========================== Drivers (Whitelisted) =============

3 Accelerometer; C:\Windows\System32\Drivers\Accelerometer.sys [41272 2010-06-15] (Hewlett-Packard Company)
3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [402432 2008-04-24] (Analog Devices, Inc.)
3 ATSWPDRV; C:\Windows\System32\Drivers\ATSWPDRV.sys [217088 2007-08-28] (AuthenTec, Inc.)
1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2009-09-08] (Citrix Systems, Inc.)
3 e1express; C:\Windows\System32\DRIVERS\e1e6232e.sys [286936 2009-06-05] (Intel Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-12-22] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2011-12-20] (Symantec Corporation)
3 FTDIBUS; C:\Windows\System32\Drivers\FTDIBUS.sys [63808 2007-06-27] (FTDI Ltd.)
3 HBtnKey; C:\Windows\System32\DRIVERS\cpqbttn64.sys [11264 2009-04-20] (Hewlett-Packard Development Company, L.P.)
0 hpdskflt; C:\Windows\System32\Drivers\hpdskflt.sys [30008 2010-06-15] (Hewlett-Packard Company)
3 NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111221.034\ENG64.SYS [117880 2011-12-22] (Symantec Corporation)
3 NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111221.034\EX64.SYS [2048632 2011-12-22] (Symantec Corporation)
3 NWADI; C:\Windows\System32\DRIVERS\NWADIenum.sys [256512 2010-07-08] (Novatel Wireless Inc)
3 NWUSBCDFIL64; C:\Windows\System32\Drivers\NWUSBCDFIL64.sys [25600 2010-07-08] (Novatel Wireless Inc.)
3 NWUSBModem_000; C:\Windows\System32\DRIVERS\nwusbmdm_000.sys [217728 2010-07-08] (Novatel Wireless Inc.)
3 NWUSBPort2_000; C:\Windows\System32\DRIVERS\nwusbser2_000.sys [217728 2010-07-08] (Novatel Wireless Inc.)
3 NWUSBPort_000; C:\Windows\System32\DRIVERS\nwusbser_000.sys [217728 2010-07-08] (Novatel Wireless Inc.)
3 PTUMLBUS; C:\Windows\System32\Drivers\PTUMLBUS.sys [73744 2011-05-11] (DEVGURU Co., LTD.)
3 PTUMLCVsp; C:\Windows\System32\Drivers\PTUMLCVsp.sys [182672 2011-05-11] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTUMLMdm; C:\Windows\System32\Drivers\PTUMLMdm.sys [182672 2011-05-11] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTUMLNET61; C:\Windows\System32\Drivers\PTUMLNET61.sys [104976 2011-05-11] (DEVGURU Co., LTD.)
3 PTUMLNVsp; C:\Windows\System32\Drivers\PTUMLNVsp.sys [183824 2011-05-11] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTUMLRMNET; C:\Windows\System32\Drivers\PTUMLRMNET.sys [69136 2011-05-11] (DEVGURU Co., LTD.)
3 PTUMLVsp; C:\Windows\System32\Drivers\PTUMLVsp.sys [182672 2011-05-11] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismcx64.sys [79488 2006-10-02] (RICOH Company, Ltd.)
3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl64.sys [97280 2010-03-12] (Prolific Technology Inc.)
1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [447536 2010-07-08] (Symantec Corporation)
3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482352 2010-07-08] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2010-07-08] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2010-07-08] (Symantec Corporation)
3 Teefer2; C:\Windows\System32\Drivers\Teefer2.sys [64048 2010-07-08] (Symantec Corporation)
3 TPM; C:\Windows\System32\Drivers\TPM.sys [38400 2009-07-13] (Microsoft Corporation)
1 WPS; \??\C:\Windows\system32\drivers\wpsdrvnt.sys [52784 2010-07-08] (Symantec Corporation)
3 WpsHelper; C:\Windows\System32\Drivers\WpsHelper.sys [225328 2011-12-20] (Symantec Corporation)
3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]
1 vrgjyivp; \??\C:\Windows\system32\drivers\vrgjyivp.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-20 19:31 - 2007-11-07 05:00 - 0000000 ____D C:\FRST
2012-04-18 16:31 - 2012-04-12 00:35 - 0270664 ____A C:\Windows\Minidump\041812-46613-01.dmp
2012-04-18 16:29 - 2012-04-18 16:40 - 0000000 ____D C:\Windows\system64
2012-04-18 16:14 - - 0000522 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-18 13:48 - 2012-04-18 13:48 - 0000176 ___AH C:\Users\All Users\-kajT65L02ntJFzr
2012-04-18 13:48 - 2012-04-18 13:48 - 0000176 ___AH C:\ProgramData\-kajT65L02ntJFzr
2012-04-18 13:48 - 2011-10-24 14:28 - 0000647 ___AH C:\Users\jmcwhirt\Desktop\SMART_HDD.lnk
2012-04-18 13:48 - 2011-01-30 11:29 - 0000256 ___AH C:\Users\All Users\kajT65L02ntJFz
2012-04-18 13:48 - 2011-01-30 11:29 - 0000256 ___AH C:\ProgramData\kajT65L02ntJFz
2012-04-18 13:48 - - 0000000 ___AH C:\Users\All Users\-kajT65L02ntJFz
2012-04-18 13:48 - - 0000000 ___AH C:\ProgramData\-kajT65L02ntJFz
2012-04-17 17:39 - 2012-02-06 17:22 - 0086016 ___AH C:\Users\All Users\baedfbabfbebcedct.exe
2012-04-17 17:39 - 2012-02-06 17:22 - 0086016 ___AH C:\ProgramData\baedfbabfbebcedct.exe
2012-04-12 00:34 - 2012-04-09 19:09 - 0284144 ___AH C:\Windows\Minidump\041212-39296-01.dmp
2012-04-09 19:09 - 2011-01-30 11:32 - 0000000 ___HD C:\Windows\Minidump
2012-04-09 19:09 - 2009-07-13 21:32 - 462414149 ____A C:\Windows\MEMORY.DMP
2012-04-09 19:09 - - 0291368 ___AH C:\Windows\Minidump\040912-35521-01.dmp
2012-04-02 10:00 - 2012-03-27 15:45 - 0003326 ___AH C:\Users\jmcwhirt\Desktop\readme.txt
2012-04-02 09:59 - - 0000000 ___HD C:\Users\jmcwhirt\Desktop\Desert Oasis Survival V2.0
2012-04-02 09:57 - 2012-04-02 09:59 - 9630739 ___AH C:\Users\jmcwhirt\Desktop\Desert.zip
2012-04-02 09:51 - 2012-04-18 13:48 - 0000000 ___HD C:\Users\jmcwhirt\Desktop\Super Hostile - Canopy Carnage
2012-04-02 08:20 - 2012-04-02 07:35 - 0000000 ___HD C:\Users\jmcwhirt\AppData\Roaming\WinRAR
2012-04-02 08:20 - 2011-05-08 15:29 - 1506653 ___AH C:\Users\jmcwhirt\Desktop\WinRar.exe
2012-04-02 08:20 - 2011-05-04 13:01 - 0000000 ___HD C:\Program Files (x86)\WinRAR
2012-04-02 08:12 - 2010-09-28 18:15 - 1506653 ___AH C:\Users\jmcwhirt\Downloads\wrar411.exe
2012-04-02 07:35 - 2011-11-14 18:51 - 0000000 ___HD C:\Users\jmcwhirt\AppData\Roaming\W3i, LLC
2012-04-02 07:35 - 2011-09-21 18:09 - 0000000 ___HD C:\Program Files (x86)\Surf Canyon
2012-04-02 07:35 - 2010-12-19 18:10 - 0000000 ___HD C:\Users\jmcwhirt\AppData\Roaming\com.w3i.fliptoast
2012-04-02 07:35 - 2009-11-16 09:28 - 0000000 ___HD C:\Program Files (x86)\Fliptoast
2012-04-02 07:35 - 2009-07-13 17:03 - 0000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-04-02 07:24 - 2010-08-10 09:27 - 0000000 ___HD C:\Users\jmcwhirt\AppData\Local\Zoom_Downloader
2012-04-02 07:24 - 2010-07-07 07:26 - 0000000 ___HD C:\Users\jmcwhirt\AppData\Local\ApplicationHistory
2012-04-02 07:23 - 2012-04-02 07:35 - 0000000 ___HD C:\Program Files (x86)\Funmoods
2012-04-02 07:23 - 2011-11-14 19:02 - 0000000 ___HD C:\Program Files (x86)\Yontoo
2012-04-02 07:23 - 2011-08-16 06:48 - 0000000 ___HD C:\Program Files\PrivacySafeGuard
2012-04-02 07:23 - 2010-12-07 05:02 - 0000050 ___AH C:\user.js
2012-04-02 07:23 - 2010-10-09 03:29 - 0000000 ___HD C:\Program Files (x86)\Bucksbee Loyalty Plugin - 100815
2012-04-02 07:23 - 2010-07-08 06:37 - 0000000 ___HD C:\Users\All Users\Tarma Installer
2012-04-02 07:23 - 2010-07-08 06:37 - 0000000 ___HD C:\ProgramData\Tarma Installer
2012-03-30 20:23 - 2011-06-15 09:15 - 0013539 ___AH C:\Users\jmcwhirt\Desktop\hs_err_pid4920.log
2012-03-27 15:45 - 2012-03-30 20:23 - 0278561 ___AH C:\Users\jmcwhirt\Desktop\Minecraft.exe

============ 3 Months Modified Files and Folders =============

2012-04-19 01:48 - 2010-04-30 07:57 - 3220676608 __ASH C:\hiberfil.sys
2012-04-19 01:48 - 2009-07-13 20:45 - 0393568 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-18 17:24 - 2010-12-30 14:32 - 1090986 ___AH C:\Windows\ntbtlog.txt
2012-04-18 16:58 - 2009-11-15 16:36 - 0047580 ___AH C:\Windows\PFRO.log
2012-04-18 16:56 - 2011-04-08 05:15 - 1706383 ____A C:\Windows\System32\ptumlacsvc-0.log
2012-04-18 16:56 - 2009-11-15 19:24 - 1232863 ___AH C:\Windows\WindowsUpdate.log
2012-04-18 16:40 - 2009-07-13 20:45 - 0014976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-18 16:40 - 2009-07-13 20:45 - 0014976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-18 16:38 - 2009-07-13 21:13 - 0747422 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-18 16:31 - 2012-04-18 16:31 - 0270664 ____A C:\Windows\Minidump\041812-46613-01.dmp
2012-04-18 16:31 - 2012-04-09 19:09 - 462414149 ____A C:\Windows\MEMORY.DMP
2012-04-18 16:31 - 2012-04-09 19:09 - 0000000 ___HD C:\Windows\Minidump
2012-04-18 16:31 - 2011-06-15 15:33 - 0021532 ___AH C:\Windows\setupact.log
2012-04-18 16:31 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-18 16:29 - 2012-04-18 16:29 - 0000000 ____D C:\Windows\system64
2012-04-18 16:14 - 2012-04-18 16:14 - 0000522 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-18 16:14 - 2010-12-30 12:05 - 0000000 ___HD C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-18 16:13 - 2010-07-08 08:10 - 0000000 ___HD C:\Users\jmcwhirt\AppData\Local\ElevatedDiagnostics
2012-04-18 15:05 - 2009-07-13 18:34 - 0000855 ___RH C:\Windows\System32\Drivers\etc\hosts
2012-04-18 13:56 - 2012-04-17 17:39 - 0086016 ___AH C:\Users\All Users\baedfbabfbebcedct.exe
2012-04-18 13:56 - 2012-04-17 17:39 - 0086016 ___AH C:\ProgramData\baedfbabfbebcedct.exe
2012-04-18 13:48 - 2012-04-18 13:48 - 0000647 ___AH C:\Users\jmcwhirt\Desktop\SMART_HDD.lnk
2012-04-18 13:48 - 2012-04-18 13:48 - 0000256 ___AH C:\Users\All Users\kajT65L02ntJFz
2012-04-18 13:48 - 2012-04-18 13:48 - 0000256 ___AH C:\ProgramData\kajT65L02ntJFz
2012-04-18 13:48 - 2012-04-18 13:48 - 0000176 ___AH C:\Users\All Users\-kajT65L02ntJFzr
2012-04-18 13:48 - 2012-04-18 13:48 - 0000176 ___AH C:\ProgramData\-kajT65L02ntJFzr
2012-04-18 13:48 - 2012-04-18 13:48 - 0000000 ___AH C:\Users\All Users\-kajT65L02ntJFz
2012-04-18 13:48 - 2012-04-18 13:48 - 0000000 ___AH C:\ProgramData\-kajT65L02ntJFz
2012-04-18 13:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-18 13:31 - 2009-11-16 07:39 - 0000031 ___AH C:\dev.ini
2012-04-12 00:35 - 2012-04-12 00:34 - 0284144 ___AH C:\Windows\Minidump\041212-39296-01.dmp
2012-04-11 19:04 - 2009-11-16 09:11 - 0000000 ___HD C:\Program Files (x86)\Microsoft Silverlight
2012-04-10 16:47 - 2010-12-09 19:19 - 0000000 ___HD C:\Users\jmcwhirt\AppData\Roaming\.minecraft
2012-04-09 19:09 - 2012-04-09 19:09 - 0291368 ___AH C:\Windows\Minidump\040912-35521-01.dmp
2012-04-04 11:56 - 2010-12-30 12:05 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-02 09:59 - 2012-04-02 09:59 - 0000000 ___HD C:\Users\jmcwhirt\Desktop\Desert Oasis Survival V2.0
2012-04-02 09:57 - 2012-04-02 09:57 - 9630739 ___AH C:\Users\jmcwhirt\Desktop\Desert.zip
2012-04-02 08:40 - 2012-02-05 10:22 - 0000000 ___HD C:\Users\jmcwhirt\AppData\Roaming\Dropbox
2012-04-02 08:21 - 2012-04-02 08:20 - 0000000 ___HD C:\Users\jmcwhirt\AppData\Roaming\WinRAR
2012-04-02 08:20 - 2012-04-02 08:20 - 1506653 ___AH C:\Users\jmcwhirt\Desktop\WinRar.exe
2012-04-02 08:20 - 2012-04-02 08:20 - 0000000 ___HD C:\Program Files (x86)\WinRAR
2012-04-02 08:18 - 2012-02-05 10:24 - 0000000 __RHD C:\Users\jmcwhirt\Dropbox
2012-04-02 08:17 - 2010-07-07 07:26 - 0000000 ___HD C:\Users\jmcwhirt\AppData\LocalLow
2012-04-02 08:13 - 2012-04-02 07:24 - 0000000 ___HD C:\Users\jmcwhirt\AppData\Local\ApplicationHistory
2012-04-02 08:12 - 2012-04-02 08:12 - 1506653 ___AH C:\Users\jmcwhirt\Downloads\wrar411.exe
2012-04-02 07:35 - 2012-04-02 07:35 - 0000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-04-02 07:35 - 2012-04-02 07:35 - 0000000 ___HD C:\Users\jmcwhirt\AppData\Roaming\W3i, LLC
2012-04-02 07:35 - 2012-04-02 07:35 - 0000000 ___HD C:\Users\jmcwhirt\AppData\Roaming\com.w3i.fliptoast
2012-04-02 07:35 - 2012-04-02 07:35 - 0000000 ___HD C:\Program Files (x86)\Surf Canyon
2012-04-02 07:35 - 2012-04-02 07:35 - 0000000 ___HD C:\Program Files (x86)\Fliptoast
2012-04-02 07:24 - 2012-04-02 07:24 - 0000000 ___HD C:\Users\jmcwhirt\AppData\Local\Zoom_Downloader
2012-04-02 07:24 - 2012-04-02 07:23 - 0000000 ___HD C:\Program Files (x86)\Bucksbee Loyalty Plugin - 100815
2012-04-02 07:23 - 2012-04-02 07:23 - 0000050 ___AH C:\user.js
2012-04-02 07:23 - 2012-04-02 07:23 - 0000000 ___HD C:\Users\All Users\Tarma Installer
2012-04-02 07:23 - 2012-04-02 07:23 - 0000000 ___HD C:\ProgramData\Tarma Installer
2012-04-02 07:23 - 2012-04-02 07:23 - 0000000 ___HD C:\Program Files\PrivacySafeGuard
2012-04-02 07:23 - 2012-04-02 07:23 - 0000000 ___HD C:\Program Files (x86)\Yontoo
2012-04-02 07:23 - 2012-04-02 07:23 - 0000000 ___HD C:\Program Files (x86)\Funmoods
2012-03-30 20:23 - 2012-03-30 20:23 - 0013539 ___AH C:\Users\jmcwhirt\Desktop\hs_err_pid4920.log
2012-03-27 15:45 - 2012-03-27 15:45 - 0278561 ___AH C:\Users\jmcwhirt\Desktop\Minecraft.exe
2012-02-08 19:26 - 2012-02-08 19:26 - 0000000 ___HD C:\Users\jmcwhirt\Documents\TurboTax
2012-02-06 17:44 - 2010-07-07 07:27 - 0112984 ___AH C:\Users\jmcwhirt\AppData\Local\GDIPFONTCACHEV1.DAT
2012-02-06 17:22 - 2010-07-07 07:51 - 0000000 ___HD C:\Users\All Users\Autodesk
2012-02-06 17:22 - 2010-07-07 07:51 - 0000000 ___HD C:\ProgramData\Autodesk
2012-02-06 17:21 - 2010-07-07 08:32 - 0000000 ___HD C:\Program Files\AutoCAD LT 2009
2012-02-06 17:21 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\Help
2012-02-06 17:19 - 2010-12-30 14:47 - 0000000 ____D C:\Windows\System32\appmgmt
2012-02-06 17:16 - 2010-08-13 07:31 - 0001669 ___AH C:\Users\jmcwhirt\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-02-06 17:16 - 2010-04-30 08:02 - 0000000 ___HD C:\Program Files (x86)\Research In Motion
2012-02-06 17:14 - 2011-01-10 11:21 - 0000000 ___HD C:\2010 Holiday Party
2012-02-06 17:04 - 2010-07-07 07:30 - 0000000 ___HD C:\Users\jmcwhirt\Documents\Personal
2012-02-05 10:31 - 2010-07-07 07:34 - 0000000 ___HD C:\Users\jmcwhirt\Documents\outlook
2012-02-05 10:24 - 2010-07-07 07:26 - 0000000 ___HD C:\users\jmcwhirt
2012-01-31 04:44 - 2009-11-15 16:39 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4095.3 MB
Available physical RAM: 3469.2 MB
Total Pagefile: 4093.45 MB
Available Pagefile: 3452.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:148.95 GB) (Free:71.36 GB) NTFS
3 Drive f: (USB DISK) (Removable) (Total:3.82 GB) (Free:3.81 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 1024 KB
Disk 1 Online 3920 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 148 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 148 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 3920 MB 0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================
==========================================================
TDL4: custom:26000022


==========================================================

Last Boot: 2011-05-13 18:10

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 AM

Posted 20 April 2012 - 07:20 PM

Hello


Let me know if it boots back up

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
1 vrgjyivp; \??\C:\Windows\system32\drivers\vrgjyivp.sys [x]
2012-04-18 13:48 - 2012-04-18 13:48 - 0000176 ___AH C:\Users\All Users\-kajT65L02ntJFzr
2012-04-18 13:48 - 2012-04-18 13:48 - 0000176 ___AH C:\ProgramData\-kajT65L02ntJFzr
2012-04-18 13:48 - 2011-10-24 14:28 - 0000647 ___AH C:\Users\jmcwhirt\Desktop\SMART_HDD.lnk
2012-04-18 13:48 - 2011-01-30 11:29 - 0000256 ___AH C:\Users\All Users\kajT65L02ntJFz
2012-04-18 13:48 - 2011-01-30 11:29 - 0000256 ___AH C:\ProgramData\kajT65L02ntJFz
2012-04-18 13:48 - - 0000000 ___AH C:\Users\All Users\-kajT65L02ntJFz
2012-04-18 13:48 - - 0000000 ___AH C:\ProgramData\-kajT65L02ntJFz
2012-04-17 17:39 - 2012-02-06 17:22 - 0086016 ___AH C:\Users\All Users\baedfbabfbebcedct.exe
2012-04-17 17:39 - 2012-02-06 17:22 - 0086016 ___AH C:\ProgramData\baedfbabfbebcedct.exe


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mcwhirtj

mcwhirtj
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 20 April 2012 - 07:53 PM

Here's the results...

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 19-04-2012
Ran by SYSTEM at 2012-04-20 20:51:35 R:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
vrgjyivp service deleted successfully.
C:\Users\All Users\-kajT65L02ntJFzr moved successfully.
C:\ProgramData\-kajT65L02ntJFzr not found.
C:\Users\jmcwhirt\Desktop\SMART_HDD.lnk moved successfully.
C:\Users\All Users\kajT65L02ntJFz moved successfully.
C:\ProgramData\kajT65L02ntJFz not found.
C:\Users\All Users\-kajT65L02ntJFz moved successfully.
C:\ProgramData\-kajT65L02ntJFz not found.
C:\Users\All Users\baedfbabfbebcedct.exe moved successfully.
C:\ProgramData\baedfbabfbebcedct.exe not found.

==== End of Fixlog ====

#6 mcwhirtj

mcwhirtj
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 20 April 2012 - 08:01 PM

Oh, and yes, the laptop booted back up to the user prompt, I logged in, and got to desktop. I will await further instructions.

Thanks!!!

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 AM

Posted 21 April 2012 - 06:44 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 mcwhirtj

mcwhirtj
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 21 April 2012 - 08:15 AM

OK - after about 15 minutes of running the combofix, I got a bluescreen of death...
STOP: c0000005 The instruction at 0x%081x referenced memory at 0x%081x. The memory could not be %s.

There is no log on the thumbdrive due to the lock up.

I restarted laptop, and logged in and am awaiting further instructions....

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 AM

Posted 21 April 2012 - 08:35 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 mcwhirtj

mcwhirtj
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 21 April 2012 - 08:47 AM

OK - Ran the TDSS killer, found one file to cure and another the default choice was delete. corrected both and asked for a reboot which I did. Once rebooted, my desktop is NOW back to the point that started this problem....the multiple windows popping up (maybe 30+) and also a SMART HDD screen saying I have HD errors etc. I cannot seem to get to the TDSS log to send it to you...

Standing by!

#11 mcwhirtj

mcwhirtj
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 21 April 2012 - 08:51 AM

ACtually WAS able to get the log....

09:39:36.0699 5576 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
09:39:37.0011 5576 ============================================================
09:39:37.0011 5576 Current date / time: 2012/04/21 09:39:37.0011
09:39:37.0011 5576 SystemInfo:
09:39:37.0011 5576
09:39:37.0011 5576 OS Version: 6.1.7600 ServicePack: 0.0
09:39:37.0011 5576 Product type: Workstation
09:39:37.0011 5576 ComputerName: JMCWHI2LP-USFOX
09:39:37.0011 5576 UserName: jmcwhirt
09:39:37.0011 5576 Windows directory: C:\Windows
09:39:37.0011 5576 System windows directory: C:\Windows
09:39:37.0011 5576 Running under WOW64
09:39:37.0011 5576 Processor architecture: Intel x64
09:39:37.0011 5576 Number of processors: 2
09:39:37.0011 5576 Page size: 0x1000
09:39:37.0011 5576 Boot type: Normal boot
09:39:37.0011 5576 ============================================================
09:39:38.0287 5576 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:39:38.0304 5576 \Device\Harddisk0\DR0:
09:39:38.0304 5576 MBR partitions:
09:39:38.0304 5576 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:39:38.0305 5576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6000
09:39:38.0338 5576 C: <-> \Device\Harddisk0\DR0\Partition1
09:39:38.0338 5576 Initialize success
09:39:38.0338 5576 ============================================================
09:39:43.0388 5140 ============================================================
09:39:43.0388 5140 Scan started
09:39:43.0388 5140 Mode: Manual;
09:39:43.0388 5140 ============================================================
09:39:44.0542 5140 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
09:39:44.0542 5140 1394ohci - ok
09:39:44.0573 5140 Accelerometer (5aa055fe5ae506e19e9a8f537756ee10) C:\Windows\system32\DRIVERS\Accelerometer.sys
09:39:44.0573 5140 Accelerometer - ok
09:39:44.0620 5140 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
09:39:44.0636 5140 ACPI - ok
09:39:44.0651 5140 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
09:39:44.0651 5140 AcpiPmi - ok
09:39:44.0729 5140 AdfuUd (5f22132c9153639762708909f156b33d) C:\Windows\system32\ifp800.dll
09:39:44.0729 5140 AdfuUd ( Backdoor.Multi.ZAccess.gen ) - infected
09:39:44.0729 5140 AdfuUd - detected Backdoor.Multi.ZAccess.gen (0)
09:39:44.0792 5140 ADIHdAudAddService (7966c2e1d2fc95bd6246ac1e45ba5e31) C:\Windows\system32\drivers\ADIHdAud.sys
09:39:44.0807 5140 ADIHdAudAddService - ok
09:39:44.0932 5140 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:39:44.0932 5140 adp94xx - ok
09:39:44.0963 5140 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:39:44.0963 5140 adpahci - ok
09:39:44.0995 5140 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:39:44.0995 5140 adpu320 - ok
09:39:45.0026 5140 AEADIFilters (460d73f2aed144455d55c18068dbc90d) C:\Windows\system32\AEADISRV.EXE
09:39:45.0026 5140 AEADIFilters - ok
09:39:45.0057 5140 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:39:45.0057 5140 AeLookupSvc - ok
09:39:45.0088 5140 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
09:39:45.0104 5140 AFD - ok
09:39:45.0197 5140 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
09:39:45.0197 5140 agp440 - ok
09:39:45.0213 5140 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:39:45.0229 5140 ALG - ok
09:39:45.0244 5140 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
09:39:45.0244 5140 aliide - ok
09:39:45.0275 5140 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
09:39:45.0275 5140 amdide - ok
09:39:45.0307 5140 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:39:45.0307 5140 AmdK8 - ok
09:39:45.0322 5140 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:39:45.0322 5140 AmdPPM - ok
09:39:45.0369 5140 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
09:39:45.0369 5140 amdsata - ok
09:39:45.0385 5140 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:39:45.0385 5140 amdsbs - ok
09:39:45.0416 5140 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
09:39:45.0431 5140 amdxata - ok
09:39:45.0463 5140 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
09:39:45.0463 5140 AppID - ok
09:39:45.0494 5140 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:39:45.0509 5140 AppIDSvc - ok
09:39:45.0587 5140 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
09:39:45.0603 5140 Appinfo - ok
09:39:45.0681 5140 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:39:45.0697 5140 Apple Mobile Device - ok
09:39:45.0759 5140 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
09:39:45.0759 5140 AppMgmt - ok
09:39:45.0837 5140 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:39:45.0837 5140 arc - ok
09:39:45.0868 5140 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:39:45.0868 5140 arcsas - ok
09:39:45.0899 5140 aspnet_state - ok
09:39:45.0993 5140 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:39:45.0993 5140 AsyncMac - ok
09:39:46.0024 5140 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
09:39:46.0024 5140 atapi - ok
09:39:46.0102 5140 atashost (6e1cbcdaa2b331eece3147b34ce4764e) C:\Windows\SysWOW64\atashost.exe
09:39:46.0102 5140 atashost - ok
09:39:46.0196 5140 atchksrv (4b6b7e979b50cfe80d6eed7fcd8712c3) C:\Program Files (x86)\Intel\AMT\atchksrv.exe
09:39:46.0196 5140 atchksrv - ok
09:39:46.0305 5140 ATSWPDRV (a16da1048a7141d96a96aaafc483e68d) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
09:39:46.0305 5140 ATSWPDRV - ok
09:39:46.0367 5140 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
09:39:46.0383 5140 AudioEndpointBuilder - ok
09:39:46.0399 5140 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
09:39:46.0399 5140 AudioSrv - ok
09:39:46.0461 5140 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
09:39:46.0508 5140 AxInstSV - ok
09:39:46.0555 5140 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:39:46.0570 5140 b06bdrv - ok
09:39:46.0726 5140 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:39:46.0726 5140 b57nd60a - ok
09:39:46.0789 5140 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:39:46.0804 5140 BDESVC - ok
09:39:46.0835 5140 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:39:46.0835 5140 Beep - ok
09:39:46.0882 5140 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
09:39:46.0898 5140 BITS - ok
09:39:46.0929 5140 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:39:46.0945 5140 blbdrive - ok
09:39:47.0054 5140 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
09:39:47.0054 5140 Bonjour Service - ok
09:39:47.0147 5140 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
09:39:47.0147 5140 bowser - ok
09:39:47.0179 5140 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:39:47.0179 5140 BrFiltLo - ok
09:39:47.0210 5140 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:39:47.0210 5140 BrFiltUp - ok
09:39:47.0241 5140 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
09:39:47.0241 5140 BridgeMP - ok
09:39:47.0288 5140 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
09:39:47.0288 5140 Browser - ok
09:39:47.0335 5140 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\system32\DRIVERS\BrSerId.sys
09:39:47.0350 5140 Brserid - ok
09:39:47.0366 5140 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:39:47.0366 5140 BrSerWdm - ok
09:39:47.0381 5140 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:39:47.0381 5140 BrUsbMdm - ok
09:39:47.0397 5140 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\DRIVERS\BrUsbSer.sys
09:39:47.0397 5140 BrUsbSer - ok
09:39:47.0444 5140 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
09:39:47.0444 5140 BthEnum - ok
09:39:47.0491 5140 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:39:47.0491 5140 BTHMODEM - ok
09:39:47.0569 5140 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
09:39:47.0569 5140 BthPan - ok
09:39:47.0615 5140 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
09:39:47.0631 5140 BTHPORT - ok
09:39:47.0678 5140 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:39:47.0693 5140 bthserv - ok
09:39:47.0740 5140 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
09:39:47.0740 5140 BTHUSB - ok
09:39:48.0005 5140 catchme - ok
09:39:48.0130 5140 CAXHWAZL (fdb53a8d3bc52dc29884587e768e3388) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
09:39:48.0130 5140 CAXHWAZL - ok
09:39:48.0224 5140 ccEvtMgr (260a069f403da226d18c058ad14fd3a3) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
09:39:48.0224 5140 ccEvtMgr - ok
09:39:48.0224 5140 ccSetMgr (260a069f403da226d18c058ad14fd3a3) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
09:39:48.0239 5140 ccSetMgr - ok
09:39:48.0317 5140 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:39:48.0317 5140 cdfs - ok
09:39:48.0395 5140 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
09:39:48.0395 5140 cdrom - ok
09:39:48.0458 5140 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
09:39:48.0458 5140 CertPropSvc - ok
09:39:48.0536 5140 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:39:48.0536 5140 circlass - ok
09:39:48.0567 5140 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:39:48.0817 5140 CLFS - ok
09:39:48.0895 5140 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:39:48.0957 5140 clr_optimization_v2.0.50727_32 - ok
09:39:49.0269 5140 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:39:49.0316 5140 clr_optimization_v2.0.50727_64 - ok
09:39:49.0378 5140 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:39:49.0394 5140 clr_optimization_v4.0.30319_32 - ok
09:39:49.0441 5140 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:39:49.0441 5140 clr_optimization_v4.0.30319_64 - ok
09:39:49.0503 5140 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:39:49.0503 5140 CmBatt - ok
09:39:49.0534 5140 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
09:39:49.0534 5140 cmdide - ok
09:39:49.0565 5140 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
09:39:49.0565 5140 CNG - ok
09:39:49.0597 5140 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:39:49.0612 5140 Compbatt - ok
09:39:49.0643 5140 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:39:49.0643 5140 CompositeBus - ok
09:39:49.0659 5140 COMSysApp - ok
09:39:49.0675 5140 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:39:49.0675 5140 crcdisk - ok
09:39:49.0721 5140 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
09:39:49.0721 5140 CryptSvc - ok
09:39:49.0799 5140 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
09:39:49.0799 5140 CSC - ok
09:39:49.0862 5140 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
09:39:49.0877 5140 CscService - ok
09:39:49.0955 5140 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
09:39:49.0955 5140 ctxusbm - ok
09:39:50.0018 5140 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
09:39:50.0018 5140 dc3d - ok
09:39:50.0127 5140 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
09:39:50.0143 5140 DcomLaunch - ok
09:39:50.0221 5140 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:39:50.0236 5140 defragsvc - ok
09:39:50.0299 5140 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
09:39:50.0314 5140 DfsC - ok
09:39:50.0377 5140 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
09:39:50.0579 5140 Dhcp - ok
09:39:50.0611 5140 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:39:50.0611 5140 discache - ok
09:39:50.0673 5140 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:39:50.0673 5140 Disk - ok
09:39:50.0720 5140 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
09:39:50.0735 5140 Dnscache - ok
09:39:50.0767 5140 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
09:39:50.0782 5140 dot3svc - ok
09:39:50.0829 5140 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
09:39:50.0829 5140 DPS - ok
09:39:50.0907 5140 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:39:50.0907 5140 drmkaud - ok
09:39:50.0938 5140 dxandnov - ok
09:39:51.0001 5140 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
09:39:51.0016 5140 DXGKrnl - ok
09:39:51.0079 5140 e1express (099e01a94167ca8bda2cf72037ad0e28) C:\Windows\system32\DRIVERS\e1e6232e.sys
09:39:51.0079 5140 e1express - ok
09:39:51.0094 5140 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:39:51.0094 5140 EapHost - ok
09:39:51.0250 5140 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:39:51.0281 5140 ebdrv - ok
09:39:51.0391 5140 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
09:39:51.0391 5140 eeCtrl - ok
09:39:51.0469 5140 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
09:39:51.0469 5140 EFS - ok
09:39:51.0547 5140 ehRecvr (3d69fae60ede442e004611a4ee4db44c) C:\Windows\ehome\ehRecvr.exe
09:39:51.0578 5140 ehRecvr - ok
09:39:51.0609 5140 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:39:51.0625 5140 ehSched - ok
09:39:51.0749 5140 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:39:51.0765 5140 elxstor - ok
09:39:51.0874 5140 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:39:51.0874 5140 EraserUtilRebootDrv - ok
09:39:51.0983 5140 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
09:39:51.0983 5140 ErrDev - ok
09:39:52.0030 5140 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:39:52.0030 5140 EventSystem - ok
09:39:52.0077 5140 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:39:52.0077 5140 exfat - ok
09:39:52.0108 5140 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:39:52.0108 5140 fastfat - ok
09:39:52.0186 5140 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
09:39:52.0186 5140 Fax - ok
09:39:52.0202 5140 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:39:52.0202 5140 fdc - ok
09:39:52.0233 5140 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:39:52.0249 5140 fdPHost - ok
09:39:52.0342 5140 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:39:52.0342 5140 FDResPub - ok
09:39:52.0420 5140 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:39:52.0420 5140 FileInfo - ok
09:39:52.0451 5140 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:39:52.0451 5140 Filetrace - ok
09:39:52.0529 5140 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:39:52.0545 5140 FLEXnet Licensing Service - ok
09:39:52.0561 5140 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:39:52.0576 5140 flpydisk - ok
09:39:52.0607 5140 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
09:39:52.0607 5140 FltMgr - ok
09:39:52.0670 5140 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
09:39:52.0685 5140 FontCache - ok
09:39:52.0748 5140 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:39:52.0779 5140 FontCache3.0.0.0 - ok
09:39:52.0841 5140 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:39:52.0841 5140 FsDepends - ok
09:39:52.0888 5140 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:39:52.0904 5140 Fs_Rec - ok
09:39:52.0966 5140 FTDIBUS (54891a87ba8dbfac580a3d256f4d2ceb) C:\Windows\system32\drivers\ftdibus.sys
09:39:52.0966 5140 FTDIBUS - ok
09:39:53.0231 5140 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:39:53.0231 5140 fvevol - ok
09:39:53.0263 5140 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:39:53.0263 5140 gagp30kx - ok
09:39:53.0309 5140 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:39:53.0309 5140 GEARAspiWDM - ok
09:39:53.0356 5140 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
09:39:53.0372 5140 gpsvc - ok
09:39:53.0450 5140 HBtnKey (965fc9d0bd1e13b02dc71b77b68092f4) C:\Windows\system32\DRIVERS\cpqbttn64.sys
09:39:53.0450 5140 HBtnKey - ok
09:39:53.0481 5140 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:39:53.0481 5140 hcw85cir - ok
09:39:53.0543 5140 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
09:39:53.0543 5140 HdAudAddService - ok
09:39:53.0606 5140 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:39:53.0606 5140 HDAudBus - ok
09:39:53.0653 5140 HECIx64 (592ea3f6bdeacf3e434bfca290eea5a0) C:\Windows\system32\DRIVERS\HECIx64.sys
09:39:53.0653 5140 HECIx64 - ok
09:39:53.0684 5140 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:39:53.0684 5140 HidBatt - ok
09:39:53.0699 5140 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:39:53.0699 5140 HidBth - ok
09:39:53.0715 5140 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:39:53.0715 5140 HidIr - ok
09:39:53.0731 5140 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
09:39:53.0746 5140 hidserv - ok
09:39:53.0824 5140 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
09:39:53.0824 5140 HidUsb - ok
09:39:53.0855 5140 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
09:39:53.0871 5140 hkmsvc - ok
09:39:53.0902 5140 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
09:39:53.0918 5140 HomeGroupListener - ok
09:39:53.0965 5140 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
09:39:53.0965 5140 HomeGroupProvider - ok
09:39:54.0089 5140 hpdskflt (0ac88fbe4bf315f5f8fd862426c11540) C:\Windows\system32\DRIVERS\hpdskflt.sys
09:39:54.0089 5140 hpdskflt - ok
09:39:54.0152 5140 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
09:39:54.0152 5140 HpSAMD - ok
09:39:54.0401 5140 hpsrv (778ce2c015dec896c5c9323342bd71d4) C:\Windows\system32\Hpservice.exe
09:39:54.0401 5140 hpsrv - ok
09:39:54.0526 5140 HSF_DPV (e90d0e3d9715f3bec7db2d6321dddee8) C:\Windows\system32\DRIVERS\CAX_DPV.sys
09:39:54.0557 5140 HSF_DPV - ok
09:39:54.0635 5140 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
09:39:54.0651 5140 HTTP - ok
09:39:54.0667 5140 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
09:39:54.0682 5140 hwpolicy - ok
09:39:54.0823 5140 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
09:39:54.0823 5140 i8042prt - ok
09:39:54.0916 5140 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
09:39:54.0916 5140 iaStorV - ok
09:39:55.0010 5140 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:39:55.0025 5140 IDriverT - ok
09:39:55.0150 5140 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:39:55.0181 5140 idsvc - ok
09:39:55.0322 5140 IHA_MessageCenter (2889b2fa2487b848b59a031755e2a618) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
09:39:55.0322 5140 IHA_MessageCenter - ok
09:39:55.0431 5140 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:39:55.0431 5140 iirsp - ok
09:39:55.0525 5140 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
09:39:55.0540 5140 IKEEXT - ok
09:39:55.0571 5140 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
09:39:55.0571 5140 intelide - ok
09:39:55.0603 5140 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:39:55.0603 5140 intelppm - ok
09:39:55.0759 5140 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
09:39:55.0759 5140 IntuitUpdateService - ok
09:39:55.0837 5140 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:39:55.0837 5140 IPBusEnum - ok
09:39:55.0899 5140 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:39:55.0899 5140 IpFilterDriver - ok
09:39:55.0915 5140 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:39:55.0915 5140 IPMIDRV - ok
09:39:55.0961 5140 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:39:55.0961 5140 IPNAT - ok
09:39:56.0024 5140 iPod Service (9b812a3484d89eb934982d67fb7d9313) C:\Program Files\iPod\bin\iPodService.exe
09:39:56.0039 5140 iPod Service - ok
09:39:56.0102 5140 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:39:56.0102 5140 IRENUM - ok
09:39:56.0133 5140 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
09:39:56.0133 5140 isapnp - ok
09:39:56.0211 5140 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
09:39:56.0227 5140 iScsiPrt - ok
09:39:56.0305 5140 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
09:39:56.0305 5140 kbdclass - ok
09:39:56.0383 5140 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
09:39:56.0383 5140 kbdhid - ok
09:39:56.0414 5140 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
09:39:56.0429 5140 KeyIso - ok
09:39:56.0663 5140 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
09:39:56.0679 5140 KSecDD - ok
09:39:56.0741 5140 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
09:39:56.0757 5140 KSecPkg - ok
09:39:56.0804 5140 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:39:56.0804 5140 ksthunk - ok
09:39:56.0851 5140 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:39:56.0866 5140 KtmRm - ok
09:39:56.0960 5140 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\System32\srvsvc.dll
09:39:56.0960 5140 LanmanServer - ok
09:39:57.0007 5140 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
09:39:57.0007 5140 LanmanWorkstation - ok
09:39:57.0116 5140 LiveUpdate (6105b28f5d03c4affa7197b228768849) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
09:39:57.0147 5140 LiveUpdate - ok
09:39:57.0225 5140 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:39:57.0225 5140 lltdio - ok
09:39:57.0287 5140 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:39:57.0303 5140 lltdsvc - ok
09:39:57.0334 5140 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:39:57.0334 5140 lmhosts - ok
09:39:57.0412 5140 LMS (bb49a999f4e44da120147fa367f41747) C:\Program Files (x86)\Intel\AMT\LMS.exe
09:39:57.0412 5140 LMS - ok
09:39:57.0459 5140 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:39:57.0459 5140 LSI_FC - ok
09:39:57.0475 5140 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:39:57.0475 5140 LSI_SAS - ok
09:39:57.0537 5140 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:39:57.0537 5140 LSI_SAS2 - ok
09:39:57.0584 5140 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:39:57.0584 5140 LSI_SCSI - ok
09:39:57.0615 5140 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:39:57.0615 5140 luafv - ok
09:39:57.0693 5140 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
09:39:57.0693 5140 Mcx2Svc - ok
09:39:57.0740 5140 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:39:57.0740 5140 mdmxsdk - ok
09:39:57.0755 5140 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:39:57.0755 5140 megasas - ok
09:39:57.0802 5140 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:39:57.0802 5140 MegaSR - ok
09:39:57.0880 5140 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
09:39:57.0911 5140 Microsoft Office Groove Audit Service - ok
09:39:57.0974 5140 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:39:57.0989 5140 MMCSS - ok
09:39:58.0036 5140 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:39:58.0036 5140 Modem - ok
09:39:58.0411 5140 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:39:58.0411 5140 monitor - ok
09:39:58.0473 5140 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:39:58.0473 5140 mouclass - ok
09:39:58.0520 5140 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:39:58.0520 5140 mouhid - ok
09:39:58.0567 5140 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
09:39:58.0567 5140 mountmgr - ok
09:39:58.0645 5140 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
09:39:58.0660 5140 MpFilter - ok
09:39:58.0707 5140 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
09:39:58.0707 5140 mpio - ok
09:39:58.0910 5140 MpKslfc8252c6 (0ebb390b7aeec45ec061d9870a34fd42) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8B380FD7-3E64-454E-9049-F14418E2D740}\MpKslfc8252c6.sys
09:39:58.0910 5140 MpKslfc8252c6 - ok
09:39:58.0988 5140 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
09:39:58.0988 5140 MpNWMon - ok
09:39:59.0035 5140 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:39:59.0035 5140 mpsdrv - ok
09:39:59.0113 5140 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
09:39:59.0113 5140 MRxDAV - ok
09:39:59.0159 5140 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:39:59.0159 5140 mrxsmb - ok
09:39:59.0191 5140 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:39:59.0191 5140 mrxsmb10 - ok
09:39:59.0222 5140 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:39:59.0222 5140 mrxsmb20 - ok
09:39:59.0237 5140 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
09:39:59.0237 5140 msahci - ok
09:39:59.0269 5140 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
09:39:59.0269 5140 msdsm - ok
09:39:59.0315 5140 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:39:59.0331 5140 MSDTC - ok
09:39:59.0440 5140 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:39:59.0440 5140 Msfs - ok
09:39:59.0456 5140 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:39:59.0456 5140 mshidkmdf - ok
09:39:59.0487 5140 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
09:39:59.0487 5140 msisadrv - ok
09:39:59.0518 5140 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:39:59.0549 5140 MSiSCSI - ok
09:39:59.0565 5140 msiserver - ok
09:39:59.0596 5140 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:39:59.0596 5140 MSKSSRV - ok
09:39:59.0705 5140 MsMpSvc (64e69a217d861776ca848b453fb96d71) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
09:39:59.0705 5140 MsMpSvc - ok
09:39:59.0737 5140 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:39:59.0737 5140 MSPCLOCK - ok
09:39:59.0752 5140 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:39:59.0752 5140 MSPQM - ok
09:39:59.0783 5140 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
09:39:59.0783 5140 MsRPC - ok
09:39:59.0877 5140 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
09:39:59.0877 5140 mssmbios - ok
09:39:59.0908 5140 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:39:59.0908 5140 MSTEE - ok
09:39:59.0939 5140 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:39:59.0939 5140 MTConfig - ok
09:39:59.0971 5140 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:39:59.0971 5140 Mup - ok
09:40:00.0002 5140 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
09:40:00.0002 5140 napagent - ok
09:40:00.0049 5140 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:40:00.0049 5140 NativeWifiP - ok
09:40:00.0189 5140 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111221.034\ENG64.SYS
09:40:00.0189 5140 NAVENG - ok
09:40:00.0345 5140 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111221.034\EX64.SYS
09:40:00.0361 5140 NAVEX15 - ok
09:40:00.0485 5140 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
09:40:00.0501 5140 NDIS - ok
09:40:00.0563 5140 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:40:00.0563 5140 NdisCap - ok
09:40:00.0610 5140 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:40:00.0610 5140 NdisTapi - ok
09:40:00.0657 5140 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
09:40:00.0657 5140 Ndisuio - ok
09:40:00.0844 5140 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:40:00.0844 5140 NdisWan - ok
09:40:00.0938 5140 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
09:40:00.0938 5140 NDProxy - ok
09:40:01.0016 5140 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
09:40:01.0016 5140 Net Driver HPZ12 - ok
09:40:01.0047 5140 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:40:01.0047 5140 NetBIOS - ok
09:40:01.0078 5140 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
09:40:01.0078 5140 NetBT - ok
09:40:01.0109 5140 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
09:40:01.0109 5140 Netlogon - ok
09:40:01.0172 5140 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:40:01.0172 5140 Netman - ok
09:40:01.0203 5140 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:40:01.0203 5140 netprofm - ok
09:40:01.0297 5140 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:40:01.0297 5140 NetTcpPortSharing - ok
09:40:01.0468 5140 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
09:40:01.0531 5140 netw5v64 - ok
09:40:01.0640 5140 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:40:01.0640 5140 nfrd960 - ok
09:40:01.0702 5140 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:40:01.0702 5140 NisDrv - ok
09:40:01.0811 5140 NisSrv (c67e39d2968400b38f54a10822e6eacf) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
09:40:01.0843 5140 NisSrv - ok
09:40:01.0905 5140 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
09:40:01.0936 5140 NlaSvc - ok
09:40:01.0967 5140 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:40:01.0967 5140 Npfs - ok
09:40:01.0983 5140 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:40:01.0983 5140 nsi - ok
09:40:02.0201 5140 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:40:02.0201 5140 nsiproxy - ok
09:40:02.0279 5140 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
09:40:02.0311 5140 Ntfs - ok
09:40:02.0326 5140 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:40:02.0326 5140 Null - ok
09:40:02.0560 5140 NVIDIA Performance Driver Service (53a7e1dea2e7fa22fd4f0c28c078f5a0) C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
09:40:02.0654 5140 NVIDIA Performance Driver Service - ok
09:40:03.0028 5140 nvlddmkm (5ebeb2b347cef3e2e9c8dd1c62880ad2) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:40:03.0293 5140 nvlddmkm - ok
09:40:03.0387 5140 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
09:40:03.0387 5140 nvraid - ok
09:40:03.0418 5140 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
09:40:03.0434 5140 nvstor - ok
09:40:03.0481 5140 nvsvc (8d264712b49c366489e79849c99a2842) C:\Windows\system32\nvvsvc.exe
09:40:03.0481 5140 nvsvc - ok
09:40:03.0496 5140 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
09:40:03.0496 5140 nv_agp - ok
09:40:03.0543 5140 NWADI (6eeb54e34603dd417ece187c8402320a) C:\Windows\system32\DRIVERS\NWADIenum.sys
09:40:03.0559 5140 NWADI - ok
09:40:03.0605 5140 NWUSBCDFIL64 (d944d4341429093f55cb7f0ec87c86b3) C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys
09:40:03.0605 5140 NWUSBCDFIL64 - ok
09:40:03.0621 5140 NWUSBModem_000 (877ce72712d7860fd815884438d824b8) C:\Windows\system32\DRIVERS\nwusbmdm_000.sys
09:40:03.0621 5140 NWUSBModem_000 - ok
09:40:03.0668 5140 NWUSBPort2_000 (877ce72712d7860fd815884438d824b8) C:\Windows\system32\DRIVERS\nwusbser2_000.sys
09:40:03.0668 5140 NWUSBPort2_000 - ok
09:40:03.0730 5140 NWUSBPort_000 (877ce72712d7860fd815884438d824b8) C:\Windows\system32\DRIVERS\nwusbser_000.sys
09:40:03.0730 5140 NWUSBPort_000 - ok
09:40:03.0839 5140 NWVZHelper (6f67805ebe1c879de008ed21bfcf2f02) C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
09:40:03.0855 5140 NWVZHelper - ok
09:40:04.0167 5140 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:40:04.0229 5140 odserv - ok
09:40:04.0323 5140 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
09:40:04.0323 5140 ohci1394 - ok
09:40:04.0385 5140 OracleJobSchedulerXE - ok
09:40:04.0401 5140 OracleMTSRecoveryService - ok
09:40:04.0417 5140 OracleServiceXE - ok
09:40:04.0432 5140 OracleXEClrAgent - ok
09:40:04.0510 5140 OracleXETNSListener (8af936ce45788974efff7d0f19143583) C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
09:40:04.0526 5140 OracleXETNSListener - ok
09:40:04.0619 5140 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:40:04.0666 5140 ose - ok
09:40:04.0775 5140 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:40:04.0775 5140 p2pimsvc - ok
09:40:04.0822 5140 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:40:04.0838 5140 p2psvc - ok
09:40:04.0885 5140 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:40:04.0885 5140 Parport - ok
09:40:04.0916 5140 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
09:40:04.0916 5140 partmgr - ok
09:40:04.0931 5140 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:40:04.0947 5140 PcaSvc - ok
09:40:04.0963 5140 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
09:40:04.0963 5140 pci - ok
09:40:04.0978 5140 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
09:40:04.0978 5140 pciide - ok
09:40:05.0009 5140 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:40:05.0009 5140 pcmcia - ok
09:40:05.0025 5140 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:40:05.0025 5140 pcw - ok
09:40:05.0056 5140 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:40:05.0072 5140 PEAUTH - ok
09:40:05.0228 5140 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
09:40:05.0243 5140 PeerDistSvc - ok
09:40:05.0321 5140 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:40:05.0337 5140 PerfHost - ok
09:40:05.0431 5140 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
09:40:05.0477 5140 pla - ok
09:40:05.0571 5140 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
09:40:05.0571 5140 PlugPlay - ok
09:40:05.0649 5140 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
09:40:05.0649 5140 Pml Driver HPZ12 - ok
09:40:05.0711 5140 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:40:05.0711 5140 PNRPAutoReg - ok
09:40:05.0743 5140 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:40:05.0743 5140 PNRPsvc - ok
09:40:05.0789 5140 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
09:40:05.0805 5140 PolicyAgent - ok
09:40:05.0945 5140 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:40:05.0945 5140 Power - ok
09:40:06.0023 5140 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
09:40:06.0023 5140 PptpMiniport - ok
09:40:06.0055 5140 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:40:06.0055 5140 Processor - ok
09:40:06.0117 5140 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
09:40:06.0117 5140 ProfSvc - ok
09:40:06.0491 5140 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
09:40:06.0491 5140 ProtectedStorage - ok
09:40:06.0569 5140 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
09:40:06.0569 5140 Psched - ok
09:40:06.0647 5140 PTUMLBUS (1ff1e1fc2bdeb3b69eaa0692b0b0898c) C:\Windows\system32\DRIVERS\PTUMLBUS.sys
09:40:06.0647 5140 PTUMLBUS - ok
09:40:06.0725 5140 ptumlcmsvc (ecedec0ef0f0b839e0f55d389f523492) C:\Windows\system32\ptumlcmsvc64.exe
09:40:06.0725 5140 ptumlcmsvc - ok
09:40:06.0803 5140 PTUMLCVsp (edc39408d9ff6c16e309865efe86b611) C:\Windows\system32\DRIVERS\PTUMLCVsp.sys
09:40:06.0803 5140 PTUMLCVsp - ok
09:40:06.0881 5140 PTUMLMdm (3266a00765bb9a7422d6b494a33a5fe9) C:\Windows\system32\DRIVERS\PTUMLMdm.sys
09:40:06.0881 5140 PTUMLMdm - ok
09:40:06.0944 5140 PTUMLNET61 (871431653b2ae3c79407e9c71d6099b3) C:\Windows\system32\DRIVERS\PTUMLNET61.sys
09:40:06.0959 5140 PTUMLNET61 - ok
09:40:07.0022 5140 PTUMLNVsp (207e687c55d7893ff9505699f91aeb64) C:\Windows\system32\DRIVERS\PTUMLNVsp.sys
09:40:07.0037 5140 PTUMLNVsp - ok
09:40:07.0100 5140 PTUMLRMNET (2630717057e3c7232dd57d97c4aae11d) C:\Windows\system32\DRIVERS\PTUMLRMNET.sys
09:40:07.0100 5140 PTUMLRMNET - ok
09:40:07.0131 5140 PTUMLVsp (99b4c62c6a98f89e4f06d2b8092bfd9e) C:\Windows\system32\DRIVERS\PTUMLVsp.sys
09:40:07.0147 5140 PTUMLVsp - ok
09:40:07.0178 5140 PxHlpa64 (a6bf0a9b5a30d743623ca0d3be35df05) C:\Windows\system32\Drivers\PxHlpa64.sys
09:40:07.0193 5140 PxHlpa64 - ok
09:40:07.0256 5140 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:40:07.0287 5140 ql2300 - ok
09:40:07.0318 5140 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:40:07.0318 5140 ql40xx - ok
09:40:07.0365 5140 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:40:07.0381 5140 QWAVE - ok
09:40:07.0443 5140 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:40:07.0443 5140 QWAVEdrv - ok
09:40:07.0474 5140 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:40:07.0474 5140 RasAcd - ok
09:40:07.0537 5140 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:40:07.0537 5140 RasAgileVpn - ok
09:40:07.0568 5140 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:40:07.0583 5140 RasAuto - ok
09:40:07.0615 5140 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:40:07.0615 5140 Rasl2tp - ok
09:40:07.0630 5140 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
09:40:07.0646 5140 RasMan - ok
09:40:07.0661 5140 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:40:07.0661 5140 RasPppoe - ok
09:40:07.0677 5140 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:40:07.0677 5140 RasSstp - ok
09:40:07.0708 5140 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
09:40:07.0708 5140 rdbss - ok
09:40:07.0724 5140 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:40:07.0724 5140 rdpbus - ok
09:40:07.0755 5140 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:40:07.0755 5140 RDPCDD - ok
09:40:07.0786 5140 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
09:40:07.0786 5140 RDPDR - ok
09:40:07.0880 5140 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:40:07.0880 5140 RDPENCDD - ok
09:40:07.0911 5140 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:40:07.0911 5140 RDPREFMP - ok
09:40:07.0942 5140 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
09:40:07.0942 5140 RDPWD - ok
09:40:07.0989 5140 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
09:40:07.0989 5140 rdyboost - ok
09:40:08.0036 5140 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:40:08.0051 5140 RemoteAccess - ok
09:40:08.0083 5140 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:40:08.0098 5140 RemoteRegistry - ok
09:40:08.0161 5140 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
09:40:08.0176 5140 RFCOMM - ok
09:40:08.0239 5140 RICOH SmartCard Reader (b416fa425949575a730260cc7aed8136) C:\Windows\system32\DRIVERS\rismcx64.sys
09:40:08.0239 5140 RICOH SmartCard Reader - ok
09:40:08.0317 5140 rimmptsk (528d70eabe8305a02f387fec839b9a47) C:\Windows\system32\DRIVERS\rimmpx64.sys
09:40:08.0317 5140 rimmptsk - ok
09:40:08.0363 5140 RimUsb - ok
09:40:08.0441 5140 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
09:40:08.0441 5140 RimVSerPort - ok
09:40:08.0504 5140 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
09:40:08.0504 5140 ROOTMODEM - ok
09:40:08.0597 5140 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:40:08.0597 5140 RpcEptMapper - ok
09:40:08.0644 5140 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:40:08.0644 5140 RpcLocator - ok
09:40:08.0691 5140 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
09:40:08.0691 5140 RpcSs - ok
09:40:08.0769 5140 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:40:08.0769 5140 rspndr - ok
09:40:08.0800 5140 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
09:40:08.0800 5140 s3cap - ok
09:40:08.0816 5140 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
09:40:08.0816 5140 SamSs - ok
09:40:08.0863 5140 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
09:40:08.0863 5140 sbp2port - ok
09:40:08.0878 5140 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:40:08.0878 5140 SCardSvr - ok
09:40:08.0909 5140 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
09:40:08.0909 5140 scfilter - ok
09:40:08.0956 5140 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
09:40:08.0972 5140 Schedule - ok
09:40:09.0019 5140 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
09:40:09.0019 5140 SCPolicySvc - ok
09:40:09.0097 5140 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
09:40:09.0112 5140 sdbus - ok
09:40:09.0128 5140 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
09:40:09.0143 5140 SDRSVC - ok
09:40:09.0175 5140 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:40:09.0206 5140 secdrv - ok
09:40:09.0237 5140 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
09:40:09.0237 5140 seclogon - ok
09:40:09.0268 5140 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
09:40:09.0268 5140 SENS - ok
09:40:09.0284 5140 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:40:09.0284 5140 SensrSvc - ok
09:40:09.0331 5140 Ser2pl (9f6490423ac3271e84a90a0dd9d30a3b) C:\Windows\system32\DRIVERS\ser2pl64.sys
09:40:09.0331 5140 Ser2pl - ok
09:40:09.0377 5140 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:40:09.0377 5140 Serenum - ok
09:40:09.0409 5140 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:40:09.0409 5140 Serial - ok
09:40:09.0440 5140 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:40:09.0440 5140 sermouse - ok
09:40:09.0518 5140 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
09:40:09.0518 5140 SessionEnv - ok
09:40:09.0549 5140 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
09:40:09.0549 5140 sffdisk - ok
09:40:09.0580 5140 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:40:09.0580 5140 sffp_mmc - ok
09:40:09.0643 5140 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:40:09.0643 5140 sffp_sd - ok
09:40:09.0674 5140 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:40:09.0674 5140 sfloppy - ok
09:40:09.0736 5140 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
09:40:09.0752 5140 SharedAccess - ok
09:40:09.0799 5140 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
09:40:09.0799 5140 ShellHWDetection - ok
09:40:09.0814 5140 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:40:09.0814 5140 SiSRaid2 - ok
09:40:09.0861 5140 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:40:09.0861 5140 SiSRaid4 - ok
09:40:09.0877 5140 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:40:09.0877 5140 Smb - ok
09:40:10.0017 5140 SmcService (9b34cd63a68aa922a1a30b449a626a7f) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
09:40:10.0064 5140 SmcService - ok
09:40:10.0376 5140 SNAC (c2e9b4e50cf3a15255b45a7c7a0a881e) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
09:40:10.0407 5140 SNAC - ok
09:40:10.0501 5140 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:40:10.0516 5140 SNMPTRAP - ok
09:40:10.0563 5140 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:40:10.0579 5140 spldr - ok
09:40:10.0594 5140 Spooler (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe
09:40:10.0610 5140 Spooler - ok
09:40:10.0766 5140 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
09:40:10.0813 5140 sppsvc - ok
09:40:10.0906 5140 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:40:10.0922 5140 sppuinotify - ok
09:40:11.0000 5140 sprtsvc_verizondm - ok
09:40:11.0062 5140 SRTSP (b531fc8918dcdaae638511a123c3465e) C:\Windows\system32\Drivers\SRTSP64.SYS
09:40:11.0062 5140 SRTSP - ok
09:40:11.0093 5140 SRTSPL (2bd3a73d0601320b72486fc3ebc2544f) C:\Windows\system32\Drivers\SRTSPL64.SYS
09:40:11.0093 5140 SRTSPL - ok
09:40:11.0125 5140 SRTSPX (529b337c1aeeb289f0b502eb0ee6a8f5) C:\Windows\system32\Drivers\SRTSPX64.SYS
09:40:11.0125 5140 SRTSPX - ok
09:40:11.0156 5140 srv (37c3abc2338010e110d2a6a3930f3149) C:\Windows\system32\DRIVERS\srv.sys
09:40:11.0171 5140 srv - ok
09:40:11.0249 5140 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
09:40:11.0265 5140 srv2 - ok
09:40:11.0296 5140 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
09:40:11.0312 5140 SrvHsfHDA - ok
09:40:11.0359 5140 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:40:11.0374 5140 SrvHsfV92 - ok
09:40:11.0405 5140 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:40:11.0421 5140 SrvHsfWinac - ok
09:40:11.0468 5140 srvnet (cce32bb223e9ff55d241099a858fa889) C:\Windows\system32\DRIVERS\srvnet.sys
09:40:11.0468 5140 srvnet - ok
09:40:11.0546 5140 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:40:11.0546 5140 SSDPSRV - ok
09:40:11.0561 5140 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:40:11.0577 5140 SstpSvc - ok
09:40:11.0639 5140 Steam Client Service - ok
09:40:11.0717 5140 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:40:11.0717 5140 stexstor - ok
09:40:11.0749 5140 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
09:40:11.0764 5140 stisvc - ok
09:40:11.0827 5140 stllssvr (e5ff667e416dac99bff16b626234a379) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
09:40:11.0842 5140 stllssvr - ok
09:40:12.0014 5140 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
09:40:12.0014 5140 storflt - ok
09:40:12.0061 5140 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
09:40:12.0076 5140 StorSvc - ok
09:40:12.0139 5140 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
09:40:12.0139 5140 storvsc - ok
09:40:12.0185 5140 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
09:40:12.0185 5140 swenum - ok
09:40:12.0248 5140 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:40:12.0263 5140 swprv - ok
09:40:12.0388 5140 Symantec AntiVirus (05799a82b7a2714ae14ee17c4b660701) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
09:40:12.0404 5140 Symantec AntiVirus - ok
09:40:12.0513 5140 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
09:40:12.0513 5140 SymEvent - ok
09:40:12.0591 5140 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
09:40:12.0591 5140 SynTP - ok
09:40:12.0669 5140 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
09:40:12.0700 5140 SysMain - ok
09:40:12.0856 5140 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
09:40:12.0856 5140 TabletInputService - ok
09:40:12.0887 5140 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
09:40:12.0903 5140 TapiSrv - ok
09:40:12.0965 5140 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:40:12.0981 5140 TBS - ok
09:40:13.0075 5140 Tcpip (7fc877a25796d8adf539e64703fca7e1) C:\Windows\system32\drivers\tcpip.sys
09:40:13.0106 5140 Tcpip - ok
09:40:13.0137 5140 TCPIP6 (7fc877a25796d8adf539e64703fca7e1) C:\Windows\system32\DRIVERS\tcpip.sys
09:40:13.0153 5140 TCPIP6 - ok
09:40:13.0184 5140 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
09:40:13.0199 5140 tcpipreg - ok
09:40:13.0215 5140 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:40:13.0215 5140 TDPIPE - ok
09:40:13.0246 5140 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
09:40:13.0246 5140 TDTCP - ok
09:40:13.0262 5140 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
09:40:13.0262 5140 tdx - ok
09:40:13.0293 5140 Teefer2 (ef6ccf8b483201f7196d83fc136fa43a) C:\Windows\system32\DRIVERS\teefer2.sys
09:40:13.0293 5140 Teefer2 - ok
09:40:13.0387 5140 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
09:40:13.0387 5140 TermDD - ok
09:40:13.0418 5140 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
09:40:13.0433 5140 TermService - ok
09:40:13.0496 5140 tgsrvc_verizondm - ok
09:40:13.0527 5140 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:40:13.0527 5140 Themes - ok
09:40:13.0543 5140 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:40:13.0543 5140 THREADORDER - ok
09:40:13.0589 5140 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
09:40:13.0589 5140 TPM - ok
09:40:13.0605 5140 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:40:13.0621 5140 TrkWks - ok
09:40:13.0652 5140 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
09:40:13.0667 5140 TrustedInstaller - ok
09:40:13.0761 5140 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:40:13.0761 5140 tssecsrv - ok
09:40:13.0792 5140 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
09:40:13.0792 5140 tunnel - ok
09:40:13.0808 5140 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:40:13.0823 5140 uagp35 - ok
09:40:13.0839 5140 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
09:40:13.0855 5140 udfs - ok
09:40:13.0886 5140 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:40:13.0901 5140 UI0Detect - ok
09:40:13.0917 5140 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
09:40:13.0917 5140 uliagpkx - ok
09:40:13.0948 5140 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
09:40:13.0948 5140 umbus - ok
09:40:13.0979 5140 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:40:13.0979 5140 UmPass - ok
09:40:14.0026 5140 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
09:40:14.0026 5140 UmRdpService - ok
09:40:14.0135 5140 UNS (8bc00f5709292a2dd30456740fe51cde) C:\Program Files (x86)\Intel\AMT\UNS.exe
09:40:14.0167 5140 UNS - ok
09:40:14.0260 5140 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:40:14.0291 5140 upnphost - ok
09:40:14.0369 5140 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
09:40:14.0369 5140 USBAAPL64 - ok
09:40:14.0416 5140 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
09:40:14.0416 5140 usbaudio - ok
09:40:14.0447 5140 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
09:40:14.0447 5140 usbccgp - ok
09:40:14.0479 5140 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
09:40:14.0479 5140 usbcir - ok
09:40:14.0510 5140 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
09:40:14.0510 5140 usbehci - ok
09:40:14.0572 5140 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
09:40:14.0572 5140 usbhub - ok
09:40:14.0666 5140 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
09:40:14.0666 5140 usbohci - ok
09:40:14.0713 5140 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:40:14.0713 5140 usbprint - ok
09:40:14.0759 5140 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
09:40:14.0759 5140 usbscan - ok
09:40:14.0791 5140 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:40:14.0791 5140 USBSTOR - ok
09:40:14.0822 5140 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
09:40:14.0822 5140 usbuhci - ok
09:40:14.0900 5140 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
09:40:14.0900 5140 usbvideo - ok
09:40:15.0040 5140 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:40:15.0040 5140 UxSms - ok
09:40:15.0103 5140 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
09:40:15.0103 5140 VaultSvc - ok
09:40:15.0165 5140 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
09:40:15.0165 5140 vdrvroot - ok
09:40:15.0196 5140 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
09:40:15.0212 5140 vds - ok
09:40:15.0259 5140 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:40:15.0259 5140 vga - ok
09:40:15.0274 5140 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:40:15.0274 5140 VgaSave - ok
09:40:15.0305 5140 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
09:40:15.0305 5140 vhdmp - ok
09:40:15.0321 5140 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
09:40:15.0321 5140 viaide - ok
09:40:15.0352 5140 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
09:40:15.0368 5140 vmbus - ok
09:40:15.0383 5140 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
09:40:15.0383 5140 VMBusHID - ok
09:40:15.0399 5140 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
09:40:15.0399 5140 volmgr - ok
09:40:15.0430 5140 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
09:40:15.0430 5140 volmgrx - ok
09:40:15.0493 5140 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
09:40:15.0493 5140 volsnap - ok
09:40:15.0571 5140 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
09:40:15.0571 5140 vpcbus - ok
09:40:15.0617 5140 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
09:40:15.0617 5140 vpcnfltr - ok
09:40:15.0649 5140 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
09:40:15.0649 5140 vpcusb - ok
09:40:15.0711 5140 vpcvmm (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys
09:40:15.0727 5140 vpcvmm - ok
09:40:15.0789 5140 vpnagent (5ea22cb6b100212837a97f281edb3c47) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
09:40:15.0805 5140 vpnagent - ok
09:40:15.0898 5140 vpnva (0e4df91e83da5739ffb18535d4db10aa) C:\Windows\system32\DRIVERS\vpnva64.sys
09:40:15.0898 5140 vpnva - ok
09:40:15.0945 5140 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:40:15.0945 5140 vsmraid - ok
09:40:16.0148 5140 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
09:40:16.0179 5140 VSS - ok
09:40:16.0210 5140 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
09:40:16.0210 5140 vwifibus - ok
09:40:16.0257 5140 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:40:16.0273 5140 W32Time - ok
09:40:16.0366 5140 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:40:16.0366 5140 WacomPen - ok
09:40:16.0397 5140 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
09:40:16.0413 5140 WANARP - ok
09:40:16.0413 5140 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
09:40:16.0413 5140 Wanarpv6 - ok
09:40:16.0491 5140 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:40:16.0538 5140 WatAdminSvc - ok
09:40:16.0600 5140 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
09:40:16.0631 5140 wbengine - ok
09:40:16.0694 5140 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:40:16.0725 5140 WbioSrvc - ok
09:40:16.0725 5140 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
09:40:16.0756 5140 wcncsvc - ok
09:40:16.0787 5140 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:40:16.0787 5140 WcsPlugInService - ok
09:40:16.0865 5140 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:40:16.0865 5140 Wd - ok
09:40:16.0912 5140 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:40:16.0928 5140 Wdf01000 - ok
09:40:16.0975 5140 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:40:16.0990 5140 WdiServiceHost - ok
09:40:17.0006 5140 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:40:17.0006 5140 WdiSystemHost - ok
09:40:17.0162 5140 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
09:40:17.0177 5140 WebClient - ok
09:40:17.0209 5140 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:40:17.0209 5140 Wecsvc - ok
09:40:17.0240 5140 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:40:17.0255 5140 wercplsupport - ok
09:40:17.0287 5140 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:40:17.0302 5140 WerSvc - ok
09:40:17.0349 5140 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:40:17.0349 5140 WfpLwf - ok
09:40:17.0380 5140 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:40:17.0380 5140 WIMMount - ok
09:40:17.0427 5140 winachsf (057b062cf9a11e04db45b8c3afc28b11) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
09:40:17.0443 5140 winachsf - ok
09:40:17.0443 5140 WinHttpAutoProxySvc - ok
09:40:17.0567 5140 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:40:17.0567 5140 Winmgmt - ok
09:40:17.0661 5140 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
09:40:17.0692 5140 WinRM - ok
09:40:17.0817 5140 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
09:40:17.0817 5140 WinUsb - ok
09:40:17.0848 5140 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:40:17.0864 5140 Wlansvc - ok
09:40:17.0911 5140 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:40:17.0911 5140 WmiAcpi - ok
09:40:17.0973 5140 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:40:18.0020 5140 wmiApSrv - ok
09:40:18.0082 5140 WMPNetworkSvc - ok
09:40:18.0425 5140 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:40:18.0457 5140 WPCSvc - ok
09:40:18.0472 5140 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
09:40:18.0488 5140 WPDBusEnum - ok
09:40:18.0519 5140 WPS (1d98e69903bc3a2d8383696dd701b679) C:\Windows\system32\drivers\wpsdrvnt.sys
09:40:18.0535 5140 WPS - ok
09:40:18.0566 5140 WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\Windows\system32\drivers\WpsHelper.sys
09:40:18.0566 5140 WpsHelper - ok
09:40:18.0597 5140 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:40:18.0597 5140 ws2ifsl - ok
09:40:18.0597 5140 WSearch - ok
09:40:18.0675 5140 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
09:40:18.0706 5140 wuauserv - ok
09:40:18.0831 5140 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
09:40:18.0831 5140 WudfPf - ok
09:40:18.0878 5140 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:40:18.0878 5140 WUDFRd - ok
09:40:18.0909 5140 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
09:40:18.0925 5140 wudfsvc - ok
09:40:18.0956 5140 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:40:18.0972 5140 WwanSvc - ok
09:40:19.0003 5140 XAudio (638c99d993afab0e1fab226e2bbe6d79) C:\Windows\system32\DRIVERS\xaudio64.sys
09:40:19.0003 5140 XAudio - ok
09:40:19.0034 5140 XAudioService (3e775f0bd28ddeff53d78578b97a3cff) C:\Windows\system32\DRIVERS\xaudio64.exe
09:40:19.0034 5140 XAudioService - ok
09:40:19.0081 5140 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
09:40:19.0096 5140 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
09:40:19.0096 5140 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
09:40:19.0128 5140 Boot (0x1200) (bf9a467817d77d0717b703cd3b06c2d0) \Device\Harddisk0\DR0\Partition0
09:40:19.0128 5140 \Device\Harddisk0\DR0\Partition0 - ok
09:40:19.0143 5140 Boot (0x1200) (2631e7f1203795eee5b33d1e38ed36a3) \Device\Harddisk0\DR0\Partition1
09:40:19.0143 5140 \Device\Harddisk0\DR0\Partition1 - ok
09:40:19.0143 5140 ============================================================
09:40:19.0143 5140 Scan finished
09:40:19.0143 5140 ============================================================
09:40:19.0143 0372 Detected object count: 2
09:40:19.0143 0372 Actual detected object count: 2
09:40:51.0685 0372 C:\Windows\system32\ifp800.dll - copied to quarantine
09:40:51.0700 0372 HKLM\SYSTEM\ControlSet001\services\AdfuUd - will be deleted on reboot
09:40:51.0919 0372 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
09:40:52.0012 0372 C:\Windows\system32\ifp800.dll - will be deleted on reboot
09:40:52.0012 0372 AdfuUd ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
09:40:52.0137 0372 \Device\Harddisk0\DR0\# - copied to quarantine
09:40:52.0153 0372 \Device\Harddisk0\DR0 - copied to quarantine
09:40:52.0278 0372 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
09:40:52.0309 0372 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
09:40:52.0356 0372 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
09:40:52.0387 0372 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
09:40:52.0434 0372 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
09:40:52.0480 0372 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
09:40:52.0496 0372 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
09:40:52.0496 0372 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
09:40:52.0558 0372 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
09:40:52.0590 0372 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
09:40:52.0621 0372 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
09:40:52.0652 0372 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
09:40:52.0683 0372 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
09:40:52.0683 0372 \Device\Harddisk0\DR0 - ok
09:40:52.0683 0372 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
09:40:58.0939 4972 Deinitialize success

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 AM

Posted 21 April 2012 - 09:16 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mcwhirtj

mcwhirtj
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 21 April 2012 - 09:33 AM

ugh - this is killing me, I am unable to DL the program, says access denied and need permission, the n is says it found backdoor.graybird virus and deleted it, but then still will not work...

#14 mcwhirtj

mcwhirtj
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 21 April 2012 - 09:41 AM

ok - got it to DL, found a way around it...stay tuned...

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 AM

Posted 21 April 2012 - 09:51 AM

:thumbup2: may be off for a short break


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users