Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Zeroaccess attack!


  • Please log in to reply
18 replies to this topic

#1 vhmehta

vhmehta

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 12 June 2012 - 07:06 AM

I am running 64 bit windows vista and it appears my computer has been attacked by Trojan.Zeroaccess. My norton keep popping every 10 minutes that trojan.zeroaccess is blocked, your computer is safe.

Microsoft security center was on my computer when this happened and security center stopped working. It would restart my computer every 2 minutes, so I had to remove microsoft security center. I tried dowonloading it again but with same result. So right now my computer has Nortaon 360 and no microsoft security center.

My firewall is turned off and I can not turn them on.

Let me know what to do?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:31 AM

Posted 12 June 2012 - 07:08 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 vhmehta

vhmehta
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 12 June 2012 - 07:40 AM

TDSSKILLER LOG:

08:38:08.0460 7308 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
08:38:08.0913 7308 ============================================================
08:38:08.0913 7308 Current date / time: 2012/06/12 08:38:08.0913
08:38:08.0913 7308 SystemInfo:
08:38:08.0913 7308
08:38:08.0913 7308 OS Version: 6.0.6001 ServicePack: 1.0
08:38:08.0913 7308 Product type: Workstation
08:38:08.0913 7308 ComputerName: A112
08:38:08.0913 7308 UserName: Owner
08:38:08.0913 7308 Windows directory: C:\Windows
08:38:08.0913 7308 System windows directory: C:\Windows
08:38:08.0913 7308 Running under WOW64
08:38:08.0913 7308 Processor architecture: Intel x64
08:38:08.0913 7308 Number of processors: 2
08:38:08.0913 7308 Page size: 0x1000
08:38:08.0913 7308 Boot type: Normal boot
08:38:08.0913 7308 ============================================================
08:38:10.0507 7308 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:38:10.0507 7308 ============================================================
08:38:10.0507 7308 \Device\Harddisk0\DR0:
08:38:10.0507 7308 MBR partitions:
08:38:10.0507 7308 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
08:38:10.0507 7308 ============================================================
08:38:10.0523 7308 C: <-> \Device\Harddisk0\DR0\Partition0
08:38:10.0538 7308 ============================================================
08:38:10.0538 7308 Initialize success
08:38:10.0538 7308 ============================================================
08:38:36.0413 7820 ============================================================
08:38:36.0413 7820 Scan started
08:38:36.0413 7820 Mode: Manual; TDLFS;
08:38:36.0413 7820 ============================================================
08:38:37.0523 7820 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
08:38:37.0523 7820 ACPI - ok
08:38:37.0554 7820 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
08:38:37.0570 7820 adp94xx - ok
08:38:37.0617 7820 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
08:38:37.0617 7820 adpahci - ok
08:38:37.0632 7820 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
08:38:37.0632 7820 adpu160m - ok
08:38:37.0663 7820 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
08:38:37.0663 7820 adpu320 - ok
08:38:37.0695 7820 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
08:38:37.0695 7820 AeLookupSvc - ok
08:38:37.0710 7820 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
08:38:37.0726 7820 AFD - ok
08:38:37.0742 7820 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
08:38:37.0742 7820 agp440 - ok
08:38:37.0773 7820 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
08:38:37.0788 7820 aic78xx - ok
08:38:37.0820 7820 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
08:38:37.0820 7820 ALG - ok
08:38:37.0835 7820 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
08:38:37.0835 7820 aliide - ok
08:38:37.0835 7820 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
08:38:37.0835 7820 amdide - ok
08:38:37.0851 7820 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
08:38:37.0851 7820 AmdK8 - ok
08:38:37.0898 7820 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
08:38:37.0898 7820 Appinfo - ok
08:38:37.0913 7820 AppMgmt (3da98c07b18a676180fe7eed924d1673) C:\Windows\System32\appmgmts.dll
08:38:37.0913 7820 AppMgmt - ok
08:38:37.0929 7820 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
08:38:37.0929 7820 arc - ok
08:38:37.0929 7820 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
08:38:37.0945 7820 arcsas - ok
08:38:37.0992 7820 arXfrSvc (9149ec69acd3efc97b01d5a1baeb3b57) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
08:38:37.0992 7820 arXfrSvc - ok
08:38:38.0117 7820 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:38:38.0117 7820 aspnet_state - ok
08:38:38.0148 7820 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
08:38:38.0148 7820 AsyncMac - ok
08:38:38.0148 7820 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
08:38:38.0148 7820 atapi - ok
08:38:38.0195 7820 AudioEndpointBuilder (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
08:38:38.0195 7820 AudioEndpointBuilder - ok
08:38:38.0210 7820 AudioSrv (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
08:38:38.0210 7820 AudioSrv - ok
08:38:38.0288 7820 Autodesk Content Service (1992c2a1867d95aa3a0802539358d162) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
08:38:38.0288 7820 Autodesk Content Service - ok
08:38:38.0351 7820 Autodesk Licensing Service (ea2d28bbe98256654397cd1f6eaebdd8) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
08:38:38.0413 7820 Autodesk Licensing Service - ok
08:38:38.0460 7820 BFE (b66aebf3b7073473468b941629242fbd) C:\Windows\System32\bfe.dll
08:38:38.0476 7820 BFE - ok
08:38:38.0585 7820 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120531.001\BHDrvx64.sys
08:38:38.0632 7820 BHDrvx64 - ok
08:38:38.0726 7820 BITS (d896a0d43f8ab81ecb1fc6c24decfd58) C:\Windows\System32\qmgr.dll
08:38:38.0742 7820 BITS - ok
08:38:38.0773 7820 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
08:38:38.0788 7820 blbdrive - ok
08:38:38.0820 7820 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
08:38:38.0820 7820 bowser - ok
08:38:38.0851 7820 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
08:38:38.0851 7820 BrFiltLo - ok
08:38:38.0851 7820 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
08:38:38.0867 7820 BrFiltUp - ok
08:38:38.0882 7820 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
08:38:38.0882 7820 Browser - ok
08:38:38.0913 7820 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
08:38:38.0913 7820 Brserid - ok
08:38:38.0929 7820 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
08:38:38.0929 7820 BrSerWdm - ok
08:38:38.0929 7820 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
08:38:38.0945 7820 BrUsbMdm - ok
08:38:38.0945 7820 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
08:38:38.0960 7820 BrUsbSer - ok
08:38:38.0976 7820 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
08:38:38.0976 7820 BTHMODEM - ok
08:38:39.0054 7820 ccHP (da66e851e76766d2c84502fe682ab175) C:\Windows\system32\drivers\N360x64\0402000.00C\ccHPx64.sys
08:38:39.0054 7820 ccHP - ok
08:38:39.0085 7820 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
08:38:39.0085 7820 cdfs - ok
08:38:39.0085 7820 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
08:38:39.0085 7820 cdrom - ok
08:38:39.0117 7820 CertPropSvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
08:38:39.0117 7820 CertPropSvc - ok
08:38:39.0132 7820 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
08:38:39.0148 7820 circlass - ok
08:38:39.0179 7820 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
08:38:39.0179 7820 CLFS - ok
08:38:39.0242 7820 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:38:39.0257 7820 clr_optimization_v2.0.50727_32 - ok
08:38:39.0288 7820 clr_optimization_v2.0.50727_64 (fa58b51ed71c9133e141164eaa7c54eb) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:38:39.0304 7820 clr_optimization_v2.0.50727_64 - ok
08:38:39.0367 7820 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:38:39.0367 7820 clr_optimization_v4.0.30319_32 - ok
08:38:39.0398 7820 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:38:39.0398 7820 clr_optimization_v4.0.30319_64 - ok
08:38:39.0429 7820 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
08:38:39.0429 7820 cmdide - ok
08:38:39.0445 7820 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
08:38:39.0445 7820 Compbatt - ok
08:38:39.0445 7820 COMSysApp - ok
08:38:39.0460 7820 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
08:38:39.0460 7820 crcdisk - ok
08:38:39.0460 7820 Crypkey License - ok
08:38:39.0507 7820 CryptSvc (4374f784121d8b3bb466b03f5e5ebd33) C:\Windows\system32\cryptsvc.dll
08:38:39.0507 7820 CryptSvc - ok
08:38:39.0523 7820 CSC (a25e4dd707714da07fe1febf1dc91d86) C:\Windows\system32\drivers\csc.sys
08:38:39.0538 7820 CSC - ok
08:38:39.0679 7820 CscService (06af83c429743f3b85f1224c50254bef) C:\Windows\System32\cscsvc.dll
08:38:39.0679 7820 CscService - ok
08:38:39.0835 7820 DcomLaunch (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
08:38:39.0882 7820 DcomLaunch - ok
08:38:39.0992 7820 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
08:38:39.0992 7820 DfsC - ok
08:38:40.0320 7820 DFSR (1781f99840979ee7b126c9073c377fd0) C:\Windows\system32\DFSR.exe
08:38:40.0367 7820 DFSR - ok
08:38:40.0476 7820 Dhcp (fdaa0edfcfb70cd529589ad654651b40) C:\Windows\System32\dhcpcsvc.dll
08:38:40.0476 7820 Dhcp - ok
08:38:40.0492 7820 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
08:38:40.0492 7820 disk - ok
08:38:40.0523 7820 Dnscache (daf05293c1264e251d3a25e7e24b2ddf) C:\Windows\System32\dnsrslvr.dll
08:38:40.0523 7820 Dnscache - ok
08:38:40.0538 7820 dot3svc (cc661867677627f2911c2a4970dee0f1) C:\Windows\System32\dot3svc.dll
08:38:40.0538 7820 dot3svc - ok
08:38:40.0554 7820 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
08:38:40.0554 7820 DPS - ok
08:38:40.0585 7820 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
08:38:40.0617 7820 drmkaud - ok
08:38:41.0273 7820 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
08:38:41.0273 7820 DXGKrnl - ok
08:38:41.0304 7820 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
08:38:41.0320 7820 E1G60 - ok
08:38:41.0351 7820 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
08:38:41.0351 7820 EapHost - ok
08:38:41.0367 7820 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
08:38:41.0382 7820 Ecache - ok
08:38:41.0429 7820 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
08:38:41.0429 7820 eeCtrl - ok
08:38:42.0273 7820 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
08:38:42.0273 7820 ehRecvr - ok
08:38:42.0288 7820 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
08:38:42.0288 7820 ehSched - ok
08:38:42.0320 7820 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
08:38:42.0320 7820 ehstart - ok
08:38:42.0351 7820 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
08:38:42.0367 7820 elxstor - ok
08:38:42.0413 7820 EMDMgmt (e4eb76d0a8fc43db7f36302e1f33791f) C:\Windows\system32\emdmgmt.dll
08:38:42.0413 7820 EMDMgmt - ok
08:38:42.0788 7820 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:38:42.0804 7820 EraserUtilRebootDrv - ok
08:38:42.0835 7820 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
08:38:42.0851 7820 ErrDev - ok
08:38:43.0163 7820 esClient (94b3c06dcf580695eba5304f3c750256) C:\Program Files\Windows Home Server\esClient.exe
08:38:43.0163 7820 esClient - ok
08:38:43.0273 7820 EventSystem (6b1a97bf9fefbdc83f3c7c7d0f826c66) C:\Windows\system32\es.dll
08:38:43.0273 7820 EventSystem - ok
08:38:43.0288 7820 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
08:38:43.0320 7820 exfat - ok
08:38:43.0382 7820 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
08:38:43.0398 7820 fastfat - ok
08:38:44.0304 7820 Fax (989a776a2ff32a148fcf15c44058b129) C:\Windows\system32\fxssvc.exe
08:38:44.0304 7820 Fax - ok
08:38:44.0335 7820 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
08:38:44.0335 7820 fdc - ok
08:38:44.0351 7820 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
08:38:44.0351 7820 fdPHost - ok
08:38:44.0367 7820 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
08:38:44.0367 7820 FDResPub - ok
08:38:44.0367 7820 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
08:38:44.0382 7820 FileInfo - ok
08:38:44.0382 7820 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
08:38:44.0413 7820 Filetrace - ok
08:38:44.0476 7820 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:38:44.0492 7820 FLEXnet Licensing Service - ok
08:38:45.0320 7820 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
08:38:45.0335 7820 FLEXnet Licensing Service 64 - ok
08:38:45.0648 7820 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
08:38:45.0663 7820 flpydisk - ok
08:38:45.0695 7820 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
08:38:45.0695 7820 FltMgr - ok
08:38:45.0742 7820 FontCache3.0.0.0 (73d0f1d32edae3dcc4e84468bf910add) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:38:45.0757 7820 FontCache3.0.0.0 - ok
08:38:45.0788 7820 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
08:38:45.0788 7820 Fs_Rec - ok
08:38:45.0820 7820 fvevol (5cd88ce69bc24e5cfc0edcfc338b79e1) C:\Windows\system32\DRIVERS\fvevol.sys
08:38:45.0820 7820 fvevol - ok
08:38:45.0820 7820 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
08:38:45.0835 7820 gagp30kx - ok
08:38:45.0851 7820 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:38:45.0851 7820 GEARAspiWDM - ok
08:38:45.0898 7820 gpsvc (9e5b254d58232ec8921ec3c5a94c81ed) C:\Windows\System32\gpsvc.dll
08:38:45.0898 7820 gpsvc - ok
08:38:45.0992 7820 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:38:46.0007 7820 gupdate - ok
08:38:46.0023 7820 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:38:46.0023 7820 gupdatem - ok
08:38:46.0038 7820 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:38:46.0038 7820 gusvc - ok
08:38:46.0054 7820 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
08:38:46.0070 7820 HdAudAddService - ok
08:38:46.0085 7820 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:38:46.0085 7820 HDAudBus - ok
08:38:46.0101 7820 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
08:38:46.0117 7820 HidBth - ok
08:38:46.0132 7820 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
08:38:46.0132 7820 HidIr - ok
08:38:46.0163 7820 hidserv (0aa154538544e988429da2d5aa803a6c) C:\Windows\system32\hidserv.dll
08:38:46.0163 7820 hidserv - ok
08:38:46.0179 7820 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
08:38:46.0179 7820 HidUsb - ok
08:38:46.0226 7820 Hilti PROFIS AutoUpdate Service (581801675b68ef72ed8e69d6828ec460) C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe
08:38:46.0242 7820 Hilti PROFIS AutoUpdate Service - ok
08:38:46.0257 7820 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
08:38:46.0273 7820 hkmsvc - ok
08:38:46.0288 7820 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
08:38:46.0320 7820 HpCISSs - ok
08:38:46.0382 7820 HPMSSConnectorSvc (4092496c2e1b1438665b086548512b13) C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
08:38:46.0382 7820 HPMSSConnectorSvc - ok
08:38:47.0226 7820 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
08:38:47.0257 7820 HTTP - ok
08:38:47.0288 7820 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
08:38:47.0304 7820 i2omp - ok
08:38:47.0335 7820 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
08:38:47.0335 7820 i8042prt - ok
08:38:48.0304 7820 ialm (d8ae64dc0924e9e4b532b4e700af35fa) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:38:48.0351 7820 ialm - ok
08:38:48.0788 7820 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
08:38:48.0820 7820 iaStorV - ok
08:38:48.0882 7820 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
08:38:48.0882 7820 IDriverT - ok
08:38:49.0288 7820 idsvc (76ea63cdb2d88dae7209691d089bef1d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:38:49.0320 7820 idsvc - ok
08:38:50.0304 7820 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120609.001\IDSvia64.sys
08:38:50.0304 7820 IDSVia64 - ok
08:38:50.0710 7820 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
08:38:50.0788 7820 iirsp - ok
08:38:50.0851 7820 IKEEXT (f6b541b5b8ffc17e91c2697a39c80fe4) C:\Windows\System32\ikeext.dll
08:38:50.0851 7820 IKEEXT - ok
08:38:50.0882 7820 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
08:38:50.0882 7820 intelide - ok
08:38:50.0898 7820 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
08:38:50.0898 7820 intelppm - ok
08:38:50.0913 7820 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
08:38:50.0913 7820 IPBusEnum - ok
08:38:50.0929 7820 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:38:50.0945 7820 IpFilterDriver - ok
08:38:50.0945 7820 IpInIp - ok
08:38:50.0960 7820 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
08:38:50.0960 7820 IPMIDRV - ok
08:38:50.0976 7820 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
08:38:50.0992 7820 IPNAT - ok
08:38:50.0992 7820 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
08:38:51.0007 7820 IRENUM - ok
08:38:51.0023 7820 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
08:38:51.0023 7820 isapnp - ok
08:38:51.0054 7820 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
08:38:51.0054 7820 iScsiPrt - ok
08:38:51.0054 7820 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
08:38:51.0070 7820 iteatapi - ok
08:38:51.0085 7820 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
08:38:51.0085 7820 iteraid - ok
08:38:51.0101 7820 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
08:38:51.0101 7820 kbdclass - ok
08:38:51.0117 7820 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
08:38:51.0117 7820 kbdhid - ok
08:38:51.0132 7820 KeyIso (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
08:38:51.0132 7820 KeyIso - ok
08:38:51.0148 7820 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
08:38:51.0179 7820 KSecDD - ok
08:38:51.0195 7820 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
08:38:51.0195 7820 ksthunk - ok
08:38:51.0226 7820 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
08:38:51.0242 7820 KtmRm - ok
08:38:51.0273 7820 LanmanServer (3f27c9cdae606d74431e3ab39571a7f3) C:\Windows\system32\srvsvc.dll
08:38:51.0273 7820 LanmanServer - ok
08:38:51.0304 7820 LanmanWorkstation (6e25ffc6fead6544c6e9f1d23329570c) C:\Windows\System32\wkssvc.dll
08:38:51.0304 7820 LanmanWorkstation - ok
08:38:51.0601 7820 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
08:38:51.0601 7820 lltdio - ok
08:38:51.0648 7820 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
08:38:51.0679 7820 lltdsvc - ok
08:38:51.0710 7820 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
08:38:51.0710 7820 lmhosts - ok
08:38:51.0726 7820 lqcktijm - ok
08:38:51.0742 7820 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
08:38:51.0757 7820 LSI_FC - ok
08:38:51.0804 7820 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
08:38:51.0804 7820 LSI_SAS - ok
08:38:51.0820 7820 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
08:38:51.0820 7820 LSI_SCSI - ok
08:38:51.0835 7820 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
08:38:51.0835 7820 luafv - ok
08:38:51.0867 7820 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
08:38:51.0867 7820 MBAMProtector - ok
08:38:52.0273 7820 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:38:52.0288 7820 MBAMService - ok
08:38:52.0788 7820 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
08:38:52.0835 7820 McComponentHostService - ok
08:38:52.0851 7820 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
08:38:52.0867 7820 Mcx2Svc - ok
08:38:52.0898 7820 MediaCollectorService (75e31d760ff9a57da66cb2e336c40316) C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
08:38:52.0898 7820 MediaCollectorService - ok
08:38:52.0929 7820 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
08:38:52.0945 7820 megasas - ok
08:38:52.0976 7820 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
08:38:52.0976 7820 MegaSR - ok
08:38:53.0273 7820 mi-raysat_3dsmax2012_64 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
08:38:53.0273 7820 mi-raysat_3dsmax2012_64 - ok
08:38:53.0288 7820 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
08:38:53.0288 7820 MMCSS - ok
08:38:53.0398 7820 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
08:38:53.0413 7820 Modem - ok
08:38:53.0429 7820 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
08:38:53.0429 7820 monitor - ok
08:38:53.0460 7820 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
08:38:53.0460 7820 mouclass - ok
08:38:53.0476 7820 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
08:38:53.0476 7820 mouhid - ok
08:38:53.0492 7820 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
08:38:53.0492 7820 MountMgr - ok
08:38:53.0523 7820 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
08:38:53.0538 7820 mpio - ok
08:38:53.0554 7820 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
08:38:53.0554 7820 mpsdrv - ok
08:38:53.0570 7820 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
08:38:53.0585 7820 Mraid35x - ok
08:38:53.0585 7820 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
08:38:53.0585 7820 MRxDAV - ok
08:38:53.0617 7820 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:38:53.0617 7820 mrxsmb - ok
08:38:53.0648 7820 mrxsmb10 (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:38:53.0648 7820 mrxsmb10 - ok
08:38:53.0663 7820 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:38:53.0663 7820 mrxsmb20 - ok
08:38:53.0679 7820 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
08:38:53.0695 7820 msahci - ok
08:38:53.0726 7820 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
08:38:53.0726 7820 msdsm - ok
08:38:53.0757 7820 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
08:38:53.0773 7820 MSDTC - ok
08:38:53.0788 7820 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
08:38:53.0788 7820 Msfs - ok
08:38:53.0820 7820 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
08:38:53.0820 7820 msisadrv - ok
08:38:53.0851 7820 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
08:38:53.0867 7820 MSiSCSI - ok
08:38:53.0882 7820 msiserver - ok
08:38:53.0929 7820 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
08:38:53.0929 7820 MSKSSRV - ok
08:38:53.0945 7820 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
08:38:53.0945 7820 MSPCLOCK - ok
08:38:53.0960 7820 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
08:38:53.0960 7820 MSPQM - ok
08:38:53.0976 7820 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
08:38:54.0007 7820 MsRPC - ok
08:38:54.0101 7820 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
08:38:54.0148 7820 mssmbios - ok
08:38:54.0163 7820 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
08:38:54.0195 7820 MSTEE - ok
08:38:55.0085 7820 msvsmon90 (cb4a082af58d1a0969f931816d5cfb05) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
08:38:55.0179 7820 msvsmon90 - ok
08:38:55.0226 7820 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
08:38:55.0226 7820 Mup - ok
08:38:55.0320 7820 N360 (8e643fd5f38fa9a2eda27268a1e9499f) C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
08:38:55.0367 7820 N360 - ok
08:38:55.0398 7820 napagent (c25022cdd18980846973b598900915f8) C:\Windows\system32\qagentRT.dll
08:38:55.0398 7820 napagent - ok
08:38:55.0429 7820 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
08:38:55.0460 7820 NativeWifiP - ok
08:38:55.0570 7820 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120611.034\ENG64.SYS
08:38:55.0570 7820 NAVENG - ok
08:38:55.0632 7820 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120611.034\EX64.SYS
08:38:55.0663 7820 NAVEX15 - ok
08:38:55.0757 7820 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
08:38:55.0773 7820 NDIS - ok
08:38:55.0773 7820 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
08:38:55.0773 7820 NdisTapi - ok
08:38:55.0788 7820 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
08:38:55.0804 7820 Ndisuio - ok
08:38:55.0835 7820 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
08:38:55.0835 7820 NdisWan - ok
08:38:55.0851 7820 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
08:38:55.0851 7820 NDProxy - ok
08:38:55.0867 7820 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
08:38:55.0867 7820 NetBIOS - ok
08:38:55.0882 7820 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
08:38:55.0882 7820 netbt - ok
08:38:55.0898 7820 Netlogon (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
08:38:55.0898 7820 Netlogon - ok
08:38:55.0929 7820 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
08:38:55.0929 7820 Netman - ok
08:38:56.0007 7820 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:38:56.0023 7820 NetMsmqActivator - ok
08:38:56.0038 7820 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:38:56.0038 7820 NetPipeActivator - ok
08:38:56.0070 7820 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
08:38:56.0070 7820 netprofm - ok
08:38:56.0070 7820 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:38:56.0070 7820 NetTcpActivator - ok
08:38:56.0070 7820 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:38:56.0085 7820 NetTcpPortSharing - ok
08:38:56.0085 7820 NetworkX - ok
08:38:56.0117 7820 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
08:38:56.0117 7820 nfrd960 - ok
08:38:56.0132 7820 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
08:38:56.0132 7820 NlaSvc - ok
08:38:56.0148 7820 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
08:38:56.0195 7820 Npfs - ok
08:38:56.0210 7820 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
08:38:56.0210 7820 nsi - ok
08:38:56.0226 7820 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
08:38:56.0226 7820 nsiproxy - ok
08:38:56.0288 7820 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
08:38:56.0320 7820 Ntfs - ok
08:38:56.0367 7820 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
08:38:56.0367 7820 Null - ok
08:38:56.0398 7820 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
08:38:56.0398 7820 nvraid - ok
08:38:56.0413 7820 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
08:38:56.0413 7820 nvstor - ok
08:38:56.0429 7820 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
08:38:56.0445 7820 nv_agp - ok
08:38:56.0445 7820 NwlnkFlt - ok
08:38:56.0445 7820 NwlnkFwd - ok
08:38:56.0538 7820 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:38:56.0538 7820 odserv - ok
08:38:56.0570 7820 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
08:38:56.0570 7820 ohci1394 - ok
08:38:56.0617 7820 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:38:56.0617 7820 ose - ok
08:38:56.0663 7820 p2pimsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
08:38:56.0663 7820 p2pimsvc - ok
08:38:56.0679 7820 p2psvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
08:38:56.0679 7820 p2psvc - ok
08:38:56.0710 7820 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
08:38:56.0710 7820 Parport - ok
08:38:56.0726 7820 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
08:38:56.0726 7820 partmgr - ok
08:38:56.0742 7820 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
08:38:56.0742 7820 PcaSvc - ok
08:38:56.0757 7820 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
08:38:56.0757 7820 pci - ok
08:38:56.0773 7820 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
08:38:56.0788 7820 pciide - ok
08:38:56.0804 7820 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
08:38:56.0820 7820 pcmcia - ok
08:38:56.0835 7820 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
08:38:56.0851 7820 PEAUTH - ok
08:38:56.0898 7820 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
08:38:56.0898 7820 PerfHost - ok
08:38:56.0945 7820 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
08:38:56.0960 7820 pla - ok
08:38:56.0992 7820 PlugPlay (5aaa0c5534b05ed49919fcd9dbd11a5b) C:\Windows\system32\umpnpmgr.dll
08:38:56.0992 7820 PlugPlay - ok
08:38:57.0023 7820 PNRPAutoReg (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
08:38:57.0023 7820 PNRPAutoReg - ok
08:38:57.0038 7820 PNRPsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
08:38:57.0038 7820 PNRPsvc - ok
08:38:57.0085 7820 PolicyAgent (eef3688d5e9592cbbbed00de71dda1ef) C:\Windows\System32\ipsecsvc.dll
08:38:57.0085 7820 PolicyAgent - ok
08:38:57.0148 7820 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
08:38:57.0148 7820 PptpMiniport - ok
08:38:57.0163 7820 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
08:38:57.0179 7820 Processor - ok
08:38:57.0210 7820 ProfSvc (b21fe10dad3ab59e78df7aa3fbf41e70) C:\Windows\system32\profsvc.dll
08:38:57.0210 7820 ProfSvc - ok
08:38:57.0226 7820 ProtectedStorage (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
08:38:57.0226 7820 ProtectedStorage - ok
08:38:57.0242 7820 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
08:38:57.0242 7820 PSched - ok
08:38:57.0288 7820 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
08:38:57.0335 7820 ql2300 - ok
08:38:57.0351 7820 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
08:38:57.0351 7820 ql40xx - ok
08:38:57.0382 7820 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
08:38:57.0382 7820 QWAVE - ok
08:38:57.0398 7820 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
08:38:57.0398 7820 QWAVEdrv - ok
08:38:57.0398 7820 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
08:38:57.0398 7820 RasAcd - ok
08:38:57.0413 7820 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
08:38:57.0413 7820 RasAuto - ok
08:38:57.0413 7820 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:38:57.0429 7820 Rasl2tp - ok
08:38:57.0445 7820 RasMan (2a63d46b01685fd4be9778ca3c231c2d) C:\Windows\System32\rasmans.dll
08:38:57.0445 7820 RasMan - ok
08:38:57.0445 7820 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
08:38:57.0460 7820 RasPppoe - ok
08:38:57.0476 7820 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
08:38:57.0476 7820 RasSstp - ok
08:38:57.0492 7820 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
08:38:57.0492 7820 rdbss - ok
08:38:57.0507 7820 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:38:57.0507 7820 RDPCDD - ok
08:38:57.0523 7820 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\DRIVERS\rdpdr.sys
08:38:57.0523 7820 rdpdr - ok
08:38:57.0538 7820 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
08:38:57.0538 7820 RDPENCDD - ok
08:38:57.0554 7820 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
08:38:57.0585 7820 RDPWD - ok
08:38:57.0632 7820 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
08:38:57.0632 7820 RemoteAccess - ok
08:38:57.0648 7820 RemoteRegistry (416c611369cbe49074b89cee2f83abef) C:\Windows\system32\regsvc.dll
08:38:57.0648 7820 RemoteRegistry - ok
08:38:57.0663 7820 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
08:38:57.0663 7820 RpcLocator - ok
08:38:57.0710 7820 RpcSs (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
08:38:57.0710 7820 RpcSs - ok
08:38:57.0726 7820 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
08:38:57.0726 7820 rspndr - ok
08:38:57.0757 7820 RTL8169 (c6701c5f6781d7ded9208a4d554ac37b) C:\Windows\system32\DRIVERS\Rtlh64.sys
08:38:57.0757 7820 RTL8169 - ok
08:38:57.0773 7820 SamSs (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
08:38:57.0773 7820 SamSs - ok
08:38:57.0788 7820 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
08:38:57.0804 7820 sbp2port - ok
08:38:57.0898 7820 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
08:38:57.0898 7820 SBSDWSCService - ok
08:38:57.0913 7820 SCardSvr (f024d560fea06f8b56d673849eb89ae6) C:\Windows\System32\SCardSvr.dll
08:38:57.0929 7820 SCardSvr - ok
08:38:57.0960 7820 Schedule (ce75d26e0a1106129f4d156851e298ed) C:\Windows\system32\schedsvc.dll
08:38:57.0976 7820 Schedule - ok
08:38:57.0992 7820 SCPolicySvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
08:38:57.0992 7820 SCPolicySvc - ok
08:38:58.0007 7820 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
08:38:58.0007 7820 SDRSVC - ok
08:38:58.0038 7820 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:38:58.0070 7820 secdrv - ok
08:38:58.0085 7820 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
08:38:58.0085 7820 seclogon - ok
08:38:58.0101 7820 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
08:38:58.0101 7820 SENS - ok
08:38:58.0117 7820 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
08:38:58.0117 7820 Serenum - ok
08:38:58.0132 7820 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
08:38:58.0132 7820 Serial - ok
08:38:58.0148 7820 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
08:38:58.0148 7820 sermouse - ok
08:38:58.0163 7820 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
08:38:58.0179 7820 SessionEnv - ok
08:38:58.0195 7820 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
08:38:58.0195 7820 sffdisk - ok
08:38:58.0210 7820 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
08:38:58.0210 7820 sffp_mmc - ok
08:38:58.0226 7820 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
08:38:58.0226 7820 sffp_sd - ok
08:38:58.0242 7820 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
08:38:58.0242 7820 sfloppy - ok
08:38:58.0288 7820 ShellHWDetection (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\System32\shsvcs.dll
08:38:58.0288 7820 ShellHWDetection - ok
08:38:58.0320 7820 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
08:38:58.0320 7820 SiSRaid2 - ok
08:38:58.0335 7820 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
08:38:58.0335 7820 SiSRaid4 - ok
08:38:58.0413 7820 slsvc (a301d2cefb4747dfe0c24425dcbe0b78) C:\Windows\system32\SLsvc.exe
08:38:58.0429 7820 slsvc - ok
08:38:58.0476 7820 SLUINotify (f5ddf7c0af85eb72cb295171f8c3cb35) C:\Windows\system32\SLUINotify.dll
08:38:58.0492 7820 SLUINotify - ok
08:38:58.0507 7820 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
08:38:58.0507 7820 Smb - ok
08:38:58.0523 7820 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
08:38:58.0523 7820 SNMPTRAP - ok
08:38:58.0538 7820 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
08:38:58.0554 7820 spldr - ok
08:38:58.0601 7820 Spooler (92e6738d25c2123be9515c0eac0776cd) C:\Windows\System32\spoolsv.exe
08:38:58.0601 7820 Spooler - ok
08:38:58.0632 7820 SRTSP (6820b710c7225d489223d4a6e1ac3e16) C:\Windows\system32\drivers\N360x64\0400000.07F\SRTSP64.SYS
08:38:58.0632 7820 SRTSP - ok
08:38:58.0679 7820 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\N360x64\0402000.00C\SRTSPX64.SYS
08:38:58.0679 7820 SRTSPX - ok
08:38:58.0742 7820 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
08:38:58.0742 7820 srv - ok
08:38:58.0757 7820 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
08:38:58.0773 7820 srv2 - ok
08:38:58.0788 7820 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
08:38:58.0788 7820 srvnet - ok
08:38:58.0804 7820 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
08:38:58.0820 7820 SSDPSRV - ok
08:38:58.0851 7820 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
08:38:58.0851 7820 SstpSvc - ok
08:38:58.0867 7820 stisvc (f14f7d7d68a66777fb999d5d0f21138d) C:\Windows\System32\wiaservc.dll
08:38:58.0867 7820 stisvc - ok
08:38:58.0898 7820 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
08:38:58.0898 7820 swenum - ok
08:38:58.0913 7820 swprv (da34d6eb4a3154c0bebaeb0a2483ef3e) C:\Windows\System32\swprv.dll
08:38:58.0913 7820 swprv - ok
08:38:58.0929 7820 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
08:38:58.0945 7820 Symc8xx - ok
08:38:59.0023 7820 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\N360x64\0402000.00C\SYMDS64.SYS
08:38:59.0023 7820 SymDS - ok
08:38:59.0054 7820 SymEFA (42c952d131eff724a9959bb6d78c1b63) C:\Windows\system32\drivers\N360x64\0402000.00C\SYMEFA64.SYS
08:38:59.0054 7820 SymEFA - ok
08:38:59.0085 7820 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
08:38:59.0085 7820 SymEvent - ok
08:38:59.0101 7820 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\N360x64\0402000.00C\Ironx64.SYS
08:38:59.0101 7820 SymIRON - ok
08:38:59.0132 7820 SYMTDIv (713731bb859537c20343d0ebcce2246c) C:\Windows\system32\drivers\N360x64\0400000.07F\SYMTDIV.SYS
08:38:59.0148 7820 SYMTDIv - ok
08:38:59.0163 7820 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
08:38:59.0179 7820 Sym_hi - ok
08:38:59.0210 7820 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
08:38:59.0210 7820 Sym_u3 - ok
08:38:59.0257 7820 SysMain (bea0d5521ed21df8f6ffeed86daede7b) C:\Windows\system32\sysmain.dll
08:38:59.0257 7820 SysMain - ok
08:38:59.0288 7820 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
08:38:59.0288 7820 TabletInputService - ok
08:38:59.0304 7820 TapiSrv (52091001caf20ae84cf47023ee21b4bb) C:\Windows\System32\tapisrv.dll
08:38:59.0304 7820 TapiSrv - ok
08:38:59.0320 7820 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
08:38:59.0320 7820 TBS - ok
08:38:59.0382 7820 Tcpip (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\drivers\tcpip.sys
08:38:59.0413 7820 Tcpip - ok
08:38:59.0476 7820 Tcpip6 (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\DRIVERS\tcpip.sys
08:38:59.0492 7820 Tcpip6 - ok
08:38:59.0554 7820 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
08:38:59.0554 7820 tcpipreg - ok
08:38:59.0570 7820 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
08:38:59.0585 7820 TDPIPE - ok
08:38:59.0601 7820 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
08:38:59.0601 7820 TDTCP - ok
08:38:59.0617 7820 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
08:38:59.0617 7820 tdx - ok
08:38:59.0632 7820 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
08:38:59.0632 7820 TermDD - ok
08:38:59.0663 7820 TermService (f870a5589d6a94b426efb13689023946) C:\Windows\System32\termsrv.dll
08:38:59.0679 7820 TermService - ok
08:38:59.0710 7820 Themes (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\system32\shsvcs.dll
08:38:59.0710 7820 Themes - ok
08:38:59.0742 7820 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
08:38:59.0742 7820 THREADORDER - ok
08:38:59.0757 7820 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
08:38:59.0757 7820 TrkWks - ok
08:38:59.0788 7820 TrustedInstaller (ac6ff1df22ed90bad6417ee5a4c6e2f0) C:\Windows\servicing\TrustedInstaller.exe
08:38:59.0788 7820 TrustedInstaller - ok
08:38:59.0804 7820 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:38:59.0804 7820 tssecsrv - ok
08:38:59.0804 7820 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
08:38:59.0804 7820 tunmp - ok
08:38:59.0835 7820 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
08:38:59.0835 7820 tunnel - ok
08:38:59.0851 7820 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
08:38:59.0867 7820 uagp35 - ok
08:38:59.0898 7820 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
08:38:59.0898 7820 udfs - ok
08:38:59.0913 7820 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
08:38:59.0913 7820 UI0Detect - ok
08:38:59.0929 7820 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
08:38:59.0929 7820 uliagpkx - ok
08:38:59.0960 7820 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
08:38:59.0976 7820 uliahci - ok
08:38:59.0992 7820 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
08:38:59.0992 7820 UlSata - ok
08:39:00.0007 7820 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
08:39:00.0007 7820 ulsata2 - ok
08:39:00.0023 7820 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
08:39:00.0023 7820 umbus - ok
08:39:00.0054 7820 UmRdpService (658c50524e470516067708babfb08738) C:\Windows\System32\umrdp.dll
08:39:00.0054 7820 UmRdpService - ok
08:39:00.0070 7820 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
08:39:00.0070 7820 upnphost - ok
08:39:00.0117 7820 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
08:39:00.0117 7820 usbccgp - ok
08:39:00.0132 7820 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
08:39:00.0148 7820 usbcir - ok
08:39:00.0163 7820 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
08:39:00.0163 7820 usbehci - ok
08:39:00.0179 7820 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
08:39:00.0195 7820 usbhub - ok
08:39:00.0195 7820 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
08:39:00.0210 7820 usbohci - ok
08:39:00.0210 7820 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
08:39:00.0210 7820 usbprint - ok
08:39:00.0242 7820 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
08:39:00.0242 7820 usbscan - ok
08:39:00.0257 7820 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:39:00.0288 7820 USBSTOR - ok
08:39:00.0320 7820 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
08:39:00.0320 7820 usbuhci - ok
08:39:00.0335 7820 UxSms (9190f03c82547afa87367f1ceca88f3b) C:\Windows\System32\uxsms.dll
08:39:00.0335 7820 UxSms - ok
08:39:00.0367 7820 vds (c15a4a550cba7b9f1f68b72528e04ce1) C:\Windows\System32\vds.exe
08:39:00.0367 7820 vds - ok
08:39:00.0382 7820 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
08:39:00.0382 7820 vga - ok
08:39:00.0413 7820 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
08:39:00.0413 7820 VgaSave - ok
08:39:00.0429 7820 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
08:39:00.0429 7820 viaide - ok
08:39:00.0445 7820 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
08:39:00.0445 7820 volmgr - ok
08:39:00.0460 7820 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
08:39:00.0460 7820 volmgrx - ok
08:39:00.0476 7820 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
08:39:00.0476 7820 volsnap - ok
08:39:00.0492 7820 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
08:39:00.0507 7820 vsmraid - ok
08:39:00.0554 7820 VSS (186bd53f8a408ad20f5a056c05678629) C:\Windows\system32\vssvc.exe
08:39:00.0585 7820 VSS - ok
08:39:00.0648 7820 W32Time (ba29f34a61cb55c0dee29e787542edf4) C:\Windows\system32\w32time.dll
08:39:00.0648 7820 W32Time - ok
08:39:00.0679 7820 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
08:39:00.0695 7820 WacomPen - ok
08:39:00.0726 7820 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
08:39:00.0726 7820 Wanarp - ok
08:39:00.0742 7820 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
08:39:00.0742 7820 Wanarpv6 - ok
08:39:00.0773 7820 wbengine (54d1827975afd9bc391343c357b9ea06) C:\Windows\system32\wbengine.exe
08:39:00.0835 7820 wbengine - ok
08:39:00.0851 7820 wcncsvc (055449247c490e24b968b44fe8a969eb) C:\Windows\System32\wcncsvc.dll
08:39:00.0851 7820 wcncsvc - ok
08:39:00.0867 7820 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
08:39:00.0867 7820 WcsPlugInService - ok
08:39:00.0898 7820 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
08:39:00.0913 7820 Wd - ok
08:39:00.0960 7820 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
08:39:00.0976 7820 Wdf01000 - ok
08:39:00.0992 7820 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
08:39:00.0992 7820 WdiServiceHost - ok
08:39:01.0007 7820 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
08:39:01.0007 7820 WdiSystemHost - ok
08:39:01.0007 7820 WebClient (3d4ab55f8178fd0cd3ca45cd0ec9cf5b) C:\Windows\System32\webclnt.dll
08:39:01.0023 7820 WebClient - ok
08:39:01.0038 7820 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
08:39:01.0038 7820 Wecsvc - ok
08:39:01.0054 7820 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
08:39:01.0054 7820 wercplsupport - ok
08:39:01.0070 7820 WerSvc (fc25242b3bcaf7e84d9184082274ae08) C:\Windows\System32\WerSvc.dll
08:39:01.0070 7820 WerSvc - ok
08:39:01.0132 7820 WHSConnector (1ef54b3220ebf3794439eb072b350f3e) C:\Program Files\Windows Home Server\WHSConnector.exe
08:39:01.0132 7820 WHSConnector - ok
08:39:01.0148 7820 WinHttpAutoProxySvc - ok
08:39:01.0195 7820 Winmgmt (ac98f38feab066a8f983d54ff3f4fd4c) C:\Windows\system32\wbem\WMIsvc.dll
08:39:01.0195 7820 Winmgmt - ok
08:39:01.0257 7820 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
08:39:01.0320 7820 WinRM - ok
08:39:01.0398 7820 Wlansvc (0a69955261c1b54206adc9beb89517de) C:\Windows\System32\wlansvc.dll
08:39:01.0413 7820 Wlansvc - ok
08:39:01.0445 7820 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
08:39:01.0476 7820 WmiAcpi - ok
08:39:01.0523 7820 wmiApSrv (d303322dd577c3deda1251ed2e7a496c) C:\Windows\system32\wbem\WmiApSrv.exe
08:39:01.0523 7820 wmiApSrv - ok
08:39:01.0538 7820 WMPNetworkSvc - ok
08:39:01.0570 7820 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
08:39:01.0585 7820 WPCSvc - ok
08:39:01.0601 7820 WPDBusEnum (a27c8f92d84e2ddc151978e4692c978e) C:\Windows\system32\wpdbusenum.dll
08:39:01.0601 7820 WPDBusEnum - ok
08:39:01.0632 7820 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
08:39:01.0648 7820 WpdUsb - ok
08:39:01.0773 7820 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:39:01.0773 7820 WPFFontCache_v0400 - ok
08:39:01.0788 7820 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
08:39:01.0804 7820 ws2ifsl - ok
08:39:01.0804 7820 WSearch - ok
08:39:01.0882 7820 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
08:39:01.0913 7820 wuauserv - ok
08:39:01.0960 7820 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:39:01.0960 7820 WUDFRd - ok
08:39:01.0992 7820 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
08:39:01.0992 7820 wudfsvc - ok
08:39:02.0007 7820 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
08:39:02.0335 7820 \Device\Harddisk0\DR0 - ok
08:39:02.0335 7820 Boot (0x1200) (17373b94bc874b1fd85a91f12e68e367) \Device\Harddisk0\DR0\Partition0
08:39:02.0335 7820 \Device\Harddisk0\DR0\Partition0 - ok
08:39:02.0335 7820 ============================================================
08:39:02.0335 7820 Scan finished
08:39:02.0335 7820 ============================================================
08:39:02.0335 5536 Detected object count: 0
08:39:02.0335 5536 Actual detected object count: 0

#4 vhmehta

vhmehta
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 12 June 2012 - 07:48 AM

I am working on other 2 logs... I will post them one after other.

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:31 AM

Posted 12 June 2012 - 07:50 AM

:thumbup2:

#6 vhmehta

vhmehta
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 12 June 2012 - 08:12 AM

ASWMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-12 08:42:20
-----------------------------
08:42:20.477 OS Version: Windows x64 6.0.6001 Service Pack 1
08:42:20.477 Number of processors: 2 586 0xF0B
08:42:20.477 ComputerName: A112 UserName:
08:42:22.899 Initialize success
08:42:53.311 AVAST engine defs: 12061200
08:43:00.498 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
08:43:00.514 Disk 0 Vendor: ST3500418AS CC35 Size: 476940MB BusType: 3
08:43:00.530 Disk 0 MBR read successfully
08:43:00.545 Disk 0 MBR scan
08:43:00.545 Disk 0 Windows VISTA default MBR code
08:43:00.545 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
08:43:00.608 Disk 0 scanning C:\Windows\system32\drivers
08:43:14.998 Service scanning
08:43:37.420 Modules scanning
08:43:37.420 Disk 0 trace - called modules:
08:43:37.451 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
08:43:37.451 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003815790]
08:43:37.451 3 CLASSPNP.SYS[fffffa6000d38b3a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8003661940]
08:43:38.811 AVAST engine scan C:\Windows
08:43:44.155 AVAST engine scan C:\Windows\system32
08:49:01.514 AVAST engine scan C:\Windows\system32\drivers
08:49:18.764 AVAST engine scan C:\Users\Owner
09:07:33.115 AVAST engine scan C:\ProgramData
09:11:28.006 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
09:11:28.022 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#7 vhmehta

vhmehta
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 12 June 2012 - 08:52 AM

Do you want me to remove any threats found via ESET? It is scanning right now and have found one threat already..

Win32/VB.EL worm

It is still scanning and I was not sure at end of scanning if you wanted me to remove the threats using ESET.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:31 AM

Posted 12 June 2012 - 08:56 AM

Wait for scan to get completed

#9 vhmehta

vhmehta
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 12 June 2012 - 11:31 AM

This is the final ESET threats that I found:

C:\old hard drive\Documents and Settings\CEI\Desktop\usb\AUTORUN.INF Win32/VB.EL worm cleaned by deleting - quarantined
C:\Program Files (x86)\Freecorder 5\Uninstall\apptec-freecorder-us-dtx.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\ProgramData\cmmoerpt.dll a variant of Win32/Kryptik.AFXK trojan cleaned by deleting - quarantined

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:31 AM

Posted 12 June 2012 - 09:43 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Post the log

Download

MiniToolBox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#11 vhmehta

vhmehta
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 13 June 2012 - 08:39 AM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.05

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 8.0.6001.19088
Owner :: A112 [administrator]

Protection: Enabled

6/13/2012 6:39:48 AM
mbam-log-2012-06-13 (06-39-48).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 740026
Time elapsed: 2 hour(s), 42 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 vhmehta

vhmehta
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 13 June 2012 - 08:44 AM

Mini tool box is not working on my computer.

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:31 AM

Posted 13 June 2012 - 08:56 AM

What error do you get? Can you try in safemode with networking?

Did MBAM find infections? If yes can you post the logs?

#14 vhmehta

vhmehta
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 13 June 2012 - 09:23 AM

MBAM did not find any infections. I had put the log for MBAM above.

Mini tool box is not running... Once I hit the link to download and run the program, it disappears.. Nothing happens and program does not run. No errors.

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:31 AM

Posted 13 June 2012 - 10:45 AM

Do you still have norton pop up




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users