Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijack log


  • This topic is locked This topic is locked
17 replies to this topic

#1 sedaps

sedaps

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 01 May 2012 - 04:57 AM

I am using windows vista. My internet explorer browser keeps redirecting me to other sites.
I went ahead and ran hijack this. The hijack log is below. Many thanks.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:04:54 AM, on 5/1/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7471 bytes

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:57 AM

Posted 01 May 2012 - 01:16 PM

:welcome:

We are in the process of researching and investigating your log. Please be patient as we do this and a Helper will respond as soon as possible.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:06:57 AM

Posted 01 May 2012 - 06:36 PM

Hi Sedaps, my name is Mark and I will be helping you.

Before doing anything further, if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. If that occurs there may be no option but to reformat and reinstall the OS or perform a full system recovery. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.


Please follow the instructions below and post the log as requested.


Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
-- The tool is frequently updated...if you used TDSSKiller before, delete that version and download the most current one before using again.

Be sure to print out and follow the instructions for performing a scan.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • Alternatively, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.
  • When the program opens, click the Change parameters.

    Posted Image

  • Under "Additional options", check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.

    Posted Image

  • Click the Start Scan button.

    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
  • If Malicious objects are detected, they will show in the Scan results - Select action for found objects and offer three options.

    Posted Image

  • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.

    Posted Image

  • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".

#4 sedaps

sedaps
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 02 May 2012 - 12:03 AM

00:35:27.0580 7412 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
00:35:29.0580 7412 ============================================================
00:35:29.0580 7412 Current date / time: 2012/05/02 00:35:29.0580
00:35:29.0580 7412 SystemInfo:
00:35:29.0580 7412
00:35:29.0580 7412 OS Version: 6.0.6002 ServicePack: 2.0
00:35:29.0580 7412 Product type: Workstation
00:35:29.0580 7412 ComputerName: STEPH-PC
00:35:29.0580 7412 UserName: steph
00:35:29.0580 7412 Windows directory: C:\Windows
00:35:29.0580 7412 System windows directory: C:\Windows
00:35:29.0580 7412 Processor architecture: Intel x86
00:35:29.0580 7412 Number of processors: 1
00:35:29.0580 7412 Page size: 0x1000
00:35:29.0580 7412 Boot type: Normal boot
00:35:29.0580 7412 ============================================================
00:35:31.0000 7412 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:35:31.0070 7412 Drive \Device\Harddisk1\DR4 - Size: 0x3C7800000 (15.12 Gb), SectorSize: 0x200, Cylinders: 0x7B5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:35:31.0070 7412 ============================================================
00:35:31.0070 7412 \Device\Harddisk0\DR0:
00:35:31.0080 7412 MBR partitions:
00:35:31.0080 7412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x40C4800
00:35:31.0080 7412 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x544D000, BlocksNum 0x40C2000
00:35:31.0080 7412 \Device\Harddisk1\DR4:
00:35:31.0080 7412 MBR partitions:
00:35:31.0080 7412 \Device\Harddisk1\DR4\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1E3BFE0
00:35:31.0080 7412 ============================================================
00:35:31.0300 7412 C: <-> \Device\Harddisk0\DR0\Partition0
00:35:31.0350 7412 D: <-> \Device\Harddisk0\DR0\Partition1
00:35:31.0390 7412 ============================================================
00:35:31.0390 7412 Initialize success
00:35:31.0390 7412 ============================================================
00:40:27.0288 6656 ============================================================
00:40:27.0288 6656 Scan started
00:40:27.0288 6656 Mode: Manual; SigCheck; TDLFS;
00:40:27.0288 6656 ============================================================
00:40:30.0923 6656 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:40:31.0313 6656 ACPI - ok
00:40:31.0391 6656 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
00:40:31.0485 6656 adp94xx - ok
00:40:31.0532 6656 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
00:40:31.0594 6656 adpahci - ok
00:40:31.0656 6656 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
00:40:31.0766 6656 adpu160m - ok
00:40:31.0797 6656 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
00:40:31.0875 6656 adpu320 - ok
00:40:31.0922 6656 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
00:40:32.0483 6656 AeLookupSvc - ok
00:40:32.0577 6656 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
00:40:32.0733 6656 AFD - ok
00:40:32.0873 6656 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
00:40:32.0982 6656 agp440 - ok
00:40:33.0014 6656 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:40:33.0060 6656 aic78xx - ok
00:40:33.0107 6656 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
00:40:33.0357 6656 ALG - ok
00:40:33.0404 6656 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
00:40:33.0544 6656 aliide - ok
00:40:33.0591 6656 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
00:40:33.0669 6656 amdagp - ok
00:40:33.0684 6656 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
00:40:33.0731 6656 amdide - ok
00:40:33.0778 6656 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
00:40:33.0996 6656 AmdK7 - ok
00:40:34.0043 6656 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
00:40:34.0152 6656 AmdK8 - ok
00:40:34.0199 6656 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
00:40:34.0355 6656 Appinfo - ok
00:40:34.0480 6656 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:40:34.0511 6656 Apple Mobile Device - ok
00:40:34.0527 6656 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
00:40:34.0605 6656 arc - ok
00:40:34.0652 6656 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
00:40:34.0714 6656 arcsas - ok
00:40:34.0745 6656 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:40:34.0823 6656 AsyncMac - ok
00:40:34.0854 6656 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
00:40:34.0948 6656 atapi - ok
00:40:35.0026 6656 athr (d9583d3c896f0c608d8a484906650b2c) C:\Windows\system32\DRIVERS\athr.sys
00:40:35.0244 6656 athr - ok
00:40:35.0307 6656 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
00:40:35.0416 6656 AudioEndpointBuilder - ok
00:40:35.0416 6656 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
00:40:35.0478 6656 Audiosrv - ok
00:40:35.0572 6656 Automatic LiveUpdate Scheduler (b5d974c1fd078a68c7536c561b031d39) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
00:40:35.0681 6656 Automatic LiveUpdate Scheduler - ok
00:40:35.0822 6656 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
00:40:36.0024 6656 BCM43XV - ok
00:40:36.0087 6656 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:40:36.0196 6656 Beep - ok
00:40:36.0336 6656 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
00:40:36.0555 6656 BITS - ok
00:40:36.0570 6656 blbdrive - ok
00:40:36.0633 6656 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:40:36.0726 6656 bowser - ok
00:40:36.0804 6656 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:40:36.0882 6656 BrFiltLo - ok
00:40:36.0914 6656 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:40:36.0976 6656 BrFiltUp - ok
00:40:37.0023 6656 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
00:40:37.0101 6656 Browser - ok
00:40:37.0210 6656 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:40:37.0319 6656 Brserid - ok
00:40:37.0522 6656 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:40:37.0616 6656 BrSerWdm - ok
00:40:37.0678 6656 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:40:37.0756 6656 BrUsbMdm - ok
00:40:37.0787 6656 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:40:37.0881 6656 BrUsbSer - ok
00:40:37.0943 6656 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:40:38.0037 6656 BTHMODEM - ok
00:40:38.0224 6656 ccEvtMgr (e7aab1a32ac2eea4c4b735b8d034c802) c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
00:40:38.0271 6656 ccEvtMgr - ok
00:40:38.0302 6656 ccSetMgr (e7aab1a32ac2eea4c4b735b8d034c802) c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
00:40:38.0333 6656 ccSetMgr - ok
00:40:38.0396 6656 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:40:38.0536 6656 cdfs - ok
00:40:38.0614 6656 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
00:40:38.0708 6656 cdrom - ok
00:40:38.0770 6656 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
00:40:38.0832 6656 CertPropSvc - ok
00:40:38.0895 6656 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
00:40:39.0004 6656 circlass - ok
00:40:39.0051 6656 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:40:39.0129 6656 CLFS - ok
00:40:39.0191 6656 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:40:39.0269 6656 clr_optimization_v2.0.50727_32 - ok
00:40:39.0285 6656 CLTNetCnService (e7aab1a32ac2eea4c4b735b8d034c802) c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
00:40:39.0316 6656 CLTNetCnService - ok
00:40:39.0363 6656 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
00:40:39.0441 6656 CmBatt - ok
00:40:39.0488 6656 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
00:40:39.0534 6656 cmdide - ok
00:40:39.0612 6656 comHost (7ce352882828c12dd7632b172253a02c) c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
00:40:39.0722 6656 comHost - ok
00:40:39.0753 6656 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
00:40:39.0800 6656 Compbatt - ok
00:40:39.0831 6656 COMSysApp - ok
00:40:39.0846 6656 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
00:40:39.0909 6656 crcdisk - ok
00:40:39.0971 6656 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
00:40:40.0080 6656 Crusoe - ok
00:40:40.0143 6656 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
00:40:40.0221 6656 CryptSvc - ok
00:40:40.0314 6656 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
00:40:40.0470 6656 DcomLaunch - ok
00:40:40.0517 6656 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
00:40:40.0595 6656 DfsC - ok
00:40:40.0736 6656 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
00:40:41.0032 6656 DFSR - ok
00:40:41.0282 6656 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
00:40:41.0375 6656 Dhcp - ok
00:40:41.0484 6656 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:40:41.0531 6656 disk - ok
00:40:41.0578 6656 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
00:40:41.0687 6656 DKbFltr - ok
00:40:41.0750 6656 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
00:40:41.0828 6656 Dnscache - ok
00:40:41.0874 6656 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
00:40:41.0952 6656 dot3svc - ok
00:40:42.0030 6656 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
00:40:42.0108 6656 DPS - ok
00:40:42.0155 6656 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:40:42.0218 6656 drmkaud - ok
00:40:42.0296 6656 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
00:40:42.0436 6656 DXGKrnl - ok
00:40:42.0483 6656 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:40:42.0561 6656 E1G60 - ok
00:40:42.0608 6656 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
00:40:42.0686 6656 EapHost - ok
00:40:42.0732 6656 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:40:42.0795 6656 Ecache - ok
00:40:42.0920 6656 eDataSecurity Service (f54907aa07f60aff81e1e09e97af98b0) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
00:40:43.0044 6656 eDataSecurity Service - ok
00:40:43.0169 6656 eeCtrl (47ce4e650d91dc095a2fddb15631a78a) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
00:40:43.0247 6656 eeCtrl - ok
00:40:43.0341 6656 eLockService (a7b5f3b9363f9ab1d4fe459baf3b15d6) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
00:40:43.0450 6656 eLockService ( UnsignedFile.Multi.Generic ) - warning
00:40:43.0450 6656 eLockService - detected UnsignedFile.Multi.Generic (1)
00:40:43.0544 6656 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
00:40:43.0606 6656 elxstor - ok
00:40:43.0668 6656 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
00:40:43.0871 6656 EMDMgmt - ok
00:40:43.0949 6656 eNet Service (207e2dda01aac6ad64f0368ca59fc179) C:\Acer\Empowering Technology\eNet\eNet Service.exe
00:40:44.0012 6656 eNet Service ( UnsignedFile.Multi.Generic ) - warning
00:40:44.0012 6656 eNet Service - detected UnsignedFile.Multi.Generic (1)
00:40:44.0168 6656 EraserUtilRebootDrv (ce3ef5c79cb0bfa036e844f74c52d759) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:40:44.0230 6656 EraserUtilRebootDrv - ok
00:40:44.0261 6656 eRecoveryService (a7b084bfbbd582a843d2f5c35220f962) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
00:40:44.0386 6656 eRecoveryService ( UnsignedFile.Multi.Generic ) - warning
00:40:44.0386 6656 eRecoveryService - detected UnsignedFile.Multi.Generic (1)
00:40:44.0448 6656 eSettingsService (06484e97d22f06de8de0f8e2bec6fa9e) C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
00:40:44.0558 6656 eSettingsService ( UnsignedFile.Multi.Generic ) - warning
00:40:44.0558 6656 eSettingsService - detected UnsignedFile.Multi.Generic (1)
00:40:44.0604 6656 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
00:40:44.0682 6656 EventSystem - ok
00:40:44.0776 6656 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:40:44.0932 6656 exfat - ok
00:40:44.0994 6656 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:40:45.0088 6656 fastfat - ok
00:40:45.0135 6656 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
00:40:45.0260 6656 fdc - ok
00:40:45.0322 6656 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
00:40:45.0369 6656 fdPHost - ok
00:40:45.0431 6656 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
00:40:45.0556 6656 FDResPub - ok
00:40:45.0603 6656 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:40:45.0650 6656 FileInfo - ok
00:40:45.0696 6656 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:40:45.0806 6656 Filetrace - ok
00:40:45.0837 6656 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
00:40:45.0962 6656 flpydisk - ok
00:40:46.0024 6656 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:40:46.0102 6656 FltMgr - ok
00:40:46.0196 6656 FontCache (452feaab2a8dbb42ed751754cb2594f5) C:\Windows\system32\FntCache.dll
00:40:46.0414 6656 FontCache - ok
00:40:46.0492 6656 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:40:46.0586 6656 FontCache3.0.0.0 - ok
00:40:46.0632 6656 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
00:40:46.0726 6656 Fs_Rec - ok
00:40:46.0773 6656 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
00:40:46.0820 6656 gagp30kx - ok
00:40:46.0866 6656 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
00:40:47.0038 6656 gpsvc - ok
00:40:47.0116 6656 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
00:40:47.0225 6656 HdAudAddService - ok
00:40:47.0288 6656 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:40:47.0568 6656 HDAudBus - ok
00:40:47.0615 6656 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:40:47.0709 6656 HidBth - ok
00:40:47.0740 6656 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:40:47.0849 6656 HidIr - ok
00:40:47.0912 6656 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
00:40:48.0021 6656 hidserv - ok
00:40:48.0068 6656 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:40:48.0130 6656 HidUsb - ok
00:40:48.0177 6656 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
00:40:48.0255 6656 hkmsvc - ok
00:40:48.0317 6656 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
00:40:48.0395 6656 HpCISSs - ok
00:40:48.0458 6656 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
00:40:48.0567 6656 HSFHWAZL - ok
00:40:48.0645 6656 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
00:40:48.0879 6656 HSF_DPV - ok
00:40:48.0941 6656 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
00:40:49.0019 6656 HSXHWAZL - ok
00:40:49.0097 6656 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
00:40:49.0238 6656 HTTP - ok
00:40:49.0269 6656 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
00:40:49.0347 6656 i2omp - ok
00:40:49.0394 6656 i8042prt (7c877c89a98395ce6ad87477c646e80f) C:\Windows\system32\DRIVERS\i8042prt.sys
00:40:49.0440 6656 i8042prt ( Virus.Win32.ZAccess.c ) - infected
00:40:49.0440 6656 i8042prt - detected Virus.Win32.ZAccess.c (0)
00:40:49.0534 6656 IAANTMON (ae38a12f79a4980ddb88f36514f8a1da) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
00:40:49.0643 6656 IAANTMON - ok
00:40:49.0690 6656 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys
00:40:49.0721 6656 iaStor - ok
00:40:49.0752 6656 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
00:40:49.0846 6656 iaStorV - ok
00:40:49.0986 6656 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:40:50.0158 6656 idsvc - ok
00:40:50.0267 6656 IDSvix86 (f49b22e2cc15de6e752fc8cb24eb7069) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080829.001\IDSvix86.sys
00:40:50.0330 6656 IDSvix86 - ok
00:40:50.0548 6656 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:40:51.0047 6656 igfx - ok
00:40:51.0203 6656 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:40:51.0266 6656 iirsp - ok
00:40:51.0328 6656 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
00:40:51.0437 6656 IKEEXT - ok
00:40:51.0562 6656 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
00:40:51.0609 6656 int15 - ok
00:40:51.0765 6656 IntcAzAudAddService (90a10b39896040b3154613c11c932aeb) C:\Windows\system32\drivers\RTKVHDA.sys
00:40:52.0061 6656 IntcAzAudAddService - ok
00:40:52.0217 6656 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
00:40:52.0280 6656 intelide - ok
00:40:52.0326 6656 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:40:52.0420 6656 intelppm - ok
00:40:52.0451 6656 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
00:40:52.0529 6656 IPBusEnum - ok
00:40:52.0576 6656 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:40:52.0654 6656 IpFilterDriver - ok
00:40:52.0670 6656 IpInIp - ok
00:40:52.0701 6656 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
00:40:52.0779 6656 IPMIDRV - ok
00:40:52.0826 6656 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:40:52.0904 6656 IPNAT - ok
00:40:52.0950 6656 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:40:53.0060 6656 IRENUM - ok
00:40:53.0106 6656 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
00:40:53.0138 6656 isapnp - ok
00:40:53.0200 6656 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:40:53.0278 6656 iScsiPrt - ok
00:40:53.0340 6656 ISPwdSvc (36474fde02f8422b8b1a52ead9894dbc) c:\Program Files\Norton Internet Security\isPwdSvc.exe
00:40:53.0387 6656 ISPwdSvc - ok
00:40:53.0434 6656 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:40:53.0481 6656 iteatapi - ok
00:40:53.0496 6656 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:40:53.0543 6656 iteraid - ok
00:40:53.0590 6656 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:40:53.0637 6656 kbdclass - ok
00:40:53.0699 6656 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
00:40:53.0808 6656 kbdhid - ok
00:40:53.0840 6656 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:40:53.0964 6656 KeyIso - ok
00:40:54.0011 6656 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
00:40:54.0120 6656 KSecDD - ok
00:40:54.0183 6656 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
00:40:54.0323 6656 KtmRm - ok
00:40:54.0370 6656 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
00:40:54.0495 6656 LanmanServer - ok
00:40:54.0542 6656 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
00:40:54.0682 6656 LanmanWorkstation - ok
00:40:54.0791 6656 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
00:40:54.0854 6656 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
00:40:54.0854 6656 LightScribeService - detected UnsignedFile.Multi.Generic (1)
00:40:55.0041 6656 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
00:40:55.0462 6656 LiveUpdate - ok
00:40:55.0665 6656 LiveUpdate Notice Ex (e7aab1a32ac2eea4c4b735b8d034c802) c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
00:40:55.0696 6656 LiveUpdate Notice Ex - ok
00:40:55.0790 6656 LiveUpdate Notice Service (2d1389e05a807d956829f44bd4b60389) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
00:40:55.0914 6656 LiveUpdate Notice Service - ok
00:40:56.0055 6656 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:40:56.0164 6656 lltdio - ok
00:40:56.0211 6656 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
00:40:56.0320 6656 lltdsvc - ok
00:40:56.0367 6656 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
00:40:56.0445 6656 lmhosts - ok
00:40:56.0538 6656 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
00:40:56.0570 6656 LSI_FC - ok
00:40:56.0632 6656 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
00:40:56.0710 6656 LSI_SAS - ok
00:40:56.0741 6656 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
00:40:56.0788 6656 LSI_SCSI - ok
00:40:56.0835 6656 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:40:56.0897 6656 luafv - ok
00:40:56.0913 6656 MCSTRM - ok
00:40:56.0960 6656 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
00:40:57.0022 6656 mdmxsdk - ok
00:40:57.0069 6656 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
00:40:57.0100 6656 megasas - ok
00:40:57.0147 6656 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:40:57.0225 6656 MMCSS - ok
00:40:57.0256 6656 mnmsrvc (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\cnmpar21.dll
00:40:57.0256 6656 mnmsrvc ( Backdoor.Multi.ZAccess.gen ) - infected
00:40:57.0256 6656 mnmsrvc - detected Backdoor.Multi.ZAccess.gen (0)
00:40:57.0303 6656 MobilityService - ok
00:40:57.0365 6656 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:40:57.0428 6656 Modem - ok
00:40:57.0490 6656 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:40:57.0568 6656 monitor - ok
00:40:57.0630 6656 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:40:57.0693 6656 mouclass - ok
00:40:57.0708 6656 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:40:57.0818 6656 mouhid - ok
00:40:57.0849 6656 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:40:57.0880 6656 MountMgr - ok
00:40:57.0942 6656 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
00:40:57.0989 6656 mpio - ok
00:40:58.0114 6656 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:40:58.0176 6656 mpsdrv - ok
00:40:58.0239 6656 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:40:58.0317 6656 Mraid35x - ok
00:40:58.0379 6656 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:40:58.0535 6656 MRxDAV - ok
00:40:58.0582 6656 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:40:58.0676 6656 mrxsmb - ok
00:40:58.0707 6656 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:40:58.0785 6656 mrxsmb10 - ok
00:40:58.0832 6656 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:40:58.0894 6656 mrxsmb20 - ok
00:40:58.0925 6656 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
00:40:58.0988 6656 msahci - ok
00:40:59.0019 6656 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
00:40:59.0050 6656 msdsm - ok
00:40:59.0081 6656 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
00:40:59.0175 6656 MSDTC - ok
00:40:59.0222 6656 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:40:59.0300 6656 Msfs - ok
00:40:59.0346 6656 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:40:59.0378 6656 msisadrv - ok
00:40:59.0440 6656 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
00:40:59.0534 6656 MSiSCSI - ok
00:40:59.0549 6656 msiserver - ok
00:40:59.0580 6656 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:40:59.0643 6656 MSKSSRV - ok
00:40:59.0674 6656 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:40:59.0736 6656 MSPCLOCK - ok
00:40:59.0814 6656 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:40:59.0877 6656 MSPQM - ok
00:40:59.0939 6656 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:41:00.0017 6656 MsRPC - ok
00:41:00.0064 6656 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:41:00.0111 6656 mssmbios - ok
00:41:00.0204 6656 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:41:00.0267 6656 MSTEE - ok
00:41:00.0298 6656 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:41:00.0345 6656 Mup - ok
00:41:00.0392 6656 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
00:41:00.0532 6656 napagent - ok
00:41:00.0563 6656 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:41:00.0626 6656 NativeWifiP - ok
00:41:00.0750 6656 NAVENG (d8f9e712479f2f8dc8c3524a62365f95) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080905.006\NAVENG.SYS
00:41:00.0797 6656 NAVENG - ok
00:41:00.0891 6656 NAVEX15 (0b127bbe41300dede016e86e47329cdd) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080905.006\NAVEX15.SYS
00:41:00.0984 6656 NAVEX15 - ok
00:41:01.0047 6656 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:41:01.0125 6656 NDIS - ok
00:41:01.0187 6656 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:41:01.0250 6656 NdisTapi - ok
00:41:01.0281 6656 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:41:01.0359 6656 Ndisuio - ok
00:41:01.0406 6656 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:41:01.0484 6656 NdisWan - ok
00:41:01.0530 6656 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:41:01.0593 6656 NDProxy - ok
00:41:01.0640 6656 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:41:01.0702 6656 NetBIOS - ok
00:41:01.0764 6656 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
00:41:01.0858 6656 netbt - ok
00:41:01.0889 6656 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:41:01.0920 6656 Netlogon - ok
00:41:01.0983 6656 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
00:41:02.0076 6656 Netman - ok
00:41:02.0170 6656 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
00:41:02.0232 6656 netprofm - ok
00:41:02.0342 6656 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:41:02.0404 6656 NetTcpPortSharing - ok
00:41:02.0451 6656 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:41:02.0498 6656 nfrd960 - ok
00:41:02.0560 6656 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
00:41:02.0638 6656 NlaSvc - ok
00:41:02.0669 6656 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:41:02.0716 6656 Npfs - ok
00:41:02.0763 6656 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
00:41:02.0810 6656 nsi - ok
00:41:02.0856 6656 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:41:02.0934 6656 nsiproxy - ok
00:41:03.0028 6656 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:41:03.0278 6656 Ntfs - ok
00:41:03.0356 6656 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
00:41:03.0402 6656 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
00:41:03.0402 6656 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
00:41:03.0449 6656 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:41:03.0527 6656 ntrigdigi - ok
00:41:03.0590 6656 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:41:03.0652 6656 Null - ok
00:41:03.0714 6656 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
00:41:03.0839 6656 NVENETFD - ok
00:41:03.0902 6656 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
00:41:03.0933 6656 nvraid - ok
00:41:03.0995 6656 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
00:41:04.0026 6656 nvstor - ok
00:41:04.0073 6656 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
00:41:04.0120 6656 nv_agp - ok
00:41:04.0136 6656 NwlnkFlt - ok
00:41:04.0151 6656 NwlnkFwd - ok
00:41:04.0214 6656 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
00:41:04.0307 6656 ohci1394 - ok
00:41:04.0370 6656 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:41:04.0526 6656 p2pimsvc - ok
00:41:04.0541 6656 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:41:04.0635 6656 p2psvc - ok
00:41:04.0666 6656 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:41:04.0791 6656 Parport - ok
00:41:04.0838 6656 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
00:41:04.0900 6656 partmgr - ok
00:41:04.0947 6656 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:41:05.0040 6656 Parvdm - ok
00:41:05.0087 6656 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
00:41:05.0212 6656 PcaSvc - ok
00:41:05.0259 6656 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:41:05.0321 6656 pci - ok
00:41:05.0384 6656 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
00:41:05.0415 6656 pciide - ok
00:41:05.0540 6656 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
00:41:05.0586 6656 pcmcia - ok
00:41:05.0664 6656 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:41:05.0883 6656 PEAUTH - ok
00:41:06.0070 6656 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
00:41:06.0304 6656 pla - ok
00:41:06.0444 6656 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
00:41:06.0538 6656 PlugPlay - ok
00:41:06.0663 6656 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:41:06.0710 6656 PNRPAutoReg - ok
00:41:06.0725 6656 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:41:06.0772 6656 PNRPsvc - ok
00:41:06.0834 6656 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
00:41:06.0975 6656 PolicyAgent - ok
00:41:07.0084 6656 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:41:07.0162 6656 PptpMiniport - ok
00:41:07.0193 6656 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
00:41:07.0287 6656 Processor - ok
00:41:07.0334 6656 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
00:41:07.0396 6656 ProfSvc - ok
00:41:07.0443 6656 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:41:07.0490 6656 ProtectedStorage - ok
00:41:07.0536 6656 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:41:07.0646 6656 PSched - ok
00:41:07.0677 6656 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
00:41:07.0739 6656 PSDFilter - ok
00:41:07.0770 6656 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
00:41:07.0848 6656 PSDNServ - ok
00:41:07.0880 6656 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
00:41:07.0942 6656 psdvdisk - ok
00:41:08.0036 6656 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
00:41:08.0176 6656 ql2300 - ok
00:41:08.0223 6656 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:41:08.0254 6656 ql40xx - ok
00:41:08.0316 6656 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
00:41:08.0394 6656 QWAVE - ok
00:41:08.0426 6656 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:41:08.0488 6656 QWAVEdrv - ok
00:41:08.0535 6656 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:41:08.0613 6656 RasAcd - ok
00:41:08.0660 6656 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
00:41:08.0753 6656 RasAuto - ok
00:41:08.0800 6656 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:41:08.0862 6656 Rasl2tp - ok
00:41:08.0909 6656 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
00:41:08.0956 6656 RasMan - ok
00:41:09.0003 6656 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:41:09.0081 6656 RasPppoe - ok
00:41:09.0128 6656 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:41:09.0174 6656 RasSstp - ok
00:41:09.0237 6656 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:41:09.0315 6656 rdbss - ok
00:41:09.0346 6656 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:41:09.0393 6656 RDPCDD - ok
00:41:09.0455 6656 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
00:41:09.0596 6656 rdpdr - ok
00:41:09.0627 6656 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:41:09.0674 6656 RDPENCDD - ok
00:41:09.0705 6656 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
00:41:09.0798 6656 RDPWD - ok
00:41:09.0892 6656 RealNetworks Downloader Resolver Service (6b220cc1b8eb7f8723f5082f4a990b3c) C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
00:41:09.0970 6656 RealNetworks Downloader Resolver Service - ok
00:41:10.0017 6656 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
00:41:10.0095 6656 RemoteAccess - ok
00:41:10.0142 6656 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
00:41:10.0188 6656 RemoteRegistry - ok
00:41:10.0220 6656 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
00:41:10.0282 6656 RpcLocator - ok
00:41:10.0344 6656 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
00:41:10.0407 6656 RpcSs - ok
00:41:10.0454 6656 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:41:10.0532 6656 rspndr - ok
00:41:10.0563 6656 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:41:10.0594 6656 SamSs - ok
00:41:10.0625 6656 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:41:10.0656 6656 sbp2port - ok
00:41:10.0719 6656 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
00:41:10.0781 6656 SCardSvr - ok
00:41:10.0844 6656 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
00:41:10.0984 6656 Schedule - ok
00:41:11.0031 6656 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
00:41:11.0078 6656 SCPolicySvc - ok
00:41:11.0124 6656 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
00:41:11.0249 6656 SDRSVC - ok
00:41:11.0296 6656 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:41:11.0374 6656 secdrv - ok
00:41:11.0405 6656 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
00:41:11.0452 6656 seclogon - ok
00:41:11.0483 6656 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
00:41:11.0561 6656 SENS - ok
00:41:11.0592 6656 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
00:41:11.0702 6656 Serenum - ok
00:41:11.0733 6656 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:41:11.0811 6656 Serial - ok
00:41:11.0873 6656 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:41:11.0920 6656 sermouse - ok
00:41:11.0998 6656 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
00:41:12.0060 6656 SessionEnv - ok
00:41:12.0107 6656 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
00:41:12.0201 6656 sffdisk - ok
00:41:12.0232 6656 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
00:41:12.0341 6656 sffp_mmc - ok
00:41:12.0372 6656 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
00:41:12.0450 6656 sffp_sd - ok
00:41:12.0497 6656 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:41:12.0591 6656 sfloppy - ok
00:41:12.0638 6656 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
00:41:12.0762 6656 SharedAccess - ok
00:41:12.0825 6656 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
00:41:12.0934 6656 ShellHWDetection - ok
00:41:12.0950 6656 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
00:41:13.0028 6656 sisagp - ok
00:41:13.0059 6656 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
00:41:13.0090 6656 SiSRaid2 - ok
00:41:13.0121 6656 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
00:41:13.0168 6656 SiSRaid4 - ok
00:41:13.0355 6656 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
00:41:13.0730 6656 slsvc - ok
00:41:13.0839 6656 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
00:41:13.0932 6656 SLUINotify - ok
00:41:13.0979 6656 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:41:14.0073 6656 Smb - ok
00:41:14.0135 6656 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
00:41:14.0198 6656 SNMPTRAP - ok
00:41:14.0338 6656 SPBBCDrv (905782bcf15b6e5af9905b77923c7fa2) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
00:41:14.0400 6656 SPBBCDrv - ok
00:41:14.0447 6656 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:41:14.0478 6656 spldr - ok
00:41:14.0541 6656 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
00:41:14.0666 6656 Spooler - ok
00:41:14.0775 6656 SPService (398358ae05fcb65538c541279f8304b1) C:\Windows\system32\config\systemprofile\AppData\Roaming\Apple Computer\sp.DLL
00:41:14.0806 6656 SPService ( UnsignedFile.Multi.Generic ) - warning
00:41:14.0806 6656 SPService - detected UnsignedFile.Multi.Generic (1)
00:41:14.0900 6656 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS
00:41:14.0946 6656 SRTSP - ok
00:41:15.0024 6656 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS
00:41:15.0102 6656 SRTSPL - ok
00:41:15.0134 6656 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS
00:41:15.0196 6656 SRTSPX - ok
00:41:15.0243 6656 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:41:15.0352 6656 srv - ok
00:41:15.0414 6656 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
00:41:15.0508 6656 srv2 - ok
00:41:15.0539 6656 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
00:41:15.0602 6656 srvnet - ok
00:41:15.0664 6656 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
00:41:15.0742 6656 SSDPSRV - ok
00:41:15.0820 6656 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
00:41:15.0898 6656 SstpSvc - ok
00:41:15.0945 6656 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
00:41:16.0023 6656 stisvc - ok
00:41:16.0085 6656 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:41:16.0116 6656 swenum - ok
00:41:16.0179 6656 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
00:41:16.0257 6656 swprv - ok
00:41:16.0460 6656 Symantec Core LC (fa2f6a8849219b16460bf44f9d1f3aa7) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
00:41:16.0772 6656 Symantec Core LC - ok
00:41:16.0850 6656 SymAppCore (2fe779b1a07747fed8074c433c3c4604) c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
00:41:16.0928 6656 SymAppCore - ok
00:41:17.0068 6656 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:41:17.0115 6656 Symc8xx - ok
00:41:17.0146 6656 SYMDNS (51b57cda977170ac608d839dbfa1d3ee) C:\Windows\System32\Drivers\SYMDNS.SYS
00:41:17.0208 6656 SYMDNS - ok
00:41:17.0255 6656 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
00:41:17.0302 6656 SymEvent - ok
00:41:17.0349 6656 SYMFW (a131d8360b01044517aa44529e2137d6) C:\Windows\System32\Drivers\SYMFW.SYS
00:41:17.0411 6656 SYMFW - ok
00:41:17.0458 6656 SYMIDS (2b77868f02dae02103380b824431b798) C:\Windows\System32\Drivers\SYMIDS.SYS
00:41:17.0505 6656 SYMIDS - ok
00:41:17.0536 6656 SYMNDISV (7d3addfe63e5227bd2dbd5692bafb688) C:\Windows\System32\Drivers\SYMNDISV.SYS
00:41:17.0614 6656 SYMNDISV - ok
00:41:17.0645 6656 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
00:41:17.0692 6656 SYMREDRV - ok
00:41:17.0770 6656 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
00:41:17.0817 6656 SYMTDI - ok
00:41:17.0848 6656 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:41:17.0895 6656 Sym_hi - ok
00:41:17.0926 6656 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:41:17.0957 6656 Sym_u3 - ok
00:41:18.0020 6656 SynTP (5d6e865780aae258aba1a1484782cfec) C:\Windows\system32\DRIVERS\SynTP.sys
00:41:18.0082 6656 SynTP - ok
00:41:18.0144 6656 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
00:41:18.0269 6656 SysMain - ok
00:41:18.0316 6656 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
00:41:18.0347 6656 TabletInputService - ok
00:41:18.0410 6656 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
00:41:18.0472 6656 TapiSrv - ok
00:41:18.0519 6656 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
00:41:18.0597 6656 TBS - ok
00:41:18.0659 6656 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
00:41:18.0878 6656 Tcpip - ok
00:41:18.0909 6656 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
00:41:19.0018 6656 Tcpip6 - ok
00:41:19.0065 6656 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
00:41:19.0205 6656 tcpipreg - ok
00:41:19.0252 6656 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:41:19.0330 6656 TDPIPE - ok
00:41:19.0346 6656 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:41:19.0408 6656 TDTCP - ok
00:41:19.0455 6656 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:41:19.0517 6656 tdx - ok
00:41:19.0548 6656 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:41:19.0595 6656 TermDD - ok
00:41:19.0658 6656 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
00:41:19.0720 6656 TermService - ok
00:41:19.0767 6656 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
00:41:19.0829 6656 Themes - ok
00:41:19.0860 6656 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:41:19.0907 6656 THREADORDER - ok
00:41:19.0938 6656 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
00:41:19.0985 6656 TrkWks - ok
00:41:20.0063 6656 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
00:41:20.0141 6656 TrustedInstaller - ok
00:41:20.0204 6656 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:41:20.0266 6656 tssecsrv - ok
00:41:20.0328 6656 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:41:20.0391 6656 tunmp - ok
00:41:20.0422 6656 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
00:41:20.0453 6656 tunnel - ok
00:41:20.0500 6656 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
00:41:20.0547 6656 uagp35 - ok
00:41:20.0594 6656 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:41:20.0672 6656 udfs - ok
00:41:20.0734 6656 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
00:41:20.0796 6656 UI0Detect - ok
00:41:20.0828 6656 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
00:41:20.0859 6656 uliagpkx - ok
00:41:20.0921 6656 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
00:41:20.0984 6656 uliahci - ok
00:41:21.0015 6656 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:41:21.0046 6656 UlSata - ok
00:41:21.0093 6656 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:41:21.0155 6656 ulsata2 - ok
00:41:21.0202 6656 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:41:21.0280 6656 umbus - ok
00:41:21.0342 6656 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
00:41:21.0436 6656 upnphost - ok
00:41:21.0498 6656 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
00:41:21.0545 6656 USBAAPL - ok
00:41:21.0592 6656 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:41:21.0686 6656 usbccgp - ok
00:41:21.0732 6656 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:41:21.0810 6656 usbcir - ok
00:41:21.0873 6656 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
00:41:21.0951 6656 usbehci - ok
00:41:21.0982 6656 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
00:41:22.0044 6656 usbhub - ok
00:41:22.0091 6656 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\DRIVERS\usbohci.sys
00:41:22.0185 6656 usbohci - ok
00:41:22.0232 6656 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
00:41:22.0310 6656 usbprint - ok
00:41:22.0372 6656 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
00:41:22.0419 6656 usbscan - ok
00:41:22.0466 6656 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:41:22.0512 6656 USBSTOR - ok
00:41:22.0559 6656 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:41:22.0622 6656 usbuhci - ok
00:41:22.0668 6656 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
00:41:22.0762 6656 usbvideo - ok
00:41:22.0809 6656 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
00:41:22.0840 6656 UxSms - ok
00:41:22.0918 6656 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
00:41:23.0058 6656 vds - ok
00:41:23.0105 6656 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
00:41:23.0183 6656 vga - ok
00:41:23.0246 6656 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:41:23.0308 6656 VgaSave - ok
00:41:23.0339 6656 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
00:41:23.0386 6656 viaagp - ok
00:41:23.0417 6656 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
00:41:23.0495 6656 ViaC7 - ok
00:41:23.0542 6656 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
00:41:23.0573 6656 viaide - ok
00:41:23.0620 6656 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:41:23.0667 6656 volmgr - ok
00:41:23.0714 6656 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:41:23.0792 6656 volmgrx - ok
00:41:23.0854 6656 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:41:23.0901 6656 volsnap - ok
00:41:23.0948 6656 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
00:41:23.0994 6656 vsmraid - ok
00:41:24.0072 6656 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
00:41:24.0338 6656 VSS - ok
00:41:24.0384 6656 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
00:41:24.0447 6656 W32Time - ok
00:41:24.0509 6656 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:41:24.0587 6656 WacomPen - ok
00:41:24.0634 6656 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:41:24.0681 6656 Wanarp - ok
00:41:24.0696 6656 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:41:24.0743 6656 Wanarpv6 - ok
00:41:24.0806 6656 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
00:41:24.0915 6656 wcncsvc - ok
00:41:24.0962 6656 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
00:41:25.0024 6656 WcsPlugInService - ok
00:41:25.0071 6656 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
00:41:25.0102 6656 Wd - ok
00:41:25.0180 6656 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
00:41:25.0289 6656 Wdf01000 - ok
00:41:25.0352 6656 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:41:25.0430 6656 WdiServiceHost - ok
00:41:25.0445 6656 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:41:25.0492 6656 WdiSystemHost - ok
00:41:25.0539 6656 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
00:41:25.0601 6656 WebClient - ok
00:41:25.0664 6656 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
00:41:25.0726 6656 Wecsvc - ok
00:41:25.0944 6656 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
00:41:26.0022 6656 wercplsupport - ok
00:41:26.0054 6656 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
00:41:26.0132 6656 WerSvc - ok
00:41:26.0210 6656 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
00:41:26.0319 6656 winachsf - ok
00:41:26.0334 6656 WinHttpAutoProxySvc - ok
00:41:26.0412 6656 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
00:41:26.0490 6656 Winmgmt - ok
00:41:26.0553 6656 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
00:41:26.0693 6656 WinRM - ok
00:41:26.0818 6656 winusb (086d2e78eecd6195667282adc6ca109f) C:\Windows\system32\DRIVERS\WinUSB.SYS
00:41:26.0912 6656 winusb - ok
00:41:26.0990 6656 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
00:41:27.0099 6656 Wlansvc - ok
00:41:27.0146 6656 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:41:27.0208 6656 WmiAcpi - ok
00:41:27.0286 6656 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
00:41:27.0364 6656 wmiApSrv - ok
00:41:27.0473 6656 WMIService (e8781cf1a4262881897444d22921a3a6) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
00:41:27.0504 6656 WMIService ( UnsignedFile.Multi.Generic ) - warning
00:41:27.0504 6656 WMIService - detected UnsignedFile.Multi.Generic (1)
00:41:27.0629 6656 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
00:41:27.0801 6656 WMPNetworkSvc - ok
00:41:27.0863 6656 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
00:41:27.0941 6656 WPCSvc - ok
00:41:27.0988 6656 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
00:41:28.0097 6656 WPDBusEnum - ok
00:41:28.0160 6656 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
00:41:28.0222 6656 WpdUsb - ok
00:41:28.0269 6656 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:41:28.0362 6656 ws2ifsl - ok
00:41:28.0378 6656 WSearch - ok
00:41:28.0503 6656 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
00:41:28.0955 6656 wuauserv - ok
00:41:29.0096 6656 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:41:29.0174 6656 WUDFRd - ok
00:41:29.0236 6656 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
00:41:29.0298 6656 wudfsvc - ok
00:41:29.0376 6656 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
00:41:29.0408 6656 XAudio - ok
00:41:29.0454 6656 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
00:41:29.0579 6656 XAudioService - ok
00:41:29.0642 6656 yukonwlh (2d07e65ed0023bb10b13a912b27dfb1a) C:\Windows\system32\DRIVERS\yk60x86.sys
00:41:29.0751 6656 yukonwlh - ok
00:41:29.0782 6656 MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0
00:41:33.0105 6656 \Device\Harddisk0\DR0 - ok
00:41:33.0120 6656 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
00:41:36.0646 6656 \Device\Harddisk1\DR4 - ok
00:41:36.0677 6656 Boot (0x1200) (810a4bbcb1f100e8e8e36530ff416631) \Device\Harddisk0\DR0\Partition0
00:41:36.0677 6656 \Device\Harddisk0\DR0\Partition0 - ok
00:41:36.0708 6656 Boot (0x1200) (259701f719000fc2863872f41ad95dbe) \Device\Harddisk0\DR0\Partition1
00:41:36.0708 6656 \Device\Harddisk0\DR0\Partition1 - ok
00:41:36.0724 6656 Boot (0x1200) (e75e3adcc304e88f912ca6f9f23dea89) \Device\Harddisk1\DR4\Partition0
00:41:36.0724 6656 \Device\Harddisk1\DR4\Partition0 - ok
00:41:36.0724 6656 ============================================================
00:41:36.0724 6656 Scan finished
00:41:36.0724 6656 ============================================================
00:41:36.0755 8028 Detected object count: 10
00:41:36.0755 8028 Actual detected object count: 10
00:50:06.0643 8028 eLockService ( UnsignedFile.Multi.Generic ) - skipped by user
00:50:06.0643 8028 eLockService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:50:06.0643 8028 eNet Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:50:06.0643 8028 eNet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:50:06.0643 8028 eRecoveryService ( UnsignedFile.Multi.Generic ) - skipped by user
00:50:06.0643 8028 eRecoveryService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:50:06.0643 8028 eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user
00:50:06.0643 8028 eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:50:06.0736 8028 C:\Windows\system32\DRIVERS\i8042prt.sys - copied to quarantine
00:50:06.0768 8028 C:\Windows\$NtUninstallKB6735$\565853173\@ - copied to quarantine
00:50:06.0768 8028 C:\Windows\$NtUninstallKB6735$\565853173\cfg.ini - copied to quarantine
00:50:06.0783 8028 C:\Windows\$NtUninstallKB6735$\565853173\Desktop.ini - copied to quarantine
00:50:06.0830 8028 C:\Windows\$NtUninstallKB6735$\565853173\L\ogejidap - copied to quarantine
00:50:06.0830 8028 C:\Windows\$NtUninstallKB6735$\565853173\oemid - copied to quarantine
00:50:06.0861 8028 C:\Windows\$NtUninstallKB6735$\565853173\U\00000001.@ - copied to quarantine
00:50:06.0955 8028 C:\Windows\$NtUninstallKB6735$\565853173\U\00000002.@ - copied to quarantine
00:50:06.0986 8028 C:\Windows\$NtUninstallKB6735$\565853173\U\00000004.@ - copied to quarantine
00:50:07.0111 8028 C:\Windows\$NtUninstallKB6735$\565853173\U\80000000.@ - copied to quarantine
00:50:07.0142 8028 C:\Windows\$NtUninstallKB6735$\565853173\U\80000004.@ - copied to quarantine
00:50:07.0189 8028 C:\Windows\$NtUninstallKB6735$\565853173\U\80000032.@ - copied to quarantine
00:50:07.0236 8028 C:\Windows\$NtUninstallKB6735$\565853173\version - copied to quarantine
00:50:07.0454 8028 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\i8042prt.sys) error 1813
00:50:19.0681 8028 Backup copy not found, trying to cure infected file..
00:50:19.0691 8028 Cure success, using it..
00:50:19.0991 8028 C:\Windows\system32\DRIVERS\i8042prt.sys - will be cured on reboot
00:50:22.0761 8028 C:\Windows\$NtUninstallKB6735$\3193910498 - will be deleted on reboot
00:50:22.0761 8028 C:\Windows\$NtUninstallKB6735$\565853173\@ - will be deleted on reboot
00:50:22.0761 8028 C:\Windows\$NtUninstallKB6735$\565853173\cfg.ini - will be deleted on reboot
00:50:22.0811 8028 C:\Windows\$NtUninstallKB6735$\565853173\Desktop.ini - will be deleted on reboot
00:50:22.0841 8028 C:\Windows\$NtUninstallKB6735$\565853173\oemid - will be deleted on reboot
00:50:22.0841 8028 C:\Windows\$NtUninstallKB6735$\565853173\U\00000001.@ - will be deleted on reboot
00:50:22.0841 8028 C:\Windows\$NtUninstallKB6735$\565853173\U\00000002.@ - will be deleted on reboot
00:50:22.0841 8028 C:\Windows\$NtUninstallKB6735$\565853173\U\00000004.@ - will be deleted on reboot
00:50:22.0841 8028 C:\Windows\$NtUninstallKB6735$\565853173\U\80000000.@ - will be deleted on reboot
00:50:22.0841 8028 C:\Windows\$NtUninstallKB6735$\565853173\U\80000004.@ - will be deleted on reboot
00:50:22.0851 8028 C:\Windows\$NtUninstallKB6735$\565853173\U\80000032.@ - will be deleted on reboot
00:50:22.0851 8028 C:\Windows\$NtUninstallKB6735$\565853173\version - will be deleted on reboot
00:50:22.0851 8028 i8042prt ( Virus.Win32.ZAccess.c ) - User select action: Cure
00:50:22.0861 8028 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
00:50:22.0861 8028 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:50:22.0861 8028 mnmsrvc ( Backdoor.Multi.ZAccess.gen ) - skipped by user
00:50:22.0861 8028 mnmsrvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip
00:50:22.0871 8028 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
00:50:22.0871 8028 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:50:22.0871 8028 SPService ( UnsignedFile.Multi.Generic ) - skipped by user
00:50:22.0871 8028 SPService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:50:22.0881 8028 WMIService ( UnsignedFile.Multi.Generic ) - skipped by user
00:50:22.0881 8028 WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:54:17.0961 4836 Deinitialize success

#5 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:06:57 AM

Posted 02 May 2012 - 01:21 PM

Please reboot the PC, if you have not already done so, to complete the removal of the detected infections. Then run TDSSKiller again and post the new log. Be sure to reboot again after the scan.


Please then continue with the following instructions:


STEP 1
NOTE: If you have already used Combofix please delete the icon from your desktop.
  • Please download DeFogger and save it to your desktop.
  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Disable button to disable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
STEP 2
Please download ComboFix Posted Image from one of the locations below and save it to your Desktop. <-Important!!!
Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix

Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first.
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
  • If ComboFix detects an older version of itself, you will be asked to update the program.
  • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
  • Follow the prompts and click on Yes to continue scanning for malware.
  • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
  • Be sure to re-enable your anti-virus and other security programs.
-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.


If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.

Do NOT use ComboFix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read ComboFix's Disclaimer.


Edited by mark1956, 02 May 2012 - 01:24 PM.


#6 sedaps

sedaps
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 02 May 2012 - 08:06 PM

20:54:07.0023 0848 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
20:54:07.0475 0848 ============================================================
20:54:07.0475 0848 Current date / time: 2012/05/02 20:54:07.0475
20:54:07.0475 0848 SystemInfo:
20:54:07.0475 0848
20:54:07.0475 0848 OS Version: 6.0.6002 ServicePack: 2.0
20:54:07.0475 0848 Product type: Workstation
20:54:07.0475 0848 ComputerName: STEPH-PC
20:54:07.0475 0848 UserName: steph
20:54:07.0475 0848 Windows directory: C:\Windows
20:54:07.0475 0848 System windows directory: C:\Windows
20:54:07.0475 0848 Processor architecture: Intel x86
20:54:07.0475 0848 Number of processors: 1
20:54:07.0475 0848 Page size: 0x1000
20:54:07.0475 0848 Boot type: Normal boot
20:54:07.0475 0848 ============================================================
20:54:08.0380 0848 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:54:08.0396 0848 ============================================================
20:54:08.0396 0848 \Device\Harddisk0\DR0:
20:54:08.0411 0848 MBR partitions:
20:54:08.0411 0848 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x40C4800
20:54:08.0411 0848 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x544D000, BlocksNum 0x40C2000
20:54:08.0411 0848 ============================================================
20:54:08.0458 0848 C: <-> \Device\Harddisk0\DR0\Partition0
20:54:08.0505 0848 D: <-> \Device\Harddisk0\DR0\Partition1
20:54:08.0520 0848 ============================================================
20:54:08.0520 0848 Initialize success
20:54:08.0520 0848 ============================================================
20:54:26.0380 0960 ============================================================
20:54:26.0380 0960 Scan started
20:54:26.0380 0960 Mode: Manual; SigCheck; TDLFS;
20:54:26.0380 0960 ============================================================
20:54:27.0519 0960 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:54:27.0675 0960 ACPI - ok
20:54:27.0722 0960 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
20:54:27.0784 0960 adp94xx - ok
20:54:27.0831 0960 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
20:54:27.0893 0960 adpahci - ok
20:54:27.0909 0960 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
20:54:27.0956 0960 adpu160m - ok
20:54:27.0987 0960 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
20:54:28.0018 0960 adpu320 - ok
20:54:28.0065 0960 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:54:28.0159 0960 AeLookupSvc - ok
20:54:28.0268 0960 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:54:28.0361 0960 AFD - ok
20:54:28.0408 0960 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
20:54:28.0455 0960 agp440 - ok
20:54:28.0486 0960 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:54:28.0517 0960 aic78xx - ok
20:54:28.0564 0960 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:54:28.0736 0960 ALG - ok
20:54:28.0783 0960 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
20:54:28.0798 0960 aliide - ok
20:54:28.0861 0960 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
20:54:28.0892 0960 amdagp - ok
20:54:28.0923 0960 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
20:54:28.0954 0960 amdide - ok
20:54:28.0985 0960 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
20:54:29.0188 0960 AmdK7 - ok
20:54:29.0219 0960 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
20:54:29.0329 0960 AmdK8 - ok
20:54:29.0375 0960 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:54:29.0438 0960 Appinfo - ok
20:54:29.0578 0960 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:54:29.0609 0960 Apple Mobile Device - ok
20:54:29.0625 0960 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
20:54:29.0672 0960 arc - ok
20:54:29.0703 0960 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
20:54:29.0734 0960 arcsas - ok
20:54:29.0765 0960 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:54:29.0828 0960 AsyncMac - ok
20:54:29.0859 0960 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:54:29.0906 0960 atapi - ok
20:54:29.0984 0960 athr (d9583d3c896f0c608d8a484906650b2c) C:\Windows\system32\DRIVERS\athr.sys
20:54:30.0109 0960 athr - ok
20:54:30.0171 0960 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:54:30.0249 0960 AudioEndpointBuilder - ok
20:54:30.0265 0960 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:54:30.0296 0960 Audiosrv - ok
20:54:30.0405 0960 Automatic LiveUpdate Scheduler (b5d974c1fd078a68c7536c561b031d39) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
20:54:30.0467 0960 Automatic LiveUpdate Scheduler - ok
20:54:30.0561 0960 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:54:30.0686 0960 BCM43XV - ok
20:54:30.0748 0960 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:54:30.0842 0960 Beep - ok
20:54:30.0935 0960 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
20:54:31.0060 0960 BITS - ok
20:54:31.0076 0960 blbdrive - ok
20:54:31.0107 0960 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:54:31.0169 0960 bowser - ok
20:54:31.0232 0960 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:54:31.0294 0960 BrFiltLo - ok
20:54:31.0310 0960 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:54:31.0372 0960 BrFiltUp - ok
20:54:31.0419 0960 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:54:31.0481 0960 Browser - ok
20:54:31.0513 0960 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:54:31.0622 0960 Brserid - ok
20:54:31.0653 0960 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:54:31.0731 0960 BrSerWdm - ok
20:54:31.0778 0960 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:54:31.0856 0960 BrUsbMdm - ok
20:54:31.0887 0960 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:54:31.0965 0960 BrUsbSer - ok
20:54:31.0996 0960 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:54:32.0090 0960 BTHMODEM - ok
20:54:32.0215 0960 ccEvtMgr (e7aab1a32ac2eea4c4b735b8d034c802) c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
20:54:32.0246 0960 ccEvtMgr - ok
20:54:32.0277 0960 ccSetMgr (e7aab1a32ac2eea4c4b735b8d034c802) c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
20:54:32.0308 0960 ccSetMgr - ok
20:54:32.0355 0960 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:54:32.0433 0960 cdfs - ok
20:54:32.0480 0960 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:54:32.0542 0960 cdrom - ok
20:54:32.0605 0960 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:54:32.0636 0960 CertPropSvc - ok
20:54:32.0683 0960 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
20:54:32.0761 0960 circlass - ok
20:54:32.0823 0960 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:54:32.0885 0960 CLFS - ok
20:54:32.0963 0960 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:54:33.0010 0960 clr_optimization_v2.0.50727_32 - ok
20:54:33.0041 0960 CLTNetCnService (e7aab1a32ac2eea4c4b735b8d034c802) c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
20:54:33.0073 0960 CLTNetCnService - ok
20:54:33.0119 0960 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:54:33.0182 0960 CmBatt - ok
20:54:33.0213 0960 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
20:54:33.0244 0960 cmdide - ok
20:54:33.0322 0960 comHost (7ce352882828c12dd7632b172253a02c) c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
20:54:33.0353 0960 comHost - ok
20:54:33.0400 0960 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:54:33.0431 0960 Compbatt - ok
20:54:33.0447 0960 COMSysApp - ok
20:54:33.0447 0960 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
20:54:33.0478 0960 crcdisk - ok
20:54:33.0525 0960 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
20:54:33.0619 0960 Crusoe - ok
20:54:33.0665 0960 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
20:54:33.0728 0960 CryptSvc - ok
20:54:33.0821 0960 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:54:33.0899 0960 DcomLaunch - ok
20:54:33.0946 0960 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:54:34.0009 0960 DfsC - ok
20:54:34.0149 0960 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:54:34.0586 0960 DFSR - ok
20:54:34.0726 0960 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:54:34.0789 0960 Dhcp - ok
20:54:34.0898 0960 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:54:34.0960 0960 disk - ok
20:54:35.0038 0960 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
20:54:35.0132 0960 DKbFltr - ok
20:54:35.0179 0960 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:54:35.0241 0960 Dnscache - ok
20:54:35.0303 0960 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:54:35.0350 0960 dot3svc - ok
20:54:35.0413 0960 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:54:35.0475 0960 DPS - ok
20:54:35.0522 0960 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:54:35.0553 0960 drmkaud - ok
20:54:35.0615 0960 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:54:35.0678 0960 DXGKrnl - ok
20:54:35.0725 0960 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:54:35.0803 0960 E1G60 - ok
20:54:35.0849 0960 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:54:35.0896 0960 EapHost - ok
20:54:35.0943 0960 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:54:35.0990 0960 Ecache - ok
20:54:36.0115 0960 eDataSecurity Service (f54907aa07f60aff81e1e09e97af98b0) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
20:54:36.0177 0960 eDataSecurity Service - ok
20:54:36.0286 0960 eeCtrl (47ce4e650d91dc095a2fddb15631a78a) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:54:36.0364 0960 eeCtrl - ok
20:54:36.0458 0960 eLockService (a7b5f3b9363f9ab1d4fe459baf3b15d6) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
20:54:36.0473 0960 eLockService ( UnsignedFile.Multi.Generic ) - warning
20:54:36.0473 0960 eLockService - detected UnsignedFile.Multi.Generic (1)
20:54:36.0536 0960 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
20:54:36.0598 0960 elxstor - ok
20:54:36.0661 0960 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:54:36.0754 0960 EMDMgmt - ok
20:54:36.0817 0960 eNet Service (207e2dda01aac6ad64f0368ca59fc179) C:\Acer\Empowering Technology\eNet\eNet Service.exe
20:54:36.0863 0960 eNet Service ( UnsignedFile.Multi.Generic ) - warning
20:54:36.0863 0960 eNet Service - detected UnsignedFile.Multi.Generic (1)
20:54:37.0004 0960 EraserUtilRebootDrv (ce3ef5c79cb0bfa036e844f74c52d759) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:54:37.0035 0960 EraserUtilRebootDrv - ok
20:54:37.0066 0960 eRecoveryService (a7b084bfbbd582a843d2f5c35220f962) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
20:54:37.0097 0960 eRecoveryService ( UnsignedFile.Multi.Generic ) - warning
20:54:37.0097 0960 eRecoveryService - detected UnsignedFile.Multi.Generic (1)
20:54:37.0160 0960 eSettingsService (06484e97d22f06de8de0f8e2bec6fa9e) C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
20:54:37.0175 0960 eSettingsService ( UnsignedFile.Multi.Generic ) - warning
20:54:37.0175 0960 eSettingsService - detected UnsignedFile.Multi.Generic (1)
20:54:37.0238 0960 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:54:37.0300 0960 EventSystem - ok
20:54:37.0378 0960 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:54:37.0425 0960 exfat - ok
20:54:37.0472 0960 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:54:37.0534 0960 fastfat - ok
20:54:37.0565 0960 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
20:54:37.0643 0960 fdc - ok
20:54:37.0690 0960 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:54:37.0721 0960 fdPHost - ok
20:54:37.0753 0960 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:54:37.0831 0960 FDResPub - ok
20:54:37.0877 0960 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:54:37.0924 0960 FileInfo - ok
20:54:37.0971 0960 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:54:38.0033 0960 Filetrace - ok
20:54:38.0065 0960 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
20:54:38.0143 0960 flpydisk - ok
20:54:38.0735 0960 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:54:38.0767 0960 FltMgr - ok
20:54:39.0437 0960 FontCache (452feaab2a8dbb42ed751754cb2594f5) C:\Windows\system32\FntCache.dll
20:54:39.0531 0960 FontCache - ok
20:54:39.0656 0960 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:54:39.0687 0960 FontCache3.0.0.0 - ok
20:54:39.0734 0960 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
20:54:39.0796 0960 Fs_Rec - ok
20:54:39.0827 0960 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
20:54:39.0874 0960 gagp30kx - ok
20:54:39.0937 0960 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:54:40.0015 0960 gpsvc - ok
20:54:40.0061 0960 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:54:40.0155 0960 HdAudAddService - ok
20:54:40.0217 0960 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:54:40.0373 0960 HDAudBus - ok
20:54:40.0389 0960 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:54:40.0514 0960 HidBth - ok
20:54:40.0545 0960 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:54:40.0639 0960 HidIr - ok
20:54:40.0685 0960 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
20:54:40.0732 0960 hidserv - ok
20:54:40.0779 0960 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:54:40.0826 0960 HidUsb - ok
20:54:40.0873 0960 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:54:40.0935 0960 hkmsvc - ok
20:54:40.0966 0960 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
20:54:40.0997 0960 HpCISSs - ok
20:54:41.0029 0960 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:54:41.0091 0960 HSFHWAZL - ok
20:54:41.0169 0960 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:54:41.0294 0960 HSF_DPV - ok
20:54:41.0372 0960 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:54:41.0434 0960 HSXHWAZL - ok
20:54:41.0481 0960 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
20:54:41.0543 0960 HTTP - ok
20:54:41.0590 0960 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
20:54:41.0621 0960 i2omp - ok
20:54:41.0684 0960 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:54:41.0731 0960 i8042prt - ok
20:54:41.0840 0960 IAANTMON (ae38a12f79a4980ddb88f36514f8a1da) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
20:54:41.0918 0960 IAANTMON - ok
20:54:41.0965 0960 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys
20:54:41.0996 0960 iaStor - ok
20:54:42.0027 0960 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
20:54:42.0089 0960 iaStorV - ok
20:54:42.0214 0960 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:54:42.0355 0960 idsvc - ok
20:54:42.0511 0960 IDSvix86 (f49b22e2cc15de6e752fc8cb24eb7069) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080829.001\IDSvix86.sys
20:54:42.0557 0960 IDSvix86 - ok
20:54:42.0760 0960 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:54:42.0994 0960 igfx - ok
20:54:43.0135 0960 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:54:43.0166 0960 iirsp - ok
20:54:43.0213 0960 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:54:43.0322 0960 IKEEXT - ok
20:54:43.0431 0960 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
20:54:43.0462 0960 int15 - ok
20:54:43.0603 0960 IntcAzAudAddService (90a10b39896040b3154613c11c932aeb) C:\Windows\system32\drivers\RTKVHDA.sys
20:54:43.0805 0960 IntcAzAudAddService - ok
20:54:43.0946 0960 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:54:43.0961 0960 intelide - ok
20:54:44.0008 0960 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:54:44.0071 0960 intelppm - ok
20:54:44.0102 0960 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:54:44.0149 0960 IPBusEnum - ok
20:54:44.0195 0960 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:54:44.0258 0960 IpFilterDriver - ok
20:54:44.0273 0960 IpInIp - ok
20:54:44.0320 0960 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
20:54:44.0383 0960 IPMIDRV - ok
20:54:44.0414 0960 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:54:44.0476 0960 IPNAT - ok
20:54:44.0523 0960 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:54:44.0585 0960 IRENUM - ok
20:54:44.0617 0960 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
20:54:44.0663 0960 isapnp - ok
20:54:44.0710 0960 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:54:44.0741 0960 iScsiPrt - ok
20:54:44.0804 0960 ISPwdSvc (36474fde02f8422b8b1a52ead9894dbc) c:\Program Files\Norton Internet Security\isPwdSvc.exe
20:54:44.0835 0960 ISPwdSvc - ok
20:54:44.0866 0960 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:54:44.0897 0960 iteatapi - ok
20:54:44.0913 0960 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:54:44.0944 0960 iteraid - ok
20:54:44.0975 0960 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:54:45.0007 0960 kbdclass - ok
20:54:45.0053 0960 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
20:54:45.0131 0960 kbdhid - ok
20:54:45.0163 0960 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:54:45.0241 0960 KeyIso - ok
20:54:45.0287 0960 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:54:45.0350 0960 KSecDD - ok
20:54:45.0428 0960 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:54:45.0521 0960 KtmRm - ok
20:54:45.0568 0960 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
20:54:45.0646 0960 LanmanServer - ok
20:54:45.0709 0960 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:54:45.0787 0960 LanmanWorkstation - ok
20:54:45.0911 0960 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:54:45.0927 0960 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:54:45.0927 0960 LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:54:46.0099 0960 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
20:54:46.0395 0960 LiveUpdate - ok
20:54:46.0520 0960 LiveUpdate Notice Ex (e7aab1a32ac2eea4c4b735b8d034c802) c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
20:54:46.0551 0960 LiveUpdate Notice Ex - ok
20:54:46.0629 0960 LiveUpdate Notice Service (2d1389e05a807d956829f44bd4b60389) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
20:54:46.0707 0960 LiveUpdate Notice Service - ok
20:54:46.0832 0960 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:54:46.0894 0960 lltdio - ok
20:54:46.0957 0960 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:54:47.0019 0960 lltdsvc - ok
20:54:47.0066 0960 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:54:47.0128 0960 lmhosts - ok
20:54:47.0175 0960 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
20:54:47.0206 0960 LSI_FC - ok
20:54:47.0222 0960 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
20:54:47.0253 0960 LSI_SAS - ok
20:54:47.0284 0960 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
20:54:47.0331 0960 LSI_SCSI - ok
20:54:47.0378 0960 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:54:47.0440 0960 luafv - ok
20:54:47.0471 0960 MCSTRM - ok
20:54:47.0518 0960 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:54:47.0549 0960 mdmxsdk - ok
20:54:47.0596 0960 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
20:54:47.0627 0960 megasas - ok
20:54:47.0659 0960 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:54:47.0721 0960 MMCSS - ok
20:54:47.0768 0960 mnmsrvc (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\cnmpar21.dll
20:54:47.0768 0960 mnmsrvc ( Backdoor.Multi.ZAccess.gen ) - infected
20:54:47.0768 0960 mnmsrvc - detected Backdoor.Multi.ZAccess.gen (0)
20:54:47.0815 0960 MobilityService - ok
20:54:47.0861 0960 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:54:47.0908 0960 Modem - ok
20:54:47.0955 0960 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:54:48.0033 0960 monitor - ok
20:54:48.0080 0960 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:54:48.0111 0960 mouclass - ok
20:54:48.0142 0960 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:54:48.0189 0960 mouhid - ok
20:54:48.0236 0960 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:54:48.0267 0960 MountMgr - ok
20:54:48.0314 0960 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
20:54:48.0361 0960 mpio - ok
20:54:48.0407 0960 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:54:48.0454 0960 mpsdrv - ok
20:54:48.0485 0960 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:54:48.0517 0960 Mraid35x - ok
20:54:48.0626 0960 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:54:48.0657 0960 MRxDAV - ok
20:54:48.0735 0960 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:54:48.0782 0960 mrxsmb - ok
20:54:48.0829 0960 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:54:48.0907 0960 mrxsmb10 - ok
20:54:48.0938 0960 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:54:48.0969 0960 mrxsmb20 - ok
20:54:49.0031 0960 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
20:54:49.0078 0960 msahci - ok
20:54:49.0125 0960 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
20:54:49.0156 0960 msdsm - ok
20:54:49.0219 0960 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:54:49.0343 0960 MSDTC - ok
20:54:49.0515 0960 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:54:49.0749 0960 Msfs - ok
20:54:49.0905 0960 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:54:49.0936 0960 msisadrv - ok
20:54:50.0326 0960 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:54:50.0607 0960 MSiSCSI - ok
20:54:50.0623 0960 msiserver - ok
20:54:50.0654 0960 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:54:50.0701 0960 MSKSSRV - ok
20:54:50.0747 0960 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:54:50.0810 0960 MSPCLOCK - ok
20:54:50.0888 0960 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:54:50.0966 0960 MSPQM - ok
20:54:51.0013 0960 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:54:51.0059 0960 MsRPC - ok
20:54:51.0091 0960 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:54:51.0106 0960 mssmbios - ok
20:54:51.0169 0960 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:54:51.0231 0960 MSTEE - ok
20:54:51.0262 0960 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:54:51.0309 0960 Mup - ok
20:54:51.0356 0960 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:54:51.0449 0960 napagent - ok
20:54:51.0481 0960 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:54:51.0527 0960 NativeWifiP - ok
20:54:51.0699 0960 NAVENG (d8f9e712479f2f8dc8c3524a62365f95) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080905.006\NAVENG.SYS
20:54:51.0746 0960 NAVENG - ok
20:54:51.0839 0960 NAVEX15 (0b127bbe41300dede016e86e47329cdd) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080905.006\NAVEX15.SYS
20:54:51.0933 0960 NAVEX15 - ok
20:54:52.0011 0960 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:54:52.0058 0960 NDIS - ok
20:54:52.0120 0960 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:54:52.0183 0960 NdisTapi - ok
20:54:52.0214 0960 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:54:52.0276 0960 Ndisuio - ok
20:54:52.0323 0960 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:54:52.0401 0960 NdisWan - ok
20:54:52.0432 0960 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:54:52.0510 0960 NDProxy - ok
20:54:52.0557 0960 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:54:52.0604 0960 NetBIOS - ok
20:54:52.0651 0960 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:54:52.0713 0960 netbt - ok
20:54:52.0744 0960 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:54:52.0775 0960 Netlogon - ok
20:54:52.0838 0960 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:54:52.0916 0960 Netman - ok
20:54:52.0963 0960 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:54:53.0025 0960 netprofm - ok
20:54:53.0134 0960 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:54:53.0165 0960 NetTcpPortSharing - ok
20:54:53.0212 0960 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:54:53.0243 0960 nfrd960 - ok
20:54:53.0290 0960 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:54:53.0353 0960 NlaSvc - ok
20:54:53.0384 0960 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:54:53.0431 0960 Npfs - ok
20:54:53.0462 0960 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:54:53.0524 0960 nsi - ok
20:54:53.0555 0960 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:54:53.0602 0960 nsiproxy - ok
20:54:53.0696 0960 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:54:53.0836 0960 Ntfs - ok
20:54:53.0883 0960 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
20:54:53.0945 0960 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
20:54:53.0945 0960 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
20:54:53.0992 0960 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:54:54.0086 0960 ntrigdigi - ok
20:54:54.0133 0960 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:54:54.0164 0960 Null - ok
20:54:54.0226 0960 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
20:54:54.0335 0960 NVENETFD - ok
20:54:54.0367 0960 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
20:54:54.0413 0960 nvraid - ok
20:54:54.0445 0960 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
20:54:54.0476 0960 nvstor - ok
20:54:54.0491 0960 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
20:54:54.0538 0960 nv_agp - ok
20:54:54.0554 0960 NwlnkFlt - ok
20:54:54.0569 0960 NwlnkFwd - ok
20:54:54.0601 0960 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
20:54:54.0694 0960 ohci1394 - ok
20:54:54.0757 0960 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:54:54.0835 0960 p2pimsvc - ok
20:54:54.0850 0960 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:54:54.0897 0960 p2psvc - ok
20:54:54.0928 0960 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:54:55.0022 0960 Parport - ok
20:54:55.0053 0960 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:54:55.0084 0960 partmgr - ok
20:54:55.0131 0960 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:54:55.0209 0960 Parvdm - ok
20:54:55.0256 0960 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:54:55.0287 0960 PcaSvc - ok
20:54:55.0349 0960 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:54:55.0396 0960 pci - ok
20:54:55.0911 0960 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
20:54:55.0942 0960 pciide - ok
20:54:56.0005 0960 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
20:54:56.0036 0960 pcmcia - ok
20:54:56.0114 0960 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:54:56.0223 0960 PEAUTH - ok
20:54:56.0535 0960 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:54:56.0722 0960 pla - ok
20:54:56.0831 0960 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:54:56.0894 0960 PlugPlay - ok
20:54:56.0972 0960 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:54:57.0034 0960 PNRPAutoReg - ok
20:54:57.0050 0960 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:54:57.0097 0960 PNRPsvc - ok
20:54:57.0128 0960 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:54:57.0221 0960 PolicyAgent - ok
20:54:57.0299 0960 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:54:57.0362 0960 PptpMiniport - ok
20:54:57.0393 0960 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
20:54:57.0471 0960 Processor - ok
20:54:57.0502 0960 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:54:57.0580 0960 ProfSvc - ok
20:54:57.0611 0960 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:54:57.0658 0960 ProtectedStorage - ok
20:54:57.0689 0960 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:54:57.0752 0960 PSched - ok
20:54:57.0799 0960 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
20:54:57.0830 0960 PSDFilter - ok
20:54:57.0845 0960 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
20:54:57.0877 0960 PSDNServ - ok
20:54:57.0908 0960 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
20:54:57.0939 0960 psdvdisk - ok
20:54:58.0017 0960 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
20:54:58.0111 0960 ql2300 - ok
20:54:58.0142 0960 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:54:58.0189 0960 ql40xx - ok
20:54:58.0235 0960 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:54:58.0298 0960 QWAVE - ok
20:54:58.0516 0960 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:54:58.0579 0960 QWAVEdrv - ok
20:54:58.0688 0960 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:54:58.0766 0960 RasAcd - ok
20:54:59.0437 0960 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:54:59.0624 0960 RasAuto - ok
20:54:59.0842 0960 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:54:59.0920 0960 Rasl2tp - ok
20:55:00.0700 0960 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:55:00.0794 0960 RasMan - ok
20:55:00.0965 0960 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:55:01.0059 0960 RasPppoe - ok
20:55:01.0090 0960 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:55:01.0121 0960 RasSstp - ok
20:55:01.0246 0960 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:55:01.0371 0960 rdbss - ok
20:55:01.0449 0960 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:55:01.0496 0960 RDPCDD - ok
20:55:01.0839 0960 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
20:55:01.0964 0960 rdpdr - ok
20:55:01.0995 0960 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:55:02.0026 0960 RDPENCDD - ok
20:55:02.0479 0960 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
20:55:02.0635 0960 RDPWD - ok
20:55:02.0837 0960 RealNetworks Downloader Resolver Service (6b220cc1b8eb7f8723f5082f4a990b3c) C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
20:55:02.0915 0960 RealNetworks Downloader Resolver Service - ok
20:55:03.0071 0960 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:55:03.0149 0960 RemoteAccess - ok
20:55:03.0212 0960 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:55:03.0259 0960 RemoteRegistry - ok
20:55:03.0290 0960 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:55:03.0321 0960 RpcLocator - ok
20:55:03.0617 0960 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:55:03.0680 0960 RpcSs - ok
20:55:03.0773 0960 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:55:03.0883 0960 rspndr - ok
20:55:03.0945 0960 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:55:03.0976 0960 SamSs - ok
20:55:04.0023 0960 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:55:04.0054 0960 sbp2port - ok
20:55:04.0117 0960 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:55:04.0163 0960 SCardSvr - ok
20:55:04.0226 0960 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:55:04.0304 0960 Schedule - ok
20:55:04.0569 0960 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:55:04.0600 0960 SCPolicySvc - ok
20:55:05.0162 0960 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:55:05.0209 0960 SDRSVC - ok
20:55:05.0380 0960 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:55:05.0443 0960 secdrv - ok
20:55:05.0552 0960 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:55:05.0630 0960 seclogon - ok
20:55:05.0677 0960 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
20:55:05.0739 0960 SENS - ok
20:55:05.0911 0960 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:55:05.0989 0960 Serenum - ok
20:55:06.0176 0960 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:55:06.0269 0960 Serial - ok
20:55:06.0316 0960 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:55:06.0363 0960 sermouse - ok
20:55:06.0441 0960 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:55:06.0488 0960 SessionEnv - ok
20:55:06.0535 0960 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
20:55:06.0644 0960 sffdisk - ok
20:55:06.0675 0960 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
20:55:06.0753 0960 sffp_mmc - ok
20:55:06.0831 0960 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
20:55:06.0909 0960 sffp_sd - ok
20:55:06.0987 0960 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:55:07.0065 0960 sfloppy - ok
20:55:07.0205 0960 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:55:07.0299 0960 SharedAccess - ok
20:55:07.0424 0960 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:55:07.0533 0960 ShellHWDetection - ok
20:55:07.0658 0960 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
20:55:07.0689 0960 sisagp - ok
20:55:07.0705 0960 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
20:55:07.0736 0960 SiSRaid2 - ok
20:55:07.0767 0960 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
20:55:07.0798 0960 SiSRaid4 - ok
20:55:08.0750 0960 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:55:09.0046 0960 slsvc - ok
20:55:09.0187 0960 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:55:09.0249 0960 SLUINotify - ok
20:55:09.0327 0960 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:55:09.0374 0960 Smb - ok
20:55:09.0421 0960 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:55:09.0483 0960 SNMPTRAP - ok
20:55:09.0608 0960 SPBBCDrv (905782bcf15b6e5af9905b77923c7fa2) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
20:55:09.0655 0960 SPBBCDrv - ok
20:55:09.0686 0960 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:55:09.0717 0960 spldr - ok
20:55:09.0764 0960 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:55:09.0811 0960 Spooler - ok
20:55:09.0904 0960 SPService (398358ae05fcb65538c541279f8304b1) C:\Windows\system32\config\systemprofile\AppData\Roaming\Apple Computer\sp.DLL
20:55:09.0920 0960 SPService ( UnsignedFile.Multi.Generic ) - warning
20:55:09.0920 0960 SPService - detected UnsignedFile.Multi.Generic (1)
20:55:09.0982 0960 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS
20:55:10.0029 0960 SRTSP - ok
20:55:10.0076 0960 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS
20:55:10.0154 0960 SRTSPL - ok
20:55:10.0169 0960 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS
20:55:10.0201 0960 SRTSPX - ok
20:55:10.0263 0960 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:55:10.0341 0960 srv - ok
20:55:10.0388 0960 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:55:10.0450 0960 srv2 - ok
20:55:10.0481 0960 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:55:10.0528 0960 srvnet - ok
20:55:10.0575 0960 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:55:10.0622 0960 SSDPSRV - ok
20:55:10.0684 0960 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:55:10.0731 0960 SstpSvc - ok
20:55:10.0809 0960 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:55:10.0903 0960 stisvc - ok
20:55:10.0934 0960 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:55:10.0981 0960 swenum - ok
20:55:11.0027 0960 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:55:11.0090 0960 swprv - ok
20:55:11.0277 0960 Symantec Core LC (fa2f6a8849219b16460bf44f9d1f3aa7) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
20:55:11.0402 0960 Symantec Core LC - ok
20:55:11.0449 0960 SymAppCore (2fe779b1a07747fed8074c433c3c4604) c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
20:55:11.0480 0960 SymAppCore - ok
20:55:11.0589 0960 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:55:11.0636 0960 Symc8xx - ok
20:55:11.0667 0960 SYMDNS (51b57cda977170ac608d839dbfa1d3ee) C:\Windows\System32\Drivers\SYMDNS.SYS
20:55:11.0698 0960 SYMDNS - ok
20:55:11.0714 0960 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
20:55:11.0761 0960 SymEvent - ok
20:55:11.0776 0960 SYMFW (a131d8360b01044517aa44529e2137d6) C:\Windows\System32\Drivers\SYMFW.SYS
20:55:11.0823 0960 SYMFW - ok
20:55:11.0870 0960 SYMIDS (2b77868f02dae02103380b824431b798) C:\Windows\System32\Drivers\SYMIDS.SYS
20:55:11.0885 0960 SYMIDS - ok
20:55:11.0917 0960 SYMNDISV (7d3addfe63e5227bd2dbd5692bafb688) C:\Windows\System32\Drivers\SYMNDISV.SYS
20:55:11.0948 0960 SYMNDISV - ok
20:55:11.0963 0960 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
20:55:11.0995 0960 SYMREDRV - ok
20:55:12.0041 0960 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
20:55:12.0073 0960 SYMTDI - ok
20:55:12.0104 0960 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:55:12.0135 0960 Sym_hi - ok
20:55:12.0151 0960 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:55:12.0182 0960 Sym_u3 - ok
20:55:12.0229 0960 SynTP (5d6e865780aae258aba1a1484782cfec) C:\Windows\system32\DRIVERS\SynTP.sys
20:55:12.0275 0960 SynTP - ok
20:55:12.0322 0960 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:55:12.0400 0960 SysMain - ok
20:55:12.0447 0960 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:55:12.0478 0960 TabletInputService - ok
20:55:12.0556 0960 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:55:12.0619 0960 TapiSrv - ok
20:55:12.0665 0960 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:55:12.0728 0960 TBS - ok
20:55:12.0821 0960 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
20:55:12.0931 0960 Tcpip - ok
20:55:12.0946 0960 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
20:55:13.0009 0960 Tcpip6 - ok
20:55:13.0040 0960 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:55:13.0087 0960 tcpipreg - ok
20:55:13.0118 0960 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:55:13.0180 0960 TDPIPE - ok
20:55:13.0196 0960 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:55:13.0243 0960 TDTCP - ok
20:55:13.0289 0960 tdx (f8fa40f8e3b28b3c5aefb0bd31cc3b46) C:\Windows\system32\DRIVERS\tdx.sys
20:55:13.0305 0960 tdx ( Virus.Win32.ZAccess.c ) - infected
20:55:13.0305 0960 tdx - detected Virus.Win32.ZAccess.c (0)
20:55:13.0336 0960 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:55:13.0367 0960 TermDD - ok
20:55:13.0430 0960 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:55:13.0492 0960 TermService - ok
20:55:13.0555 0960 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:55:13.0601 0960 Themes - ok
20:55:13.0648 0960 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:55:13.0695 0960 THREADORDER - ok
20:55:13.0726 0960 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:55:13.0757 0960 TrkWks - ok
20:55:13.0835 0960 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:55:13.0882 0960 TrustedInstaller - ok
20:55:13.0929 0960 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:55:13.0991 0960 tssecsrv - ok
20:55:14.0038 0960 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:55:14.0101 0960 tunmp - ok
20:55:14.0132 0960 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:55:14.0163 0960 tunnel - ok
20:55:14.0194 0960 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
20:55:14.0241 0960 uagp35 - ok
20:55:14.0288 0960 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:55:14.0350 0960 udfs - ok
20:55:14.0397 0960 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:55:14.0459 0960 UI0Detect - ok
20:55:14.0491 0960 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
20:55:14.0522 0960 uliagpkx - ok
20:55:14.0569 0960 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
20:55:14.0615 0960 uliahci - ok
20:55:14.0647 0960 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:55:14.0693 0960 UlSata - ok
20:55:14.0725 0960 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:55:14.0756 0960 ulsata2 - ok
20:55:14.0803 0960 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:55:14.0865 0960 umbus - ok
20:55:14.0912 0960 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:55:14.0990 0960 upnphost - ok
20:55:15.0037 0960 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
20:55:15.0083 0960 USBAAPL - ok
20:55:15.0130 0960 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:55:15.0177 0960 usbccgp - ok
20:55:15.0208 0960 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:55:15.0286 0960 usbcir - ok
20:55:15.0333 0960 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:55:15.0395 0960 usbehci - ok
20:55:15.0427 0960 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:55:15.0489 0960 usbhub - ok
20:55:15.0536 0960 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\DRIVERS\usbohci.sys
20:55:15.0598 0960 usbohci - ok
20:55:15.0645 0960 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:55:15.0707 0960 usbprint - ok
20:55:15.0754 0960 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:55:15.0801 0960 usbscan - ok
20:55:15.0848 0960 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:55:15.0879 0960 USBSTOR - ok
20:55:15.0926 0960 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:55:15.0988 0960 usbuhci - ok
20:55:16.0019 0960 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
20:55:16.0113 0960 usbvideo - ok
20:55:16.0160 0960 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:55:16.0191 0960 UxSms - ok
20:55:16.0238 0960 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:55:16.0331 0960 vds - ok
20:55:16.0363 0960 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
20:55:16.0441 0960 vga - ok
20:55:16.0487 0960 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:55:16.0519 0960 VgaSave - ok
20:55:16.0550 0960 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
20:55:16.0581 0960 viaagp - ok
20:55:16.0612 0960 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
20:55:16.0706 0960 ViaC7 - ok
20:55:16.0737 0960 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
20:55:16.0768 0960 viaide - ok
20:55:16.0815 0960 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:55:16.0846 0960 volmgr - ok
20:55:16.0909 0960 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:55:16.0955 0960 volmgrx - ok
20:55:17.0002 0960 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:55:17.0049 0960 volsnap - ok
20:55:17.0096 0960 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
20:55:17.0143 0960 vsmraid - ok
20:55:17.0221 0960 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:55:17.0345 0960 VSS - ok
20:55:17.0392 0960 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:55:17.0455 0960 W32Time - ok
20:55:17.0517 0960 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:55:17.0579 0960 WacomPen - ok
20:55:17.0642 0960 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:55:17.0689 0960 Wanarp - ok
20:55:17.0689 0960 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:55:17.0735 0960 Wanarpv6 - ok
20:55:17.0798 0960 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:55:17.0860 0960 wcncsvc - ok
20:55:17.0907 0960 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:55:17.0969 0960 WcsPlugInService - ok
20:55:18.0001 0960 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
20:55:18.0032 0960 Wd - ok
20:55:18.0094 0960 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:55:18.0172 0960 Wdf01000 - ok
20:55:18.0235 0960 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:55:18.0297 0960 WdiServiceHost - ok
20:55:18.0297 0960 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:55:18.0344 0960 WdiSystemHost - ok
20:55:18.0391 0960 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:55:18.0437 0960 WebClient - ok
20:55:18.0484 0960 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
20:55:18.0547 0960 Wecsvc - ok
20:55:18.0593 0960 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:55:18.0640 0960 wercplsupport - ok
20:55:18.0687 0960 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:55:18.0749 0960 WerSvc - ok
20:55:18.0843 0960 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:55:18.0937 0960 winachsf - ok
20:55:18.0952 0960 WinHttpAutoProxySvc - ok
20:55:19.0046 0960 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:55:19.0124 0960 Winmgmt - ok
20:55:19.0171 0960 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
20:55:19.0280 0960 WinRM - ok
20:55:19.0373 0960 winusb (086d2e78eecd6195667282adc6ca109f) C:\Windows\system32\DRIVERS\WinUSB.SYS
20:55:19.0451 0960 winusb - ok
20:55:19.0529 0960 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:55:19.0592 0960 Wlansvc - ok
20:55:19.0639 0960 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:55:19.0701 0960 WmiAcpi - ok
20:55:19.0779 0960 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:55:19.0841 0960 wmiApSrv - ok
20:55:19.0966 0960 WMIService (e8781cf1a4262881897444d22921a3a6) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
20:55:19.0997 0960 WMIService ( UnsignedFile.Multi.Generic ) - warning
20:55:19.0997 0960 WMIService - detected UnsignedFile.Multi.Generic (1)
20:55:20.0107 0960 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:55:20.0294 0960 WMPNetworkSvc - ok
20:55:20.0341 0960 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:55:20.0387 0960 WPCSvc - ok
20:55:20.0450 0960 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
20:55:20.0497 0960 WPDBusEnum - ok
20:55:20.0575 0960 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
20:55:20.0621 0960 WpdUsb - ok
20:55:20.0668 0960 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:55:20.0715 0960 ws2ifsl - ok
20:55:20.0731 0960 WSearch - ok
20:55:20.0855 0960 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
20:55:21.0011 0960 wuauserv - ok
20:55:21.0167 0960 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:55:21.0230 0960 WUDFRd - ok
20:55:21.0277 0960 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:55:21.0323 0960 wudfsvc - ok
20:55:21.0370 0960 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
20:55:21.0386 0960 XAudio - ok
20:55:21.0417 0960 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
20:55:21.0526 0960 XAudioService - ok
20:55:21.0573 0960 yukonwlh (2d07e65ed0023bb10b13a912b27dfb1a) C:\Windows\system32\DRIVERS\yk60x86.sys
20:55:21.0651 0960 yukonwlh - ok
20:55:21.0682 0960 MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0
20:55:24.0974 0960 \Device\Harddisk0\DR0 - ok
20:55:25.0005 0960 Boot (0x1200) (810a4bbcb1f100e8e8e36530ff416631) \Device\Harddisk0\DR0\Partition0
20:55:25.0005 0960 \Device\Harddisk0\DR0\Partition0 - ok
20:55:25.0036 0960 Boot (0x1200) (259701f719000fc2863872f41ad95dbe) \Device\Harddisk0\DR0\Partition1
20:55:25.0036 0960 \Device\Harddisk0\DR0\Partition1 - ok
20:55:25.0036 0960 ============================================================
20:55:25.0036 0960 Scan finished
20:55:25.0036 0960 ============================================================
20:55:25.0052 2696 Detected object count: 10
20:55:25.0052 2696 Actual detected object count: 10
20:56:14.0707 2696 eLockService ( UnsignedFile.Multi.Generic ) - skipped by user
20:56:14.0707 2696 eLockService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:56:14.0707 2696 eNet Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:56:14.0707 2696 eNet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:56:14.0707 2696 eRecoveryService ( UnsignedFile.Multi.Generic ) - skipped by user
20:56:14.0707 2696 eRecoveryService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:56:14.0707 2696 eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user
20:56:14.0707 2696 eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:56:14.0707 2696 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:56:14.0707 2696 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:56:14.0909 2696 C:\Windows\system32\cnmpar21.dll - copied to quarantine
20:56:14.0925 2696 HKLM\SYSTEM\ControlSet001\services\mnmsrvc - will be deleted on reboot
20:56:15.0019 2696 HKLM\SYSTEM\ControlSet003\services\mnmsrvc - will be deleted on reboot
20:56:15.0065 2696 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
20:56:15.0065 2696 C:\Windows\system32\cnmpar21.dll - will be deleted on reboot
20:56:15.0065 2696 mnmsrvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
20:56:15.0065 2696 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
20:56:15.0065 2696 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:56:15.0065 2696 SPService ( UnsignedFile.Multi.Generic ) - skipped by user
20:56:15.0065 2696 SPService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:56:15.0065 2696 tdx ( Virus.Win32.ZAccess.c ) - skipped by user
20:56:15.0065 2696 tdx ( Virus.Win32.ZAccess.c ) - User select action: Skip
20:56:15.0081 2696 WMIService ( UnsignedFile.Multi.Generic ) - skipped by user
20:56:15.0081 2696 WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:56:20.0182 3768 Deinitialize success

#7 sedaps

sedaps
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 02 May 2012 - 08:17 PM

I ran the defogger following your instructions. I do not think it disabled emulation programs. when it finished both diable and re-enable buttons were available. It did not prompt a reboot either.

#8 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:06:57 AM

Posted 03 May 2012 - 02:27 AM

Please reboot the PC if you have not already done so.

Defogger will only prompt for a reboot if it has detected any CD Emulation software. That would be programs like Daemon Tools, Alchohol 120%, Astroburn, AnyDVD. If you do not have any programs like these there is no need to be concerned.

The TDSSKiller log is showing further infected files, before proceeding with Combofix please run it again and post the new log. And again, make sure you reboot after running it.

Once you have posted the log please wait for further instructions before taking any further action. (Don't run Combofix until I tell you to do so).

Edited by mark1956, 03 May 2012 - 02:43 AM.


#9 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:06:57 AM

Posted 03 May 2012 - 08:56 AM

A quick edit to my last post. As I have heard that TDSSKiller has just been updated please right click on the TDSSKiller icon on your desktop and select Delete.

Then follow the original instructions to download the program again and continue as instructed in my last post.
--------------------------------------------------------------------------------------------------

In the results it shows this line:

20:56:15.0065 2696 mnmsrvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete

Please note the instructions clearly state:

Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed.

Please do not use Delete as this may cause instability in your system if you remove any important system files, adhere strictly to the instructions and we should get through this. Fortunately the file you have deleted in non critical and should not effect system performance.

Edited by mark1956, 03 May 2012 - 09:31 AM.


#10 sedaps

sedaps
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 03 May 2012 - 08:38 PM

21:30:35.0285 2648 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
21:30:35.0846 2648 ============================================================
21:30:35.0846 2648 Current date / time: 2012/05/03 21:30:35.0846
21:30:35.0846 2648 SystemInfo:
21:30:35.0846 2648
21:30:35.0846 2648 OS Version: 6.0.6002 ServicePack: 2.0
21:30:35.0846 2648 Product type: Workstation
21:30:35.0846 2648 ComputerName: STEPH-PC
21:30:35.0846 2648 UserName: steph
21:30:35.0846 2648 Windows directory: C:\Windows
21:30:35.0846 2648 System windows directory: C:\Windows
21:30:35.0846 2648 Processor architecture: Intel x86
21:30:35.0846 2648 Number of processors: 1
21:30:35.0846 2648 Page size: 0x1000
21:30:35.0846 2648 Boot type: Normal boot
21:30:35.0846 2648 ============================================================
21:30:36.0642 2648 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:30:36.0642 2648 ============================================================
21:30:36.0642 2648 \Device\Harddisk0\DR0:
21:30:36.0642 2648 MBR partitions:
21:30:36.0642 2648 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x40C4800
21:30:36.0642 2648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x544D000, BlocksNum 0x40C2000
21:30:36.0642 2648 ============================================================
21:30:36.0673 2648 C: <-> \Device\Harddisk0\DR0\Partition0
21:30:36.0720 2648 D: <-> \Device\Harddisk0\DR0\Partition1
21:30:36.0720 2648 ============================================================
21:30:36.0720 2648 Initialize success
21:30:36.0720 2648 ============================================================
21:30:46.0267 3888 ============================================================
21:30:46.0267 3888 Scan started
21:30:46.0267 3888 Mode: Manual; SigCheck; TDLFS;
21:30:46.0267 3888 ============================================================
21:30:47.0375 3888 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:30:47.0578 3888 ACPI - ok
21:30:47.0656 3888 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:30:47.0718 3888 adp94xx - ok
21:30:47.0765 3888 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:30:47.0827 3888 adpahci - ok
21:30:48.0014 3888 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:30:48.0061 3888 adpu160m - ok
21:30:48.0404 3888 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:30:48.0451 3888 adpu320 - ok
21:30:48.0514 3888 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:30:48.0794 3888 AeLookupSvc - ok
21:30:48.0950 3888 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:30:49.0122 3888 AFD - ok
21:30:49.0216 3888 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
21:30:49.0294 3888 agp440 - ok
21:30:49.0528 3888 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:30:49.0574 3888 aic78xx - ok
21:30:49.0762 3888 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:30:50.0042 3888 ALG - ok
21:30:50.0183 3888 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
21:30:50.0292 3888 aliide - ok
21:30:50.0354 3888 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
21:30:50.0386 3888 amdagp - ok
21:30:50.0526 3888 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
21:30:50.0588 3888 amdide - ok
21:30:50.0620 3888 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:30:50.0869 3888 AmdK7 - ok
21:30:50.0978 3888 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
21:30:51.0166 3888 AmdK8 - ok
21:30:51.0228 3888 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:30:51.0400 3888 Appinfo - ok
21:30:51.0727 3888 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:30:51.0774 3888 Apple Mobile Device - ok
21:30:51.0883 3888 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:30:51.0930 3888 arc - ok
21:30:51.0977 3888 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:30:52.0039 3888 arcsas - ok
21:30:52.0117 3888 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:30:52.0195 3888 AsyncMac - ok
21:30:52.0367 3888 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:30:52.0414 3888 atapi - ok
21:30:52.0523 3888 athr (d9583d3c896f0c608d8a484906650b2c) C:\Windows\system32\DRIVERS\athr.sys
21:30:52.0663 3888 athr - ok
21:30:52.0788 3888 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:30:52.0897 3888 AudioEndpointBuilder - ok
21:30:52.0913 3888 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:30:52.0960 3888 Audiosrv - ok
21:30:53.0053 3888 Automatic LiveUpdate Scheduler (b5d974c1fd078a68c7536c561b031d39) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
21:30:53.0131 3888 Automatic LiveUpdate Scheduler - ok
21:30:53.0350 3888 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
21:30:53.0506 3888 BCM43XV - ok
21:30:53.0646 3888 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:30:53.0755 3888 Beep - ok
21:30:53.0849 3888 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
21:30:53.0927 3888 BFE - ok
21:30:54.0052 3888 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
21:30:54.0223 3888 BITS - ok
21:30:54.0239 3888 blbdrive - ok
21:30:54.0395 3888 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:30:54.0457 3888 bowser - ok
21:30:54.0520 3888 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:30:54.0598 3888 BrFiltLo - ok
21:30:54.0676 3888 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:30:54.0754 3888 BrFiltUp - ok
21:30:54.0832 3888 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:30:54.0910 3888 Browser - ok
21:30:55.0003 3888 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:30:55.0081 3888 Brserid - ok
21:30:55.0144 3888 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:30:55.0206 3888 BrSerWdm - ok
21:30:55.0237 3888 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:30:55.0300 3888 BrUsbMdm - ok
21:30:55.0362 3888 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:30:55.0440 3888 BrUsbSer - ok
21:30:55.0534 3888 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:30:55.0612 3888 BTHMODEM - ok
21:30:55.0752 3888 catchme - ok
21:30:56.0610 3888 ccEvtMgr (e7aab1a32ac2eea4c4b735b8d034c802) c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
21:30:56.0657 3888 ccEvtMgr - ok
21:30:56.0672 3888 ccSetMgr (e7aab1a32ac2eea4c4b735b8d034c802) c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
21:30:56.0704 3888 ccSetMgr - ok
21:30:57.0172 3888 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:30:57.0250 3888 cdfs - ok
21:30:57.0328 3888 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:30:57.0406 3888 cdrom - ok
21:30:57.0468 3888 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:30:57.0515 3888 CertPropSvc - ok
21:30:57.0577 3888 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:30:57.0671 3888 circlass - ok
21:30:57.0733 3888 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:30:57.0780 3888 CLFS - ok
21:30:57.0936 3888 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:30:57.0983 3888 clr_optimization_v2.0.50727_32 - ok
21:30:58.0014 3888 CLTNetCnService (e7aab1a32ac2eea4c4b735b8d034c802) c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
21:30:58.0045 3888 CLTNetCnService - ok
21:30:58.0092 3888 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:30:58.0170 3888 CmBatt - ok
21:30:58.0310 3888 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
21:30:58.0326 3888 cmdide - ok
21:30:58.0420 3888 comHost (7ce352882828c12dd7632b172253a02c) c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
21:30:58.0466 3888 comHost - ok
21:30:58.0654 3888 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:30:58.0669 3888 Compbatt - ok
21:30:58.0685 3888 COMSysApp - ok
21:30:58.0700 3888 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:30:58.0747 3888 crcdisk - ok
21:30:58.0810 3888 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:30:58.0888 3888 Crusoe - ok
21:30:58.0950 3888 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
21:30:58.0997 3888 CryptSvc - ok
21:30:59.0090 3888 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:30:59.0200 3888 DcomLaunch - ok
21:30:59.0215 3888 DfsC - ok
21:30:59.0730 3888 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
21:30:59.0964 3888 DFSR - ok
21:31:00.0588 3888 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
21:31:00.0697 3888 Dhcp - ok
21:31:01.0259 3888 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:31:01.0306 3888 disk - ok
21:31:01.0540 3888 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
21:31:01.0680 3888 DKbFltr - ok
21:31:02.0148 3888 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
21:31:02.0257 3888 Dnscache - ok
21:31:02.0819 3888 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
21:31:02.0928 3888 dot3svc - ok
21:31:03.0458 3888 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:31:03.0552 3888 DPS - ok
21:31:03.0630 3888 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:31:03.0692 3888 drmkaud - ok
21:31:04.0800 3888 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:31:05.0003 3888 DXGKrnl - ok
21:31:05.0096 3888 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:31:05.0174 3888 E1G60 - ok
21:31:05.0299 3888 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:31:05.0362 3888 EapHost - ok
21:31:05.0627 3888 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:31:05.0720 3888 Ecache - ok
21:31:06.0844 3888 eDataSecurity Service (f54907aa07f60aff81e1e09e97af98b0) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
21:31:07.0046 3888 eDataSecurity Service - ok
21:31:07.0655 3888 eeCtrl (47ce4e650d91dc095a2fddb15631a78a) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:31:07.0780 3888 eeCtrl - ok
21:31:08.0029 3888 eLockService (a7b5f3b9363f9ab1d4fe459baf3b15d6) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
21:31:08.0107 3888 eLockService ( UnsignedFile.Multi.Generic ) - warning
21:31:08.0107 3888 eLockService - detected UnsignedFile.Multi.Generic (1)
21:31:08.0513 3888 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:31:08.0669 3888 elxstor - ok
21:31:09.0340 3888 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
21:31:09.0667 3888 EMDMgmt - ok
21:31:09.0901 3888 eNet Service (207e2dda01aac6ad64f0368ca59fc179) C:\Acer\Empowering Technology\eNet\eNet Service.exe
21:31:09.0932 3888 eNet Service ( UnsignedFile.Multi.Generic ) - warning
21:31:09.0932 3888 eNet Service - detected UnsignedFile.Multi.Generic (1)
21:31:10.0260 3888 EraserUtilRebootDrv (ce3ef5c79cb0bfa036e844f74c52d759) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:31:10.0322 3888 EraserUtilRebootDrv - ok
21:31:10.0603 3888 eRecoveryService (a7b084bfbbd582a843d2f5c35220f962) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
21:31:10.0728 3888 eRecoveryService ( UnsignedFile.Multi.Generic ) - warning
21:31:10.0728 3888 eRecoveryService - detected UnsignedFile.Multi.Generic (1)
21:31:10.0931 3888 eSettingsService (06484e97d22f06de8de0f8e2bec6fa9e) C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
21:31:10.0993 3888 eSettingsService ( UnsignedFile.Multi.Generic ) - warning
21:31:10.0993 3888 eSettingsService - detected UnsignedFile.Multi.Generic (1)
21:31:11.0274 3888 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
21:31:11.0321 3888 EventSystem - ok
21:31:11.0758 3888 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:31:11.0882 3888 exfat - ok
21:31:11.0976 3888 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:31:12.0132 3888 fastfat - ok
21:31:12.0241 3888 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:31:12.0350 3888 fdc - ok
21:31:12.0460 3888 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:31:12.0506 3888 fdPHost - ok
21:31:12.0631 3888 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:31:12.0709 3888 FDResPub - ok
21:31:13.0115 3888 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:31:13.0162 3888 FileInfo - ok
21:31:13.0302 3888 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:31:13.0427 3888 Filetrace - ok
21:31:13.0536 3888 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:31:13.0645 3888 flpydisk - ok
21:31:13.0739 3888 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:31:13.0832 3888 FltMgr - ok
21:31:14.0550 3888 FontCache (452feaab2a8dbb42ed751754cb2594f5) C:\Windows\system32\FntCache.dll
21:31:14.0909 3888 FontCache - ok
21:31:15.0252 3888 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:31:15.0361 3888 FontCache3.0.0.0 - ok
21:31:15.0424 3888 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
21:31:15.0517 3888 Fs_Rec - ok
21:31:15.0580 3888 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:31:15.0611 3888 gagp30kx - ok
21:31:16.0609 3888 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
21:31:16.0843 3888 gpsvc - ok
21:31:17.0108 3888 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:31:17.0233 3888 HdAudAddService - ok
21:31:18.0169 3888 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:31:18.0356 3888 HDAudBus - ok
21:31:18.0481 3888 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:31:18.0606 3888 HidBth - ok
21:31:18.0637 3888 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:31:18.0731 3888 HidIr - ok
21:31:18.0887 3888 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
21:31:19.0027 3888 hidserv - ok
21:31:19.0168 3888 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:31:19.0246 3888 HidUsb - ok
21:31:19.0417 3888 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:31:19.0480 3888 hkmsvc - ok
21:31:19.0604 3888 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:31:19.0651 3888 HpCISSs - ok
21:31:20.0166 3888 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:31:20.0322 3888 HSFHWAZL - ok
21:31:21.0632 3888 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:31:22.0054 3888 HSF_DPV - ok
21:31:22.0241 3888 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:31:22.0381 3888 HSXHWAZL - ok
21:31:22.0678 3888 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
21:31:22.0896 3888 HTTP - ok
21:31:23.0005 3888 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:31:23.0052 3888 i2omp - ok
21:31:23.0255 3888 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:31:23.0302 3888 i8042prt - ok
21:31:23.0660 3888 IAANTMON (ae38a12f79a4980ddb88f36514f8a1da) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
21:31:23.0785 3888 IAANTMON - ok
21:31:23.0879 3888 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys
21:31:23.0926 3888 iaStor - ok
21:31:24.0394 3888 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:31:24.0550 3888 iaStorV - ok
21:31:25.0626 3888 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:31:26.0063 3888 idsvc - ok
21:31:26.0437 3888 IDSvix86 (f49b22e2cc15de6e752fc8cb24eb7069) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080829.001\IDSvix86.sys
21:31:26.0500 3888 IDSvix86 - ok
21:31:28.0652 3888 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:31:29.0245 3888 igfx - ok
21:31:29.0932 3888 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:31:29.0978 3888 iirsp - ok
21:31:30.0431 3888 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
21:31:30.0587 3888 IKEEXT - ok
21:31:31.0180 3888 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
21:31:31.0211 3888 int15 - ok
21:31:32.0240 3888 IntcAzAudAddService (90a10b39896040b3154613c11c932aeb) C:\Windows\system32\drivers\RTKVHDA.sys
21:31:32.0396 3888 IntcAzAudAddService - ok
21:31:33.0083 3888 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:31:33.0145 3888 intelide - ok
21:31:33.0192 3888 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:31:33.0239 3888 intelppm - ok
21:31:33.0644 3888 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:31:33.0722 3888 IPBusEnum - ok
21:31:33.0785 3888 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:31:33.0847 3888 IpFilterDriver - ok
21:31:33.0894 3888 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
21:31:33.0972 3888 iphlpsvc - ok
21:31:34.0019 3888 IpInIp - ok
21:31:34.0518 3888 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:31:34.0627 3888 IPMIDRV - ok
21:31:34.0752 3888 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:31:34.0814 3888 IPNAT - ok
21:31:34.0892 3888 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:31:35.0002 3888 IRENUM - ok
21:31:35.0080 3888 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
21:31:35.0189 3888 isapnp - ok
21:31:35.0438 3888 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:31:35.0470 3888 iScsiPrt - ok
21:31:35.0688 3888 ISPwdSvc (36474fde02f8422b8b1a52ead9894dbc) c:\Program Files\Norton Internet Security\isPwdSvc.exe
21:31:35.0735 3888 ISPwdSvc - ok
21:31:35.0766 3888 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:31:35.0813 3888 iteatapi - ok
21:31:36.0031 3888 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:31:36.0109 3888 iteraid - ok
21:31:36.0218 3888 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:31:36.0296 3888 kbdclass - ok
21:31:36.0421 3888 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
21:31:36.0546 3888 kbdhid - ok
21:31:36.0671 3888 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:31:36.0811 3888 KeyIso - ok
21:31:37.0310 3888 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:31:37.0513 3888 KSecDD - ok
21:31:37.0685 3888 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:31:37.0732 3888 KtmRm - ok
21:31:37.0872 3888 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
21:31:37.0981 3888 LanmanServer - ok
21:31:38.0059 3888 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
21:31:38.0122 3888 LanmanWorkstation - ok
21:31:38.0246 3888 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:31:38.0262 3888 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
21:31:38.0262 3888 LightScribeService - detected UnsignedFile.Multi.Generic (1)
21:31:38.0574 3888 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
21:31:38.0714 3888 LiveUpdate - ok
21:31:38.0886 3888 LiveUpdate Notice Ex (e7aab1a32ac2eea4c4b735b8d034c802) c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
21:31:38.0933 3888 LiveUpdate Notice Ex - ok
21:31:39.0073 3888 LiveUpdate Notice Service (2d1389e05a807d956829f44bd4b60389) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
21:31:39.0136 3888 LiveUpdate Notice Service - ok
21:31:39.0276 3888 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:31:39.0338 3888 lltdio - ok
21:31:39.0416 3888 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:31:39.0494 3888 lltdsvc - ok
21:31:39.0557 3888 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:31:39.0619 3888 lmhosts - ok
21:31:39.0682 3888 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:31:39.0713 3888 LSI_FC - ok
21:31:39.0744 3888 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:31:39.0791 3888 LSI_SAS - ok
21:31:39.0838 3888 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:31:39.0869 3888 LSI_SCSI - ok
21:31:39.0916 3888 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:31:39.0962 3888 luafv - ok
21:31:39.0994 3888 MCSTRM - ok
21:31:40.0040 3888 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:31:40.0072 3888 mdmxsdk - ok
21:31:40.0118 3888 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:31:40.0150 3888 megasas - ok
21:31:40.0196 3888 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:31:40.0243 3888 MMCSS - ok
21:31:40.0290 3888 MobilityService - ok
21:31:40.0321 3888 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:31:40.0399 3888 Modem - ok
21:31:40.0446 3888 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:31:40.0493 3888 monitor - ok
21:31:40.0524 3888 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:31:40.0586 3888 mouclass - ok
21:31:40.0602 3888 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:31:40.0680 3888 mouhid - ok
21:31:40.0727 3888 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:31:40.0742 3888 MountMgr - ok
21:31:40.0805 3888 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:31:40.0836 3888 mpio - ok
21:31:40.0883 3888 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:31:40.0945 3888 mpsdrv - ok
21:31:41.0008 3888 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
21:31:41.0086 3888 MpsSvc - ok
21:31:41.0132 3888 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:31:41.0164 3888 Mraid35x - ok
21:31:41.0210 3888 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:31:41.0257 3888 MRxDAV - ok
21:31:41.0320 3888 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:31:41.0413 3888 mrxsmb - ok
21:31:41.0460 3888 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:31:41.0507 3888 mrxsmb10 - ok
21:31:41.0569 3888 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:31:41.0600 3888 mrxsmb20 - ok
21:31:41.0647 3888 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
21:31:41.0678 3888 msahci - ok
21:31:41.0710 3888 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:31:41.0741 3888 msdsm - ok
21:31:41.0788 3888 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:31:41.0866 3888 MSDTC - ok
21:31:41.0912 3888 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:31:41.0959 3888 Msfs - ok
21:31:41.0990 3888 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:31:42.0022 3888 msisadrv - ok
21:31:42.0068 3888 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:31:42.0131 3888 MSiSCSI - ok
21:31:42.0146 3888 msiserver - ok
21:31:42.0193 3888 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:31:42.0256 3888 MSKSSRV - ok
21:31:42.0302 3888 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:31:42.0349 3888 MSPCLOCK - ok
21:31:42.0412 3888 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:31:42.0474 3888 MSPQM - ok
21:31:42.0521 3888 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:31:42.0552 3888 MsRPC - ok
21:31:42.0599 3888 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:31:42.0646 3888 mssmbios - ok
21:31:42.0661 3888 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:31:42.0724 3888 MSTEE - ok
21:31:42.0755 3888 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:31:42.0817 3888 Mup - ok
21:31:42.0880 3888 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
21:31:42.0958 3888 napagent - ok
21:31:43.0004 3888 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:31:43.0051 3888 NativeWifiP - ok
21:31:43.0192 3888 NAVENG (d8f9e712479f2f8dc8c3524a62365f95) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080905.006\NAVENG.SYS
21:31:43.0223 3888 NAVENG - ok
21:31:43.0301 3888 NAVEX15 (0b127bbe41300dede016e86e47329cdd) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080905.006\NAVEX15.SYS
21:31:43.0379 3888 NAVEX15 - ok
21:31:43.0441 3888 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:31:43.0519 3888 NDIS - ok
21:31:43.0582 3888 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:31:43.0628 3888 NdisTapi - ok
21:31:43.0691 3888 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:31:43.0738 3888 Ndisuio - ok
21:31:43.0784 3888 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:31:43.0878 3888 NdisWan - ok
21:31:43.0925 3888 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:31:44.0003 3888 NDProxy - ok
21:31:44.0050 3888 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:31:44.0128 3888 NetBIOS - ok
21:31:44.0174 3888 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:31:44.0237 3888 netbt - ok
21:31:44.0268 3888 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:31:44.0299 3888 Netlogon - ok
21:31:44.0362 3888 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:31:44.0455 3888 Netman - ok
21:31:44.0502 3888 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:31:44.0564 3888 netprofm - ok
21:31:44.0674 3888 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:31:44.0752 3888 NetTcpPortSharing - ok
21:31:44.0783 3888 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:31:44.0814 3888 nfrd960 - ok
21:31:44.0876 3888 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:31:44.0939 3888 NlaSvc - ok
21:31:44.0970 3888 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:31:45.0001 3888 Npfs - ok
21:31:45.0048 3888 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:31:45.0095 3888 nsi - ok
21:31:45.0142 3888 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:31:45.0188 3888 nsiproxy - ok
21:31:45.0282 3888 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:31:45.0407 3888 Ntfs - ok
21:31:45.0469 3888 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
21:31:45.0500 3888 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
21:31:45.0500 3888 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
21:31:45.0532 3888 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:31:45.0610 3888 ntrigdigi - ok
21:31:45.0656 3888 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:31:45.0703 3888 Null - ok
21:31:45.0766 3888 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
21:31:45.0937 3888 NVENETFD - ok
21:31:45.0984 3888 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:31:46.0031 3888 nvraid - ok
21:31:46.0046 3888 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:31:46.0078 3888 nvstor - ok
21:31:46.0093 3888 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
21:31:46.0140 3888 nv_agp - ok
21:31:46.0140 3888 NwlnkFlt - ok
21:31:46.0156 3888 NwlnkFwd - ok
21:31:46.0202 3888 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
21:31:46.0296 3888 ohci1394 - ok
21:31:46.0374 3888 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:31:46.0514 3888 p2pimsvc - ok
21:31:46.0530 3888 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:31:46.0577 3888 p2psvc - ok
21:31:46.0624 3888 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:31:46.0702 3888 Parport - ok
21:31:46.0748 3888 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:31:46.0795 3888 partmgr - ok
21:31:46.0842 3888 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:31:46.0936 3888 Parvdm - ok
21:31:46.0982 3888 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:31:47.0060 3888 PcaSvc - ok
21:31:47.0092 3888 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:31:47.0123 3888 pci - ok
21:31:47.0170 3888 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
21:31:47.0185 3888 pciide - ok
21:31:47.0232 3888 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
21:31:47.0279 3888 pcmcia - ok
21:31:47.0357 3888 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:31:47.0466 3888 PEAUTH - ok
21:31:47.0622 3888 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:31:47.0747 3888 pla - ok
21:31:47.0903 3888 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
21:31:47.0965 3888 PlugPlay - ok
21:31:48.0090 3888 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:31:48.0137 3888 PNRPAutoReg - ok
21:31:48.0152 3888 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:31:48.0199 3888 PNRPsvc - ok
21:31:48.0262 3888 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
21:31:48.0324 3888 PolicyAgent - ok
21:31:48.0402 3888 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:31:48.0480 3888 PptpMiniport - ok
21:31:48.0511 3888 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:31:48.0605 3888 Processor - ok
21:31:48.0698 3888 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
21:31:48.0745 3888 ProfSvc - ok
21:31:48.0808 3888 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:31:48.0854 3888 ProtectedStorage - ok
21:31:48.0948 3888 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:31:49.0010 3888 PSched - ok
21:31:49.0057 3888 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
21:31:49.0088 3888 PSDFilter - ok
21:31:49.0120 3888 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
21:31:49.0151 3888 PSDNServ - ok
21:31:49.0182 3888 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
21:31:49.0213 3888 psdvdisk - ok
21:31:49.0276 3888 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:31:49.0432 3888 ql2300 - ok
21:31:49.0478 3888 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:31:49.0510 3888 ql40xx - ok
21:31:49.0588 3888 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:31:49.0634 3888 QWAVE - ok
21:31:49.0681 3888 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:31:49.0712 3888 QWAVEdrv - ok
21:31:49.0775 3888 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:31:49.0837 3888 RasAcd - ok
21:31:49.0884 3888 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:31:49.0946 3888 RasAuto - ok
21:31:49.0993 3888 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:31:50.0056 3888 Rasl2tp - ok
21:31:50.0102 3888 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
21:31:50.0149 3888 RasMan - ok
21:31:50.0180 3888 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:31:50.0258 3888 RasPppoe - ok
21:31:50.0305 3888 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:31:50.0336 3888 RasSstp - ok
21:31:50.0383 3888 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:31:50.0446 3888 rdbss - ok
21:31:50.0477 3888 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:31:50.0524 3888 RDPCDD - ok
21:31:50.0586 3888 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
21:31:50.0726 3888 rdpdr - ok
21:31:50.0742 3888 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:31:50.0773 3888 RDPENCDD - ok
21:31:50.0836 3888 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
21:31:50.0929 3888 RDPWD - ok
21:31:51.0023 3888 RealNetworks Downloader Resolver Service (6b220cc1b8eb7f8723f5082f4a990b3c) C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
21:31:51.0116 3888 RealNetworks Downloader Resolver Service - ok
21:31:51.0163 3888 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:31:51.0241 3888 RemoteAccess - ok
21:31:51.0304 3888 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
21:31:51.0335 3888 RemoteRegistry - ok
21:31:51.0397 3888 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:31:51.0444 3888 RpcLocator - ok
21:31:51.0522 3888 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:31:51.0569 3888 RpcSs - ok
21:31:51.0662 3888 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:31:51.0725 3888 rspndr - ok
21:31:51.0772 3888 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:31:51.0818 3888 SamSs - ok
21:31:51.0912 3888 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:31:51.0959 3888 sbp2port - ok
21:31:51.0990 3888 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
21:31:52.0052 3888 SCardSvr - ok
21:31:52.0115 3888 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
21:31:52.0255 3888 Schedule - ok
21:31:52.0302 3888 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:31:52.0333 3888 SCPolicySvc - ok
21:31:52.0396 3888 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:31:52.0458 3888 SDRSVC - ok
21:31:52.0520 3888 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:31:52.0598 3888 secdrv - ok
21:31:52.0630 3888 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:31:52.0692 3888 seclogon - ok
21:31:52.0723 3888 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
21:31:52.0770 3888 SENS - ok
21:31:52.0801 3888 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:31:52.0879 3888 Serenum - ok
21:31:52.0910 3888 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:31:53.0004 3888 Serial - ok
21:31:53.0051 3888 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:31:53.0098 3888 sermouse - ok
21:31:53.0160 3888 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:31:53.0238 3888 SessionEnv - ok
21:31:53.0285 3888 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
21:31:53.0363 3888 sffdisk - ok
21:31:53.0394 3888 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
21:31:53.0472 3888 sffp_mmc - ok
21:31:53.0503 3888 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
21:31:53.0566 3888 sffp_sd - ok
21:31:53.0597 3888 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:31:53.0675 3888 sfloppy - ok
21:31:53.0706 3888 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
21:31:53.0815 3888 SharedAccess - ok
21:31:53.0862 3888 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
21:31:53.0940 3888 ShellHWDetection - ok
21:31:53.0987 3888 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
21:31:54.0034 3888 sisagp - ok
21:31:54.0065 3888 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:31:54.0096 3888 SiSRaid2 - ok
21:31:54.0112 3888 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:31:54.0143 3888 SiSRaid4 - ok
21:31:56.0093 3888 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
21:31:56.0420 3888 slsvc - ok
21:31:56.0530 3888 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
21:31:56.0576 3888 SLUINotify - ok
21:31:56.0639 3888 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:31:56.0686 3888 Smb - ok
21:31:56.0732 3888 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:31:56.0795 3888 SNMPTRAP - ok
21:31:56.0951 3888 SPBBCDrv (905782bcf15b6e5af9905b77923c7fa2) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
21:31:57.0013 3888 SPBBCDrv - ok
21:31:57.0076 3888 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:31:57.0091 3888 spldr - ok
21:31:57.0138 3888 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
21:31:57.0232 3888 Spooler - ok
21:31:57.0294 3888 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS
21:31:57.0356 3888 SRTSP - ok
21:31:57.0403 3888 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS
21:31:57.0497 3888 SRTSPL - ok
21:31:57.0528 3888 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS
21:31:57.0559 3888 SRTSPX - ok
21:31:57.0606 3888 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:31:57.0700 3888 srv - ok
21:31:57.0731 3888 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:31:57.0809 3888 srv2 - ok
21:31:57.0840 3888 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:31:57.0871 3888 srvnet - ok
21:31:57.0918 3888 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:31:58.0027 3888 SSDPSRV - ok
21:31:58.0090 3888 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:31:58.0152 3888 SstpSvc - ok
21:31:58.0214 3888 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
21:31:58.0277 3888 stisvc - ok
21:31:58.0308 3888 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:31:58.0339 3888 swenum - ok
21:31:58.0402 3888 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
21:31:58.0464 3888 swprv - ok
21:31:58.0682 3888 Symantec Core LC (fa2f6a8849219b16460bf44f9d1f3aa7) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
21:31:58.0776 3888 Symantec Core LC - ok
21:31:58.0823 3888 SymAppCore (2fe779b1a07747fed8074c433c3c4604) c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
21:31:58.0854 3888 SymAppCore - ok
21:31:58.0994 3888 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:31:59.0041 3888 Symc8xx - ok
21:31:59.0104 3888 SYMDNS (51b57cda977170ac608d839dbfa1d3ee) C:\Windows\System32\Drivers\SYMDNS.SYS
21:31:59.0135 3888 SYMDNS - ok
21:31:59.0166 3888 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
21:31:59.0197 3888 SymEvent - ok
21:31:59.0228 3888 SYMFW (a131d8360b01044517aa44529e2137d6) C:\Windows\System32\Drivers\SYMFW.SYS
21:31:59.0275 3888 SYMFW - ok
21:31:59.0291 3888 SYMIDS (2b77868f02dae02103380b824431b798) C:\Windows\System32\Drivers\SYMIDS.SYS
21:31:59.0306 3888 SYMIDS - ok
21:31:59.0338 3888 SYMNDISV (7d3addfe63e5227bd2dbd5692bafb688) C:\Windows\System32\Drivers\SYMNDISV.SYS
21:31:59.0384 3888 SYMNDISV - ok
21:31:59.0431 3888 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
21:31:59.0447 3888 SYMREDRV - ok
21:31:59.0478 3888 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
21:31:59.0509 3888 SYMTDI - ok
21:31:59.0556 3888 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:31:59.0587 3888 Sym_hi - ok
21:31:59.0603 3888 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:31:59.0634 3888 Sym_u3 - ok
21:31:59.0681 3888 SynTP (5d6e865780aae258aba1a1484782cfec) C:\Windows\system32\DRIVERS\SynTP.sys
21:31:59.0728 3888 SynTP - ok
21:31:59.0790 3888 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
21:31:59.0884 3888 SysMain - ok
21:31:59.0930 3888 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:31:59.0993 3888 TabletInputService - ok
21:32:00.0040 3888 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
21:32:00.0118 3888 TapiSrv - ok
21:32:00.0149 3888 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:32:00.0196 3888 TBS - ok
21:32:00.0414 3888 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:32:00.0508 3888 Tcpip - ok
21:32:00.0523 3888 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:32:00.0586 3888 Tcpip6 - ok
21:32:00.0648 3888 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:32:00.0726 3888 tcpipreg - ok
21:32:00.0757 3888 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:32:00.0835 3888 TDPIPE - ok
21:32:00.0866 3888 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:32:00.0929 3888 TDTCP - ok
21:32:00.0960 3888 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
21:32:01.0007 3888 tdx - ok
21:32:01.0038 3888 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:32:01.0069 3888 TermDD - ok
21:32:01.0147 3888 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
21:32:01.0210 3888 TermService - ok
21:32:01.0303 3888 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
21:32:01.0350 3888 Themes - ok
21:32:01.0428 3888 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:32:01.0490 3888 THREADORDER - ok
21:32:01.0568 3888 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:32:01.0615 3888 TrkWks - ok
21:32:01.0693 3888 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
21:32:01.0740 3888 TrustedInstaller - ok
21:32:01.0787 3888 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:32:01.0834 3888 tssecsrv - ok
21:32:01.0896 3888 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:32:01.0927 3888 tunmp - ok
21:32:01.0958 3888 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:32:01.0990 3888 tunnel - ok
21:32:02.0036 3888 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:32:02.0068 3888 uagp35 - ok
21:32:02.0099 3888 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:32:02.0161 3888 udfs - ok
21:32:02.0208 3888 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:32:02.0255 3888 UI0Detect - ok
21:32:02.0286 3888 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
21:32:02.0317 3888 uliagpkx - ok
21:32:02.0364 3888 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:32:02.0426 3888 uliahci - ok
21:32:02.0442 3888 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:32:02.0489 3888 UlSata - ok
21:32:02.0520 3888 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:32:02.0598 3888 ulsata2 - ok
21:32:02.0629 3888 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:32:02.0692 3888 umbus - ok
21:32:02.0754 3888 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:32:02.0816 3888 upnphost - ok
21:32:02.0879 3888 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
21:32:02.0926 3888 USBAAPL - ok
21:32:02.0972 3888 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:32:03.0019 3888 usbccgp - ok
21:32:03.0082 3888 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:32:03.0160 3888 usbcir - ok
21:32:03.0206 3888 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:32:03.0269 3888 usbehci - ok
21:32:03.0316 3888 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:32:03.0378 3888 usbhub - ok
21:32:03.0409 3888 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\DRIVERS\usbohci.sys
21:32:03.0487 3888 usbohci - ok
21:32:03.0534 3888 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:32:03.0612 3888 usbprint - ok
21:32:03.0643 3888 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:32:03.0690 3888 usbscan - ok
21:32:03.0737 3888 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:32:03.0784 3888 USBSTOR - ok
21:32:03.0815 3888 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:32:03.0877 3888 usbuhci - ok
21:32:03.0940 3888 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
21:32:04.0018 3888 usbvideo - ok
21:32:04.0064 3888 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
21:32:04.0096 3888 UxSms - ok
21:32:04.0142 3888 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
21:32:04.0236 3888 vds - ok
21:32:04.0283 3888 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
21:32:04.0376 3888 vga - ok
21:32:04.0486 3888 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:32:04.0532 3888 VgaSave - ok
21:32:04.0626 3888 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
21:32:04.0657 3888 viaagp - ok
21:32:04.0735 3888 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:32:05.0297 3888 ViaC7 - ok
21:32:05.0453 3888 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
21:32:05.0484 3888 viaide - ok
21:32:05.0531 3888 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:32:05.0562 3888 volmgr - ok
21:32:05.0656 3888 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:32:05.0718 3888 volmgrx - ok
21:32:05.0780 3888 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:32:05.0812 3888 volsnap - ok
21:32:05.0999 3888 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:32:06.0061 3888 vsmraid - ok
21:32:06.0202 3888 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
21:32:06.0342 3888 VSS - ok
21:32:06.0389 3888 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
21:32:06.0436 3888 W32Time - ok
21:32:06.0701 3888 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:32:06.0794 3888 WacomPen - ok
21:32:06.0935 3888 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:32:06.0982 3888 Wanarp - ok
21:32:07.0013 3888 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:32:07.0075 3888 Wanarpv6 - ok
21:32:07.0169 3888 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
21:32:07.0418 3888 wcncsvc - ok
21:32:07.0528 3888 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:32:07.0606 3888 WcsPlugInService - ok
21:32:07.0652 3888 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:32:07.0684 3888 Wd - ok
21:32:07.0949 3888 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:32:07.0996 3888 Wdf01000 - ok
21:32:08.0198 3888 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:32:08.0276 3888 WdiServiceHost - ok
21:32:08.0292 3888 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:32:08.0354 3888 WdiSystemHost - ok
21:32:08.0432 3888 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
21:32:08.0495 3888 WebClient - ok
21:32:08.0588 3888 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
21:32:08.0760 3888 Wecsvc - ok
21:32:08.0916 3888 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:32:08.0978 3888 wercplsupport - ok
21:32:09.0056 3888 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
21:32:09.0150 3888 WerSvc - ok
21:32:09.0337 3888 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:32:09.0618 3888 winachsf - ok
21:32:10.0024 3888 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
21:32:10.0226 3888 WinDefend - ok
21:32:10.0258 3888 WinHttpAutoProxySvc - ok
21:32:10.0351 3888 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
21:32:10.0429 3888 Winmgmt - ok
21:32:10.0570 3888 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
21:32:10.0679 3888 WinRM - ok
21:32:10.0850 3888 winusb (086d2e78eecd6195667282adc6ca109f) C:\Windows\system32\DRIVERS\WinUSB.SYS
21:32:10.0991 3888 winusb - ok
21:32:11.0131 3888 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
21:32:11.0272 3888 Wlansvc - ok
21:32:11.0396 3888 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:32:11.0443 3888 WmiAcpi - ok
21:32:13.0175 3888 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
21:32:13.0222 3888 wmiApSrv - ok
21:32:13.0346 3888 WMIService (e8781cf1a4262881897444d22921a3a6) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
21:32:13.0393 3888 WMIService ( UnsignedFile.Multi.Generic ) - warning
21:32:13.0393 3888 WMIService - detected UnsignedFile.Multi.Generic (1)
21:32:13.0534 3888 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:32:13.0752 3888 WMPNetworkSvc - ok
21:32:13.0799 3888 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
21:32:13.0846 3888 WPCSvc - ok
21:32:13.0892 3888 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
21:32:13.0939 3888 WPDBusEnum - ok
21:32:14.0017 3888 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
21:32:14.0080 3888 WpdUsb - ok
21:32:14.0111 3888 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:32:14.0158 3888 ws2ifsl - ok
21:32:14.0204 3888 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
21:32:14.0220 3888 wscsvc - ok
21:32:14.0236 3888 WSearch - ok
21:32:14.0407 3888 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
21:32:14.0657 3888 wuauserv - ok
21:32:14.0797 3888 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:32:14.0860 3888 WUDFRd - ok
21:32:14.0906 3888 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:32:14.0969 3888 wudfsvc - ok
21:32:15.0031 3888 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
21:32:15.0047 3888 XAudio - ok
21:32:15.0094 3888 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
21:32:15.0172 3888 XAudioService - ok
21:32:15.0234 3888 yukonwlh (2d07e65ed0023bb10b13a912b27dfb1a) C:\Windows\system32\DRIVERS\yk60x86.sys
21:32:15.0296 3888 yukonwlh - ok
21:32:15.0328 3888 MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0
21:32:19.0571 3888 \Device\Harddisk0\DR0 - ok
21:32:19.0602 3888 Boot (0x1200) (810a4bbcb1f100e8e8e36530ff416631) \Device\Harddisk0\DR0\Partition0
21:32:19.0602 3888 \Device\Harddisk0\DR0\Partition0 - ok
21:32:19.0633 3888 Boot (0x1200) (259701f719000fc2863872f41ad95dbe) \Device\Harddisk0\DR0\Partition1
21:32:19.0633 3888 \Device\Harddisk0\DR0\Partition1 - ok
21:32:19.0649 3888 ============================================================
21:32:19.0649 3888 Scan finished
21:32:19.0649 3888 ============================================================
21:32:19.0664 1248 Detected object count: 7
21:32:19.0664 1248 Actual detected object count: 7
21:32:34.0250 1248 eLockService ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:34.0250 1248 eLockService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:32:34.0250 1248 eNet Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:34.0250 1248 eNet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:32:34.0250 1248 eRecoveryService ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:34.0250 1248 eRecoveryService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:32:34.0250 1248 eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:34.0250 1248 eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:32:34.0250 1248 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:34.0250 1248 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:32:34.0250 1248 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:34.0250 1248 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:32:34.0250 1248 WMIService ( UnsignedFile.Multi.Generic ) - skipped by user
21:32:34.0250 1248 WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:32:37.0682 0480 Deinitialize success

#11 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:06:57 AM

Posted 04 May 2012 - 02:09 AM

Please now continue with running Combofix following the instructions in post 5.

And tell me how your PC is running now.

Edited by mark1956, 04 May 2012 - 02:11 AM.


#12 sedaps

sedaps
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 05 May 2012 - 11:47 AM

Hey Mark.So far so got as far as the redirecting issue. Thanks so much. I do want to give a little donation for
the site though. How do i do that? Also I ran the TDDSkiler a few minutes ago and there is still a issue that comes
up. After it cured itself, I rebooted and ran the scan again.The same virus still there. Here is the log.


12:17:32.0331 3732 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
12:17:32.0768 3732 ============================================================
12:17:32.0768 3732 Current date / time: 2012/05/05 12:17:32.0768
12:17:32.0768 3732 SystemInfo:
12:17:32.0768 3732
12:17:32.0768 3732 OS Version: 6.0.6002 ServicePack: 2.0
12:17:32.0768 3732 Product type: Workstation
12:17:32.0768 3732 ComputerName: STEPH-PC
12:17:32.0768 3732 UserName: steph
12:17:32.0768 3732 Windows directory: C:\Windows
12:17:32.0768 3732 System windows directory: C:\Windows
12:17:32.0768 3732 Processor architecture: Intel x86
12:17:32.0768 3732 Number of processors: 1
12:17:32.0768 3732 Page size: 0x1000
12:17:32.0768 3732 Boot type: Normal boot
12:17:32.0768 3732 ============================================================
12:17:33.0829 3732 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:17:33.0829 3732 ============================================================
12:17:33.0829 3732 \Device\Harddisk0\DR0:
12:17:33.0829 3732 MBR partitions:
12:17:33.0829 3732 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x40C4800
12:17:33.0829 3732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x544D000, BlocksNum 0x40C2000
12:17:33.0829 3732 ============================================================
12:17:33.0860 3732 C: <-> \Device\Harddisk0\DR0\Partition0
12:17:33.0907 3732 D: <-> \Device\Harddisk0\DR0\Partition1
12:17:33.0907 3732 ============================================================
12:17:33.0907 3732 Initialize success
12:17:33.0907 3732 ============================================================
12:17:47.0104 0672 ============================================================
12:17:47.0104 0672 Scan started
12:17:47.0104 0672 Mode: Manual; SigCheck; TDLFS;
12:17:47.0104 0672 ============================================================
12:17:47.0978 0672 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:17:48.0196 0672 ACPI - ok
12:17:48.0305 0672 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:17:48.0415 0672 AdobeFlashPlayerUpdateSvc - ok
12:17:48.0477 0672 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
12:17:48.0571 0672 adp94xx - ok
12:17:48.0617 0672 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
12:17:48.0680 0672 adpahci - ok
12:17:48.0711 0672 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
12:17:48.0805 0672 adpu160m - ok
12:17:48.0820 0672 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
12:17:48.0883 0672 adpu320 - ok
12:17:48.0945 0672 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
12:17:49.0429 0672 AeLookupSvc - ok
12:17:49.0507 0672 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:17:49.0647 0672 AFD - ok
12:17:49.0678 0672 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
12:17:49.0756 0672 agp440 - ok
12:17:49.0803 0672 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:17:49.0850 0672 aic78xx - ok
12:17:49.0897 0672 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
12:17:49.0990 0672 ALG - ok
12:17:50.0021 0672 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
12:17:50.0162 0672 aliide - ok
12:17:50.0224 0672 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
12:17:50.0287 0672 amdagp - ok
12:17:50.0318 0672 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
12:17:50.0411 0672 amdide - ok
12:17:50.0474 0672 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
12:17:50.0692 0672 AmdK7 - ok
12:17:50.0723 0672 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
12:17:50.0879 0672 AmdK8 - ok
12:17:50.0942 0672 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
12:17:51.0035 0672 Appinfo - ok
12:17:51.0176 0672 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:17:51.0191 0672 Apple Mobile Device - ok
12:17:51.0223 0672 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
12:17:51.0332 0672 arc - ok
12:17:51.0379 0672 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
12:17:51.0441 0672 arcsas - ok
12:17:51.0472 0672 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:17:51.0550 0672 AsyncMac - ok
12:17:51.0581 0672 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:17:51.0659 0672 atapi - ok
12:17:51.0737 0672 athr (d9583d3c896f0c608d8a484906650b2c) C:\Windows\system32\DRIVERS\athr.sys
12:17:51.0909 0672 athr - ok
12:17:51.0987 0672 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:17:52.0096 0672 AudioEndpointBuilder - ok
12:17:52.0112 0672 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:17:52.0143 0672 Audiosrv - ok
12:17:52.0205 0672 Automatic LiveUpdate Scheduler (b5d974c1fd078a68c7536c561b031d39) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
12:17:52.0299 0672 Automatic LiveUpdate Scheduler - ok
12:17:52.0408 0672 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
12:17:52.0564 0672 BCM43XV - ok
12:17:52.0627 0672 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:17:52.0689 0672 Beep - ok
12:17:52.0736 0672 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
12:17:52.0829 0672 BFE - ok
12:17:52.0939 0672 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
12:17:53.0079 0672 BITS - ok
12:17:53.0095 0672 blbdrive - ok
12:17:53.0126 0672 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:17:53.0188 0672 bowser - ok
12:17:53.0235 0672 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:17:53.0329 0672 BrFiltLo - ok
12:17:53.0344 0672 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:17:53.0438 0672 BrFiltUp - ok
12:17:53.0485 0672 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
12:17:53.0563 0672 Browser - ok
12:17:53.0609 0672 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:17:53.0750 0672 Brserid - ok
12:17:53.0765 0672 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:17:53.0843 0672 BrSerWdm - ok
12:17:53.0875 0672 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:17:53.0953 0672 BrUsbMdm - ok
12:17:53.0968 0672 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:17:54.0062 0672 BrUsbSer - ok
12:17:54.0109 0672 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:17:54.0218 0672 BTHMODEM - ok
12:17:54.0327 0672 catchme - ok
12:17:54.0467 0672 ccEvtMgr (e7aab1a32ac2eea4c4b735b8d034c802) c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
12:17:54.0530 0672 ccEvtMgr - ok
12:17:54.0545 0672 ccSetMgr (e7aab1a32ac2eea4c4b735b8d034c802) c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
12:17:54.0561 0672 ccSetMgr - ok
12:17:54.0623 0672 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:17:54.0733 0672 cdfs - ok
12:17:54.0779 0672 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:17:54.0889 0672 cdrom - ok
12:17:54.0935 0672 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:17:54.0982 0672 CertPropSvc - ok
12:17:55.0029 0672 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
12:17:55.0123 0672 circlass - ok
12:17:55.0169 0672 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:17:55.0216 0672 CLFS - ok
12:17:55.0310 0672 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:17:55.0372 0672 clr_optimization_v2.0.50727_32 - ok
12:17:55.0388 0672 CLTNetCnService (e7aab1a32ac2eea4c4b735b8d034c802) c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
12:17:55.0419 0672 CLTNetCnService - ok
12:17:55.0466 0672 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
12:17:55.0544 0672 CmBatt - ok
12:17:55.0575 0672 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
12:17:55.0622 0672 cmdide - ok
12:17:55.0700 0672 comHost (7ce352882828c12dd7632b172253a02c) c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
12:17:55.0762 0672 comHost - ok
12:17:55.0793 0672 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
12:17:55.0825 0672 Compbatt - ok
12:17:55.0840 0672 COMSysApp - ok
12:17:55.0840 0672 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
12:17:55.0903 0672 crcdisk - ok
12:17:55.0949 0672 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
12:17:56.0059 0672 Crusoe - ok
12:17:56.0121 0672 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
12:17:56.0183 0672 CryptSvc - ok
12:17:56.0261 0672 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:17:56.0324 0672 DcomLaunch - ok
12:17:56.0339 0672 DfsC - ok
12:17:56.0495 0672 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
12:17:56.0776 0672 DFSR - ok
12:17:56.0932 0672 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
12:17:57.0041 0672 Dhcp - ok
12:17:57.0119 0672 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:17:57.0166 0672 disk - ok
12:17:57.0229 0672 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
12:17:57.0322 0672 DKbFltr - ok
12:17:57.0385 0672 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
12:17:57.0494 0672 Dnscache - ok
12:17:57.0525 0672 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
12:17:57.0603 0672 dot3svc - ok
12:17:57.0665 0672 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
12:17:57.0759 0672 DPS - ok
12:17:57.0806 0672 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:17:57.0884 0672 drmkaud - ok
12:17:57.0962 0672 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:17:58.0087 0672 DXGKrnl - ok
12:17:58.0133 0672 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:17:58.0211 0672 E1G60 - ok
12:17:58.0243 0672 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
12:17:58.0305 0672 EapHost - ok
12:17:58.0367 0672 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:17:58.0430 0672 Ecache - ok
12:17:58.0555 0672 eDataSecurity Service (f54907aa07f60aff81e1e09e97af98b0) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
12:17:58.0648 0672 eDataSecurity Service - ok
12:17:58.0773 0672 eeCtrl (47ce4e650d91dc095a2fddb15631a78a) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:17:58.0851 0672 eeCtrl - ok
12:17:58.0945 0672 eLockService (a7b5f3b9363f9ab1d4fe459baf3b15d6) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
12:17:59.0023 0672 eLockService ( UnsignedFile.Multi.Generic ) - warning
12:17:59.0023 0672 eLockService - detected UnsignedFile.Multi.Generic (1)
12:17:59.0085 0672 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
12:17:59.0147 0672 elxstor - ok
12:17:59.0225 0672 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
12:17:59.0366 0672 EMDMgmt - ok
12:17:59.0444 0672 eNet Service (207e2dda01aac6ad64f0368ca59fc179) C:\Acer\Empowering Technology\eNet\eNet Service.exe
12:17:59.0522 0672 eNet Service ( UnsignedFile.Multi.Generic ) - warning
12:17:59.0522 0672 eNet Service - detected UnsignedFile.Multi.Generic (1)
12:17:59.0647 0672 EraserUtilRebootDrv (ce3ef5c79cb0bfa036e844f74c52d759) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:17:59.0693 0672 EraserUtilRebootDrv - ok
12:17:59.0740 0672 eRecoveryService (a7b084bfbbd582a843d2f5c35220f962) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
12:17:59.0818 0672 eRecoveryService ( UnsignedFile.Multi.Generic ) - warning
12:17:59.0818 0672 eRecoveryService - detected UnsignedFile.Multi.Generic (1)
12:17:59.0865 0672 eSettingsService (06484e97d22f06de8de0f8e2bec6fa9e) C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
12:17:59.0943 0672 eSettingsService ( UnsignedFile.Multi.Generic ) - warning
12:17:59.0943 0672 eSettingsService - detected UnsignedFile.Multi.Generic (1)
12:18:00.0005 0672 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
12:18:00.0083 0672 EventSystem - ok
12:18:00.0177 0672 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:18:00.0271 0672 exfat - ok
12:18:00.0333 0672 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:18:00.0411 0672 fastfat - ok
12:18:00.0458 0672 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
12:18:00.0551 0672 fdc - ok
12:18:00.0614 0672 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
12:18:00.0645 0672 fdPHost - ok
12:18:00.0676 0672 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
12:18:00.0770 0672 FDResPub - ok
12:18:00.0817 0672 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:18:00.0848 0672 FileInfo - ok
12:18:00.0895 0672 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:18:00.0973 0672 Filetrace - ok
12:18:01.0004 0672 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
12:18:01.0129 0672 flpydisk - ok
12:18:01.0175 0672 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:18:01.0222 0672 FltMgr - ok
12:18:01.0347 0672 FontCache (452feaab2a8dbb42ed751754cb2594f5) C:\Windows\system32\FntCache.dll
12:18:01.0487 0672 FontCache - ok
12:18:01.0597 0672 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:18:01.0675 0672 FontCache3.0.0.0 - ok
12:18:01.0721 0672 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
12:18:01.0784 0672 Fs_Rec - ok
12:18:01.0831 0672 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
12:18:01.0877 0672 gagp30kx - ok
12:18:01.0940 0672 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
12:18:02.0018 0672 gpsvc - ok
12:18:02.0080 0672 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
12:18:02.0189 0672 HdAudAddService - ok
12:18:02.0252 0672 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:18:02.0423 0672 HDAudBus - ok
12:18:02.0470 0672 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:18:02.0564 0672 HidBth - ok
12:18:02.0611 0672 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:18:02.0720 0672 HidIr - ok
12:18:02.0782 0672 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
12:18:02.0876 0672 hidserv - ok
12:18:02.0907 0672 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
12:18:02.0985 0672 HidUsb - ok
12:18:03.0032 0672 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
12:18:03.0110 0672 hkmsvc - ok
12:18:03.0157 0672 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
12:18:03.0203 0672 HpCISSs - ok
12:18:03.0266 0672 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
12:18:03.0375 0672 HSFHWAZL - ok
12:18:03.0453 0672 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
12:18:03.0687 0672 HSF_DPV - ok
12:18:03.0749 0672 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
12:18:03.0859 0672 HSXHWAZL - ok
12:18:03.0905 0672 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
12:18:03.0983 0672 HTTP - ok
12:18:04.0046 0672 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
12:18:04.0108 0672 i2omp - ok
12:18:04.0186 0672 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:18:04.0233 0672 i8042prt - ok
12:18:04.0342 0672 IAANTMON (ae38a12f79a4980ddb88f36514f8a1da) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
12:18:04.0420 0672 IAANTMON - ok
12:18:04.0467 0672 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys
12:18:04.0498 0672 iaStor - ok
12:18:04.0529 0672 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
12:18:04.0607 0672 iaStorV - ok
12:18:04.0717 0672 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:18:04.0904 0672 idsvc - ok
12:18:05.0075 0672 IDSvix86 (f49b22e2cc15de6e752fc8cb24eb7069) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080829.001\IDSvix86.sys
12:18:05.0138 0672 IDSvix86 - ok
12:18:05.0356 0672 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
12:18:05.0606 0672 igfx - ok
12:18:05.0731 0672 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:18:05.0777 0672 iirsp - ok
12:18:05.0887 0672 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
12:18:05.0949 0672 IKEEXT - ok
12:18:06.0058 0672 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
12:18:06.0105 0672 int15 - ok
12:18:06.0261 0672 IntcAzAudAddService (90a10b39896040b3154613c11c932aeb) C:\Windows\system32\drivers\RTKVHDA.sys
12:18:06.0417 0672 IntcAzAudAddService - ok
12:18:06.0589 0672 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
12:18:06.0635 0672 intelide - ok
12:18:06.0651 0672 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:18:06.0729 0672 intelppm - ok
12:18:06.0760 0672 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
12:18:06.0838 0672 IPBusEnum - ok
12:18:06.0885 0672 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:18:06.0963 0672 IpFilterDriver - ok
12:18:07.0025 0672 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
12:18:07.0119 0672 iphlpsvc - ok
12:18:07.0119 0672 IpInIp - ok
12:18:07.0166 0672 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
12:18:07.0228 0672 IPMIDRV - ok
12:18:07.0275 0672 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:18:07.0353 0672 IPNAT - ok
12:18:07.0400 0672 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:18:07.0493 0672 IRENUM - ok
12:18:07.0540 0672 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
12:18:07.0587 0672 isapnp - ok
12:18:07.0634 0672 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:18:07.0696 0672 iScsiPrt - ok
12:18:07.0759 0672 ISPwdSvc (36474fde02f8422b8b1a52ead9894dbc) c:\Program Files\Norton Internet Security\isPwdSvc.exe
12:18:07.0790 0672 ISPwdSvc - ok
12:18:07.0821 0672 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:18:07.0868 0672 iteatapi - ok
12:18:07.0915 0672 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:18:07.0946 0672 iteraid - ok
12:18:07.0993 0672 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:18:08.0024 0672 kbdclass - ok
12:18:08.0102 0672 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
12:18:08.0195 0672 kbdhid - ok
12:18:08.0227 0672 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:18:08.0336 0672 KeyIso - ok
12:18:08.0367 0672 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
12:18:08.0445 0672 KSecDD - ok
12:18:08.0523 0672 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
12:18:08.0632 0672 KtmRm - ok
12:18:08.0663 0672 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
12:18:08.0741 0672 LanmanServer - ok
12:18:08.0804 0672 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
12:18:08.0882 0672 LanmanWorkstation - ok
12:18:09.0022 0672 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:18:09.0053 0672 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
12:18:09.0053 0672 LightScribeService - detected UnsignedFile.Multi.Generic (1)
12:18:09.0241 0672 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
12:18:09.0397 0672 LiveUpdate - ok
12:18:09.0537 0672 LiveUpdate Notice Ex (e7aab1a32ac2eea4c4b735b8d034c802) c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
12:18:09.0553 0672 LiveUpdate Notice Ex - ok
12:18:09.0693 0672 LiveUpdate Notice Service (2d1389e05a807d956829f44bd4b60389) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
12:18:09.0755 0672 LiveUpdate Notice Service - ok
12:18:09.0880 0672 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:18:09.0958 0672 lltdio - ok
12:18:10.0005 0672 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
12:18:10.0067 0672 lltdsvc - ok
12:18:10.0114 0672 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
12:18:10.0192 0672 lmhosts - ok
12:18:10.0239 0672 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
12:18:10.0270 0672 LSI_FC - ok
12:18:10.0286 0672 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
12:18:10.0348 0672 LSI_SAS - ok
12:18:10.0379 0672 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
12:18:10.0426 0672 LSI_SCSI - ok
12:18:10.0457 0672 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:18:10.0520 0672 luafv - ok
12:18:10.0551 0672 MCSTRM - ok
12:18:10.0598 0672 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:18:10.0645 0672 mdmxsdk - ok
12:18:10.0707 0672 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
12:18:10.0723 0672 megasas - ok
12:18:10.0769 0672 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:18:10.0832 0672 MMCSS - ok
12:18:10.0863 0672 MobilityService - ok
12:18:10.0925 0672 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:18:10.0972 0672 Modem - ok
12:18:11.0035 0672 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:18:11.0097 0672 monitor - ok
12:18:11.0128 0672 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:18:11.0191 0672 mouclass - ok
12:18:11.0237 0672 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:18:11.0300 0672 mouhid - ok
12:18:11.0331 0672 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:18:11.0362 0672 MountMgr - ok
12:18:11.0425 0672 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
12:18:11.0456 0672 mpio - ok
12:18:11.0503 0672 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:18:11.0565 0672 mpsdrv - ok
12:18:11.0643 0672 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
12:18:11.0752 0672 MpsSvc - ok
12:18:11.0799 0672 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:18:11.0846 0672 Mraid35x - ok
12:18:11.0893 0672 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:18:11.0971 0672 MRxDAV - ok
12:18:12.0002 0672 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:18:12.0049 0672 mrxsmb - ok
12:18:12.0095 0672 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:18:12.0158 0672 mrxsmb10 - ok
12:18:12.0189 0672 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:18:12.0251 0672 mrxsmb20 - ok
12:18:12.0298 0672 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
12:18:12.0345 0672 msahci - ok
12:18:12.0376 0672 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
12:18:12.0407 0672 msdsm - ok
12:18:12.0454 0672 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
12:18:12.0563 0672 MSDTC - ok
12:18:12.0610 0672 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:18:12.0688 0672 Msfs - ok
12:18:12.0719 0672 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:18:12.0751 0672 msisadrv - ok
12:18:12.0797 0672 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
12:18:12.0875 0672 MSiSCSI - ok
12:18:12.0875 0672 msiserver - ok
12:18:12.0922 0672 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:18:12.0985 0672 MSKSSRV - ok
12:18:13.0016 0672 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:18:13.0078 0672 MSPCLOCK - ok
12:18:13.0156 0672 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:18:13.0203 0672 MSPQM - ok
12:18:13.0234 0672 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:18:13.0297 0672 MsRPC - ok
12:18:13.0328 0672 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:18:13.0359 0672 mssmbios - ok
12:18:13.0406 0672 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:18:13.0453 0672 MSTEE - ok
12:18:13.0499 0672 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:18:13.0546 0672 Mup - ok
12:18:13.0593 0672 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
12:18:13.0671 0672 napagent - ok
12:18:13.0718 0672 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:18:13.0749 0672 NativeWifiP - ok
12:18:13.0921 0672 NAVENG (d8f9e712479f2f8dc8c3524a62365f95) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080905.006\NAVENG.SYS
12:18:13.0967 0672 NAVENG - ok
12:18:14.0045 0672 NAVEX15 (0b127bbe41300dede016e86e47329cdd) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080905.006\NAVEX15.SYS
12:18:14.0123 0672 NAVEX15 - ok
12:18:14.0186 0672 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:18:14.0279 0672 NDIS - ok
12:18:14.0311 0672 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:18:14.0357 0672 NdisTapi - ok
12:18:14.0404 0672 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:18:14.0451 0672 Ndisuio - ok
12:18:14.0513 0672 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:18:14.0591 0672 NdisWan - ok
12:18:14.0654 0672 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:18:14.0701 0672 NDProxy - ok
12:18:14.0763 0672 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:18:14.0825 0672 NetBIOS - ok
12:18:15.0137 0672 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:18:15.0215 0672 netbt - ok
12:18:15.0278 0672 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:18:15.0309 0672 Netlogon - ok
12:18:15.0403 0672 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
12:18:15.0512 0672 Netman - ok
12:18:15.0590 0672 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
12:18:15.0637 0672 netprofm - ok
12:18:15.0746 0672 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:18:15.0808 0672 NetTcpPortSharing - ok
12:18:15.0917 0672 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:18:15.0964 0672 nfrd960 - ok
12:18:16.0869 0672 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
12:18:16.0947 0672 NlaSvc - ok
12:18:16.0978 0672 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:18:17.0009 0672 Npfs - ok
12:18:17.0056 0672 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
12:18:17.0134 0672 nsi - ok
12:18:17.0165 0672 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:18:17.0228 0672 nsiproxy - ok
12:18:17.0321 0672 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:18:17.0446 0672 Ntfs - ok
12:18:17.0524 0672 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
12:18:17.0555 0672 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
12:18:17.0555 0672 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
12:18:17.0587 0672 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:18:17.0665 0672 ntrigdigi - ok
12:18:17.0696 0672 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:18:17.0758 0672 Null - ok
12:18:17.0867 0672 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
12:18:18.0023 0672 NVENETFD - ok
12:18:18.0055 0672 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
12:18:18.0101 0672 nvraid - ok
12:18:18.0133 0672 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
12:18:18.0164 0672 nvstor - ok
12:18:18.0195 0672 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
12:18:18.0226 0672 nv_agp - ok
12:18:18.0242 0672 NwlnkFlt - ok
12:18:18.0257 0672 NwlnkFwd - ok
12:18:18.0304 0672 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
12:18:18.0367 0672 ohci1394 - ok
12:18:18.0445 0672 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:18:18.0554 0672 p2pimsvc - ok
12:18:18.0569 0672 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:18:18.0616 0672 p2psvc - ok
12:18:18.0663 0672 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:18:18.0741 0672 Parport - ok
12:18:18.0772 0672 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
12:18:18.0819 0672 partmgr - ok
12:18:18.0866 0672 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:18:18.0944 0672 Parvdm - ok
12:18:18.0991 0672 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
12:18:19.0115 0672 PcaSvc - ok
12:18:19.0162 0672 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:18:19.0240 0672 pci - ok
12:18:19.0271 0672 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
12:18:19.0303 0672 pciide - ok
12:18:19.0365 0672 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
12:18:19.0412 0672 pcmcia - ok
12:18:19.0490 0672 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:18:19.0615 0672 PEAUTH - ok
12:18:19.0786 0672 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
12:18:19.0927 0672 pla - ok
12:18:20.0051 0672 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
12:18:20.0129 0672 PlugPlay - ok
12:18:20.0192 0672 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:18:20.0223 0672 PNRPAutoReg - ok
12:18:20.0239 0672 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:18:20.0285 0672 PNRPsvc - ok
12:18:20.0348 0672 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
12:18:20.0410 0672 PolicyAgent - ok
12:18:20.0504 0672 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:18:20.0566 0672 PptpMiniport - ok
12:18:20.0613 0672 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
12:18:20.0675 0672 Processor - ok
12:18:20.0738 0672 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
12:18:20.0785 0672 ProfSvc - ok
12:18:20.0816 0672 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:18:20.0847 0672 ProtectedStorage - ok
12:18:20.0878 0672 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:18:20.0972 0672 PSched - ok
12:18:21.0019 0672 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
12:18:21.0050 0672 PSDFilter - ok
12:18:21.0065 0672 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
12:18:21.0112 0672 PSDNServ - ok
12:18:21.0143 0672 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
12:18:21.0190 0672 psdvdisk - ok
12:18:21.0284 0672 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
12:18:21.0440 0672 ql2300 - ok
12:18:21.0471 0672 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:18:21.0518 0672 ql40xx - ok
12:18:21.0565 0672 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
12:18:21.0611 0672 QWAVE - ok
12:18:21.0658 0672 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:18:21.0689 0672 QWAVEdrv - ok
12:18:21.0752 0672 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:18:21.0799 0672 RasAcd - ok
12:18:21.0845 0672 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
12:18:21.0908 0672 RasAuto - ok
12:18:21.0955 0672 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:18:22.0033 0672 Rasl2tp - ok
12:18:22.0079 0672 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
12:18:22.0126 0672 RasMan - ok
12:18:22.0157 0672 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:18:22.0235 0672 RasPppoe - ok
12:18:22.0267 0672 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:18:22.0298 0672 RasSstp - ok
12:18:22.0345 0672 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:18:22.0391 0672 rdbss - ok
12:18:22.0438 0672 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:18:22.0469 0672 RDPCDD - ok
12:18:22.0516 0672 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
12:18:22.0657 0672 rdpdr - ok
12:18:22.0672 0672 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:18:22.0719 0672 RDPENCDD - ok
12:18:22.0766 0672 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
12:18:22.0875 0672 RDPWD - ok
12:18:22.0984 0672 RealNetworks Downloader Resolver Service (6b220cc1b8eb7f8723f5082f4a990b3c) C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
12:18:23.0047 0672 RealNetworks Downloader Resolver Service - ok
12:18:23.0093 0672 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
12:18:23.0171 0672 RemoteAccess - ok
12:18:23.0218 0672 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
12:18:23.0249 0672 RemoteRegistry - ok
12:18:23.0281 0672 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
12:18:23.0312 0672 RpcLocator - ok
12:18:23.0374 0672 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:18:23.0421 0672 RpcSs - ok
12:18:23.0468 0672 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:18:23.0546 0672 rspndr - ok
12:18:23.0577 0672 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:18:23.0608 0672 SamSs - ok
12:18:23.0655 0672 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:18:23.0686 0672 sbp2port - ok
12:18:23.0749 0672 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
12:18:23.0795 0672 SCardSvr - ok
12:18:23.0858 0672 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
12:18:23.0983 0672 Schedule - ok
12:18:24.0014 0672 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:18:24.0045 0672 SCPolicySvc - ok
12:18:24.0092 0672 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
12:18:24.0170 0672 SDRSVC - ok
12:18:24.0201 0672 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:18:24.0279 0672 secdrv - ok
12:18:24.0310 0672 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
12:18:24.0357 0672 seclogon - ok
12:18:24.0388 0672 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
12:18:24.0466 0672 SENS - ok
12:18:24.0497 0672 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
12:18:24.0591 0672 Serenum - ok
12:18:24.0622 0672 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
12:18:24.0716 0672 Serial - ok
12:18:24.0763 0672 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:18:24.0794 0672 sermouse - ok
12:18:24.0872 0672 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
12:18:24.0934 0672 SessionEnv - ok
12:18:24.0965 0672 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
12:18:25.0043 0672 sffdisk - ok
12:18:25.0059 0672 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
12:18:25.0153 0672 sffp_mmc - ok
12:18:25.0168 0672 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
12:18:25.0246 0672 sffp_sd - ok
12:18:25.0277 0672 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:18:25.0371 0672 sfloppy - ok
12:18:25.0402 0672 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
12:18:25.0496 0672 SharedAccess - ok
12:18:25.0543 0672 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
12:18:25.0621 0672 ShellHWDetection - ok
12:18:25.0652 0672 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
12:18:25.0714 0672 sisagp - ok
12:18:25.0761 0672 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
12:18:25.0808 0672 SiSRaid2 - ok
12:18:25.0839 0672 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
12:18:25.0886 0672 SiSRaid4 - ok
12:18:26.0073 0672 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
12:18:26.0385 0672 slsvc - ok
12:18:26.0510 0672 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
12:18:26.0557 0672 SLUINotify - ok
12:18:26.0635 0672 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:18:26.0681 0672 Smb - ok
12:18:26.0744 0672 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
12:18:26.0806 0672 SNMPTRAP - ok
12:18:26.0993 0672 SPBBCDrv (905782bcf15b6e5af9905b77923c7fa2) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
12:18:27.0087 0672 SPBBCDrv - ok
12:18:27.0118 0672 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:18:27.0165 0672 spldr - ok
12:18:27.0321 0672 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
12:18:27.0415 0672 Spooler - ok
12:18:27.0477 0672 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS
12:18:27.0539 0672 SRTSP - ok
12:18:27.0586 0672 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS
12:18:27.0649 0672 SRTSPL - ok
12:18:27.0680 0672 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS
12:18:27.0727 0672 SRTSPX - ok
12:18:27.0789 0672 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:18:27.0867 0672 srv - ok
12:18:27.0914 0672 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:18:28.0007 0672 srv2 - ok
12:18:28.0054 0672 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:18:28.0085 0672 srvnet - ok
12:18:28.0444 0672 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
12:18:28.0522 0672 SSDPSRV - ok
12:18:28.0616 0672 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
12:18:28.0694 0672 SstpSvc - ok
12:18:29.0037 0672 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
12:18:29.0115 0672 stisvc - ok
12:18:29.0162 0672 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:18:29.0177 0672 swenum - ok
12:18:29.0255 0672 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
12:18:29.0302 0672 swprv - ok
12:18:29.0489 0672 Symantec Core LC (fa2f6a8849219b16460bf44f9d1f3aa7) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
12:18:29.0599 0672 Symantec Core LC - ok
12:18:29.0677 0672 SymAppCore (2fe779b1a07747fed8074c433c3c4604) c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
12:18:29.0723 0672 SymAppCore - ok
12:18:29.0848 0672 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:18:29.0895 0672 Symc8xx - ok
12:18:29.0926 0672 SYMDNS (51b57cda977170ac608d839dbfa1d3ee) C:\Windows\System32\Drivers\SYMDNS.SYS
12:18:29.0973 0672 SYMDNS - ok
12:18:30.0004 0672 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
12:18:30.0035 0672 SymEvent - ok
12:18:30.0067 0672 SYMFW (a131d8360b01044517aa44529e2137d6) C:\Windows\System32\Drivers\SYMFW.SYS
12:18:30.0113 0672 SYMFW - ok
12:18:30.0129 0672 SYMIDS (2b77868f02dae02103380b824431b798) C:\Windows\System32\Drivers\SYMIDS.SYS
12:18:30.0145 0672 SYMIDS - ok
12:18:30.0176 0672 SYMNDISV (7d3addfe63e5227bd2dbd5692bafb688) C:\Windows\System32\Drivers\SYMNDISV.SYS
12:18:30.0223 0672 SYMNDISV - ok
12:18:30.0269 0672 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
12:18:30.0285 0672 SYMREDRV - ok
12:18:30.0332 0672 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
12:18:30.0363 0672 SYMTDI - ok
12:18:30.0394 0672 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:18:30.0425 0672 Sym_hi - ok
12:18:30.0441 0672 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:18:30.0472 0672 Sym_u3 - ok
12:18:30.0550 0672 SynTP (5d6e865780aae258aba1a1484782cfec) C:\Windows\system32\DRIVERS\SynTP.sys
12:18:30.0581 0672 SynTP - ok
12:18:30.0628 0672 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
12:18:30.0753 0672 SysMain - ok
12:18:30.0800 0672 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
12:18:30.0847 0672 TabletInputService - ok
12:18:30.0893 0672 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
12:18:30.0956 0672 TapiSrv - ok
12:18:31.0003 0672 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
12:18:31.0065 0672 TBS - ok
12:18:31.0143 0672 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
12:18:31.0237 0672 Tcpip - ok
12:18:31.0252 0672 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
12:18:31.0299 0672 Tcpip6 - ok
12:18:31.0346 0672 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
12:18:31.0424 0672 tcpipreg - ok
12:18:31.0455 0672 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:18:31.0533 0672 TDPIPE - ok
12:18:31.0564 0672 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:18:31.0611 0672 TDTCP - ok
12:18:31.0658 0672 tdx (61daf937afc4c7a3db1a3232c3d7e258) C:\Windows\system32\DRIVERS\tdx.sys
12:18:31.0658 0672 tdx ( Virus.Win32.ZAccess.c ) - infected
12:18:31.0658 0672 tdx - detected Virus.Win32.ZAccess.c (0)
12:18:31.0705 0672 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:18:31.0751 0672 TermDD - ok
12:18:31.0814 0672 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
12:18:31.0923 0672 TermService - ok
12:18:31.0970 0672 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
12:18:32.0001 0672 Themes - ok
12:18:32.0032 0672 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:18:32.0063 0672 THREADORDER - ok
12:18:32.0110 0672 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
12:18:32.0157 0672 TrkWks - ok
12:18:32.0219 0672 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
12:18:32.0251 0672 TrustedInstaller - ok
12:18:32.0313 0672 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:18:32.0375 0672 tssecsrv - ok
12:18:32.0438 0672 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:18:32.0469 0672 tunmp - ok
12:18:32.0500 0672 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
12:18:32.0516 0672 tunnel - ok
12:18:32.0563 0672 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
12:18:32.0609 0672 uagp35 - ok
12:18:32.0656 0672 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:18:32.0703 0672 udfs - ok
12:18:32.0765 0672 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
12:18:32.0812 0672 UI0Detect - ok
12:18:32.0843 0672 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
12:18:32.0890 0672 uliagpkx - ok
12:18:32.0937 0672 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
12:18:32.0984 0672 uliahci - ok
12:18:32.0999 0672 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:18:33.0031 0672 UlSata - ok
12:18:33.0077 0672 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:18:33.0124 0672 ulsata2 - ok
12:18:33.0171 0672 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:18:33.0233 0672 umbus - ok
12:18:33.0280 0672 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
12:18:33.0405 0672 upnphost - ok
12:18:33.0467 0672 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
12:18:33.0499 0672 USBAAPL - ok
12:18:33.0545 0672 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:18:33.0623 0672 usbccgp - ok
12:18:33.0670 0672 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:18:33.0733 0672 usbcir - ok
12:18:33.0811 0672 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:18:33.0889 0672 usbehci - ok
12:18:33.0935 0672 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:18:33.0982 0672 usbhub - ok
12:18:34.0060 0672 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\DRIVERS\usbohci.sys
12:18:34.0138 0672 usbohci - ok
12:18:34.0169 0672 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
12:18:34.0247 0672 usbprint - ok
12:18:34.0310 0672 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
12:18:34.0341 0672 usbscan - ok
12:18:34.0388 0672 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:18:34.0419 0672 USBSTOR - ok
12:18:34.0466 0672 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
12:18:34.0544 0672 usbuhci - ok
12:18:34.0575 0672 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
12:18:34.0669 0672 usbvideo - ok
12:18:34.0700 0672 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
12:18:34.0731 0672 UxSms - ok
12:18:34.0793 0672 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
12:18:34.0856 0672 vds - ok
12:18:34.0887 0672 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
12:18:34.0965 0672 vga - ok
12:18:35.0012 0672 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:18:35.0074 0672 VgaSave - ok
12:18:35.0105 0672 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
12:18:35.0152 0672 viaagp - ok
12:18:35.0183 0672 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
12:18:35.0261 0672 ViaC7 - ok
12:18:35.0308 0672 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
12:18:35.0324 0672 viaide - ok
12:18:35.0355 0672 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:18:35.0402 0672 volmgr - ok
12:18:35.0449 0672 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:18:35.0511 0672 volmgrx - ok
12:18:35.0558 0672 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:18:35.0589 0672 volsnap - ok
12:18:35.0620 0672 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
12:18:35.0683 0672 vsmraid - ok
12:18:35.0776 0672 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
12:18:35.0932 0672 VSS - ok
12:18:35.0995 0672 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
12:18:36.0041 0672 W32Time - ok
12:18:36.0088 0672 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:18:36.0151 0672 WacomPen - ok
12:18:36.0197 0672 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:18:36.0229 0672 Wanarp - ok
12:18:36.0244 0672 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:18:36.0275 0672 Wanarpv6 - ok
12:18:36.0322 0672 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
12:18:36.0416 0672 wcncsvc - ok
12:18:36.0478 0672 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
12:18:36.0525 0672 WcsPlugInService - ok
12:18:36.0572 0672 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
12:18:36.0603 0672 Wd - ok
12:18:36.0665 0672 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
12:18:36.0728 0672 Wdf01000 - ok
12:18:36.0775 0672 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:18:36.0853 0672 WdiServiceHost - ok
12:18:36.0868 0672 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:18:36.0915 0672 WdiSystemHost - ok
12:18:36.0962 0672 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
12:18:37.0024 0672 WebClient - ok
12:18:37.0071 0672 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
12:18:37.0118 0672 Wecsvc - ok
12:18:37.0165 0672 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
12:18:37.0227 0672 wercplsupport - ok
12:18:37.0274 0672 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
12:18:37.0352 0672 WerSvc - ok
12:18:37.0430 0672 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
12:18:37.0523 0672 winachsf - ok
12:18:37.0633 0672 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
12:18:37.0711 0672 WinDefend - ok
12:18:37.0726 0672 WinHttpAutoProxySvc - ok
12:18:37.0804 0672 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
12:18:37.0851 0672 Winmgmt - ok
12:18:37.0929 0672 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
12:18:38.0054 0672 WinRM - ok
12:18:38.0147 0672 winusb (086d2e78eecd6195667282adc6ca109f) C:\Windows\system32\DRIVERS\WinUSB.SYS
12:18:38.0225 0672 winusb - ok
12:18:38.0303 0672 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
12:18:38.0397 0672 Wlansvc - ok
12:18:38.0428 0672 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:18:38.0475 0672 WmiAcpi - ok
12:18:38.0553 0672 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
12:18:38.0631 0672 wmiApSrv - ok
12:18:38.0740 0672 WMIService (e8781cf1a4262881897444d22921a3a6) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
12:18:38.0771 0672 WMIService ( UnsignedFile.Multi.Generic ) - warning
12:18:38.0771 0672 WMIService - detected UnsignedFile.Multi.Generic (1)
12:18:38.0912 0672 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:18:39.0021 0672 WMPNetworkSvc - ok
12:18:39.0083 0672 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
12:18:39.0146 0672 WPCSvc - ok
12:18:39.0177 0672 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
12:18:39.0255 0672 WPDBusEnum - ok
12:18:39.0317 0672 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
12:18:39.0364 0672 WpdUsb - ok
12:18:39.0395 0672 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:18:39.0458 0672 ws2ifsl - ok
12:18:39.0505 0672 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
12:18:39.0551 0672 wscsvc - ok
12:18:39.0567 0672 WSearch - ok
12:18:39.0676 0672 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
12:18:39.0863 0672 wuauserv - ok
12:18:40.0004 0672 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:18:40.0051 0672 WUDFRd - ok
12:18:40.0097 0672 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
12:18:40.0175 0672 wudfsvc - ok
12:18:40.0238 0672 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
12:18:40.0253 0672 XAudio - ok
12:18:40.0316 0672 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
12:18:40.0409 0672 XAudioService - ok
12:18:40.0456 0672 yukonwlh (2d07e65ed0023bb10b13a912b27dfb1a) C:\Windows\system32\DRIVERS\yk60x86.sys
12:18:40.0534 0672 yukonwlh - ok
12:18:40.0565 0672 MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0
12:18:43.0919 0672 \Device\Harddisk0\DR0 - ok
12:18:43.0951 0672 Boot (0x1200) (810a4bbcb1f100e8e8e36530ff416631) \Device\Harddisk0\DR0\Partition0
12:18:43.0951 0672 \Device\Harddisk0\DR0\Partition0 - ok
12:18:43.0966 0672 Boot (0x1200) (259701f719000fc2863872f41ad95dbe) \Device\Harddisk0\DR0\Partition1
12:18:43.0966 0672 \Device\Harddisk0\DR0\Partition1 - ok
12:18:43.0966 0672 ============================================================
12:18:43.0966 0672 Scan finished
12:18:43.0966 0672 ============================================================
12:18:43.0997 3656 Detected object count: 8
12:18:43.0997 3656 Actual detected object count: 8
12:19:21.0531 3656 eLockService ( UnsignedFile.Multi.Generic ) - skipped by user
12:19:21.0531 3656 eLockService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:19:21.0531 3656 eNet Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:19:21.0531 3656 eNet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:19:21.0531 3656 eRecoveryService ( UnsignedFile.Multi.Generic ) - skipped by user
12:19:21.0531 3656 eRecoveryService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:19:21.0547 3656 eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user
12:19:21.0547 3656 eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:19:21.0547 3656 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
12:19:21.0547 3656 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:19:21.0547 3656 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
12:19:21.0547 3656 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:19:21.0734 3656 C:\Windows\system32\DRIVERS\tdx.sys - copied to quarantine
12:19:21.0781 3656 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\tdx.sys) error 1813
12:19:26.0180 3656 Backup copy not found, trying to cure infected file..
12:19:26.0180 3656 C:\Windows\system32\DRIVERS\tdx.sys - Cure failed (FFFFFFFF)
12:19:26.0180 3656 C:\Windows\system32\DRIVERS\tdx.sys - processing error
12:19:28.0239 3656 tdx ( Virus.Win32.ZAccess.c ) - User select action: Cure
12:19:28.0239 3656 WMIService ( UnsignedFile.Multi.Generic ) - skipped by user
12:19:28.0239 3656 WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:19:54.0416 0168 Deinitialize success

#13 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:06:57 AM

Posted 05 May 2012 - 06:03 PM

In my last post I asked you to run Combofix, is there any reason why you have not done that?

Please post the previous log from TDSSKiller where you say it cured an infection. Details on how to find the logs are at the end of the TDSSKiller instructions.

We are dealing with a fairly serious infection so please do try to follow what I am asking you to do and not run any other scans that I have not requested.

We may still have some way to go before being sure that your PC is clean so please adhere to my instructions.

Please post the log from TDSSKiller, run Combofix and post the log from that. Any problems running Combofix please let me know.

Thank you for the offer but this site does not accept donations.

Edited by mark1956, 05 May 2012 - 07:56 PM.


#14 sedaps

sedaps
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 05 May 2012 - 11:05 PM

well as a matter of fact i did run combofix as you asked and when you asked me to. You told me to tell you how my computer was running afterwards so i did. I did not post a log for it because of those directions. Anyway i will run it again and post the log.

#15 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:06:57 AM

Posted 06 May 2012 - 03:01 AM

No need to run it again, just post the log from the scan you have already run, plus the TDSSKiller log I asked for in my last post.

I requested in post 11 that you run Combofix following the instructions in post 5, those instructions tell you to post the log.

Sorry if my instructions have been misunderstood, but it is important that I see what Combofix found on its first scan.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users