Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Laptop asks how to open everything..


  • Please log in to reply
11 replies to this topic

#1 MistyC

MistyC

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:01:20 PM

Posted 21 April 2012 - 01:12 PM

I am helping my niece out with her laptop..
She has a Windows 7 Toshiba Laptop.

I do not think she has a working antivirus installed. I know she used to have Norton but it is expired.. Now she can not get online to install one.

I have tried to put AVG free on my Flash drive & Transfer it over, but it does not work.. Neither does a Firefox install...

The main issue she is having is that when you click on anything it asks how you want to open it.. Even if you click on Internet explorer.. It will prompt you to click on a program.. If you click on IE, it will give you another pop up.. once you click on IE again, it closes it all out.

I am thinking she has a virus but I am unsure how to remove it since we can not get online..

Any suggestions? Please keep in mind everything has to be done via CD or Flashdrive.. Once I can get her online, I can direct her to this forum & directly click on a link.. She Does have wifi connection.. and it appears to be connected. so I know the internet is going TO her pc just not able to go any where..

TYIA

Misty

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:20 PM

Posted 21 April 2012 - 02:06 PM

Copy this tool from a clean PC to infected one

http://www.raktor.net/exeHelper/exeHelper.com

Double-click on exeHelper.com to run the fix.

A black window should pop up, press any key to close once the fix is completed.

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:01:20 PM

Posted 21 April 2012 - 03:10 PM

Ok I have the log from the TDSS one.. I am also posting on her computer! YEAH! It actually went online! When I restarted it there were a few pop ups that wanted me to install or update things.. I said no to each of them as I did not recognize or want the items.. I am assuming it was part of the virus. I am heading to the next step.. just wanted to post this log first..

Thank you for your help :-) be back in a few with the next log..

lmk if you need this log again.. I reread the directions & I think you just wanted the last log..

The MBR log is here:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-21 16:21:30
-----------------------------
16:21:30.749 OS Version: Windows x64 6.1.7600
16:21:30.749 Number of processors: 2 586 0x603
16:21:30.765 ComputerName: BOBBIE-PC UserName: Bobbie
16:21:34.774 Initialize success
16:24:11.175 AVAST engine defs: 12042101
16:24:26.278 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:24:26.278 Disk 0 Vendor: Hitachi_HTS545050B9A300 PB4OC64G Size: 476940MB BusType: 11
16:24:26.293 Disk 0 MBR read successfully
16:24:26.309 Disk 0 MBR scan
16:24:26.309 Disk 0 Windows VISTA default MBR code
16:24:26.325 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
16:24:26.340 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 463663 MB offset 3074048
16:24:26.356 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11776 MB offset 952655872
16:24:26.403 Disk 0 scanning C:\windows\system32\drivers
16:24:59.155 Service scanning
16:26:14.821 Service ssm_mdfl C:\windows\system32\stunnel.dll **INFECTED** Win64:ZAccess-E [Rtk]
16:26:41.676 Modules scanning
16:26:41.691 Disk 0 trace - called modules:
16:26:41.738 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:26:41.754 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80043a8480]
16:26:41.754 3 CLASSPNP.SYS[fffff880013cd43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004321060]
16:26:49.444 AVAST engine scan C:\windows
16:27:02.720 AVAST engine scan C:\windows\system32
16:27:39.240 File: C:\windows\system32\consrv.dll **INFECTED** Win64:Sirefef-C [Drp]
16:31:32.128 File: C:\windows\system32\stunnel.dll **INFECTED** Win64:ZAccess-E [Rtk]
16:32:57.771 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
16:33:03.855 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win64:Sirefef-C [Drp]
16:37:46.834 File: C:\windows\assembly\tmp\@ **SUSPICIOUS**
16:37:46.865 File: C:\windows\assembly\tmp\bckfg.tmp **SUSPICIOUS**
16:37:46.865 File: C:\windows\assembly\tmp\cfg.ini **SUSPICIOUS**
16:37:46.959 File: C:\windows\assembly\tmp\keywords **SUSPICIOUS**
16:37:47.037 File: C:\windows\assembly\tmp\lsflt7.ver **SUSPICIOUS**
16:37:47.115 File: C:\windows\assembly\tmp\U\00000001.@ **SUSPICIOUS**
16:37:47.162 File: C:\windows\assembly\tmp\U\00000002.@ **SUSPICIOUS**
16:37:47.380 File: C:\windows\assembly\tmp\U\00000004.@ **SUSPICIOUS**
16:37:47.427 File: C:\windows\assembly\tmp\U\000000c0.@ **SUSPICIOUS**
16:37:47.521 File: C:\windows\assembly\tmp\U\000000cb.@ **SUSPICIOUS**
16:37:47.599 File: C:\windows\assembly\tmp\U\000000cf.@ **SUSPICIOUS**
16:37:47.723 File: C:\windows\assembly\tmp\U\80000000.@ **SUSPICIOUS**
16:37:47.879 File: C:\windows\assembly\tmp\U\80000004.@ **SUSPICIOUS**
16:37:47.989 File: C:\windows\assembly\tmp\U\80000032.@ **SUSPICIOUS**
16:37:48.129 File: C:\windows\assembly\tmp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
16:37:48.223 File: C:\windows\assembly\tmp\U\80000064.@ **SUSPICIOUS**
16:37:48.285 File: C:\windows\assembly\tmp\U\80000064.@ **INFECTED** Win32:Malware-gen
16:37:48.394 File: C:\windows\assembly\tmp\U\800000c0.@ **SUSPICIOUS**
16:37:48.488 File: C:\windows\assembly\tmp\U\800000cb.@ **SUSPICIOUS**
16:37:48.550 File: C:\windows\assembly\tmp\U\800000cf.@ **SUSPICIOUS**
16:37:48.675 File: C:\windows\assembly\tmp\version **SUSPICIOUS**
16:37:54.837 AVAST engine scan C:\windows\system32\drivers
16:38:39.422 AVAST engine scan C:\Users\Bobbie
16:39:49.923 File: C:\Users\Bobbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LAGLS2UK\setup_security_defender_167[1].exe **INFECTED** Win32:Dracus-E [Trj]
16:39:49.970 File: C:\Users\Bobbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LAGLS2UK\setup_security_defender_292[1].exe **INFECTED** Win32:Dracus-E [Trj]
16:43:48.959 AVAST engine scan C:\ProgramData
16:45:38.539 File: C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll **INFECTED** Win32:Adware-gen [Adw]
16:45:45.450 Scan finished successfully
16:49:20.171 Disk 0 MBR has been saved successfully to "C:\Users\Bobbie\Desktop\MBR.dat"
16:49:20.186 The log file has been saved successfully to "C:\Users\Bobbie\Desktop\aswMBR.txt"





I left the program up on the scan results, in case you need me to do something with it..

Thanks again!

Edited by MistyC, 21 April 2012 - 06:52 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:20 PM

Posted 21 April 2012 - 04:02 PM

:thumbup2:

#5 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:01:20 PM

Posted 21 April 2012 - 06:52 PM

posted the MBR log in my previous post.. TY

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:20 PM

Posted 21 April 2012 - 07:08 PM

Run malwarebytes-full scan ,remove infections,restart the PC ,run scan again until infections are removed.

Now run TDSSkiller once again and aswmbr and post the new logs.

#7 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:01:20 PM

Posted 21 April 2012 - 07:13 PM

k I ran Malaware until nothing else came up.. should I do it yet again? And do you want the logs from MW?

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:20 PM

Posted 21 April 2012 - 08:05 PM

Just post clean log alone :thumbup2:

#9 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:01:20 PM

Posted 21 April 2012 - 08:40 PM

MW is still testing clean.. Ran the other 2.. here is the log..

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-21 16:21:30
-----------------------------
16:21:30.749 OS Version: Windows x64 6.1.7600
16:21:30.749 Number of processors: 2 586 0x603
16:21:30.765 ComputerName: BOBBIE-PC UserName: Bobbie
16:21:34.774 Initialize success
16:24:11.175 AVAST engine defs: 12042101
16:24:26.278 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:24:26.278 Disk 0 Vendor: Hitachi_HTS545050B9A300 PB4OC64G Size: 476940MB BusType: 11
16:24:26.293 Disk 0 MBR read successfully
16:24:26.309 Disk 0 MBR scan
16:24:26.309 Disk 0 Windows VISTA default MBR code
16:24:26.325 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
16:24:26.340 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 463663 MB offset 3074048
16:24:26.356 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11776 MB offset 952655872
16:24:26.403 Disk 0 scanning C:\windows\system32\drivers
16:24:59.155 Service scanning
16:26:14.821 Service ssm_mdfl C:\windows\system32\stunnel.dll **INFECTED** Win64:ZAccess-E [Rtk]
16:26:41.676 Modules scanning
16:26:41.691 Disk 0 trace - called modules:
16:26:41.738 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:26:41.754 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80043a8480]
16:26:41.754 3 CLASSPNP.SYS[fffff880013cd43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004321060]
16:26:49.444 AVAST engine scan C:\windows
16:27:02.720 AVAST engine scan C:\windows\system32
16:27:39.240 File: C:\windows\system32\consrv.dll **INFECTED** Win64:Sirefef-C [Drp]
16:31:32.128 File: C:\windows\system32\stunnel.dll **INFECTED** Win64:ZAccess-E [Rtk]
16:32:57.771 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
16:33:03.855 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win64:Sirefef-C [Drp]
16:37:46.834 File: C:\windows\assembly\tmp\@ **SUSPICIOUS**
16:37:46.865 File: C:\windows\assembly\tmp\bckfg.tmp **SUSPICIOUS**
16:37:46.865 File: C:\windows\assembly\tmp\cfg.ini **SUSPICIOUS**
16:37:46.959 File: C:\windows\assembly\tmp\keywords **SUSPICIOUS**
16:37:47.037 File: C:\windows\assembly\tmp\lsflt7.ver **SUSPICIOUS**
16:37:47.115 File: C:\windows\assembly\tmp\U\00000001.@ **SUSPICIOUS**
16:37:47.162 File: C:\windows\assembly\tmp\U\00000002.@ **SUSPICIOUS**
16:37:47.380 File: C:\windows\assembly\tmp\U\00000004.@ **SUSPICIOUS**
16:37:47.427 File: C:\windows\assembly\tmp\U\000000c0.@ **SUSPICIOUS**
16:37:47.521 File: C:\windows\assembly\tmp\U\000000cb.@ **SUSPICIOUS**
16:37:47.599 File: C:\windows\assembly\tmp\U\000000cf.@ **SUSPICIOUS**
16:37:47.723 File: C:\windows\assembly\tmp\U\80000000.@ **SUSPICIOUS**
16:37:47.879 File: C:\windows\assembly\tmp\U\80000004.@ **SUSPICIOUS**
16:37:47.989 File: C:\windows\assembly\tmp\U\80000032.@ **SUSPICIOUS**
16:37:48.129 File: C:\windows\assembly\tmp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
16:37:48.223 File: C:\windows\assembly\tmp\U\80000064.@ **SUSPICIOUS**
16:37:48.285 File: C:\windows\assembly\tmp\U\80000064.@ **INFECTED** Win32:Malware-gen
16:37:48.394 File: C:\windows\assembly\tmp\U\800000c0.@ **SUSPICIOUS**
16:37:48.488 File: C:\windows\assembly\tmp\U\800000cb.@ **SUSPICIOUS**
16:37:48.550 File: C:\windows\assembly\tmp\U\800000cf.@ **SUSPICIOUS**
16:37:48.675 File: C:\windows\assembly\tmp\version **SUSPICIOUS**
16:37:54.837 AVAST engine scan C:\windows\system32\drivers
16:38:39.422 AVAST engine scan C:\Users\Bobbie
16:39:49.923 File: C:\Users\Bobbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LAGLS2UK\setup_security_defender_167[1].exe **INFECTED** Win32:Dracus-E [Trj]
16:39:49.970 File: C:\Users\Bobbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LAGLS2UK\setup_security_defender_292[1].exe **INFECTED** Win32:Dracus-E [Trj]
16:43:48.959 AVAST engine scan C:\ProgramData
16:45:38.539 File: C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll **INFECTED** Win32:Adware-gen [Adw]
16:45:45.450 Scan finished successfully
16:49:20.171 Disk 0 MBR has been saved successfully to "C:\Users\Bobbie\Desktop\MBR.dat"
16:49:20.186 The log file has been saved successfully to "C:\Users\Bobbie\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-21 18:16:16
-----------------------------
18:16:16.814 OS Version: Windows x64 6.1.7600
18:16:16.814 Number of processors: 2 586 0x603
18:16:16.814 ComputerName: BOBBIE-PC UserName: Bobbie
18:16:19.980 Initialize success
18:16:27.468 AVAST engine defs: 12042101
18:16:41.040 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:16:41.040 Disk 0 Vendor: Hitachi_HTS545050B9A300 PB4OC64G Size: 476940MB BusType: 11
18:16:41.056 Disk 0 MBR read successfully
18:16:41.056 Disk 0 MBR scan
18:16:41.056 Disk 0 Windows VISTA default MBR code
18:16:41.072 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
18:16:41.087 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 463663 MB offset 3074048
18:16:41.103 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11776 MB offset 952655872
18:16:41.150 Disk 0 scanning C:\windows\system32\drivers
18:17:09.838 Service scanning
18:17:30.118 Service CTAUDFX.DLL C:\windows\system32\PD0620VID.dll **INFECTED** Win64:ZAccess-E [Rtk]
18:18:37.916 Modules scanning
18:18:37.931 Disk 0 trace - called modules:
18:18:37.994 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:18:38.009 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80043a5060]
18:18:38.025 3 CLASSPNP.SYS[fffff880011ce43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800431c680]
18:18:41.379 AVAST engine scan C:\windows
18:19:09.584 AVAST engine scan C:\windows\system32
18:19:48.958 File: C:\windows\system32\consrv.dll **INFECTED** Win64:Sirefef-C [Drp]
18:22:44.287 File: C:\windows\system32\PD0620VID.dll **INFECTED** Win64:ZAccess-E [Rtk]
18:25:07.791 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
18:25:12.970 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win64:Sirefef-C [Drp]
18:29:39.606 File: C:\windows\assembly\tmp\@ **SUSPICIOUS**
18:29:39.622 File: C:\windows\assembly\tmp\bckfg.tmp **SUSPICIOUS**
18:29:39.622 File: C:\windows\assembly\tmp\cfg.ini **SUSPICIOUS**
18:29:39.653 File: C:\windows\assembly\tmp\keywords **SUSPICIOUS**
18:29:39.762 File: C:\windows\assembly\tmp\lsflt7.ver **SUSPICIOUS**
18:29:39.871 File: C:\windows\assembly\tmp\U\00000001.@ **SUSPICIOUS**
18:29:39.918 File: C:\windows\assembly\tmp\U\00000002.@ **SUSPICIOUS**
18:29:40.105 File: C:\windows\assembly\tmp\U\00000004.@ **SUSPICIOUS**
18:29:40.137 File: C:\windows\assembly\tmp\U\000000c0.@ **SUSPICIOUS**
18:29:40.168 File: C:\windows\assembly\tmp\U\000000cb.@ **SUSPICIOUS**
18:29:40.339 File: C:\windows\assembly\tmp\U\000000cf.@ **SUSPICIOUS**
18:29:40.417 File: C:\windows\assembly\tmp\U\80000000.@ **SUSPICIOUS**
18:29:40.605 File: C:\windows\assembly\tmp\U\80000004.@ **SUSPICIOUS**
18:29:40.636 File: C:\windows\assembly\tmp\U\80000032.@ **SUSPICIOUS**
18:29:40.792 File: C:\windows\assembly\tmp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
18:29:40.854 File: C:\windows\assembly\tmp\U\80000064.@ **SUSPICIOUS**
18:29:40.901 File: C:\windows\assembly\tmp\U\80000064.@ **INFECTED** Win32:Malware-gen
18:29:41.010 File: C:\windows\assembly\tmp\U\800000c0.@ **SUSPICIOUS**
18:29:41.104 File: C:\windows\assembly\tmp\U\800000cb.@ **SUSPICIOUS**
18:29:41.151 File: C:\windows\assembly\tmp\U\800000cf.@ **SUSPICIOUS**
18:29:41.260 File: C:\windows\assembly\tmp\version **SUSPICIOUS**
18:29:47.718 AVAST engine scan C:\windows\system32\drivers
18:30:23.458 AVAST engine scan C:\Users\Bobbie
18:31:28.432 File: C:\Users\Bobbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LAGLS2UK\setup_security_defender_167[1].exe **INFECTED** Win32:Dracus-E [Trj]
18:31:28.494 File: C:\Users\Bobbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LAGLS2UK\setup_security_defender_292[1].exe **INFECTED** Win32:Dracus-E [Trj]
18:34:22.731 AVAST engine scan C:\ProgramData
18:35:37.845 File: C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll **INFECTED** Win32:Adware-gen [Adw]
18:35:43.290 Scan finished successfully
18:39:15.996 Disk 0 MBR has been saved successfully to "C:\Users\Bobbie\Desktop\MBR.dat"
18:39:15.996 The log file has been saved successfully to "C:\Users\Bobbie\Desktop\aswMBR.txt"

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:20 PM

Posted 21 April 2012 - 08:53 PM

..

Edited by narenxp, 21 April 2012 - 08:57 PM.


#11 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:01:20 PM

Posted 21 April 2012 - 08:55 PM

Sorry forgot it lol..

here it is:

18:07:32.0454 3184 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
18:07:32.0720 3184 ============================================================
18:07:32.0720 3184 Current date / time: 2012/04/21 18:07:32.0720
18:07:32.0720 3184 SystemInfo:
18:07:32.0720 3184
18:07:32.0720 3184 OS Version: 6.1.7600 ServicePack: 0.0
18:07:32.0720 3184 Product type: Workstation
18:07:32.0720 3184 ComputerName: BOBBIE-PC
18:07:32.0720 3184 UserName: Bobbie
18:07:32.0720 3184 Windows directory: C:\windows
18:07:32.0720 3184 System windows directory: C:\windows
18:07:32.0720 3184 Running under WOW64
18:07:32.0720 3184 Processor architecture: Intel x64
18:07:32.0720 3184 Number of processors: 2
18:07:32.0720 3184 Page size: 0x1000
18:07:32.0720 3184 Boot type: Normal boot
18:07:32.0720 3184 ============================================================
18:07:35.0075 3184 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:07:35.0075 3184 \Device\Harddisk0\DR0:
18:07:35.0075 3184 MBR partitions:
18:07:35.0075 3184 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38997800
18:07:35.0122 3184 C: <-> \Device\Harddisk0\DR0\Partition0
18:07:35.0122 3184 Initialize success
18:07:35.0122 3184 ============================================================
18:07:45.0465 4728 ============================================================
18:07:45.0465 4728 Scan started
18:07:45.0465 4728 Mode: Manual; TDLFS;
18:07:45.0465 4728 ============================================================
18:07:46.0728 4728 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\windows\system32\DRIVERS\1394ohci.sys
18:07:46.0744 4728 1394ohci - ok
18:07:46.0760 4728 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
18:07:46.0760 4728 ACPI - ok
18:07:46.0791 4728 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
18:07:46.0791 4728 AcpiPmi - ok
18:07:46.0900 4728 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:07:46.0900 4728 AdobeFlashPlayerUpdateSvc - ok
18:07:47.0009 4728 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
18:07:47.0009 4728 adp94xx - ok
18:07:47.0118 4728 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
18:07:47.0134 4728 adpahci - ok
18:07:47.0259 4728 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
18:07:47.0274 4728 adpu320 - ok
18:07:47.0399 4728 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
18:07:47.0399 4728 AeLookupSvc - ok
18:07:47.0727 4728 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys
18:07:47.0742 4728 AFD - ok
18:07:47.0852 4728 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
18:07:47.0867 4728 agp440 - ok
18:07:47.0883 4728 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
18:07:47.0883 4728 ALG - ok
18:07:47.0992 4728 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
18:07:47.0992 4728 aliide - ok
18:07:48.0070 4728 AMD External Events Utility (57b773d82e8cc3c6d7e02cc8a6632043) C:\windows\system32\atiesrxx.exe
18:07:48.0086 4728 AMD External Events Utility - ok
18:07:48.0257 4728 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
18:07:48.0257 4728 amdide - ok
18:07:48.0304 4728 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
18:07:48.0304 4728 AmdK8 - ok
18:07:48.0834 4728 amdkmdag (aefaf27f1b7e52c705df4fb6c96732f6) C:\windows\system32\DRIVERS\atipmdag.sys
18:07:48.0990 4728 amdkmdag - ok
18:07:49.0146 4728 amdkmdap (8149db73be27950ec72767a1193153a6) C:\windows\system32\DRIVERS\atikmpag.sys
18:07:49.0146 4728 amdkmdap - ok
18:07:49.0193 4728 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
18:07:49.0193 4728 AmdPPM - ok
18:07:49.0302 4728 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
18:07:49.0302 4728 amdsata - ok
18:07:49.0349 4728 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
18:07:49.0349 4728 amdsbs - ok
18:07:49.0443 4728 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
18:07:49.0443 4728 amdxata - ok
18:07:49.0505 4728 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
18:07:49.0505 4728 AppID - ok
18:07:49.0599 4728 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
18:07:49.0614 4728 AppIDSvc - ok
18:07:49.0708 4728 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
18:07:49.0724 4728 Appinfo - ok
18:07:49.0770 4728 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
18:07:49.0770 4728 arc - ok
18:07:49.0817 4728 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
18:07:49.0817 4728 arcsas - ok
18:07:49.0880 4728 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
18:07:49.0880 4728 AsyncMac - ok
18:07:49.0942 4728 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
18:07:49.0942 4728 atapi - ok
18:07:50.0051 4728 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\windows\system32\DRIVERS\AtiPcie.sys
18:07:50.0067 4728 AtiPcie - ok
18:07:50.0114 4728 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
18:07:50.0114 4728 AudioEndpointBuilder - ok
18:07:50.0129 4728 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
18:07:50.0129 4728 AudioSrv - ok
18:07:50.0192 4728 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
18:07:50.0192 4728 AxInstSV - ok
18:07:50.0270 4728 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
18:07:50.0270 4728 b06bdrv - ok
18:07:50.0379 4728 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
18:07:50.0394 4728 b57nd60a - ok
18:07:50.0472 4728 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
18:07:50.0472 4728 BDESVC - ok
18:07:50.0566 4728 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
18:07:50.0582 4728 Beep - ok
18:07:50.0644 4728 BFE (4992c609a6315671463e30f6512bc022) C:\windows\System32\bfe.dll
18:07:50.0644 4728 BFE - ok
18:07:50.0831 4728 BHDrvx64 (0163c18a9ebc4a76542790cec49f5120) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx64.sys
18:07:50.0862 4728 BHDrvx64 - ok
18:07:50.0940 4728 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\System32\qmgr.dll
18:07:50.0972 4728 BITS - ok
18:07:51.0065 4728 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
18:07:51.0065 4728 blbdrive - ok
18:07:51.0112 4728 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
18:07:51.0112 4728 bowser - ok
18:07:51.0190 4728 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
18:07:51.0206 4728 BrFiltLo - ok
18:07:51.0206 4728 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
18:07:51.0206 4728 BrFiltUp - ok
18:07:51.0268 4728 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
18:07:51.0268 4728 Browser - ok
18:07:51.0362 4728 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
18:07:51.0377 4728 Brserid - ok
18:07:51.0440 4728 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
18:07:51.0440 4728 BrSerWdm - ok
18:07:51.0549 4728 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
18:07:51.0549 4728 BrUsbMdm - ok
18:07:51.0564 4728 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
18:07:51.0564 4728 BrUsbSer - ok
18:07:51.0596 4728 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
18:07:51.0596 4728 BTHMODEM - ok
18:07:51.0689 4728 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
18:07:51.0689 4728 bthserv - ok
18:07:51.0736 4728 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
18:07:51.0736 4728 cdfs - ok
18:07:51.0845 4728 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
18:07:51.0845 4728 cdrom - ok
18:07:51.0908 4728 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
18:07:51.0908 4728 CertPropSvc - ok
18:07:52.0001 4728 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
18:07:52.0001 4728 circlass - ok
18:07:52.0032 4728 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
18:07:52.0048 4728 CLFS - ok
18:07:52.0126 4728 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:07:52.0142 4728 clr_optimization_v2.0.50727_32 - ok
18:07:52.0173 4728 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:07:52.0188 4728 clr_optimization_v2.0.50727_64 - ok
18:07:52.0282 4728 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:07:52.0298 4728 clr_optimization_v4.0.30319_32 - ok
18:07:52.0329 4728 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:07:52.0329 4728 clr_optimization_v4.0.30319_64 - ok
18:07:52.0422 4728 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
18:07:52.0422 4728 CmBatt - ok
18:07:52.0438 4728 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
18:07:52.0454 4728 cmdide - ok
18:07:52.0485 4728 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
18:07:52.0500 4728 CNG - ok
18:07:52.0656 4728 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\windows\system32\drivers\CHDRT64.sys
18:07:52.0672 4728 CnxtHdAudService - ok
18:07:52.0781 4728 CnxtHdmiAudService (74fb23e505a7f580c4c8e276fd44c498) C:\windows\system32\drivers\CHDMI64.sys
18:07:52.0797 4728 CnxtHdmiAudService - ok
18:07:52.0890 4728 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
18:07:52.0890 4728 Compbatt - ok
18:07:52.0937 4728 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
18:07:52.0937 4728 CompositeBus - ok
18:07:52.0984 4728 COMSysApp - ok
18:07:53.0031 4728 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
18:07:53.0046 4728 crcdisk - ok
18:07:53.0140 4728 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\windows\system32\cryptsvc.dll
18:07:53.0140 4728 CryptSvc - ok
18:07:53.0265 4728 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:07:53.0280 4728 cvhsvc - ok
18:07:53.0405 4728 dc3d (15c2afd86d8a58354fc100434c78b621) C:\windows\system32\DRIVERS\dc3d.sys
18:07:53.0405 4728 dc3d - ok
18:07:53.0514 4728 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
18:07:53.0530 4728 DcomLaunch - ok
18:07:53.0608 4728 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
18:07:53.0608 4728 defragsvc - ok
18:07:53.0748 4728 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
18:07:53.0748 4728 DfsC - ok
18:07:53.0842 4728 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
18:07:53.0842 4728 Dhcp - ok
18:07:53.0904 4728 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
18:07:53.0904 4728 discache - ok
18:07:53.0998 4728 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
18:07:53.0998 4728 Disk - ok
18:07:54.0045 4728 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
18:07:54.0045 4728 Dnscache - ok
18:07:54.0185 4728 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
18:07:54.0201 4728 dot3svc - ok
18:07:54.0357 4728 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
18:07:54.0372 4728 DPS - ok
18:07:54.0450 4728 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
18:07:54.0450 4728 drmkaud - ok
18:07:54.0544 4728 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
18:07:54.0575 4728 DXGKrnl - ok
18:07:54.0653 4728 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
18:07:54.0669 4728 EapHost - ok
18:07:54.0809 4728 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
18:07:54.0887 4728 ebdrv - ok
18:07:55.0012 4728 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:07:55.0028 4728 eeCtrl - ok
18:07:55.0090 4728 EFS (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe
18:07:55.0106 4728 EFS - ok
18:07:55.0184 4728 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe
18:07:55.0199 4728 ehRecvr - ok
18:07:55.0277 4728 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
18:07:55.0277 4728 ehSched - ok
18:07:55.0355 4728 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
18:07:55.0371 4728 elxstor - ok
18:07:55.0465 4728 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
18:07:55.0465 4728 ErrDev - ok
18:07:55.0527 4728 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
18:07:55.0527 4728 EventSystem - ok
18:07:55.0652 4728 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
18:07:55.0652 4728 exfat - ok
18:07:55.0683 4728 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
18:07:55.0683 4728 fastfat - ok
18:07:55.0792 4728 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
18:07:55.0808 4728 Fax - ok
18:07:55.0901 4728 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
18:07:55.0901 4728 fdc - ok
18:07:55.0964 4728 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
18:07:55.0964 4728 fdPHost - ok
18:07:56.0042 4728 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
18:07:56.0042 4728 FDResPub - ok
18:07:56.0089 4728 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
18:07:56.0104 4728 FileInfo - ok
18:07:56.0151 4728 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
18:07:56.0167 4728 Filetrace - ok
18:07:56.0198 4728 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
18:07:56.0198 4728 flpydisk - ok
18:07:56.0229 4728 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
18:07:56.0229 4728 FltMgr - ok
18:07:56.0323 4728 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\windows\system32\FntCache.dll
18:07:56.0338 4728 FontCache - ok
18:07:56.0432 4728 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:07:56.0432 4728 FontCache3.0.0.0 - ok
18:07:56.0494 4728 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
18:07:56.0494 4728 FsDepends - ok
18:07:56.0572 4728 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\windows\system32\drivers\Fs_Rec.sys
18:07:56.0572 4728 Fs_Rec - ok
18:07:56.0666 4728 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
18:07:56.0666 4728 fvevol - ok
18:07:56.0737 4728 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
18:07:56.0737 4728 gagp30kx - ok
18:07:56.0867 4728 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:07:56.0867 4728 GamesAppService - ok
18:07:56.0977 4728 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
18:07:56.0987 4728 gpsvc - ok
18:07:57.0057 4728 gpsvc32 - ok
18:07:57.0197 4728 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:07:57.0197 4728 gupdate - ok
18:07:57.0217 4728 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:07:57.0217 4728 gupdatem - ok
18:07:57.0237 4728 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:07:57.0237 4728 gusvc - ok
18:07:57.0337 4728 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
18:07:57.0337 4728 hcw85cir - ok
18:07:57.0377 4728 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
18:07:57.0377 4728 HdAudAddService - ok
18:07:57.0497 4728 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
18:07:57.0497 4728 HDAudBus - ok
18:07:57.0507 4728 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
18:07:57.0507 4728 HidBatt - ok
18:07:57.0527 4728 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
18:07:57.0527 4728 HidBth - ok
18:07:57.0557 4728 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
18:07:57.0557 4728 HidIr - ok
18:07:57.0597 4728 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
18:07:57.0597 4728 hidserv - ok
18:07:57.0717 4728 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
18:07:57.0717 4728 HidUsb - ok
18:07:57.0757 4728 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll
18:07:57.0757 4728 hkmsvc - ok
18:07:57.0857 4728 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll
18:07:57.0867 4728 HomeGroupListener - ok
18:07:57.0917 4728 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll
18:07:57.0927 4728 HomeGroupProvider - ok
18:07:58.0027 4728 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
18:07:58.0027 4728 HpSAMD - ok
18:07:58.0087 4728 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
18:07:58.0097 4728 HTTP - ok
18:07:58.0187 4728 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
18:07:58.0187 4728 hwpolicy - ok
18:07:58.0257 4728 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
18:07:58.0267 4728 i8042prt - ok
18:07:58.0377 4728 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
18:07:58.0387 4728 iaStorV - ok
18:07:58.0497 4728 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:07:58.0507 4728 IDriverT - ok
18:07:58.0607 4728 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:07:58.0627 4728 idsvc - ok
18:07:58.0787 4728 IDSVia64 (8f9faa4583e634a1505bad8d0c04c5c9) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110330.001\IDSvia64.sys
18:07:58.0797 4728 IDSVia64 - ok
18:07:58.0887 4728 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
18:07:58.0897 4728 iirsp - ok
18:07:58.0977 4728 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll
18:07:58.0997 4728 IKEEXT - ok
18:07:59.0107 4728 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
18:07:59.0107 4728 intelide - ok
18:07:59.0127 4728 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
18:07:59.0127 4728 intelppm - ok
18:07:59.0157 4728 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
18:07:59.0157 4728 IPBusEnum - ok
18:07:59.0267 4728 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
18:07:59.0267 4728 IpFilterDriver - ok
18:07:59.0317 4728 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll
18:07:59.0327 4728 iphlpsvc - ok
18:07:59.0452 4728 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
18:07:59.0452 4728 IPMIDRV - ok
18:07:59.0467 4728 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
18:07:59.0467 4728 IPNAT - ok
18:07:59.0592 4728 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
18:07:59.0608 4728 IRENUM - ok
18:07:59.0639 4728 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
18:07:59.0639 4728 isapnp - ok
18:07:59.0670 4728 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
18:07:59.0670 4728 iScsiPrt - ok
18:07:59.0795 4728 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
18:07:59.0795 4728 kbdclass - ok
18:07:59.0826 4728 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
18:07:59.0826 4728 kbdhid - ok
18:07:59.0904 4728 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
18:07:59.0904 4728 KeyIso - ok
18:07:59.0935 4728 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
18:07:59.0951 4728 KSecDD - ok
18:07:59.0982 4728 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
18:07:59.0998 4728 KSecPkg - ok
18:08:00.0101 4728 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
18:08:00.0101 4728 ksthunk - ok
18:08:00.0141 4728 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
18:08:00.0141 4728 KtmRm - ok
18:08:00.0241 4728 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\windows\system32\DRIVERS\L1C62x64.sys
18:08:00.0241 4728 L1C - ok
18:08:00.0291 4728 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\system32\srvsvc.dll
18:08:00.0301 4728 LanmanServer - ok
18:08:00.0361 4728 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll
18:08:00.0371 4728 LanmanWorkstation - ok
18:08:00.0441 4728 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
18:08:00.0441 4728 lltdio - ok
18:08:00.0521 4728 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
18:08:00.0531 4728 lltdsvc - ok
18:08:00.0561 4728 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
18:08:00.0561 4728 lmhosts - ok
18:08:00.0611 4728 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
18:08:00.0611 4728 LSI_FC - ok
18:08:00.0681 4728 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
18:08:00.0691 4728 LSI_SAS - ok
18:08:00.0731 4728 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
18:08:00.0731 4728 LSI_SAS2 - ok
18:08:00.0771 4728 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
18:08:00.0771 4728 LSI_SCSI - ok
18:08:00.0871 4728 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
18:08:00.0871 4728 luafv - ok
18:08:00.0991 4728 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
18:08:00.0991 4728 McComponentHostService - ok
18:08:01.0061 4728 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll
18:08:01.0071 4728 Mcx2Svc - ok
18:08:01.0121 4728 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
18:08:01.0121 4728 megasas - ok
18:08:01.0141 4728 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
18:08:01.0141 4728 MegaSR - ok
18:08:01.0401 4728 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:08:01.0711 4728 MMCSS - ok
18:08:01.0951 4728 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
18:08:02.0011 4728 Modem - ok
18:08:02.0111 4728 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
18:08:02.0111 4728 monitor - ok
18:08:02.0251 4728 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
18:08:02.0251 4728 mouclass - ok
18:08:02.0481 4728 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
18:08:02.0481 4728 mouhid - ok
18:08:02.0611 4728 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
18:08:02.0611 4728 mountmgr - ok
18:08:02.0711 4728 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
18:08:02.0711 4728 mpio - ok
18:08:02.0741 4728 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
18:08:02.0741 4728 mpsdrv - ok
18:08:02.0841 4728 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\windows\system32\mpssvc.dll
18:08:02.0861 4728 MpsSvc - ok
18:08:02.0941 4728 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
18:08:02.0951 4728 MRxDAV - ok
18:08:02.0981 4728 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
18:08:02.0981 4728 mrxsmb - ok
18:08:03.0091 4728 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
18:08:03.0101 4728 mrxsmb10 - ok
18:08:03.0141 4728 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
18:08:03.0141 4728 mrxsmb20 - ok
18:08:03.0231 4728 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\windows\system32\DRIVERS\msahci.sys
18:08:03.0231 4728 msahci - ok
18:08:03.0261 4728 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
18:08:03.0261 4728 msdsm - ok
18:08:03.0301 4728 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
18:08:03.0301 4728 MSDTC - ok
18:08:03.0391 4728 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
18:08:03.0391 4728 Msfs - ok
18:08:03.0451 4728 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
18:08:03.0451 4728 mshidkmdf - ok
18:08:03.0501 4728 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
18:08:03.0501 4728 msisadrv - ok
18:08:03.0571 4728 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
18:08:03.0571 4728 MSiSCSI - ok
18:08:03.0591 4728 msiserver - ok
18:08:03.0681 4728 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
18:08:03.0691 4728 MSKSSRV - ok
18:08:03.0711 4728 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
18:08:03.0711 4728 MSPCLOCK - ok
18:08:03.0721 4728 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
18:08:03.0721 4728 MSPQM - ok
18:08:03.0751 4728 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
18:08:03.0761 4728 MsRPC - ok
18:08:03.0781 4728 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
18:08:03.0781 4728 mssmbios - ok
18:08:03.0851 4728 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
18:08:03.0851 4728 MSTEE - ok
18:08:03.0861 4728 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
18:08:03.0871 4728 MTConfig - ok
18:08:03.0901 4728 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
18:08:03.0901 4728 Mup - ok
18:08:03.0931 4728 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll
18:08:03.0941 4728 napagent - ok
18:08:04.0041 4728 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
18:08:04.0041 4728 NativeWifiP - ok
18:08:04.0151 4728 NAVENG (ba3d1e520fccc1783282f43b8adfc4ca) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110403.002\ENG64.SYS
18:08:04.0151 4728 NAVENG - ok
18:08:04.0221 4728 NAVEX15 (9f602385a74e30d13fb9083213cddc87) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110403.002\EX64.SYS
18:08:04.0241 4728 NAVEX15 - ok
18:08:04.0341 4728 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
18:08:04.0351 4728 NDIS - ok
18:08:04.0441 4728 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
18:08:04.0451 4728 NdisCap - ok
18:08:04.0471 4728 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
18:08:04.0481 4728 NdisTapi - ok
18:08:04.0561 4728 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
18:08:04.0561 4728 Ndisuio - ok
18:08:04.0581 4728 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
18:08:04.0581 4728 NdisWan - ok
18:08:04.0601 4728 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
18:08:04.0601 4728 NDProxy - ok
18:08:04.0691 4728 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
18:08:04.0691 4728 NetBIOS - ok
18:08:04.0711 4728 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
18:08:04.0711 4728 NetBT - ok
18:08:04.0741 4728 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
18:08:04.0741 4728 Netlogon - ok
18:08:04.0831 4728 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
18:08:04.0831 4728 Netman - ok
18:08:04.0881 4728 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
18:08:04.0881 4728 netprofm - ok
18:08:04.0951 4728 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:08:04.0951 4728 NetTcpPortSharing - ok
18:08:05.0021 4728 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
18:08:05.0051 4728 nfrd960 - ok
18:08:05.0401 4728 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
18:08:05.0411 4728 NIS - ok
18:08:05.0521 4728 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll
18:08:05.0531 4728 NlaSvc - ok
18:08:05.0601 4728 Norton PC Checkup Application Launcher - ok
18:08:05.0711 4728 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
18:08:05.0711 4728 Npfs - ok
18:08:05.0761 4728 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
18:08:05.0761 4728 nsi - ok
18:08:05.0881 4728 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
18:08:05.0881 4728 nsiproxy - ok
18:08:05.0981 4728 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
18:08:06.0011 4728 Ntfs - ok
18:08:06.0181 4728 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\windows\system32\DRIVERS\NuidFltr.sys
18:08:06.0181 4728 NuidFltr - ok
18:08:06.0231 4728 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
18:08:06.0231 4728 Null - ok
18:08:06.0331 4728 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
18:08:06.0331 4728 nvraid - ok
18:08:06.0381 4728 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
18:08:06.0381 4728 nvstor - ok
18:08:06.0421 4728 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
18:08:06.0431 4728 nv_agp - ok
18:08:06.0501 4728 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
18:08:06.0501 4728 ohci1394 - ok
18:08:06.0591 4728 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:08:06.0591 4728 ose - ok
18:08:06.0771 4728 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:08:06.0801 4728 osppsvc - ok
18:08:06.0874 4728 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:08:06.0889 4728 p2pimsvc - ok
18:08:06.0905 4728 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
18:08:06.0905 4728 p2psvc - ok
18:08:06.0983 4728 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
18:08:06.0999 4728 Parport - ok
18:08:07.0014 4728 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
18:08:07.0030 4728 partmgr - ok
18:08:07.0061 4728 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
18:08:07.0061 4728 PcaSvc - ok
18:08:07.0155 4728 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
18:08:07.0170 4728 PCCUJobMgr - ok
18:08:07.0248 4728 pci (5aab2b170536885de70a6cba8d7ce52b) C:\windows\system32\DRIVERS\pci.sys
18:08:07.0248 4728 pci - ok
18:08:07.0264 4728 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
18:08:07.0264 4728 pciide - ok
18:08:07.0295 4728 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
18:08:07.0295 4728 pcmcia - ok
18:08:07.0373 4728 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
18:08:07.0373 4728 pcw - ok
18:08:07.0435 4728 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
18:08:07.0451 4728 PEAUTH - ok
18:08:07.0513 4728 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
18:08:07.0529 4728 PerfHost - ok
18:08:07.0638 4728 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
18:08:07.0638 4728 PGEffect - ok
18:08:07.0716 4728 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll
18:08:07.0732 4728 pla - ok
18:08:07.0841 4728 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll
18:08:07.0857 4728 PlugPlay - ok
18:08:07.0903 4728 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
18:08:07.0903 4728 PNRPAutoReg - ok
18:08:08.0013 4728 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:08:08.0013 4728 PNRPsvc - ok
18:08:08.0137 4728 Point64 (33328fa8a580885ab0065be6db266e9f) C:\windows\system32\DRIVERS\point64.sys
18:08:08.0137 4728 Point64 - ok
18:08:08.0231 4728 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll
18:08:08.0247 4728 PolicyAgent - ok
18:08:08.0325 4728 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
18:08:08.0340 4728 Power - ok
18:08:08.0387 4728 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
18:08:08.0387 4728 PptpMiniport - ok
18:08:08.0449 4728 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
18:08:08.0449 4728 Processor - ok
18:08:08.0543 4728 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\windows\system32\profsvc.dll
18:08:08.0543 4728 ProfSvc - ok
18:08:08.0621 4728 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
18:08:08.0621 4728 ProtectedStorage - ok
18:08:08.0668 4728 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
18:08:08.0668 4728 Psched - ok
18:08:08.0761 4728 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
18:08:08.0761 4728 QIOMem - ok
18:08:08.0824 4728 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
18:08:08.0839 4728 ql2300 - ok
18:08:08.0917 4728 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
18:08:08.0917 4728 ql40xx - ok
18:08:08.0995 4728 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
18:08:08.0995 4728 QWAVE - ok
18:08:09.0073 4728 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
18:08:09.0073 4728 QWAVEdrv - ok
18:08:09.0105 4728 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
18:08:09.0105 4728 RasAcd - ok
18:08:09.0151 4728 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
18:08:09.0151 4728 RasAgileVpn - ok
18:08:09.0198 4728 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
18:08:09.0214 4728 RasAuto - ok
18:08:09.0261 4728 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
18:08:09.0261 4728 Rasl2tp - ok
18:08:09.0323 4728 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll
18:08:09.0323 4728 RasMan - ok
18:08:09.0401 4728 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
18:08:09.0401 4728 RasPppoe - ok
18:08:09.0479 4728 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
18:08:09.0479 4728 RasSstp - ok
18:08:09.0526 4728 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
18:08:09.0526 4728 rdbss - ok
18:08:09.0573 4728 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
18:08:09.0573 4728 rdpbus - ok
18:08:09.0619 4728 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
18:08:09.0619 4728 RDPCDD - ok
18:08:09.0682 4728 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
18:08:09.0682 4728 RDPENCDD - ok
18:08:09.0697 4728 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
18:08:09.0697 4728 RDPREFMP - ok
18:08:09.0744 4728 RDPWD (074ac702d8b8b660b0e1371555995386) C:\windows\system32\drivers\RDPWD.sys
18:08:09.0760 4728 RDPWD - ok
18:08:09.0853 4728 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\windows\system32\drivers\rdyboost.sys
18:08:09.0853 4728 rdyboost - ok
18:08:09.0947 4728 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
18:08:09.0947 4728 RemoteAccess - ok
18:08:10.0041 4728 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
18:08:10.0041 4728 RemoteRegistry - ok
18:08:10.0119 4728 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
18:08:10.0119 4728 RpcEptMapper - ok
18:08:10.0165 4728 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
18:08:10.0165 4728 RpcLocator - ok
18:08:10.0243 4728 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
18:08:10.0259 4728 RpcSs - ok
18:08:10.0399 4728 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
18:08:10.0399 4728 rspndr - ok
18:08:10.0509 4728 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\windows\system32\Drivers\RtsUStor.sys
18:08:10.0524 4728 RSUSBSTOR - ok
18:08:10.0571 4728 rtl8192Ce (b89c0601a05e1140ac96fa965d94c340) C:\windows\system32\DRIVERS\rtl8192Ce.sys
18:08:10.0587 4728 rtl8192Ce - ok
18:08:10.0649 4728 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
18:08:10.0649 4728 SamSs - ok
18:08:10.0711 4728 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
18:08:10.0711 4728 sbp2port - ok
18:08:10.0743 4728 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
18:08:10.0743 4728 SCardSvr - ok
18:08:10.0821 4728 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
18:08:10.0821 4728 scfilter - ok
18:08:10.0899 4728 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll
18:08:10.0914 4728 Schedule - ok
18:08:10.0992 4728 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
18:08:10.0992 4728 SCPolicySvc - ok
18:08:11.0023 4728 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll
18:08:11.0023 4728 SDRSVC - ok
18:08:11.0086 4728 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
18:08:11.0086 4728 secdrv - ok
18:08:11.0133 4728 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll
18:08:11.0133 4728 seclogon - ok
18:08:11.0164 4728 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
18:08:11.0179 4728 SENS - ok
18:08:11.0195 4728 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
18:08:11.0195 4728 SensrSvc - ok
18:08:11.0257 4728 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
18:08:11.0257 4728 Serenum - ok
18:08:11.0304 4728 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
18:08:11.0304 4728 Serial - ok
18:08:11.0304 4728 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
18:08:11.0304 4728 sermouse - ok
18:08:11.0351 4728 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll
18:08:11.0367 4728 SessionEnv - ok
18:08:11.0476 4728 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
18:08:11.0476 4728 sffdisk - ok
18:08:11.0523 4728 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
18:08:11.0523 4728 sffp_mmc - ok
18:08:11.0538 4728 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
18:08:11.0538 4728 sffp_sd - ok
18:08:11.0554 4728 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
18:08:11.0554 4728 sfloppy - ok
18:08:11.0632 4728 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
18:08:11.0647 4728 Sftfs - ok
18:08:11.0757 4728 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:08:11.0772 4728 sftlist - ok
18:08:11.0913 4728 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
18:08:11.0913 4728 Sftplay - ok
18:08:11.0991 4728 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
18:08:12.0006 4728 Sftredir - ok
18:08:12.0100 4728 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
18:08:12.0100 4728 Sftvol - ok
18:08:12.0193 4728 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:08:12.0193 4728 sftvsa - ok
18:08:12.0303 4728 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
18:08:12.0303 4728 SharedAccess - ok
18:08:12.0381 4728 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll
18:08:12.0396 4728 ShellHWDetection - ok
18:08:12.0490 4728 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
18:08:12.0505 4728 SiSRaid2 - ok
18:08:12.0521 4728 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
18:08:12.0521 4728 SiSRaid4 - ok
18:08:12.0552 4728 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
18:08:12.0552 4728 Smb - ok
18:08:12.0615 4728 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
18:08:12.0615 4728 SNMPTRAP - ok
18:08:12.0693 4728 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
18:08:12.0693 4728 spldr - ok
18:08:12.0771 4728 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe
18:08:12.0786 4728 Spooler - ok
18:08:12.0973 4728 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe
18:08:13.0098 4728 sppsvc - ok
18:08:13.0176 4728 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
18:08:13.0192 4728 sppuinotify - ok
18:08:13.0348 4728 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1207010.003\SRTSP64.SYS
18:08:13.0363 4728 SRTSP - ok
18:08:13.0488 4728 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1207010.003\SRTSPX64.SYS
18:08:13.0504 4728 SRTSPX - ok
18:08:13.0613 4728 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
18:08:13.0613 4728 srv - ok
18:08:13.0707 4728 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
18:08:13.0722 4728 srv2 - ok
18:08:13.0816 4728 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
18:08:13.0816 4728 SrvHsfHDA - ok
18:08:13.0956 4728 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
18:08:13.0972 4728 SrvHsfV92 - ok
18:08:14.0081 4728 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
18:08:14.0081 4728 SrvHsfWinac - ok
18:08:14.0175 4728 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
18:08:14.0190 4728 srvnet - ok
18:08:14.0268 4728 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
18:08:14.0284 4728 SSDPSRV - ok
18:08:14.0440 4728 ssm_mdfl (5f22132c9153639762708909f156b33d) C:\windows\system32\stunnel.dll
18:08:14.0440 4728 ssm_mdfl ( Backdoor.Multi.ZAccess.gen ) - infected
18:08:14.0440 4728 ssm_mdfl - detected Backdoor.Multi.ZAccess.gen (0)
18:08:14.0502 4728 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
18:08:14.0502 4728 SstpSvc - ok
18:08:14.0596 4728 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
18:08:14.0596 4728 stexstor - ok
18:08:14.0674 4728 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll
18:08:14.0689 4728 stisvc - ok
18:08:14.0752 4728 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
18:08:14.0752 4728 swenum - ok
18:08:14.0861 4728 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
18:08:14.0877 4728 swprv - ok
18:08:15.0001 4728 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS
18:08:15.0017 4728 SymDS - ok
18:08:15.0173 4728 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS
18:08:15.0189 4728 SymEFA - ok
18:08:15.0313 4728 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
18:08:15.0313 4728 SymEvent - ok
18:08:15.0423 4728 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS
18:08:15.0423 4728 SymIRON - ok
18:08:15.0594 4728 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS
18:08:15.0594 4728 SymNetS - ok
18:08:15.0719 4728 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
18:08:15.0719 4728 SynTP - ok
18:08:15.0813 4728 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll
18:08:15.0844 4728 SysMain - ok
18:08:15.0922 4728 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll
18:08:15.0922 4728 TabletInputService - ok
18:08:15.0969 4728 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll
18:08:15.0969 4728 TapiSrv - ok
18:08:15.0984 4728 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
18:08:15.0984 4728 TBS - ok
18:08:16.0125 4728 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
18:08:16.0171 4728 Tcpip - ok
18:08:16.0327 4728 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
18:08:16.0343 4728 TCPIP6 - ok
18:08:16.0421 4728 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
18:08:16.0421 4728 tcpipreg - ok
18:08:16.0483 4728 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
18:08:16.0483 4728 tdcmdpst - ok
18:08:16.0561 4728 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
18:08:16.0561 4728 TDPIPE - ok
18:08:16.0608 4728 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\windows\system32\drivers\tdtcp.sys
18:08:16.0608 4728 TDTCP - ok
18:08:16.0733 4728 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
18:08:16.0733 4728 tdx - ok
18:08:16.0749 4728 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
18:08:16.0764 4728 TermDD - ok
18:08:16.0795 4728 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll
18:08:16.0795 4728 TermService - ok
18:08:16.0873 4728 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
18:08:16.0873 4728 Themes - ok
18:08:16.0905 4728 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:08:16.0905 4728 THREADORDER - ok
18:08:16.0998 4728 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
18:08:16.0998 4728 TMachInfo - ok
18:08:17.0076 4728 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
18:08:17.0092 4728 TODDSrv - ok
18:08:17.0170 4728 TosCoSrv (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
18:08:17.0185 4728 TosCoSrv - ok
18:08:17.0263 4728 TOSHIBA eco Utility Service (bae96ad126f4eed4d361b092ba2e61fe) C:\Program Files\TOSHIBA\TECO\TecoService.exe
18:08:17.0279 4728 TOSHIBA eco Utility Service - ok
18:08:17.0326 4728 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
18:08:17.0326 4728 TOSHIBA HDD SSD Alert Service - ok
18:08:17.0435 4728 TPCHSrv (97687d094aa597da366e1194b218cc6c) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
18:08:17.0451 4728 TPCHSrv - ok
18:08:17.0653 4728 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
18:08:17.0653 4728 TrkWks - ok
18:08:17.0716 4728 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe
18:08:17.0716 4728 TrustedInstaller - ok
18:08:17.0809 4728 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
18:08:17.0809 4728 tssecsrv - ok
18:08:17.0903 4728 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
18:08:17.0903 4728 tunnel - ok
18:08:18.0012 4728 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
18:08:18.0012 4728 TVALZ - ok
18:08:18.0075 4728 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
18:08:18.0090 4728 TVALZFL - ok
18:08:18.0153 4728 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
18:08:18.0153 4728 uagp35 - ok
18:08:18.0199 4728 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
18:08:18.0215 4728 udfs - ok
18:08:18.0246 4728 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
18:08:18.0246 4728 UI0Detect - ok
18:08:18.0309 4728 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
18:08:18.0309 4728 uliagpkx - ok
18:08:18.0340 4728 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
18:08:18.0340 4728 umbus - ok
18:08:18.0355 4728 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
18:08:18.0355 4728 UmPass - ok
18:08:18.0387 4728 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
18:08:18.0387 4728 upnphost - ok
18:08:18.0465 4728 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
18:08:18.0465 4728 usbccgp - ok
18:08:18.0511 4728 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
18:08:18.0511 4728 usbcir - ok
18:08:18.0574 4728 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\DRIVERS\usbehci.sys
18:08:18.0574 4728 usbehci - ok
18:08:18.0621 4728 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
18:08:18.0636 4728 usbhub - ok
18:08:18.0652 4728 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\DRIVERS\usbohci.sys
18:08:18.0652 4728 usbohci - ok
18:08:18.0730 4728 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
18:08:18.0730 4728 usbprint - ok
18:08:18.0761 4728 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
18:08:18.0777 4728 USBSTOR - ok
18:08:18.0839 4728 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
18:08:18.0839 4728 usbuhci - ok
18:08:18.0901 4728 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\system32\Drivers\usbvideo.sys
18:08:18.0917 4728 usbvideo - ok
18:08:18.0979 4728 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
18:08:18.0979 4728 UxSms - ok
18:08:19.0026 4728 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
18:08:19.0026 4728 VaultSvc - ok
18:08:19.0104 4728 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
18:08:19.0104 4728 vdrvroot - ok
18:08:19.0151 4728 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe
18:08:19.0167 4728 vds - ok
18:08:19.0260 4728 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
18:08:19.0260 4728 vga - ok
18:08:19.0291 4728 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
18:08:19.0291 4728 VgaSave - ok
18:08:19.0307 4728 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
18:08:19.0323 4728 vhdmp - ok
18:08:19.0385 4728 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
18:08:19.0385 4728 viaide - ok
18:08:19.0401 4728 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
18:08:19.0401 4728 volmgr - ok
18:08:19.0432 4728 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
18:08:19.0432 4728 volmgrx - ok
18:08:19.0447 4728 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
18:08:19.0447 4728 volsnap - ok
18:08:19.0525 4728 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
18:08:19.0541 4728 vsmraid - ok
18:08:19.0619 4728 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe
18:08:19.0650 4728 VSS - ok
18:08:19.0728 4728 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
18:08:19.0728 4728 vwifibus - ok
18:08:19.0759 4728 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
18:08:19.0759 4728 vwififlt - ok
18:08:19.0806 4728 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
18:08:19.0806 4728 vwifimp - ok
18:08:19.0869 4728 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
18:08:19.0884 4728 W32Time - ok
18:08:19.0962 4728 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
18:08:19.0962 4728 WacomPen - ok
18:08:20.0040 4728 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
18:08:20.0040 4728 WANARP - ok
18:08:20.0056 4728 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
18:08:20.0056 4728 Wanarpv6 - ok
18:08:20.0118 4728 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
18:08:20.0149 4728 WatAdminSvc - ok
18:08:20.0259 4728 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe
18:08:20.0290 4728 wbengine - ok
18:08:20.0368 4728 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
18:08:20.0368 4728 WbioSrvc - ok
18:08:20.0430 4728 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll
18:08:20.0446 4728 wcncsvc - ok
18:08:20.0508 4728 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
18:08:20.0508 4728 WcsPlugInService - ok
18:08:20.0559 4728 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
18:08:20.0559 4728 Wd - ok
18:08:20.0619 4728 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
18:08:20.0629 4728 Wdf01000 - ok
18:08:20.0709 4728 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
18:08:20.0709 4728 WdiServiceHost - ok
18:08:20.0719 4728 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
18:08:20.0719 4728 WdiSystemHost - ok
18:08:20.0749 4728 WebClient (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll
18:08:20.0759 4728 WebClient - ok
18:08:20.0839 4728 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
18:08:20.0849 4728 Wecsvc - ok
18:08:20.0889 4728 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
18:08:20.0889 4728 wercplsupport - ok
18:08:20.0959 4728 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
18:08:20.0959 4728 WerSvc - ok
18:08:21.0019 4728 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
18:08:21.0019 4728 WfpLwf - ok
18:08:21.0079 4728 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
18:08:21.0079 4728 WIMMount - ok
18:08:21.0139 4728 WinDefend - ok
18:08:21.0159 4728 WinHttpAutoProxySvc - ok
18:08:21.0279 4728 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
18:08:21.0289 4728 Winmgmt - ok
18:08:21.0399 4728 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll
18:08:21.0419 4728 WinRM - ok
18:08:21.0539 4728 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
18:08:21.0559 4728 Wlansvc - ok
18:08:21.0649 4728 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:08:21.0649 4728 wlcrasvc - ok
18:08:21.0769 4728 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:08:21.0789 4728 wlidsvc - ok
18:08:21.0859 4728 wlidsvc32 - ok
18:08:21.0949 4728 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
18:08:21.0949 4728 WmiAcpi - ok
18:08:22.0039 4728 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
18:08:22.0039 4728 wmiApSrv - ok
18:08:22.0119 4728 WMPNetworkSvc - ok
18:08:22.0239 4728 WN111v2 (ae06d75f402de21c922bcecb30f8fb50) C:\windows\system32\DRIVERS\WN111v2x.sys
18:08:22.0249 4728 WN111v2 - ok
18:08:22.0319 4728 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
18:08:22.0329 4728 WPCSvc - ok
18:08:22.0359 4728 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll
18:08:22.0369 4728 WPDBusEnum - ok
18:08:22.0409 4728 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
18:08:22.0409 4728 ws2ifsl - ok
18:08:22.0499 4728 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\windows\System32\wscsvc.dll
18:08:22.0509 4728 wscsvc - ok
18:08:22.0559 4728 WSearch - ok
18:08:22.0699 4728 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll
18:08:22.0729 4728 wuauserv - ok
18:08:22.0829 4728 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
18:08:22.0829 4728 WudfPf - ok
18:08:22.0869 4728 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
18:08:22.0879 4728 WUDFRd - ok
18:08:22.0949 4728 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll
18:08:22.0959 4728 wudfsvc - ok
18:08:22.0979 4728 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
18:08:22.0989 4728 WwanSvc - ok
18:08:23.0089 4728 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:08:23.0109 4728 YahooAUService - ok
18:08:23.0149 4728 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
18:08:23.0289 4728 \Device\Harddisk0\DR0 - ok
18:08:23.0319 4728 Boot (0x1200) (0a9b39f03757ea4a5210f842c53c906e) \Device\Harddisk0\DR0\Partition0
18:08:23.0319 4728 \Device\Harddisk0\DR0\Partition0 - ok
18:08:23.0329 4728 ============================================================
18:08:23.0329 4728 Scan finished
18:08:23.0329 4728 ============================================================
18:08:23.0339 4520 Detected object count: 1
18:08:23.0339 4520 Actual detected object count: 1
18:10:28.0507 4520 C:\windows\system32\stunnel.dll - copied to quarantine
18:10:28.0507 4520 HKLM\SYSTEM\ControlSet001\services\ssm_mdfl - will be deleted on reboot
18:10:28.0554 4520 HKLM\SYSTEM\ControlSet002\services\ssm_mdfl - will be deleted on reboot
18:10:28.0866 4520 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
18:10:29.0146 4520 C:\windows\system32\stunnel.dll - will be deleted on reboot
18:10:29.0146 4520 ssm_mdfl ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
18:10:34.0653 5176 Deinitialize success

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:20 PM

Posted 21 April 2012 - 08:57 PM

We need advanced tools

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users