Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes Popup


  • Please log in to reply
19 replies to this topic

#1 otis9

otis9

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 05 June 2012 - 08:05 PM

My wife was having a popup tonight on our laptop. I installed Malwarebytes and ran a full scan. It found 6-7 items, which I removed in the Quarantine Screen.

Now I am getting a popup ballon that reads "Malwarebytes Anit-Malware Successfully blocked access to a potentially malicious website:217.23.9.140 Type:Outgoing Port:55998. svchost.exe"

The site and Port info change every popup, which happenes in spurts every 1 minute or so.

Thank you have any help!!!

Here is my log:

---------------------------------------------------------


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.05.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Vanessa :: VANESSA-PC [administrator]

Protection: Enabled

05/06/2012 6:55:58 PM
mbam-log-2012-06-05 (18-55-58).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 337911
Time elapsed: 29 minute(s), 6 second(s)

Memory Processes Detected: 1
C:\Users\Vanessa\AppData\Local\Search\SearchLoadLangRes.exe (Trojan.Agent.SZ) -> 3944 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchLoadLangRes (Trojan.Agent.SZ) -> Data: "C:\Users\Vanessa\AppData\Local\Search\SearchLoadLangRes.exe" /t -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
C:\Users\Vanessa\AppData\Local\Search\SearchLoadLangRes.exe (Trojan.Agent.SZ) -> Delete on reboot.
C:\ProgramData\B7E85886000DA5CB006C76FBB4EB2367\B7E85886000DA5CB006C76FBB4EB2367.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Vanessa\AppData\Local\Temp\msimg32.dll (Trojan.Agent.PS) -> Quarantined and deleted successfully.
C:\Users\Vanessa\AppData\Local\Temp\tempfiles.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Users\Vanessa\AppData\Local\Temp\~!#8683.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\Vanessa\AppData\Local\Temp\~!#9CE6.tmp (Trojan.Agent.PS) -> Quarantined and deleted successfully.
C:\Users\Vanessa\AppData\Local\Temp\~!#9F64.tmp (Trojan.Agent.SZ) -> Quarantined and deleted successfully.
C:\Users\Vanessa\AppData\Local\{42fd7a7f-65d8-1861-ccdf-fadf8f3618f4}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Users\Vanessa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\700aac21-60e1f5a3 (Trojan.Ransom) -> Quarantined and deleted successfully.
C:\Users\Vanessa\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.

(end)

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:41 AM

Posted 05 June 2012 - 08:31 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Edited by narenxp, 05 June 2012 - 08:31 PM.


#3 otis9

otis9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 05 June 2012 - 08:44 PM

Here is the TDSSkiller log:


21:41:35.0700 4316 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
21:41:36.0028 4316 ============================================================
21:41:36.0028 4316 Current date / time: 2012/06/05 21:41:36.0028
21:41:36.0028 4316 SystemInfo:
21:41:36.0028 4316
21:41:36.0028 4316 OS Version: 6.1.7601 ServicePack: 1.0
21:41:36.0028 4316 Product type: Workstation
21:41:36.0028 4316 ComputerName: VANESSA-PC
21:41:36.0028 4316 UserName: Vanessa
21:41:36.0028 4316 Windows directory: C:\windows
21:41:36.0028 4316 System windows directory: C:\windows
21:41:36.0028 4316 Running under WOW64
21:41:36.0028 4316 Processor architecture: Intel x64
21:41:36.0028 4316 Number of processors: 4
21:41:36.0028 4316 Page size: 0x1000
21:41:36.0028 4316 Boot type: Normal boot
21:41:36.0028 4316 ============================================================
21:41:36.0418 4316 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:41:36.0418 4316 ============================================================
21:41:36.0418 4316 \Device\Harddisk0\DR0:
21:41:36.0418 4316 MBR partitions:
21:41:36.0418 4316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x50901000
21:41:36.0418 4316 ============================================================
21:41:36.0465 4316 C: <-> \Device\Harddisk0\DR0\Partition0
21:41:36.0465 4316 ============================================================
21:41:36.0465 4316 Initialize success
21:41:36.0465 4316 ============================================================
21:42:39.0197 5708 ============================================================
21:42:39.0197 5708 Scan started
21:42:39.0197 5708 Mode: Manual; TDLFS;
21:42:39.0197 5708 ============================================================
21:42:39.0634 5708 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
21:42:39.0634 5708 1394ohci - ok
21:42:39.0697 5708 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
21:42:39.0697 5708 ACPI - ok
21:42:39.0728 5708 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
21:42:39.0728 5708 AcpiPmi - ok
21:42:39.0806 5708 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
21:42:39.0806 5708 adp94xx - ok
21:42:39.0868 5708 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
21:42:39.0884 5708 adpahci - ok
21:42:39.0899 5708 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
21:42:39.0915 5708 adpu320 - ok
21:42:39.0946 5708 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
21:42:39.0946 5708 AeLookupSvc - ok
21:42:40.0040 5708 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
21:42:40.0055 5708 AFD - ok
21:42:40.0087 5708 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
21:42:40.0087 5708 agp440 - ok
21:42:40.0133 5708 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
21:42:40.0133 5708 ALG - ok
21:42:40.0165 5708 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
21:42:40.0165 5708 aliide - ok
21:42:40.0180 5708 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
21:42:40.0180 5708 amdide - ok
21:42:40.0211 5708 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
21:42:40.0211 5708 AmdK8 - ok
21:42:40.0243 5708 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
21:42:40.0243 5708 AmdPPM - ok
21:42:40.0305 5708 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
21:42:40.0305 5708 amdsata - ok
21:42:40.0336 5708 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
21:42:40.0336 5708 amdsbs - ok
21:42:40.0367 5708 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
21:42:40.0367 5708 amdxata - ok
21:42:40.0399 5708 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
21:42:40.0399 5708 AppID - ok
21:42:40.0430 5708 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
21:42:40.0430 5708 AppIDSvc - ok
21:42:40.0477 5708 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
21:42:40.0477 5708 Appinfo - ok
21:42:40.0601 5708 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:42:40.0617 5708 Apple Mobile Device - ok
21:42:40.0648 5708 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
21:42:40.0648 5708 arc - ok
21:42:40.0695 5708 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
21:42:40.0695 5708 arcsas - ok
21:42:40.0726 5708 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
21:42:40.0726 5708 AsyncMac - ok
21:42:40.0757 5708 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
21:42:40.0757 5708 atapi - ok
21:42:40.0851 5708 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:42:40.0851 5708 AudioEndpointBuilder - ok
21:42:40.0867 5708 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:42:40.0867 5708 AudioSrv - ok
21:42:40.0898 5708 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
21:42:40.0898 5708 AxInstSV - ok
21:42:40.0960 5708 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
21:42:40.0976 5708 b06bdrv - ok
21:42:41.0023 5708 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
21:42:41.0023 5708 b57nd60a - ok
21:42:41.0101 5708 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:42:41.0116 5708 BBSvc - ok
21:42:41.0163 5708 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:42:41.0163 5708 BBUpdate - ok
21:42:41.0210 5708 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
21:42:41.0210 5708 BDESVC - ok
21:42:41.0225 5708 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
21:42:41.0225 5708 Beep - ok
21:42:41.0303 5708 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
21:42:41.0319 5708 BFE - ok
21:42:41.0491 5708 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120402.001\BHDrvx64.sys
21:42:41.0506 5708 BHDrvx64 - ok
21:42:41.0647 5708 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
21:42:41.0662 5708 BITS - ok
21:42:41.0709 5708 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
21:42:41.0709 5708 blbdrive - ok
21:42:41.0803 5708 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:42:41.0803 5708 Bonjour Service - ok
21:42:41.0849 5708 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
21:42:41.0849 5708 bowser - ok
21:42:41.0896 5708 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
21:42:41.0896 5708 BrFiltLo - ok
21:42:41.0912 5708 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
21:42:41.0912 5708 BrFiltUp - ok
21:42:41.0990 5708 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
21:42:41.0990 5708 Browser - ok
21:42:42.0068 5708 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
21:42:42.0068 5708 Brserid - ok
21:42:42.0099 5708 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
21:42:42.0099 5708 BrSerWdm - ok
21:42:42.0115 5708 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
21:42:42.0115 5708 BrUsbMdm - ok
21:42:42.0130 5708 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
21:42:42.0130 5708 BrUsbSer - ok
21:42:42.0161 5708 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
21:42:42.0161 5708 BTHMODEM - ok
21:42:42.0224 5708 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
21:42:42.0224 5708 bthserv - ok
21:42:42.0271 5708 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
21:42:42.0271 5708 cdfs - ok
21:42:42.0317 5708 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
21:42:42.0317 5708 cdrom - ok
21:42:42.0364 5708 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:42:42.0364 5708 CertPropSvc - ok
21:42:42.0473 5708 cfWiMAXService (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
21:42:42.0473 5708 cfWiMAXService - ok
21:42:42.0505 5708 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
21:42:42.0505 5708 circlass - ok
21:42:42.0551 5708 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
21:42:42.0567 5708 CLFS - ok
21:42:42.0645 5708 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:42:42.0645 5708 clr_optimization_v2.0.50727_32 - ok
21:42:42.0676 5708 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:42:42.0676 5708 clr_optimization_v2.0.50727_64 - ok
21:42:42.0739 5708 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:42:42.0739 5708 clr_optimization_v4.0.30319_32 - ok
21:42:42.0770 5708 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:42:42.0770 5708 clr_optimization_v4.0.30319_64 - ok
21:42:42.0817 5708 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
21:42:42.0817 5708 CmBatt - ok
21:42:42.0832 5708 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
21:42:42.0832 5708 cmdide - ok
21:42:42.0879 5708 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
21:42:42.0879 5708 CNG - ok
21:42:42.0926 5708 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
21:42:42.0926 5708 Compbatt - ok
21:42:42.0957 5708 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
21:42:42.0957 5708 CompositeBus - ok
21:42:42.0973 5708 COMSysApp - ok
21:42:43.0066 5708 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
21:42:43.0066 5708 ConfigFree Service - ok
21:42:43.0097 5708 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
21:42:43.0097 5708 crcdisk - ok
21:42:43.0144 5708 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
21:42:43.0144 5708 CryptSvc - ok
21:42:43.0269 5708 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:42:43.0285 5708 cvhsvc - ok
21:42:43.0363 5708 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:42:43.0378 5708 DcomLaunch - ok
21:42:43.0425 5708 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
21:42:43.0425 5708 defragsvc - ok
21:42:43.0472 5708 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
21:42:43.0472 5708 DfsC - ok
21:42:43.0534 5708 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
21:42:43.0534 5708 Dhcp - ok
21:42:43.0565 5708 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
21:42:43.0565 5708 discache - ok
21:42:43.0597 5708 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
21:42:43.0612 5708 Disk - ok
21:42:43.0643 5708 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
21:42:43.0643 5708 Dnscache - ok
21:42:43.0675 5708 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
21:42:43.0675 5708 dot3svc - ok
21:42:43.0706 5708 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
21:42:43.0706 5708 DPS - ok
21:42:43.0737 5708 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
21:42:43.0737 5708 drmkaud - ok
21:42:43.0799 5708 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
21:42:43.0815 5708 DXGKrnl - ok
21:42:43.0862 5708 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
21:42:43.0862 5708 EapHost - ok
21:42:44.0127 5708 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
21:42:44.0205 5708 ebdrv - ok
21:42:44.0299 5708 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:42:44.0314 5708 eeCtrl - ok
21:42:44.0423 5708 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
21:42:44.0423 5708 EFS - ok
21:42:44.0501 5708 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
21:42:44.0517 5708 ehRecvr - ok
21:42:44.0533 5708 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
21:42:44.0533 5708 ehSched - ok
21:42:44.0611 5708 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
21:42:44.0611 5708 elxstor - ok
21:42:44.0720 5708 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:42:44.0720 5708 EraserUtilRebootDrv - ok
21:42:44.0751 5708 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
21:42:44.0751 5708 ErrDev - ok
21:42:44.0813 5708 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
21:42:44.0813 5708 EventSystem - ok
21:42:44.0845 5708 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
21:42:44.0845 5708 exfat - ok
21:42:44.0891 5708 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
21:42:44.0891 5708 fastfat - ok
21:42:44.0954 5708 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
21:42:44.0969 5708 Fax - ok
21:42:44.0985 5708 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
21:42:44.0985 5708 fdc - ok
21:42:45.0016 5708 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
21:42:45.0032 5708 fdPHost - ok
21:42:45.0032 5708 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
21:42:45.0032 5708 FDResPub - ok
21:42:45.0079 5708 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
21:42:45.0079 5708 FileInfo - ok
21:42:45.0094 5708 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
21:42:45.0110 5708 Filetrace - ok
21:42:45.0125 5708 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
21:42:45.0125 5708 flpydisk - ok
21:42:45.0172 5708 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
21:42:45.0172 5708 FltMgr - ok
21:42:45.0266 5708 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
21:42:45.0281 5708 FontCache - ok
21:42:45.0328 5708 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:42:45.0328 5708 FontCache3.0.0.0 - ok
21:42:45.0375 5708 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
21:42:45.0375 5708 FsDepends - ok
21:42:45.0406 5708 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys
21:42:45.0406 5708 fssfltr - ok
21:42:45.0531 5708 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:42:45.0562 5708 fsssvc - ok
21:42:45.0671 5708 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
21:42:45.0671 5708 Fs_Rec - ok
21:42:45.0718 5708 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
21:42:45.0734 5708 fvevol - ok
21:42:45.0765 5708 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
21:42:45.0765 5708 gagp30kx - ok
21:42:45.0921 5708 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
21:42:45.0937 5708 GameConsoleService - ok
21:42:45.0999 5708 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
21:42:45.0999 5708 GEARAspiWDM - ok
21:42:46.0046 5708 GFNEXSrv (fa07ec01952729ddddc5bf4bae06b09e) C:\Windows\System32\GFNEXSrv.exe
21:42:46.0046 5708 GFNEXSrv - ok
21:42:46.0139 5708 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
21:42:46.0155 5708 gpsvc - ok
21:42:46.0217 5708 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:42:46.0217 5708 gupdate - ok
21:42:46.0233 5708 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:42:46.0233 5708 gupdatem - ok
21:42:46.0264 5708 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:42:46.0264 5708 gusvc - ok
21:42:46.0311 5708 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
21:42:46.0311 5708 hcw85cir - ok
21:42:46.0373 5708 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
21:42:46.0373 5708 HdAudAddService - ok
21:42:46.0405 5708 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
21:42:46.0405 5708 HDAudBus - ok
21:42:46.0436 5708 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
21:42:46.0436 5708 HECIx64 - ok
21:42:46.0451 5708 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
21:42:46.0451 5708 HidBatt - ok
21:42:46.0483 5708 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
21:42:46.0498 5708 HidBth - ok
21:42:46.0529 5708 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
21:42:46.0529 5708 HidIr - ok
21:42:46.0545 5708 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
21:42:46.0545 5708 hidserv - ok
21:42:46.0592 5708 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
21:42:46.0592 5708 HidUsb - ok
21:42:46.0623 5708 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
21:42:46.0623 5708 hkmsvc - ok
21:42:46.0654 5708 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
21:42:46.0670 5708 HomeGroupListener - ok
21:42:46.0701 5708 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
21:42:46.0717 5708 HomeGroupProvider - ok
21:42:46.0748 5708 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
21:42:46.0748 5708 HpSAMD - ok
21:42:46.0826 5708 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
21:42:46.0841 5708 HTTP - ok
21:42:46.0857 5708 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
21:42:46.0857 5708 hwpolicy - ok
21:42:46.0888 5708 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
21:42:46.0888 5708 i8042prt - ok
21:42:46.0951 5708 iaStor (a5f72bb0d024e7e463344105be613ae4) C:\windows\system32\DRIVERS\iaStor.sys
21:42:46.0951 5708 iaStor - ok
21:42:47.0013 5708 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
21:42:47.0013 5708 iaStorV - ok
21:42:47.0075 5708 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
21:42:47.0091 5708 IDriverT - ok
21:42:47.0185 5708 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:42:47.0200 5708 idsvc - ok
21:42:47.0372 5708 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120406.003\IDSvia64.sys
21:42:47.0372 5708 IDSVia64 - ok
21:42:48.0027 5708 igfx (c02b4a9988a5be86348c74d6f8cc7e81) C:\windows\system32\DRIVERS\igdkmd64.sys
21:42:48.0214 5708 igfx - ok
21:42:48.0339 5708 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
21:42:48.0339 5708 iirsp - ok
21:42:48.0433 5708 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
21:42:48.0433 5708 IKEEXT - ok
21:42:48.0495 5708 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
21:42:48.0495 5708 Impcd - ok
21:42:48.0760 5708 IntcAzAudAddService (16c324e22208e6e8336c3f2da14cfe2d) C:\windows\system32\drivers\RTKVHD64.sys
21:42:48.0791 5708 IntcAzAudAddService - ok
21:42:48.0901 5708 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
21:42:48.0916 5708 intelide - ok
21:42:48.0932 5708 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
21:42:48.0932 5708 intelppm - ok
21:42:48.0979 5708 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
21:42:48.0979 5708 IPBusEnum - ok
21:42:48.0994 5708 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:42:48.0994 5708 IpFilterDriver - ok
21:42:49.0041 5708 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
21:42:49.0057 5708 iphlpsvc - ok
21:42:49.0072 5708 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
21:42:49.0072 5708 IPMIDRV - ok
21:42:49.0103 5708 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
21:42:49.0103 5708 IPNAT - ok
21:42:49.0228 5708 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:42:49.0228 5708 iPod Service - ok
21:42:49.0259 5708 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
21:42:49.0259 5708 IRENUM - ok
21:42:49.0275 5708 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
21:42:49.0275 5708 isapnp - ok
21:42:49.0306 5708 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
21:42:49.0322 5708 iScsiPrt - ok
21:42:49.0353 5708 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
21:42:49.0353 5708 kbdclass - ok
21:42:49.0384 5708 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
21:42:49.0384 5708 kbdhid - ok
21:42:49.0415 5708 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:42:49.0415 5708 KeyIso - ok
21:42:49.0431 5708 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
21:42:49.0431 5708 KSecDD - ok
21:42:49.0447 5708 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
21:42:49.0462 5708 KSecPkg - ok
21:42:49.0493 5708 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
21:42:49.0493 5708 ksthunk - ok
21:42:49.0525 5708 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
21:42:49.0540 5708 KtmRm - ok
21:42:49.0587 5708 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
21:42:49.0587 5708 LanmanServer - ok
21:42:49.0618 5708 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
21:42:49.0618 5708 LanmanWorkstation - ok
21:42:49.0649 5708 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
21:42:49.0649 5708 lltdio - ok
21:42:49.0696 5708 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
21:42:49.0712 5708 lltdsvc - ok
21:42:49.0727 5708 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
21:42:49.0727 5708 lmhosts - ok
21:42:49.0821 5708 LMS (19787bf6e2588620c19b5f582b40f652) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:42:49.0837 5708 LMS - ok
21:42:49.0868 5708 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
21:42:49.0868 5708 LSI_FC - ok
21:42:49.0946 5708 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
21:42:49.0946 5708 LSI_SAS - ok
21:42:49.0961 5708 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
21:42:49.0961 5708 LSI_SAS2 - ok
21:42:49.0977 5708 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
21:42:49.0993 5708 LSI_SCSI - ok
21:42:50.0008 5708 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
21:42:50.0008 5708 luafv - ok
21:42:50.0071 5708 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
21:42:50.0071 5708 MBAMProtector - ok
21:42:50.0164 5708 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:42:50.0180 5708 MBAMService - ok
21:42:50.0211 5708 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
21:42:50.0211 5708 Mcx2Svc - ok
21:42:50.0242 5708 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
21:42:50.0242 5708 megasas - ok
21:42:50.0273 5708 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
21:42:50.0273 5708 MegaSR - ok
21:42:50.0305 5708 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:42:50.0305 5708 MMCSS - ok
21:42:50.0320 5708 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
21:42:50.0320 5708 Modem - ok
21:42:50.0351 5708 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
21:42:50.0351 5708 monitor - ok
21:42:50.0383 5708 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
21:42:50.0383 5708 mouclass - ok
21:42:50.0414 5708 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
21:42:50.0414 5708 mouhid - ok
21:42:50.0429 5708 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
21:42:50.0429 5708 mountmgr - ok
21:42:50.0445 5708 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
21:42:50.0445 5708 mpio - ok
21:42:50.0476 5708 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
21:42:50.0476 5708 mpsdrv - ok
21:42:50.0539 5708 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
21:42:50.0554 5708 MpsSvc - ok
21:42:50.0570 5708 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
21:42:50.0585 5708 MRxDAV - ok
21:42:50.0617 5708 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
21:42:50.0617 5708 mrxsmb - ok
21:42:50.0648 5708 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:42:50.0648 5708 mrxsmb10 - ok
21:42:50.0663 5708 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:42:50.0679 5708 mrxsmb20 - ok
21:42:50.0695 5708 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
21:42:50.0695 5708 msahci - ok
21:42:50.0726 5708 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
21:42:50.0726 5708 msdsm - ok
21:42:50.0757 5708 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
21:42:50.0773 5708 MSDTC - ok
21:42:50.0804 5708 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
21:42:50.0804 5708 Msfs - ok
21:42:50.0819 5708 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
21:42:50.0819 5708 mshidkmdf - ok
21:42:50.0835 5708 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
21:42:50.0835 5708 msisadrv - ok
21:42:50.0882 5708 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
21:42:50.0882 5708 MSiSCSI - ok
21:42:50.0897 5708 msiserver - ok
21:42:50.0929 5708 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
21:42:50.0929 5708 MSKSSRV - ok
21:42:50.0929 5708 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
21:42:50.0929 5708 MSPCLOCK - ok
21:42:50.0944 5708 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
21:42:50.0944 5708 MSPQM - ok
21:42:50.0991 5708 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
21:42:50.0991 5708 MsRPC - ok
21:42:51.0022 5708 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
21:42:51.0022 5708 mssmbios - ok
21:42:51.0053 5708 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
21:42:51.0053 5708 MSTEE - ok
21:42:51.0069 5708 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
21:42:51.0069 5708 MTConfig - ok
21:42:51.0085 5708 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
21:42:51.0085 5708 Mup - ok
21:42:51.0131 5708 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
21:42:51.0147 5708 napagent - ok
21:42:51.0209 5708 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
21:42:51.0209 5708 NativeWifiP - ok
21:42:51.0319 5708 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120410.003\ENG64.SYS
21:42:51.0319 5708 NAVENG - ok
21:42:51.0443 5708 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120410.003\EX64.SYS
21:42:51.0475 5708 NAVEX15 - ok
21:42:51.0631 5708 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
21:42:51.0646 5708 NDIS - ok
21:42:51.0677 5708 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
21:42:51.0677 5708 NdisCap - ok
21:42:51.0709 5708 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
21:42:51.0709 5708 NdisTapi - ok
21:42:51.0740 5708 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
21:42:51.0740 5708 Ndisuio - ok
21:42:51.0771 5708 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
21:42:51.0771 5708 NdisWan - ok
21:42:51.0802 5708 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
21:42:51.0802 5708 NDProxy - ok
21:42:51.0818 5708 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
21:42:51.0818 5708 NetBIOS - ok
21:42:51.0865 5708 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
21:42:51.0865 5708 NetBT - ok
21:42:51.0927 5708 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:42:51.0927 5708 Netlogon - ok
21:42:51.0989 5708 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
21:42:51.0989 5708 Netman - ok
21:42:52.0036 5708 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
21:42:52.0036 5708 netprofm - ok
21:42:52.0114 5708 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:42:52.0114 5708 NetTcpPortSharing - ok
21:42:52.0161 5708 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
21:42:52.0161 5708 nfrd960 - ok
21:42:52.0255 5708 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
21:42:52.0255 5708 NIS - ok
21:42:52.0317 5708 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
21:42:52.0317 5708 NlaSvc - ok
21:42:52.0333 5708 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
21:42:52.0333 5708 Npfs - ok
21:42:52.0348 5708 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
21:42:52.0348 5708 nsi - ok
21:42:52.0379 5708 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
21:42:52.0379 5708 nsiproxy - ok
21:42:52.0520 5708 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
21:42:52.0535 5708 Ntfs - ok
21:42:52.0645 5708 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
21:42:52.0645 5708 Null - ok
21:42:52.0691 5708 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
21:42:52.0691 5708 nvraid - ok
21:42:52.0723 5708 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
21:42:52.0723 5708 nvstor - ok
21:42:52.0769 5708 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
21:42:52.0769 5708 nv_agp - ok
21:42:52.0785 5708 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
21:42:52.0785 5708 ohci1394 - ok
21:42:52.0863 5708 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:42:52.0863 5708 ose - ok
21:42:53.0175 5708 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:42:53.0269 5708 osppsvc - ok
21:42:53.0393 5708 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:42:53.0393 5708 p2pimsvc - ok
21:42:53.0456 5708 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
21:42:53.0456 5708 p2psvc - ok
21:42:53.0503 5708 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
21:42:53.0518 5708 Parport - ok
21:42:53.0549 5708 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
21:42:53.0549 5708 partmgr - ok
21:42:53.0581 5708 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
21:42:53.0581 5708 PcaSvc - ok
21:42:53.0612 5708 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
21:42:53.0627 5708 pci - ok
21:42:53.0659 5708 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
21:42:53.0659 5708 pciide - ok
21:42:53.0690 5708 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
21:42:53.0690 5708 pcmcia - ok
21:42:53.0705 5708 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
21:42:53.0705 5708 pcw - ok
21:42:53.0752 5708 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
21:42:53.0768 5708 PEAUTH - ok
21:42:53.0846 5708 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
21:42:53.0846 5708 PerfHost - ok
21:42:53.0939 5708 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
21:42:53.0939 5708 PGEffect - ok
21:42:54.0049 5708 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
21:42:54.0064 5708 pla - ok
21:42:54.0127 5708 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
21:42:54.0127 5708 PlugPlay - ok
21:42:54.0142 5708 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
21:42:54.0158 5708 PNRPAutoReg - ok
21:42:54.0173 5708 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:42:54.0189 5708 PNRPsvc - ok
21:42:54.0236 5708 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
21:42:54.0236 5708 PolicyAgent - ok
21:42:54.0283 5708 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
21:42:54.0283 5708 Power - ok
21:42:54.0345 5708 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
21:42:54.0345 5708 PptpMiniport - ok
21:42:54.0376 5708 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
21:42:54.0376 5708 Processor - ok
21:42:54.0423 5708 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
21:42:54.0439 5708 ProfSvc - ok
21:42:54.0470 5708 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:42:54.0470 5708 ProtectedStorage - ok
21:42:54.0517 5708 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
21:42:54.0517 5708 Psched - ok
21:42:54.0626 5708 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
21:42:54.0657 5708 ql2300 - ok
21:42:54.0766 5708 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
21:42:54.0766 5708 ql40xx - ok
21:42:54.0813 5708 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
21:42:54.0813 5708 QWAVE - ok
21:42:54.0829 5708 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
21:42:54.0829 5708 QWAVEdrv - ok
21:42:54.0860 5708 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
21:42:54.0860 5708 RasAcd - ok
21:42:54.0891 5708 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
21:42:54.0907 5708 RasAgileVpn - ok
21:42:54.0938 5708 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
21:42:54.0938 5708 RasAuto - ok
21:42:54.0969 5708 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
21:42:54.0969 5708 Rasl2tp - ok
21:42:55.0000 5708 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
21:42:55.0016 5708 RasMan - ok
21:42:55.0031 5708 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
21:42:55.0047 5708 RasPppoe - ok
21:42:55.0063 5708 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
21:42:55.0063 5708 RasSstp - ok
21:42:55.0094 5708 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
21:42:55.0109 5708 rdbss - ok
21:42:55.0125 5708 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
21:42:55.0125 5708 rdpbus - ok
21:42:55.0156 5708 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
21:42:55.0156 5708 RDPCDD - ok
21:42:55.0172 5708 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
21:42:55.0172 5708 RDPENCDD - ok
21:42:55.0187 5708 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
21:42:55.0187 5708 RDPREFMP - ok
21:42:55.0219 5708 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
21:42:55.0234 5708 RDPWD - ok
21:42:55.0265 5708 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
21:42:55.0265 5708 rdyboost - ok
21:42:55.0312 5708 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
21:42:55.0312 5708 RemoteAccess - ok
21:42:55.0359 5708 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
21:42:55.0359 5708 RemoteRegistry - ok
21:42:55.0406 5708 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\windows\system32\Drivers\RimUsb_AMD64.sys
21:42:55.0406 5708 RimUsb - ok
21:42:55.0437 5708 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
21:42:55.0437 5708 RpcEptMapper - ok
21:42:55.0468 5708 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
21:42:55.0468 5708 RpcLocator - ok
21:42:55.0531 5708 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:42:55.0531 5708 RpcSs - ok
21:42:55.0562 5708 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
21:42:55.0562 5708 rspndr - ok
21:42:55.0609 5708 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
21:42:55.0609 5708 RSUSBSTOR - ok
21:42:55.0655 5708 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\windows\system32\DRIVERS\Rt64win7.sys
21:42:55.0671 5708 RTL8167 - ok
21:42:55.0765 5708 RTL8192Ce (e7d79600575f755614dd5d79b044d588) C:\windows\system32\DRIVERS\rtl8192Ce.sys
21:42:55.0780 5708 RTL8192Ce - ok
21:42:55.0811 5708 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:42:55.0811 5708 SamSs - ok
21:42:55.0843 5708 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
21:42:55.0843 5708 sbp2port - ok
21:42:55.0874 5708 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
21:42:55.0889 5708 SCardSvr - ok
21:42:55.0952 5708 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
21:42:55.0952 5708 scfilter - ok
21:42:56.0030 5708 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
21:42:56.0045 5708 Schedule - ok
21:42:56.0077 5708 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:42:56.0077 5708 SCPolicySvc - ok
21:42:56.0108 5708 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
21:42:56.0108 5708 SDRSVC - ok
21:42:56.0155 5708 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
21:42:56.0155 5708 secdrv - ok
21:42:56.0170 5708 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
21:42:56.0170 5708 seclogon - ok
21:42:56.0217 5708 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
21:42:56.0217 5708 SENS - ok
21:42:56.0233 5708 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
21:42:56.0233 5708 SensrSvc - ok
21:42:56.0264 5708 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
21:42:56.0279 5708 Serenum - ok
21:42:56.0295 5708 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
21:42:56.0295 5708 Serial - ok
21:42:56.0326 5708 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
21:42:56.0326 5708 sermouse - ok
21:42:56.0373 5708 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
21:42:56.0373 5708 SessionEnv - ok
21:42:56.0389 5708 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
21:42:56.0389 5708 sffdisk - ok
21:42:56.0435 5708 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
21:42:56.0435 5708 sffp_mmc - ok
21:42:56.0451 5708 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
21:42:56.0451 5708 sffp_sd - ok
21:42:56.0482 5708 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
21:42:56.0482 5708 sfloppy - ok
21:42:56.0576 5708 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
21:42:56.0576 5708 Sftfs - ok
21:42:56.0669 5708 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:42:56.0685 5708 sftlist - ok
21:42:56.0747 5708 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
21:42:56.0747 5708 Sftplay - ok
21:42:56.0779 5708 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
21:42:56.0779 5708 Sftredir - ok
21:42:56.0810 5708 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
21:42:56.0810 5708 Sftvol - ok
21:42:56.0825 5708 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:42:56.0825 5708 sftvsa - ok
21:42:56.0872 5708 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
21:42:56.0888 5708 SharedAccess - ok
21:42:56.0919 5708 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
21:42:56.0935 5708 ShellHWDetection - ok
21:42:56.0966 5708 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
21:42:56.0966 5708 SiSRaid2 - ok
21:42:56.0981 5708 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
21:42:56.0981 5708 SiSRaid4 - ok
21:42:57.0013 5708 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
21:42:57.0013 5708 Smb - ok
21:42:57.0059 5708 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
21:42:57.0059 5708 SNMPTRAP - ok
21:42:57.0091 5708 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
21:42:57.0091 5708 spldr - ok
21:42:57.0137 5708 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
21:42:57.0153 5708 Spooler - ok
21:42:57.0356 5708 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
21:42:57.0418 5708 sppsvc - ok
21:42:57.0527 5708 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
21:42:57.0527 5708 sppuinotify - ok
21:42:57.0652 5708 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1207010.003\SRTSP64.SYS
21:42:57.0668 5708 SRTSP - ok
21:42:57.0683 5708 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1207010.003\SRTSPX64.SYS
21:42:57.0683 5708 SRTSPX - ok
21:42:57.0730 5708 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
21:42:57.0746 5708 srv - ok
21:42:57.0777 5708 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
21:42:57.0777 5708 srv2 - ok
21:42:57.0793 5708 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
21:42:57.0808 5708 srvnet - ok
21:42:57.0855 5708 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
21:42:57.0855 5708 SSDPSRV - ok
21:42:57.0917 5708 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
21:42:57.0917 5708 SstpSvc - ok
21:42:57.0949 5708 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
21:42:57.0964 5708 stexstor - ok
21:42:58.0027 5708 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
21:42:58.0042 5708 stisvc - ok
21:42:58.0058 5708 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
21:42:58.0058 5708 swenum - ok
21:42:58.0120 5708 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
21:42:58.0120 5708 swprv - ok
21:42:58.0198 5708 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS
21:42:58.0214 5708 SymDS - ok
21:42:58.0292 5708 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS
21:42:58.0292 5708 SymEFA - ok
21:42:58.0339 5708 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
21:42:58.0339 5708 SymEvent - ok
21:42:58.0370 5708 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS
21:42:58.0370 5708 SymIRON - ok
21:42:58.0417 5708 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS
21:42:58.0417 5708 SymNetS - ok
21:42:58.0541 5708 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
21:42:58.0541 5708 SynTP - ok
21:42:58.0744 5708 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
21:42:58.0760 5708 SysMain - ok
21:42:58.0869 5708 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
21:42:58.0869 5708 TabletInputService - ok
21:42:58.0900 5708 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
21:42:58.0900 5708 TapiSrv - ok
21:42:58.0931 5708 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
21:42:58.0931 5708 TBS - ok
21:42:59.0087 5708 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
21:42:59.0119 5708 Tcpip - ok
21:42:59.0337 5708 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
21:42:59.0353 5708 TCPIP6 - ok
21:42:59.0462 5708 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
21:42:59.0462 5708 tcpipreg - ok
21:42:59.0509 5708 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
21:42:59.0509 5708 tdcmdpst - ok
21:42:59.0524 5708 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
21:42:59.0524 5708 TDPIPE - ok
21:42:59.0555 5708 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
21:42:59.0555 5708 TDTCP - ok
21:42:59.0587 5708 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
21:42:59.0587 5708 tdx - ok
21:42:59.0602 5708 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
21:42:59.0618 5708 TermDD - ok
21:42:59.0680 5708 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
21:42:59.0696 5708 TermService - ok
21:42:59.0711 5708 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
21:42:59.0711 5708 Themes - ok
21:42:59.0743 5708 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:42:59.0758 5708 THREADORDER - ok
21:42:59.0836 5708 TMachInfo (83e91963c4452be6899503cf9ebfd3ed) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
21:42:59.0836 5708 TMachInfo - ok
21:42:59.0883 5708 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
21:42:59.0883 5708 TODDSrv - ok
21:42:59.0992 5708 TosCoSrv (cdc97fa5c42b07fb0d4600e17c32f582) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
21:43:00.0008 5708 TosCoSrv - ok
21:43:00.0055 5708 TOSHIBA HDD SSD Alert Service (edb4b432db13ea3d1eb2356310d33263) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
21:43:00.0055 5708 TOSHIBA HDD SSD Alert Service - ok
21:43:00.0086 5708 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
21:43:00.0101 5708 TrkWks - ok
21:43:00.0133 5708 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
21:43:00.0133 5708 TrustedInstaller - ok
21:43:00.0179 5708 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
21:43:00.0179 5708 tssecsrv - ok
21:43:00.0211 5708 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
21:43:00.0211 5708 TsUsbFlt - ok
21:43:00.0226 5708 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
21:43:00.0226 5708 TsUsbGD - ok
21:43:00.0289 5708 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
21:43:00.0289 5708 tunnel - ok
21:43:00.0320 5708 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
21:43:00.0320 5708 TVALZ - ok
21:43:00.0351 5708 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
21:43:00.0351 5708 uagp35 - ok
21:43:00.0382 5708 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
21:43:00.0382 5708 udfs - ok
21:43:00.0413 5708 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
21:43:00.0413 5708 UI0Detect - ok
21:43:00.0429 5708 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
21:43:00.0429 5708 uliagpkx - ok
21:43:00.0460 5708 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
21:43:00.0460 5708 umbus - ok
21:43:00.0491 5708 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
21:43:00.0491 5708 UmPass - ok
21:43:00.0725 5708 UNS (c82ede428cba73d248af7c3dc5fd048b) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:43:00.0741 5708 UNS - ok
21:43:00.0850 5708 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
21:43:00.0866 5708 upnphost - ok
21:43:00.0913 5708 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
21:43:00.0913 5708 USBAAPL64 - ok
21:43:00.0959 5708 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
21:43:00.0959 5708 usbccgp - ok
21:43:01.0006 5708 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
21:43:01.0006 5708 usbcir - ok
21:43:01.0022 5708 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
21:43:01.0022 5708 usbehci - ok
21:43:01.0069 5708 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
21:43:01.0069 5708 usbhub - ok
21:43:01.0100 5708 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
21:43:01.0100 5708 usbohci - ok
21:43:01.0147 5708 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
21:43:01.0147 5708 usbprint - ok
21:43:01.0178 5708 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
21:43:01.0178 5708 usbscan - ok
21:43:01.0193 5708 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:43:01.0193 5708 USBSTOR - ok
21:43:01.0225 5708 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
21:43:01.0225 5708 usbuhci - ok
21:43:01.0287 5708 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
21:43:01.0287 5708 usbvideo - ok
21:43:01.0318 5708 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
21:43:01.0318 5708 UxSms - ok
21:43:01.0365 5708 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:43:01.0365 5708 VaultSvc - ok
21:43:01.0381 5708 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
21:43:01.0381 5708 vdrvroot - ok
21:43:01.0427 5708 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
21:43:01.0443 5708 vds - ok
21:43:01.0490 5708 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
21:43:01.0490 5708 vga - ok
21:43:01.0505 5708 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
21:43:01.0505 5708 VgaSave - ok
21:43:01.0537 5708 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
21:43:01.0537 5708 vhdmp - ok
21:43:01.0568 5708 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
21:43:01.0568 5708 viaide - ok
21:43:01.0599 5708 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
21:43:01.0599 5708 volmgr - ok
21:43:01.0646 5708 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
21:43:01.0646 5708 volmgrx - ok
21:43:01.0677 5708 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
21:43:01.0677 5708 volsnap - ok
21:43:01.0724 5708 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
21:43:01.0724 5708 vsmraid - ok
21:43:01.0833 5708 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
21:43:01.0864 5708 VSS - ok
21:43:01.0958 5708 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
21:43:01.0958 5708 vwifibus - ok
21:43:01.0989 5708 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
21:43:01.0989 5708 vwififlt - ok
21:43:02.0036 5708 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
21:43:02.0051 5708 W32Time - ok
21:43:02.0067 5708 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
21:43:02.0067 5708 WacomPen - ok
21:43:02.0098 5708 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:43:02.0098 5708 WANARP - ok
21:43:02.0098 5708 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:43:02.0098 5708 Wanarpv6 - ok
21:43:02.0223 5708 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
21:43:02.0239 5708 WatAdminSvc - ok
21:43:02.0348 5708 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
21:43:02.0379 5708 wbengine - ok
21:43:02.0473 5708 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
21:43:02.0473 5708 WbioSrvc - ok
21:43:02.0504 5708 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
21:43:02.0519 5708 wcncsvc - ok
21:43:02.0535 5708 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
21:43:02.0535 5708 WcsPlugInService - ok
21:43:02.0582 5708 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
21:43:02.0597 5708 Wd - ok
21:43:02.0644 5708 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
21:43:02.0660 5708 Wdf01000 - ok
21:43:02.0691 5708 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:43:02.0691 5708 WdiServiceHost - ok
21:43:02.0691 5708 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:43:02.0691 5708 WdiSystemHost - ok
21:43:02.0722 5708 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
21:43:02.0738 5708 WebClient - ok
21:43:02.0753 5708 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
21:43:02.0769 5708 Wecsvc - ok
21:43:02.0785 5708 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
21:43:02.0785 5708 wercplsupport - ok
21:43:02.0816 5708 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
21:43:02.0816 5708 WerSvc - ok
21:43:02.0863 5708 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
21:43:02.0863 5708 WfpLwf - ok
21:43:02.0894 5708 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
21:43:02.0894 5708 WIMMount - ok
21:43:02.0909 5708 WinDefend - ok
21:43:02.0925 5708 WinHttpAutoProxySvc - ok
21:43:02.0987 5708 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
21:43:02.0987 5708 Winmgmt - ok
21:43:03.0128 5708 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
21:43:03.0159 5708 WinRM - ok
21:43:03.0284 5708 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
21:43:03.0299 5708 WinUsb - ok
21:43:03.0377 5708 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
21:43:03.0393 5708 Wlansvc - ok
21:43:03.0471 5708 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:43:03.0471 5708 wlcrasvc - ok
21:43:03.0627 5708 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:43:03.0658 5708 wlidsvc - ok
21:43:03.0767 5708 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
21:43:03.0767 5708 WmiAcpi - ok
21:43:03.0830 5708 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
21:43:03.0830 5708 wmiApSrv - ok
21:43:03.0861 5708 WMPNetworkSvc - ok
21:43:03.0939 5708 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
21:43:03.0939 5708 WPCSvc - ok
21:43:03.0955 5708 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
21:43:03.0955 5708 WPDBusEnum - ok
21:43:04.0001 5708 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
21:43:04.0001 5708 ws2ifsl - ok
21:43:04.0017 5708 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
21:43:04.0017 5708 wscsvc - ok
21:43:04.0033 5708 WSearch - ok
21:43:04.0173 5708 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
21:43:04.0220 5708 wuauserv - ok
21:43:04.0329 5708 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
21:43:04.0329 5708 WudfPf - ok
21:43:04.0360 5708 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
21:43:04.0376 5708 WUDFRd - ok
21:43:04.0407 5708 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
21:43:04.0407 5708 wudfsvc - ok
21:43:04.0438 5708 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
21:43:04.0454 5708 WwanSvc - ok
21:43:04.0485 5708 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
21:43:04.0922 5708 \Device\Harddisk0\DR0 - ok
21:43:04.0969 5708 Boot (0x1200) (116019a3c577c1208629822af578cbfa) \Device\Harddisk0\DR0\Partition0
21:43:04.0969 5708 \Device\Harddisk0\DR0\Partition0 - ok
21:43:04.0969 5708 ============================================================
21:43:04.0969 5708 Scan finished
21:43:04.0969 5708 ============================================================
21:43:04.0984 5460 Detected object count: 0
21:43:04.0984 5460 Actual detected object count: 0

#4 otis9

otis9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 05 June 2012 - 09:24 PM

Eset Online Scanner Log:(found some with this one!)



C:\Users\Vanessa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0DMFHYZD\jquery.cycle.all.min[1].js JS/Agent.NDY trojan cleaned by deleting - quarantined
C:\Users\Vanessa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0DMFHYZD\l10n[1].js JS/Agent.NDY trojan cleaned by deleting - quarantined
C:\Users\Vanessa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\17MWTS1N\superfish-1.4.8[1].js JS/Agent.NDY trojan cleaned by deleting - quarantined
C:\Users\Vanessa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8DOHJPOA\comment-reply[1].js JS/Agent.NDY trojan cleaned by deleting - quarantined
C:\Users\Vanessa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8DOHJPOA\shutter-reloaded[1].js JS/Agent.NDY trojan cleaned by deleting - quarantined
C:\Users\Vanessa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FFEQ0SY6\ngg.slideshow.min[1].js JS/Agent.NDY trojan cleaned by deleting - quarantined
C:\Users\Vanessa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NX261A82\jCarouselLite[1].js JS/Agent.NDY trojan cleaned by deleting - quarantined
C:\Users\Vanessa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RX0C1SWP\contentslider[1].js JS/Agent.NDY trojan cleaned by deleting - quarantined
C:\Users\Vanessa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RX0C1SWP\flowplayer-3.2.6.min[1].js JS/Agent.NDY trojan cleaned by deleting - quarantined
C:\Users\Vanessa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RX0C1SWP\slides.min.jquery[1].js JS/Agent.NDY trojan cleaned by deleting - quarantined
C:\Users\Vanessa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UED7JIN8\jquery[3].js JS/Agent.NDY trojan cleaned by deleting - quarantined
C:\Users\Vanessa\AppData\Local\{42fd7a7f-65d8-1861-ccdf-fadf8f3618f4}\n Win64/Sirefef.W trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Vanessa\AppData\Local\{42fd7a7f-65d8-1861-ccdf-fadf8f3618f4}\L\80000032.@ probably a variant of Win32/Sirefef.EU trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Vanessa\AppData\Local\{42fd7a7f-65d8-1861-ccdf-fadf8f3618f4}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Users\Vanessa\AppData\Local\{42fd7a7f-65d8-1861-ccdf-fadf8f3618f4}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Users\Vanessa\AppData\Local\{42fd7a7f-65d8-1861-ccdf-fadf8f3618f4}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined
C:\Users\Vanessa\AppData\Local\{42fd7a7f-65d8-1861-ccdf-fadf8f3618f4}\U\80000064.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Users\Vanessa\AppData\Roaming\chtce.dll a variant of Win32/Medfos.AD trojan cleaned by deleting - quarantined

#5 otis9

otis9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 05 June 2012 - 09:58 PM

Here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-05 22:34:28
-----------------------------
22:34:28.051 OS Version: Windows x64 6.1.7601 Service Pack 1
22:34:28.051 Number of processors: 4 586 0x2505
22:34:28.051 ComputerName: VANESSA-PC UserName: Vanessa
22:34:30.017 Initialize success
22:36:57.180 AVAST engine defs: 12060501
22:37:24.886 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:37:24.886 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
22:37:24.901 Disk 0 MBR read successfully
22:37:24.917 Disk 0 MBR scan
22:37:24.917 Disk 0 Windows VISTA default MBR code
22:37:24.948 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:37:24.964 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 659970 MB offset 3074048
22:37:24.995 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 23069 MB offset 1354692608
22:37:25.135 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 30864 MB offset 1401937920
22:37:25.198 Disk 0 scanning C:\windows\system32\drivers
22:37:35.743 Service scanning
22:38:13.292 Modules scanning
22:38:13.308 Disk 0 trace - called modules:
22:38:13.823 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
22:38:13.823 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006596790]
22:38:13.838 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa8006282240]
22:38:13.854 5 ACPI.sys[fffff88000d677a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800628e050]
22:38:16.537 AVAST engine scan C:\windows
22:38:20.328 AVAST engine scan C:\windows\system32
22:40:14.489 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
22:40:17.016 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
22:41:39.868 AVAST engine scan C:\windows\system32\drivers
22:42:00.554 AVAST engine scan C:\Users\Vanessa
22:48:46.092 File: C:\Users\Vanessa\AppData\Local\{42fd7a7f-65d8-1861-ccdf-fadf8f3618f4}\L\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
22:48:46.217 File: C:\Users\Vanessa\AppData\Local\{42fd7a7f-65d8-1861-ccdf-fadf8f3618f4}\U\80000000.@ **INFECTED** Win32:Malware-gen
22:48:46.279 File: C:\Users\Vanessa\AppData\Local\{42fd7a7f-65d8-1861-ccdf-fadf8f3618f4}\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
22:48:46.326 File: C:\Users\Vanessa\AppData\Local\{42fd7a7f-65d8-1861-ccdf-fadf8f3618f4}\U\80000064.@ **INFECTED** Win32:Malware-gen
22:49:28.009 AVAST engine scan C:\ProgramData
22:50:18.663 Scan finished successfully
22:57:02.064 Disk 0 MBR has been saved successfully to "C:\Users\Vanessa\Desktop\MBR.dat"
22:57:02.064 The log file has been saved successfully to "C:\Users\Vanessa\Desktop\aswMBR.txt"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:41 AM

Posted 06 June 2012 - 12:21 AM

Restart the PC.

Open you C drive

On top ,click on Organize-Folder & Search options

Click on view tab,scroll down

Check mark SHOW HIDDEN FILES
uncheck HIDE OPERATING SYSTEM FILES

Click ok

Now go to

C:\Users\Vanessa\AppData\Local
&
C:\windows\installer

Delete this folder {42fd7a7f-65d8-1861-ccdf-fadf8f3618f4}

Click on continue if you receive access denied errors.Let me know if you're not able to delete the folder


Re run aswmbr and post the new log

Edited by narenxp, 06 June 2012 - 12:23 AM.


#7 otis9

otis9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 06 June 2012 - 05:17 AM

Hi, thank you for your help so far.

I found the file in: C:\Users\Vanessa\AppData\Local

and deleted it.



I could not find it in: C:\windows\installer

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:41 AM

Posted 06 June 2012 - 05:22 AM

Run malwarebytes once again-FULL SCAN

Run malwarebytes repeatedly until the scans come out clean.Post the clean log

Re run aswmbr and post the log


Go to

virustotal

CLick on CHOOSE FILE

Browse to C:\windows\system32\services.exe

Upload the file and click on SCAN IT

Post the scan result link generated here

good luck

#9 otis9

otis9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 06 June 2012 - 07:44 PM

Here is the clean Malwarebytes log: (it took 2 scans, the first scan found one item.)



Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.05.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Vanessa :: VANESSA-PC [administrator]

Protection: Enabled

06/06/2012 5:29:24 PM
mbam-log-2012-06-06 (17-29-24).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 336180
Time elapsed: 30 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 otis9

otis9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 06 June 2012 - 07:55 PM

aswmbr log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-06 20:45:50
-----------------------------
20:45:50.942 OS Version: Windows x64 6.1.7601 Service Pack 1
20:45:50.942 Number of processors: 4 586 0x2505
20:45:50.942 ComputerName: VANESSA-PC UserName: Vanessa
20:45:52.955 Initialize success
20:45:58.165 AVAST engine defs: 12060501
20:46:20.645 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:46:20.645 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
20:46:20.661 Disk 0 MBR read successfully
20:46:20.661 Disk 0 MBR scan
20:46:20.676 Disk 0 Windows VISTA default MBR code
20:46:20.676 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:46:20.692 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 659970 MB offset 3074048
20:46:20.723 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 23069 MB offset 1354692608
20:46:20.754 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 30864 MB offset 1401937920
20:46:20.801 Disk 0 scanning C:\windows\system32\drivers
20:46:30.177 Service scanning
20:47:04.450 Modules scanning
20:47:04.465 Disk 0 trace - called modules:
20:47:04.497 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
20:47:04.512 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800657e790]
20:47:04.528 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa8005f84b50]
20:47:04.528 5 ACPI.sys[fffff88000ec07a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f87050]
20:47:06.181 AVAST engine scan C:\windows
20:47:09.223 AVAST engine scan C:\windows\system32
20:48:50.688 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
20:48:52.373 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
20:49:53.775 AVAST engine scan C:\windows\system32\drivers
20:50:07.192 AVAST engine scan C:\Users\Vanessa
20:54:13.437 Disk 0 MBR has been saved successfully to "C:\Users\Vanessa\Desktop\MBR.dat"
20:54:13.484 The log file has been saved successfully to "C:\Users\Vanessa\Desktop\aswMBR.txt"
20:54:53.782 Disk 0 MBR has been saved successfully to "C:\Users\Vanessa\Desktop\MBR.dat"
20:54:53.782 The log file has been saved successfully to "C:\Users\Vanessa\Desktop\aswMBR2.txt"

#11 otis9

otis9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 06 June 2012 - 08:06 PM

When I go to virus total and try to find:

C:\windows\system32\services.exe

it is not there. There is a file called services.msc, but no services.exe

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:41 AM

Posted 06 June 2012 - 08:55 PM

Download

Farbar service scanner

Launch it and type

services.exe in the BOX

Click on search files

Post the generated log

#13 otis9

otis9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 06 June 2012 - 09:59 PM

Farbar Service Scanner Version: 05-06-2012
Ran by Vanessa (administrator) on 06-06-2012 at 22:56:15
Microsoft Windows 7 Home Premium Service Pack 1 (X64)

************************************************
======== Search: "services.exe" =========

C:\windows\System32\services.exe
[2009-07-13 19:19] - [2009-07-13 21:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 19:19] - [2009-07-13 21:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:41 AM

Posted 07 June 2012 - 12:36 AM

Click on startmenu and type

cmd

right click on it and select run as administrator and run these commands

cd c:\windows\assembly
attrib -s -h -r desktop.ini
ren desktop.ini desktop.ini.old


Now launch malwarebytes,click on MORE TOOLS

Click on RUN TOOL

Browse to C:\windows\assembly\GAC_32 & C:\windows\assembly\GAC_64

delete the desktop.ini files ,re run aswmbr and post the new log

Edited by narenxp, 07 June 2012 - 12:36 AM.


#15 otis9

otis9
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 07 June 2012 - 08:21 AM

new log: (the malwarebyes ballon does not come up anymore, but one infection was still found)



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-07 08:19:15
-----------------------------
08:19:15.600 OS Version: Windows x64 6.1.7601 Service Pack 1
08:19:15.600 Number of processors: 4 586 0x2505
08:19:15.600 ComputerName: VANESSA-PC UserName: Vanessa
08:19:18.876 Initialze error C000010E - driver not loaded
08:19:18.954 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
08:22:02.669 AVAST engine defs: 12060700
08:26:27.792 Service scanning
08:27:03.813 Modules scanning
08:27:03.813 Disk 0 trace - called modules:
08:27:03.813
08:27:05.713 AVAST engine scan C:\windows
08:27:08.576 AVAST engine scan C:\windows\system32
08:29:58.645 AVAST engine scan C:\windows\system32\drivers
08:30:12.451 AVAST engine scan C:\Users\Vanessa
08:38:24.129 File: C:\Users\Vanessa\AppData\Roaming\ustatx.dll **INFECTED** Win32:FakeSteam-L [Trj]
08:38:38.340 AVAST engine scan C:\ProgramData
08:39:32.613 Scan finished successfully
09:18:53.394 The log file has been saved successfully to "C:\Users\Vanessa\Desktop\aswMBR3.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users