Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win64/Sirefef.B infection


  • Please log in to reply
3 replies to this topic

#1 MSWallack

MSWallack

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 24 June 2012 - 10:31 PM

Running Win7 (x64). First noticed a problem when I booted and my desktop icons were in the wrong places (and medium instead of small). Then Norton Internet Security 2012 (fully updated) reported an error related to the Base Filtering Engine. Since then I've tried various things with the following results:

Norton Internet Security:

Reports that it has blocked 80000000.@ (Trojan Zeroaccess) and 00000001.@ (Trojan Zeroaccess) repeatedly. It has also blocked attempts by services.exe to target RMTray.exe (part of Norton, I believe).


Malwarebytes Anti-Malware:

I've run this several times (both quick and full scans; both regular and safe mode). It kept finding a rootkit in the windows\installer folder, but the most recent scans no longer report this.

Hitman Pro

I've run this several times (both regular and safe mode). It finds \windows\system32\services.exe and reports it as Virus.Win64!IK and Virus:Win64/Sirefef.B. It suggests Replace as the fix. I've tried this several times. In Safe Mode, it doesn't tell me it failed, but it doesn't seem to have fixed the problem. In standard mode, while it is trying to fix the problem I get an error telling me that Windows will reboot in 1 minute (and it does).

I've also run the McAfee rootkit tool, the Microsoft Malicious Software Removal tool, and maybe a few others, all without any success.

Based on other messages that I've seen here, I downloaded and ran some of the other diagnostic/removal tools. Here are those reports.

Kapspersky TDSSKiller

23:39:52.0764 1652 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
23:39:53.0419 1652 ============================================================
23:39:53.0419 1652 Current date / time: 2012/06/23 23:39:53.0419
23:39:53.0419 1652 SystemInfo:
23:39:53.0419 1652
23:39:53.0419 1652 OS Version: 6.1.7601 ServicePack: 1.0
23:39:53.0419 1652 Product type: Workstation
23:39:53.0419 1652 ComputerName: MICHAEL-HP
23:39:53.0419 1652 UserName: Michael
23:39:53.0419 1652 Windows directory: C:\Windows
23:39:53.0419 1652 System windows directory: C:\Windows
23:39:53.0419 1652 Running under WOW64
23:39:53.0419 1652 Processor architecture: Intel x64
23:39:53.0419 1652 Number of processors: 2
23:39:53.0419 1652 Page size: 0x1000
23:39:53.0419 1652 Boot type: Safe boot with network
23:39:53.0419 1652 ============================================================
23:39:54.0885 1652 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:39:54.0901 1652 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:40:03.0512 1652 ============================================================
23:40:03.0512 1652 \Device\Harddisk0\DR0:
23:40:03.0559 1652 MBR partitions:
23:40:03.0559 1652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BC127C1
23:40:03.0559 1652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BC12800, BlocksNum 0x15B1800
23:40:03.0559 1652 \Device\Harddisk2\DR2:
23:40:03.0575 1652 MBR partitions:
23:40:03.0575 1652 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
23:40:03.0575 1652 ============================================================
23:40:03.0606 1652 C: <-> \Device\Harddisk0\DR0\Partition0
23:40:03.0621 1652 D: <-> \Device\Harddisk0\DR0\Partition1
23:40:03.0637 1652 M: <-> \Device\Harddisk2\DR2\Partition0
23:40:03.0637 1652 ============================================================
23:40:03.0637 1652 Initialize success
23:40:03.0637 1652 ============================================================
23:40:29.0034 1044 ============================================================
23:40:29.0034 1044 Scan started
23:40:29.0034 1044 Mode: Manual; TDLFS;
23:40:29.0034 1044 ============================================================
23:40:30.0656 1044 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:40:30.0672 1044 1394ohci - ok
23:40:30.0781 1044 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
23:40:30.0781 1044 Accelerometer - ok
23:40:30.0859 1044 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:40:30.0875 1044 ACPI - ok
23:40:30.0953 1044 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:40:30.0953 1044 AcpiPmi - ok
23:40:31.0171 1044 ADExchange (99721e1dac2c89e8202f70b773fb14f4) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
23:40:31.0187 1044 ADExchange - ok
23:40:31.0374 1044 AdobeActiveFileMonitor10.0 (047bd1eb681453a7fe492a71802ac9f3) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
23:40:31.0389 1044 AdobeActiveFileMonitor10.0 - ok
23:40:31.0592 1044 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:40:31.0608 1044 AdobeFlashPlayerUpdateSvc - ok
23:40:31.0733 1044 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:40:31.0748 1044 adp94xx - ok
23:40:31.0826 1044 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:40:31.0842 1044 adpahci - ok
23:40:31.0889 1044 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:40:31.0904 1044 adpu320 - ok
23:40:31.0967 1044 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:40:31.0967 1044 AeLookupSvc - ok
23:40:32.0154 1044 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
23:40:32.0169 1044 AESTFilters - ok
23:40:32.0279 1044 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:40:32.0294 1044 AFD - ok
23:40:32.0403 1044 AgereModemAudio (734088cb57aea704ca716c1c6bc5e0e6) C:\Program Files\LSI SoftModem\agr64svc.exe
23:40:32.0403 1044 AgereModemAudio - ok
23:40:32.0497 1044 AgereSoftModem (70e15cda25e151dfc60636ef73f5a7be) C:\Windows\system32\DRIVERS\agrsm64.sys
23:40:32.0528 1044 AgereSoftModem - ok
23:40:32.0575 1044 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:40:32.0591 1044 agp440 - ok
23:40:32.0653 1044 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:40:32.0653 1044 ALG - ok
23:40:32.0700 1044 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:40:32.0700 1044 aliide - ok
23:40:32.0793 1044 AMD External Events Utility (6626d03567106689bf877504612f2c89) C:\Windows\system32\atiesrxx.exe
23:40:32.0809 1044 AMD External Events Utility - ok
23:40:32.0825 1044 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:40:32.0825 1044 amdide - ok
23:40:32.0903 1044 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:40:32.0903 1044 AmdK8 - ok
23:40:32.0965 1044 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:40:32.0981 1044 AmdPPM - ok
23:40:33.0059 1044 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:40:33.0059 1044 amdsata - ok
23:40:33.0121 1044 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:40:33.0137 1044 amdsbs - ok
23:40:33.0199 1044 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:40:33.0199 1044 amdxata - ok
23:40:33.0277 1044 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:40:33.0277 1044 AppID - ok
23:40:33.0339 1044 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:40:33.0339 1044 AppIDSvc - ok
23:40:33.0417 1044 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:40:33.0417 1044 Appinfo - ok
23:40:33.0558 1044 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:40:33.0573 1044 Apple Mobile Device - ok
23:40:33.0667 1044 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
23:40:33.0667 1044 AppMgmt - ok
23:40:33.0745 1044 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:40:33.0745 1044 arc - ok
23:40:33.0792 1044 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:40:33.0807 1044 arcsas - ok
23:40:34.0010 1044 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:40:34.0026 1044 aspnet_state - ok
23:40:34.0088 1044 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:40:34.0088 1044 AsyncMac - ok
23:40:34.0135 1044 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:40:34.0135 1044 atapi - ok
23:40:34.0260 1044 atashost (40767b965a8d575d794f1f95e2e017e9) C:\Windows\SysWOW64\atashost.exe
23:40:34.0260 1044 atashost - ok
23:40:34.0416 1044 athr (8c56e93749ba53a4b645963d3439e01e) C:\Windows\system32\DRIVERS\athrx.sys
23:40:34.0447 1044 athr - ok
23:40:34.0681 1044 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
23:40:34.0681 1044 AtiHdmiService - ok
23:40:35.0118 1044 atikmdag (2263eafcf5add181b7fd47b78ae6d3e3) C:\Windows\system32\DRIVERS\atikmdag.sys
23:40:35.0227 1044 atikmdag - ok
23:40:35.0492 1044 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
23:40:35.0492 1044 AtiPcie - ok
23:40:35.0601 1044 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:40:35.0617 1044 AudioEndpointBuilder - ok
23:40:35.0633 1044 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:40:35.0633 1044 AudioSrv - ok
23:40:35.0726 1044 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:40:35.0726 1044 AxInstSV - ok
23:40:35.0820 1044 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:40:35.0835 1044 b06bdrv - ok
23:40:35.0913 1044 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:40:35.0929 1044 b57nd60a - ok
23:40:36.0023 1044 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:40:36.0023 1044 BDESVC - ok
23:40:36.0069 1044 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:40:36.0085 1044 Beep - ok
23:40:36.0225 1044 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:40:36.0241 1044 BFE - ok
23:40:36.0600 1044 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys
23:40:36.0615 1044 BHDrvx64 - ok
23:40:36.0865 1044 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
23:40:36.0881 1044 BITS - ok
23:40:36.0990 1044 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:40:37.0005 1044 blbdrive - ok
23:40:37.0130 1044 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:40:37.0161 1044 Bonjour Service - ok
23:40:37.0224 1044 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:40:37.0224 1044 bowser - ok
23:40:37.0255 1044 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:40:37.0255 1044 BrFiltLo - ok
23:40:37.0271 1044 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:40:37.0271 1044 BrFiltUp - ok
23:40:37.0317 1044 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:40:37.0317 1044 BridgeMP - ok
23:40:37.0411 1044 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:40:37.0411 1044 Browser - ok
23:40:37.0505 1044 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:40:37.0520 1044 Brserid - ok
23:40:37.0567 1044 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:40:37.0567 1044 BrSerWdm - ok
23:40:37.0598 1044 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:40:37.0598 1044 BrUsbMdm - ok
23:40:37.0614 1044 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:40:37.0629 1044 BrUsbSer - ok
23:40:37.0645 1044 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:40:37.0645 1044 BTHMODEM - ok
23:40:37.0739 1044 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:40:37.0739 1044 bthserv - ok
23:40:37.0879 1044 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys
23:40:37.0879 1044 ccSet_NIS - ok
23:40:37.0926 1044 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:40:37.0926 1044 cdfs - ok
23:40:38.0004 1044 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:40:38.0004 1044 cdrom - ok
23:40:38.0082 1044 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:40:38.0082 1044 CertPropSvc - ok
23:40:38.0207 1044 CinemaNow Service (127d4d0e9f78834ffd1eeea3fcfb47c1) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
23:40:38.0207 1044 CinemaNow Service - ok
23:40:38.0253 1044 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:40:38.0253 1044 circlass - ok
23:40:38.0347 1044 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:40:38.0363 1044 CLFS - ok
23:40:38.0472 1044 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:40:38.0472 1044 clr_optimization_v2.0.50727_32 - ok
23:40:38.0581 1044 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:40:38.0581 1044 clr_optimization_v2.0.50727_64 - ok
23:40:38.0706 1044 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:40:38.0721 1044 clr_optimization_v4.0.30319_32 - ok
23:40:38.0815 1044 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:40:38.0831 1044 clr_optimization_v4.0.30319_64 - ok
23:40:38.0924 1044 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:40:38.0924 1044 CmBatt - ok
23:40:38.0971 1044 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:40:38.0971 1044 cmdide - ok
23:40:39.0049 1044 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:40:39.0049 1044 CNG - ok
23:40:39.0252 1044 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
23:40:39.0267 1044 Com4QLBEx - ok
23:40:39.0314 1044 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:40:39.0314 1044 Compbatt - ok
23:40:39.0392 1044 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:40:39.0392 1044 CompositeBus - ok
23:40:39.0439 1044 COMSysApp - ok
23:40:39.0470 1044 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:40:39.0470 1044 crcdisk - ok
23:40:39.0548 1044 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
23:40:39.0564 1044 CryptSvc - ok
23:40:39.0657 1044 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
23:40:39.0657 1044 CSC - ok
23:40:39.0767 1044 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
23:40:39.0782 1044 CscService - ok
23:40:39.0891 1044 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:40:39.0891 1044 DcomLaunch - ok
23:40:39.0985 1044 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:40:39.0985 1044 defragsvc - ok
23:40:40.0110 1044 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:40:40.0110 1044 DfsC - ok
23:40:40.0219 1044 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:40:40.0235 1044 Dhcp - ok
23:40:40.0297 1044 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:40:40.0297 1044 discache - ok
23:40:40.0359 1044 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:40:40.0359 1044 Disk - ok
23:40:40.0422 1044 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:40:40.0437 1044 Dnscache - ok
23:40:40.0515 1044 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:40:40.0531 1044 dot3svc - ok
23:40:40.0609 1044 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
23:40:40.0625 1044 Dot4 - ok
23:40:40.0687 1044 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:40:40.0687 1044 Dot4Print - ok
23:40:40.0703 1044 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
23:40:40.0703 1044 dot4usb - ok
23:40:40.0781 1044 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:40:40.0781 1044 DPS - ok
23:40:40.0874 1044 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:40:40.0874 1044 drmkaud - ok
23:40:40.0983 1044 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:40:40.0999 1044 DXGKrnl - ok
23:40:41.0077 1044 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:40:41.0077 1044 EapHost - ok
23:40:41.0327 1044 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:40:41.0389 1044 ebdrv - ok
23:40:41.0592 1044 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
23:40:41.0607 1044 eeCtrl - ok
23:40:41.0810 1044 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:40:41.0810 1044 EFS - ok
23:40:41.0951 1044 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:40:41.0966 1044 ehRecvr - ok
23:40:42.0029 1044 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:40:42.0044 1044 ehSched - ok
23:40:42.0169 1044 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:40:42.0200 1044 elxstor - ok
23:40:42.0278 1044 enecir (3a70dc8951b995c73a22b9a23210833e) C:\Windows\system32\DRIVERS\enecir.sys
23:40:42.0278 1044 enecir - ok
23:40:42.0434 1044 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:40:42.0434 1044 EraserUtilRebootDrv - ok
23:40:42.0512 1044 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:40:42.0512 1044 ErrDev - ok
23:40:42.0606 1044 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:40:42.0621 1044 EventSystem - ok
23:40:42.0653 1044 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:40:42.0668 1044 exfat - ok
23:40:42.0699 1044 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:40:42.0715 1044 fastfat - ok
23:40:42.0824 1044 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:40:42.0840 1044 Fax - ok
23:40:42.0855 1044 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:40:42.0855 1044 fdc - ok
23:40:42.0933 1044 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:40:42.0933 1044 fdPHost - ok
23:40:42.0980 1044 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:40:42.0980 1044 FDResPub - ok
23:40:43.0027 1044 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:40:43.0027 1044 FileInfo - ok
23:40:43.0027 1044 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:40:43.0027 1044 Filetrace - ok
23:40:43.0261 1044 Fitbit (d4c0e5c287aad7ff3176731a310ab2af) C:\Program Files (x86)\Fitbit\fitbit.exe
23:40:43.0277 1044 Fitbit - ok
23:40:43.0417 1044 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:40:43.0448 1044 FLEXnet Licensing Service - ok
23:40:43.0620 1044 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:40:43.0620 1044 flpydisk - ok
23:40:43.0698 1044 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:40:43.0713 1044 FltMgr - ok
23:40:43.0838 1044 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:40:43.0885 1044 FontCache - ok
23:40:44.0088 1044 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:40:44.0088 1044 FontCache3.0.0.0 - ok
23:40:44.0103 1044 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:40:44.0119 1044 FsDepends - ok
23:40:44.0197 1044 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:40:44.0197 1044 Fs_Rec - ok
23:40:44.0322 1044 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:40:44.0337 1044 fvevol - ok
23:40:44.0400 1044 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:40:44.0400 1044 gagp30kx - ok
23:40:44.0587 1044 GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
23:40:44.0603 1044 GameConsoleService - ok
23:40:44.0665 1044 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:40:44.0665 1044 GEARAspiWDM - ok
23:40:44.0774 1044 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:40:44.0790 1044 gpsvc - ok
23:40:44.0930 1044 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:40:44.0930 1044 gupdate - ok
23:40:44.0977 1044 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:40:44.0977 1044 gupdatem - ok
23:40:45.0008 1044 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:40:45.0024 1044 gusvc - ok
23:40:45.0071 1044 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:40:45.0071 1044 hcw85cir - ok
23:40:45.0149 1044 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
23:40:45.0164 1044 HdAudAddService - ok
23:40:45.0242 1044 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:40:45.0242 1044 HDAudBus - ok
23:40:45.0289 1044 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:40:45.0289 1044 HidBatt - ok
23:40:45.0305 1044 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:40:45.0305 1044 HidBth - ok
23:40:45.0351 1044 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:40:45.0351 1044 HidIr - ok
23:40:45.0414 1044 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:40:45.0414 1044 hidserv - ok
23:40:45.0492 1044 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
23:40:45.0492 1044 HidUsb - ok
23:40:45.0554 1044 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:40:45.0554 1044 hkmsvc - ok
23:40:45.0648 1044 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:40:45.0648 1044 HomeGroupListener - ok
23:40:45.0710 1044 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:40:45.0726 1044 HomeGroupProvider - ok
23:40:45.0913 1044 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
23:40:45.0913 1044 HP Health Check Service - ok
23:40:45.0960 1044 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
23:40:45.0960 1044 hpdskflt - ok
23:40:46.0085 1044 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
23:40:46.0116 1044 hpqcxs08 - ok
23:40:46.0131 1044 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
23:40:46.0131 1044 hpqddsvc - ok
23:40:46.0209 1044 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
23:40:46.0209 1044 HpqKbFiltr - ok
23:40:46.0303 1044 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
23:40:46.0319 1044 hpqwmiex - ok
23:40:46.0397 1044 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:40:46.0397 1044 HpSAMD - ok
23:40:46.0443 1044 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
23:40:46.0443 1044 hpsrv - ok
23:40:46.0568 1044 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:40:46.0584 1044 HTTP - ok
23:40:46.0631 1044 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:40:46.0646 1044 hwpolicy - ok
23:40:46.0709 1044 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:40:46.0709 1044 i8042prt - ok
23:40:46.0849 1044 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:40:46.0849 1044 iaStorV - ok
23:40:47.0005 1044 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:40:47.0021 1044 IDriverT - ok
23:40:47.0270 1044 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:40:47.0286 1044 idsvc - ok
23:40:47.0567 1044 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120622.001\IDSvia64.sys
23:40:47.0582 1044 IDSVia64 - ok
23:40:47.0785 1044 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:40:47.0785 1044 iirsp - ok
23:40:47.0894 1044 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:40:47.0910 1044 IKEEXT - ok
23:40:47.0957 1044 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:40:47.0972 1044 intelide - ok
23:40:48.0019 1044 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:40:48.0019 1044 intelppm - ok
23:40:48.0191 1044 IntuitUpdateService (1a263bd87c082fa7ab38093014c8fc79) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
23:40:48.0191 1044 IntuitUpdateService - ok
23:40:48.0269 1044 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:40:48.0269 1044 IPBusEnum - ok
23:40:48.0316 1044 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:40:48.0316 1044 IpFilterDriver - ok
23:40:48.0394 1044 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:40:48.0409 1044 iphlpsvc - ok
23:40:48.0487 1044 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:40:48.0487 1044 IPMIDRV - ok
23:40:48.0581 1044 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:40:48.0581 1044 IPNAT - ok
23:40:48.0784 1044 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
23:40:48.0799 1044 iPod Service - ok
23:40:48.0846 1044 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:40:48.0846 1044 IRENUM - ok
23:40:48.0924 1044 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:40:48.0924 1044 isapnp - ok
23:40:49.0002 1044 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:40:49.0018 1044 iScsiPrt - ok
23:40:49.0111 1044 ivusb (5922922b27a57247aa62f5ab1a59af7c) C:\Windows\system32\DRIVERS\ivusb.sys
23:40:49.0111 1044 ivusb - ok
23:40:49.0189 1044 JMCR (bb86b1c3489463bba1fd04c876dbe414) C:\Windows\system32\DRIVERS\jmcr.sys
23:40:49.0189 1044 JMCR - ok
23:40:49.0236 1044 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:40:49.0236 1044 kbdclass - ok
23:40:49.0298 1044 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:40:49.0314 1044 kbdhid - ok
23:40:49.0392 1044 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:40:49.0392 1044 KeyIso - ok
23:40:49.0579 1044 KSafeSvc (e02d49dd5aa37d29c15b5f5f28a58ad6) C:\Program files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe
23:40:49.0595 1044 KSafeSvc - ok
23:40:49.0610 1044 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:40:49.0610 1044 KSecDD - ok
23:40:49.0642 1044 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:40:49.0657 1044 KSecPkg - ok
23:40:49.0688 1044 ksfmonsys (74ab53c41b5cc352ae6b09138f46297a) C:\Program files (x86)\Kingsoft\PCDoctor\ksfmonsys64.sys
23:40:49.0688 1044 ksfmonsys - ok
23:40:49.0751 1044 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:40:49.0751 1044 ksthunk - ok
23:40:49.0844 1044 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:40:49.0860 1044 KtmRm - ok
23:40:49.0938 1044 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
23:40:49.0954 1044 LanmanServer - ok
23:40:50.0063 1044 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:40:50.0063 1044 LanmanWorkstation - ok
23:40:50.0203 1044 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
23:40:50.0203 1044 LBTServ - ok
23:40:50.0281 1044 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
23:40:50.0281 1044 LHidFilt - ok
23:40:50.0406 1044 LightScribeService (9188d073cd14f886790d6037d1986063) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
23:40:50.0406 1044 LightScribeService - ok
23:40:50.0453 1044 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:40:50.0453 1044 lltdio - ok
23:40:50.0546 1044 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:40:50.0562 1044 lltdsvc - ok
23:40:50.0578 1044 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:40:50.0578 1044 lmhosts - ok
23:40:50.0578 1044 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
23:40:50.0578 1044 LMouFilt - ok
23:40:50.0687 1044 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:40:50.0687 1044 LSI_FC - ok
23:40:50.0718 1044 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:40:50.0718 1044 LSI_SAS - ok
23:40:50.0734 1044 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:40:50.0734 1044 LSI_SAS2 - ok
23:40:50.0796 1044 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:40:50.0796 1044 LSI_SCSI - ok
23:40:50.0796 1044 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:40:50.0812 1044 luafv - ok
23:40:50.0874 1044 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:40:50.0874 1044 Mcx2Svc - ok
23:40:50.0968 1044 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
23:40:50.0983 1044 MDM - ok
23:40:51.0030 1044 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:40:51.0030 1044 megasas - ok
23:40:51.0061 1044 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:40:51.0077 1044 MegaSR - ok
23:40:51.0124 1044 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:40:51.0139 1044 MMCSS - ok
23:40:51.0170 1044 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:40:51.0170 1044 Modem - ok
23:40:51.0202 1044 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:40:51.0202 1044 monitor - ok
23:40:51.0264 1044 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
23:40:51.0264 1044 mouclass - ok
23:40:51.0264 1044 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:40:51.0264 1044 mouhid - ok
23:40:51.0342 1044 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:40:51.0342 1044 mountmgr - ok
23:40:51.0436 1044 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:40:51.0436 1044 MozillaMaintenance - ok
23:40:51.0498 1044 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:40:51.0498 1044 mpio - ok
23:40:51.0514 1044 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:40:51.0514 1044 mpsdrv - ok
23:40:51.0576 1044 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:40:51.0576 1044 MRxDAV - ok
23:40:51.0638 1044 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:40:51.0638 1044 mrxsmb - ok
23:40:51.0716 1044 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:40:51.0716 1044 mrxsmb10 - ok
23:40:51.0732 1044 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:40:51.0732 1044 mrxsmb20 - ok
23:40:51.0810 1044 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:40:51.0810 1044 msahci - ok
23:40:51.0841 1044 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:40:51.0841 1044 msdsm - ok
23:40:51.0919 1044 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:40:51.0919 1044 MSDTC - ok
23:40:51.0966 1044 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:40:51.0966 1044 Msfs - ok
23:40:52.0013 1044 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:40:52.0013 1044 mshidkmdf - ok
23:40:52.0060 1044 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:40:52.0060 1044 msisadrv - ok
23:40:52.0122 1044 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:40:52.0122 1044 MSiSCSI - ok
23:40:52.0122 1044 msiserver - ok
23:40:52.0153 1044 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:40:52.0153 1044 MSKSSRV - ok
23:40:52.0216 1044 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:40:52.0216 1044 MSPCLOCK - ok
23:40:52.0231 1044 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:40:52.0231 1044 MSPQM - ok
23:40:52.0309 1044 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:40:52.0325 1044 MsRPC - ok
23:40:52.0356 1044 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:40:52.0356 1044 mssmbios - ok
23:40:52.0528 1044 MSSQL$SQLEXPRESS - ok
23:40:52.0637 1044 MSSQLSERVER - ok
23:40:52.0762 1044 MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
23:40:52.0762 1044 MSSQLServerADHelper100 - ok
23:40:52.0808 1044 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:40:52.0808 1044 MSTEE - ok
23:40:52.0855 1044 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:40:52.0855 1044 MTConfig - ok
23:40:52.0918 1044 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:40:52.0918 1044 Mup - ok
23:40:53.0011 1044 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:40:53.0027 1044 napagent - ok
23:40:53.0120 1044 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:40:53.0136 1044 NativeWifiP - ok
23:40:53.0339 1044 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120622.033\ENG64.SYS
23:40:53.0339 1044 NAVENG - ok
23:40:53.0542 1044 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120622.033\EX64.SYS
23:40:53.0604 1044 NAVEX15 - ok
23:40:53.0900 1044 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:40:53.0916 1044 NDIS - ok
23:40:53.0978 1044 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:40:53.0978 1044 NdisCap - ok
23:40:54.0025 1044 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:40:54.0025 1044 NdisTapi - ok
23:40:54.0103 1044 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:40:54.0119 1044 Ndisuio - ok
23:40:54.0181 1044 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:40:54.0197 1044 NdisWan - ok
23:40:54.0259 1044 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:40:54.0259 1044 NDProxy - ok
23:40:54.0353 1044 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
23:40:54.0353 1044 Net Driver HPZ12 - ok
23:40:54.0384 1044 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:40:54.0384 1044 NetBIOS - ok
23:40:54.0478 1044 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:40:54.0478 1044 NetBT - ok
23:40:54.0571 1044 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:40:54.0571 1044 Netlogon - ok
23:40:54.0665 1044 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:40:54.0680 1044 Netman - ok
23:40:54.0899 1044 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:40:54.0899 1044 NetMsmqActivator - ok
23:40:54.0946 1044 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:40:54.0946 1044 NetPipeActivator - ok
23:40:55.0024 1044 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:40:55.0024 1044 netprofm - ok
23:40:55.0039 1044 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:40:55.0039 1044 NetTcpActivator - ok
23:40:55.0039 1044 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:40:55.0039 1044 NetTcpPortSharing - ok
23:40:55.0148 1044 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:40:55.0148 1044 nfrd960 - ok
23:40:55.0336 1044 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
23:40:55.0336 1044 NIS - ok
23:40:55.0429 1044 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:40:55.0445 1044 NlaSvc - ok
23:40:55.0554 1044 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
23:40:55.0570 1044 nmservice - ok
23:40:55.0975 1044 NOBU (320b4e93d733fac1afe53f53a1a12354) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
23:40:56.0084 1044 NOBU - ok
23:40:56.0303 1044 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:40:56.0303 1044 Npfs - ok
23:40:56.0381 1044 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:40:56.0381 1044 nsi - ok
23:40:56.0381 1044 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:40:56.0381 1044 nsiproxy - ok
23:40:56.0568 1044 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:40:56.0599 1044 Ntfs - ok
23:40:56.0677 1044 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:40:56.0677 1044 Null - ok
23:40:56.0771 1044 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:40:56.0771 1044 nvraid - ok
23:40:56.0849 1044 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:40:56.0864 1044 nvstor - ok
23:40:56.0942 1044 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:40:56.0942 1044 nv_agp - ok
23:40:57.0161 1044 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:40:57.0176 1044 odserv - ok
23:40:57.0239 1044 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:40:57.0239 1044 ohci1394 - ok
23:40:57.0317 1044 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:40:57.0317 1044 ose - ok
23:40:57.0785 1044 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:40:57.0894 1044 osppsvc - ok
23:40:58.0112 1044 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:40:58.0112 1044 p2pimsvc - ok
23:40:58.0206 1044 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:40:58.0222 1044 p2psvc - ok
23:40:58.0315 1044 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:40:58.0315 1044 Parport - ok
23:40:58.0549 1044 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:40:58.0596 1044 partmgr - ok
23:40:58.0612 1044 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:40:58.0627 1044 PcaSvc - ok
23:40:58.0705 1044 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:40:58.0721 1044 pci - ok
23:40:58.0736 1044 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:40:58.0736 1044 pciide - ok
23:40:58.0768 1044 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:40:58.0783 1044 pcmcia - ok
23:40:58.0830 1044 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:40:58.0830 1044 pcw - ok
23:40:58.0892 1044 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:40:58.0908 1044 PEAUTH - ok
23:40:59.0033 1044 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
23:40:59.0080 1044 PeerDistSvc - ok
23:40:59.0220 1044 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:40:59.0220 1044 PerfHost - ok
23:40:59.0470 1044 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:40:59.0501 1044 pla - ok
23:40:59.0594 1044 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:40:59.0610 1044 PlugPlay - ok
23:40:59.0828 1044 PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
23:40:59.0844 1044 PMBDeviceInfoProvider - ok
23:40:59.0906 1044 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
23:40:59.0906 1044 Pml Driver HPZ12 - ok
23:41:00.0000 1044 pnarp (f1965ae69fdb4c6d9ffeceb2c12f7898) C:\Windows\system32\DRIVERS\pnarp.sys
23:41:00.0000 1044 pnarp - ok
23:41:00.0078 1044 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:41:00.0078 1044 PNRPAutoReg - ok
23:41:00.0109 1044 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:41:00.0109 1044 PNRPsvc - ok
23:41:00.0203 1044 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:41:00.0218 1044 PolicyAgent - ok
23:41:00.0281 1044 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:41:00.0281 1044 Power - ok
23:41:00.0343 1044 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:41:00.0359 1044 PptpMiniport - ok
23:41:00.0406 1044 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:41:00.0421 1044 Processor - ok
23:41:00.0499 1044 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
23:41:00.0515 1044 ProfSvc - ok
23:41:00.0577 1044 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:41:00.0577 1044 ProtectedStorage - ok
23:41:00.0702 1044 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:41:00.0702 1044 Psched - ok
23:41:00.0827 1044 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
23:41:00.0842 1044 PSI_SVC_2 - ok
23:41:00.0905 1044 purendis (ec7333fc339fc6a1f9bb3e50ad9b13c6) C:\Windows\system32\DRIVERS\purendis.sys
23:41:00.0905 1044 purendis - ok
23:41:00.0952 1044 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:41:00.0952 1044 PxHlpa64 - ok
23:41:01.0123 1044 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:41:01.0170 1044 ql2300 - ok
23:41:01.0388 1044 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:41:01.0388 1044 ql40xx - ok
23:41:01.0669 1044 QPCapSvc (026d1fa4033b82f18b99e44351d7e82e) C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
23:41:01.0685 1044 QPCapSvc - ok
23:41:01.0794 1044 QPSched (7697bca450eae30a6cdb98898239e8b7) C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
23:41:01.0794 1044 QPSched - ok
23:41:01.0888 1044 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:41:01.0888 1044 QWAVE - ok
23:41:01.0934 1044 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:41:01.0950 1044 QWAVEdrv - ok
23:41:01.0997 1044 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:41:01.0997 1044 RasAcd - ok
23:41:02.0075 1044 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:41:02.0075 1044 RasAgileVpn - ok
23:41:02.0137 1044 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:41:02.0137 1044 RasAuto - ok
23:41:02.0184 1044 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:41:02.0184 1044 Rasl2tp - ok
23:41:02.0262 1044 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:41:02.0278 1044 RasMan - ok
23:41:02.0278 1044 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:41:02.0278 1044 RasPppoe - ok
23:41:02.0309 1044 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:41:02.0324 1044 RasSstp - ok
23:41:02.0402 1044 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:41:02.0418 1044 rdbss - ok
23:41:02.0434 1044 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:41:02.0434 1044 rdpbus - ok
23:41:02.0449 1044 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:41:02.0449 1044 RDPCDD - ok
23:41:02.0543 1044 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
23:41:02.0558 1044 RDPDR - ok
23:41:02.0621 1044 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:41:02.0636 1044 RDPENCDD - ok
23:41:02.0668 1044 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:41:02.0668 1044 RDPREFMP - ok
23:41:02.0761 1044 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
23:41:02.0761 1044 RdpVideoMiniport - ok
23:41:02.0808 1044 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
23:41:02.0808 1044 RDPWD - ok
23:41:02.0839 1044 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:41:02.0855 1044 rdyboost - ok
23:41:02.0933 1044 Recovery Service for Windows (b9570481a1babcc4a9e941c553596077) C:\Windows\SMINST\BLService.exe
23:41:02.0964 1044 Recovery Service for Windows - ok
23:41:03.0042 1044 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:41:03.0042 1044 RemoteAccess - ok
23:41:03.0104 1044 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:41:03.0104 1044 RemoteRegistry - ok
23:41:03.0292 1044 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
23:41:03.0307 1044 RichVideo - ok
23:41:03.0354 1044 Roxio UPnP Renderer 11 - ok
23:41:03.0526 1044 RoxMediaDB12 (ff578453d3b3adaab22d7151d7f9e592) C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
23:41:03.0572 1044 RoxMediaDB12 - ok
23:41:03.0697 1044 RoxWatch12 (71b38b8df1a9b55fc0fb64958cc7b9dd) C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
23:41:03.0713 1044 RoxWatch12 - ok
23:41:03.0916 1044 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:41:03.0916 1044 RpcEptMapper - ok
23:41:03.0994 1044 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:41:03.0994 1044 RpcLocator - ok
23:41:04.0087 1044 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:41:04.0103 1044 RpcSs - ok
23:41:04.0243 1044 RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\Windows\system32\DRIVERS\RsFx0150.sys
23:41:04.0259 1044 RsFx0150 - ok
23:41:04.0321 1044 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:41:04.0337 1044 rspndr - ok
23:41:04.0399 1044 RTL8169 (170a66dfaaa22358e08d6f4b38c8f3df) C:\Windows\system32\DRIVERS\Rtlh64.sys
23:41:04.0415 1044 RTL8169 - ok
23:41:04.0462 1044 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
23:41:04.0462 1044 s3cap - ok
23:41:04.0524 1044 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:41:04.0524 1044 SamSs - ok
23:41:04.0571 1044 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:41:04.0571 1044 sbp2port - ok
23:41:04.0633 1044 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:41:04.0649 1044 SCardSvr - ok
23:41:04.0696 1044 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:41:04.0696 1044 scfilter - ok
23:41:04.0820 1044 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:41:04.0852 1044 Schedule - ok
23:41:04.0914 1044 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:41:04.0914 1044 SCPolicySvc - ok
23:41:04.0945 1044 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:41:04.0961 1044 SDRSVC - ok
23:41:05.0070 1044 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:41:05.0070 1044 secdrv - ok
23:41:05.0117 1044 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:41:05.0117 1044 seclogon - ok
23:41:05.0164 1044 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:41:05.0179 1044 SENS - ok
23:41:05.0195 1044 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:41:05.0210 1044 SensrSvc - ok
23:41:05.0226 1044 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:41:05.0226 1044 Serenum - ok
23:41:05.0288 1044 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:41:05.0288 1044 Serial - ok
23:41:05.0335 1044 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:41:05.0335 1044 sermouse - ok
23:41:05.0398 1044 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:41:05.0413 1044 SessionEnv - ok
23:41:05.0476 1044 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:41:05.0476 1044 sffdisk - ok
23:41:05.0507 1044 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:41:05.0522 1044 sffp_mmc - ok
23:41:05.0522 1044 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:41:05.0522 1044 sffp_sd - ok
23:41:05.0554 1044 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:41:05.0554 1044 sfloppy - ok
23:41:05.0647 1044 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:41:05.0663 1044 ShellHWDetection - ok
23:41:05.0710 1044 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:41:05.0710 1044 SiSRaid2 - ok
23:41:05.0756 1044 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:41:05.0756 1044 SiSRaid4 - ok
23:41:05.0834 1044 SIUSBXP (4c9f8e72f87f50a6125aaa31b63b2d18) C:\Windows\system32\drivers\SiUSBXp.sys
23:41:05.0834 1044 SIUSBXP - ok
23:41:05.0944 1044 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys
23:41:05.0944 1044 SmartDefragDriver - ok
23:41:06.0006 1044 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:41:06.0006 1044 Smb - ok
23:41:06.0100 1044 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:41:06.0100 1044 SNMPTRAP - ok
23:41:06.0224 1044 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
23:41:06.0224 1044 Sony SCSI Helper Service - ok
23:41:06.0256 1044 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:41:06.0256 1044 spldr - ok
23:41:06.0349 1044 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:41:06.0365 1044 Spooler - ok
23:41:06.0646 1044 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:41:06.0708 1044 sppsvc - ok
23:41:06.0895 1044 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:41:06.0895 1044 sppuinotify - ok
23:41:07.0129 1044 SQLAgent$SQLEXPRESS (bea7fea5bb31eb58d78971f821ae6844) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
23:41:07.0145 1044 SQLAgent$SQLEXPRESS - ok
23:41:07.0332 1044 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
23:41:07.0348 1044 SQLBrowser - ok
23:41:07.0488 1044 SQLSERVERAGENT (bea7fea5bb31eb58d78971f821ae6844) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
23:41:07.0535 1044 SQLSERVERAGENT - ok
23:41:07.0675 1044 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
23:41:07.0675 1044 SQLWriter - ok
23:41:08.0018 1044 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS
23:41:08.0034 1044 SRTSP - ok
23:41:08.0096 1044 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS
23:41:08.0096 1044 SRTSPX - ok
23:41:08.0190 1044 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:41:08.0206 1044 srv - ok
23:41:08.0252 1044 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:41:08.0252 1044 srv2 - ok
23:41:08.0268 1044 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:41:08.0284 1044 srvnet - ok
23:41:08.0362 1044 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:41:08.0377 1044 SSDPSRV - ok
23:41:08.0393 1044 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:41:08.0393 1044 SstpSvc - ok
23:41:08.0564 1044 STacSV (7595d53ee8e8b0baa9a2ddde867ebb0c) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
23:41:08.0580 1044 STacSV - ok
23:41:08.0611 1044 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:41:08.0611 1044 stexstor - ok
23:41:08.0720 1044 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
23:41:08.0736 1044 STHDA - ok
23:41:08.0830 1044 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:41:08.0845 1044 stisvc - ok
23:41:08.0908 1044 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
23:41:08.0908 1044 storflt - ok
23:41:08.0970 1044 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
23:41:08.0986 1044 storvsc - ok
23:41:09.0110 1044 SureThing Labelflash service (2f39213b1638c4089017a536e5ca2cc8) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
23:41:09.0110 1044 SureThing Labelflash service - ok
23:41:09.0126 1044 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:41:09.0142 1044 swenum - ok
23:41:09.0313 1044 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:41:09.0329 1044 SwitchBoard - ok
23:41:09.0422 1044 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:41:09.0454 1044 swprv - ok
23:41:09.0610 1044 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS
23:41:09.0625 1044 SymDS - ok
23:41:09.0750 1044 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS
23:41:09.0750 1044 SymEFA - ok
23:41:09.0828 1044 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
23:41:09.0844 1044 SymEvent - ok
23:41:09.0859 1044 SYMFW - ok
23:41:09.0984 1044 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS
23:41:09.0984 1044 SymIRON - ok
23:41:10.0015 1044 SYMNDISV - ok
23:41:10.0093 1044 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS
23:41:10.0093 1044 SymNetS - ok
23:41:10.0124 1044 Synth3dVsc - ok
23:41:10.0218 1044 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
23:41:10.0234 1044 SynTP - ok
23:41:10.0421 1044 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:41:10.0452 1044 SysMain - ok
23:41:10.0639 1044 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:41:10.0639 1044 TabletInputService - ok
23:41:10.0717 1044 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:41:10.0733 1044 TapiSrv - ok
23:41:10.0811 1044 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:41:10.0811 1044 TBS - ok
23:41:11.0060 1044 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:41:11.0092 1044 Tcpip - ok
23:41:11.0341 1044 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:41:11.0357 1044 TCPIP6 - ok
23:41:11.0450 1044 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:41:11.0450 1044 tcpipreg - ok
23:41:11.0513 1044 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:41:11.0528 1044 TDPIPE - ok
23:41:11.0575 1044 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:41:11.0575 1044 TDTCP - ok
23:41:11.0638 1044 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:41:11.0638 1044 tdx - ok
23:41:11.0716 1044 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:41:11.0716 1044 TermDD - ok
23:41:11.0825 1044 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:41:11.0840 1044 TermService - ok
23:41:11.0918 1044 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:41:11.0918 1044 Themes - ok
23:41:11.0981 1044 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:41:11.0981 1044 THREADORDER - ok
23:41:11.0996 1044 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:41:11.0996 1044 TrkWks - ok
23:41:12.0121 1044 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:41:12.0137 1044 TrustedInstaller - ok
23:41:12.0184 1044 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:41:12.0199 1044 tssecsrv - ok
23:41:12.0246 1044 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:41:12.0246 1044 TsUsbFlt - ok
23:41:12.0277 1044 tsusbhub - ok
23:41:12.0324 1044 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:41:12.0340 1044 tunnel - ok
23:41:12.0386 1044 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:41:12.0386 1044 uagp35 - ok
23:41:12.0433 1044 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:41:12.0449 1044 udfs - ok
23:41:12.0511 1044 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:41:12.0511 1044 UI0Detect - ok
23:41:12.0574 1044 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:41:12.0574 1044 uliagpkx - ok
23:41:12.0761 1044 UltiDev Cassini Web Server for ASP.NET 2.0 (bee8c1f7838a1d69d5e5a36a3efbd722) C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
23:41:12.0776 1044 UltiDev Cassini Web Server for ASP.NET 2.0 - ok
23:41:12.0823 1044 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:41:12.0823 1044 umbus - ok
23:41:12.0870 1044 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:41:12.0870 1044 UmPass - ok
23:41:12.0948 1044 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
23:41:12.0964 1044 UmRdpService - ok
23:41:12.0995 1044 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:41:13.0010 1044 upnphost - ok
23:41:13.0088 1044 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
23:41:13.0088 1044 USBAAPL64 - ok
23:41:13.0120 1044 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:41:13.0135 1044 usbccgp - ok
23:41:13.0198 1044 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:41:13.0198 1044 usbcir - ok
23:41:13.0229 1044 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:41:13.0229 1044 usbehci - ok
23:41:13.0307 1044 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:41:13.0322 1044 usbhub - ok
23:41:13.0354 1044 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
23:41:13.0354 1044 usbohci - ok
23:41:13.0432 1044 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:41:13.0432 1044 usbprint - ok
23:41:13.0525 1044 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:41:13.0525 1044 usbscan - ok
23:41:13.0588 1044 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:41:13.0588 1044 USBSTOR - ok
23:41:13.0603 1044 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
23:41:13.0603 1044 usbuhci - ok
23:41:13.0712 1044 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
23:41:13.0728 1044 usbvideo - ok
23:41:13.0790 1044 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:41:13.0790 1044 UxSms - ok
23:41:13.0853 1044 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:41:13.0853 1044 VaultSvc - ok
23:41:13.0931 1044 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:41:13.0931 1044 vdrvroot - ok
23:41:14.0024 1044 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:41:14.0040 1044 vds - ok
23:41:14.0087 1044 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:41:14.0087 1044 vga - ok
23:41:14.0118 1044 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:41:14.0118 1044 VgaSave - ok
23:41:14.0149 1044 VGPU - ok
23:41:14.0165 1044 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:41:14.0165 1044 vhdmp - ok
23:41:14.0227 1044 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:41:14.0227 1044 viaide - ok
23:41:14.0305 1044 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
23:41:14.0321 1044 vmbus - ok
23:41:14.0383 1044 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
23:41:14.0383 1044 VMBusHID - ok
23:41:14.0414 1044 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:41:14.0414 1044 volmgr - ok
23:41:14.0492 1044 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:41:14.0539 1044 volmgrx - ok
23:41:14.0570 1044 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:41:14.0570 1044 volsnap - ok
23:41:14.0648 1044 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:41:14.0648 1044 vsmraid - ok
23:41:14.0804 1044 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:41:14.0851 1044 VSS - ok
23:41:15.0054 1044 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:41:15.0054 1044 vwifibus - ok
23:41:15.0070 1044 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:41:15.0070 1044 vwififlt - ok
23:41:15.0132 1044 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:41:15.0132 1044 vwifimp - ok
23:41:15.0210 1044 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:41:15.0226 1044 W32Time - ok
23:41:15.0272 1044 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:41:15.0272 1044 WacomPen - ok
23:41:15.0350 1044 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:41:15.0350 1044 WANARP - ok
23:41:15.0350 1044 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:41:15.0350 1044 Wanarpv6 - ok
23:41:15.0569 1044 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:41:15.0616 1044 WatAdminSvc - ok
23:41:15.0787 1044 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:41:15.0818 1044 wbengine - ok
23:41:16.0006 1044 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:41:16.0021 1044 WbioSrvc - ok
23:41:16.0115 1044 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:41:16.0130 1044 wcncsvc - ok
23:41:16.0130 1044 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:41:16.0130 1044 WcsPlugInService - ok
23:41:16.0224 1044 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:41:16.0240 1044 Wd - ok
23:41:16.0286 1044 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
23:41:16.0302 1044 WDC_SAM - ok
23:41:16.0349 1044 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:41:16.0364 1044 Wdf01000 - ok
23:41:16.0380 1044 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:41:16.0380 1044 WdiServiceHost - ok
23:41:16.0380 1044 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:41:16.0380 1044 WdiSystemHost - ok
23:41:16.0474 1044 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:41:16.0474 1044 WebClient - ok
23:41:16.0630 1044 WebUpdate4 (6f02ec5d4f00671879f1672c107219c0) C:\Windows\SysWOW64\WebUpdateSvc4.exe
23:41:16.0645 1044 WebUpdate4 - ok
23:41:16.0676 1044 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:41:16.0692 1044 Wecsvc - ok
23:41:16.0708 1044 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:41:16.0708 1044 wercplsupport - ok
23:41:16.0754 1044 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:41:16.0754 1044 WerSvc - ok
23:41:16.0848 1044 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:41:16.0848 1044 WfpLwf - ok
23:41:16.0864 1044 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:41:16.0864 1044 WIMMount - ok
23:41:16.0957 1044 WinDefend - ok
23:41:16.0973 1044 WinHttpAutoProxySvc - ok
23:41:17.0082 1044 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:41:17.0098 1044 Winmgmt - ok
23:41:17.0300 1044 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:41:17.0347 1044 WinRM - ok
23:41:17.0581 1044 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:41:17.0581 1044 WinUsb - ok
23:41:17.0706 1044 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:41:17.0737 1044 Wlansvc - ok
23:41:18.0018 1044 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:41:18.0065 1044 wlidsvc - ok
23:41:18.0299 1044 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:41:18.0299 1044 WmiAcpi - ok
23:41:18.0408 1044 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:41:18.0424 1044 wmiApSrv - ok
23:41:18.0517 1044 WMPNetworkSvc - ok
23:41:18.0564 1044 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:41:18.0580 1044 WPCSvc - ok
23:41:18.0642 1044 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:41:18.0642 1044 WPDBusEnum - ok
23:41:18.0704 1044 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:41:18.0704 1044 ws2ifsl - ok
23:41:18.0782 1044 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:41:18.0782 1044 wscsvc - ok
23:41:18.0782 1044 WSearch - ok
23:41:19.0016 1044 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:41:19.0063 1044 wuauserv - ok
23:41:19.0297 1044 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:41:19.0297 1044 WudfPf - ok
23:41:19.0328 1044 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:41:19.0344 1044 WUDFRd - ok
23:41:19.0406 1044 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:41:19.0422 1044 wudfsvc - ok
23:41:19.0500 1044 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:41:19.0531 1044 WwanSvc - ok
23:41:19.0672 1044 ZentimoService (f5dcf9649ed20b07ab9161659e416f85) C:\Program Files (x86)\Zentimo\ZentimoService.exe
23:41:19.0687 1044 ZentimoService - ok
23:41:19.0796 1044 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:41:20.0093 1044 \Device\Harddisk0\DR0 - ok
23:41:20.0108 1044 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk2\DR2
23:41:20.0639 1044 \Device\Harddisk2\DR2 - ok
23:41:20.0639 1044 Boot (0x1200) (5e0cf5da6bd2f62ef110ab5536d73daa) \Device\Harddisk0\DR0\Partition0
23:41:20.0639 1044 \Device\Harddisk0\DR0\Partition0 - ok
23:41:20.0670 1044 Boot (0x1200) (374eb59e97862dbcc228df317090dee4) \Device\Harddisk0\DR0\Partition1
23:41:20.0670 1044 \Device\Harddisk0\DR0\Partition1 - ok
23:41:20.0701 1044 Boot (0x1200) (5482177d5b3c4de4e852ead8cf8fccdb) \Device\Harddisk2\DR2\Partition0
23:41:20.0701 1044 \Device\Harddisk2\DR2\Partition0 - ok
23:41:20.0701 1044 ============================================================
23:41:20.0701 1044 Scan finished
23:41:20.0701 1044 ============================================================
23:41:20.0717 1476 Detected object count: 0

aswMBRaswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 23:43:26
-----------------------------
23:43:26.609 OS Version: Windows x64 6.1.7601 Service Pack 1
23:43:26.609 Number of processors: 2 586 0x301
23:43:26.609 ComputerName: MICHAEL-HP UserName: Michael
23:43:29.542 Initialize success
23:44:22.411 AVAST engine defs: 12062301
23:45:04.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:45:04.484 Disk 0 Vendor: WDC_WD2500BEVT-60ZCT1 13.01A13 Size: 238475MB BusType: 11
23:45:04.531 Disk 0 MBR read successfully
23:45:04.562 Disk 0 MBR scan
23:45:04.562 Disk 0 Windows 7 default MBR code
23:45:04.562 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 227364 MB offset 63
23:45:04.609 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11107 MB offset 465643520
23:45:04.640 Disk 0 scanning C:\Windows\system32\drivers
23:45:19.585 Service scanning
23:46:13.920 Modules scanning
23:46:13.920 Disk 0 trace - called modules:
23:46:13.982 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:46:13.982 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c33060]
23:46:13.998 3 CLASSPNP.SYS[fffff88001a5b43f] -> nt!IofCallDriver -> [0xfffffa8004c32440]
23:46:13.998 5 hpdskflt.sys[fffff88001a3c189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004baf060]
23:46:14.872 AVAST engine scan C:\Windows
23:46:19.255 AVAST engine scan C:\Windows\system32
23:51:59.461 AVAST engine scan C:\Windows\system32\drivers
23:52:18.540 AVAST engine scan C:\Users\Michael
23:54:29.955 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
23:54:29.955 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 23:43:26
-----------------------------
23:43:26.609 OS Version: Windows x64 6.1.7601 Service Pack 1
23:43:26.609 Number of processors: 2 586 0x301
23:43:26.609 ComputerName: MICHAEL-HP UserName: Michael
23:43:29.542 Initialize success
23:44:22.411 AVAST engine defs: 12062301
23:45:04.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:45:04.484 Disk 0 Vendor: WDC_WD2500BEVT-60ZCT1 13.01A13 Size: 238475MB BusType: 11
23:45:04.531 Disk 0 MBR read successfully
23:45:04.562 Disk 0 MBR scan
23:45:04.562 Disk 0 Windows 7 default MBR code
23:45:04.562 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 227364 MB offset 63
23:45:04.609 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11107 MB offset 465643520
23:45:04.640 Disk 0 scanning C:\Windows\system32\drivers
23:45:19.585 Service scanning
23:46:13.920 Modules scanning
23:46:13.920 Disk 0 trace - called modules:
23:46:13.982 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:46:13.982 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c33060]
23:46:13.998 3 CLASSPNP.SYS[fffff88001a5b43f] -> nt!IofCallDriver -> [0xfffffa8004c32440]
23:46:13.998 5 hpdskflt.sys[fffff88001a3c189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004baf060]
23:46:14.872 AVAST engine scan C:\Windows
23:46:19.255 AVAST engine scan C:\Windows\system32
23:51:59.461 AVAST engine scan C:\Windows\system32\drivers
23:52:18.540 AVAST engine scan C:\Users\Michael
23:54:29.955 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
23:54:29.955 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"
02:57:28.886 AVAST engine scan C:\ProgramData
03:39:20.979 Scan finished successfully
10:18:28.082 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
10:18:28.113 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"

ESET:

C:\$RECYCLE.BIN\S-1-5-21-4178357238-683190084-4101743121-1000\$RBOMH4R.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-4178357238-683190084-4101743121-1000\$RCKEKT1.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-4178357238-683190084-4101743121-1000\$RXMGHA1.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000001.@ Win64/Sirefef.AI trojan cleaned by deleting - quarantined
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
xe a variant of Win32/Packed.Themida application deleted - quarantined


After running ESET, I ran Hitman Pro again; it still found the virus and was still unable to repair.

BC AdBot (Login to Remove)

 


#2 MSWallack

MSWallack
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 24 June 2012 - 10:37 PM

I apologize for the duplicate posts. It looked like Windows hadn't registered the "Post" click so I mistakenly tried clicking again. Please delete the duplicate post if possible.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:29 AM

Posted 24 June 2012 - 10:39 PM

Hello, I will remove the others.. You have a rootkit infection , Looks like its Zeroaccess. To remove it we need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 MSWallack

MSWallack
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 25 June 2012 - 10:25 AM

Thanks. I will run through these steps and post the appropriate log when I get home from work.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users