Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus. Not sure what kind


  • This topic is locked This topic is locked
10 replies to this topic

#1 4ntim4lw4re

4ntim4lw4re

  • Members
  • 453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:52 AM

Posted 12 July 2012 - 02:37 PM

Hi,
Can't seem to get rid of the virus on this machine. I have ran Malwarebytes and Combofix. Below is the DDS scan. GMER always closes before the scan finishes. Any help would be greatly appreciated. Thanks for your time.
4ntim4lw4re

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421
Run by ******* at 6:35:20 on 2012-07-10
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1789.1255 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^XQ^xdm014^S01194^us&ptb=300E3C02-8180-4E14-8745-040D26E82B26
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uURLSearchHooks: MovieBario Toolbar: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - c:\program files\moviebario\tbMovi.dll
uURLSearchHooks: Elf 1.12 Toolbar: {38542454-dfb6-44f5-b052-d4e071a3d073} - c:\program files\elf_1.12\tbElf_.dll
mURLSearchHooks: MovieBario Toolbar: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - c:\program files\moviebario\tbMovi.dll
mURLSearchHooks: Elf 1.12 Toolbar: {38542454-dfb6-44f5-b052-d4e071a3d073} - c:\program files\elf_1.12\tbElf_.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Elf 1.12 Toolbar: {38542454-dfb6-44f5-b052-d4e071a3d073} - c:\program files\elf_1.12\tbElf_.dll
BHO: MovieBario Toolbar: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - c:\program files\moviebario\tbMovi.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: MovieBario Toolbar: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - c:\program files\moviebario\tbMovi.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Elf 1.12 Toolbar: {38542454-dfb6-44f5-b052-d4e071a3d073} - c:\program files\elf_1.12\tbElf_.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Skytel] Skytel.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting
mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe"
mRun: [EzPrint] "c:\program files\lexmark s300-s400 series\ezprint.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 168.95.1.1
TCP: Interfaces\{215411BC-B666-4217-B3A8-D6D9EE68F54C} : DhcpNameServer = 168.95.1.1
TCP: Interfaces\{45A16982-3277-49F3-B3A7-8B46468CD9C0} : DhcpNameServer = 10.1.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2007-4-3 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2007-4-2 35712]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2012-4-14 21728]
S0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 171064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-1-21 21504]
S2 gupdate1c98c6692e50e1a;Google Update Service (gupdate1c98c6692e50e1a);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-6-29 193192]
S2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2012-4-14 285152]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-17 257696]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2012-4-14 699896]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 PTDLBus;PANTECH UM175AL Composite Device Driver;c:\windows\system32\drivers\PTDLBus.sys [2009-1-15 32256]
S3 PTDLMdm;PANTECH UM175AL Drivers;c:\windows\system32\drivers\PTDLMdm.sys [2009-1-15 41344]
S3 PTDLVsp;PANTECH UM175AL Diagnostic Port;c:\windows\system32\drivers\PTDLVsp.sys [2009-1-15 39936]
S3 PTDLWWAN;PANTECH UM175AL WWAN Driver;c:\windows\system32\drivers\PTDLWWAN.sys [2009-1-15 59776]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-09 12:38:53 -------- d-----w- c:\users\josh\appdata\local\temp
2012-07-09 12:32:45 -------- d-----w- C:\$RECYCLE.BIN
2012-07-09 12:09:05 -------- d-----w- C:\ComboFix
2012-07-06 14:55:26 -------- d-----w- c:\program files\Wise Registry Cleaner
2012-07-05 15:02:31 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f2583906-5245-4f7a-a650-5707dc25df0f}\gapaengine.dll
2012-07-05 13:54:55 98816 ----a-w- c:\windows\sed.exe
2012-07-05 13:54:55 518144 ----a-w- c:\windows\SWREG.exe
2012-07-05 13:54:55 256000 ----a-w- c:\windows\PEV.exe
2012-07-05 13:54:55 208896 ----a-w- c:\windows\MBR.exe
.
==================== Find3M ====================
.
2012-05-05 07:15:18 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 07:15:18 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 6:37:29.13 ===============

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:52 AM

Posted 17 July 2012 - 09:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

The file WinFXDocObj.exe is part of Windows Vista
What are the problems related to this file?
http://www.greatis.com/vista/Utilities/w/winfxdocobj.exe.htm
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 4ntim4lw4re

4ntim4lw4re
  • Topic Starter

  • Members
  • 453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:52 AM

Posted 17 July 2012 - 04:11 PM

Thank You for your time.
Here are the logs.


TDSSKiller Log:
13:44:47.0759 1584 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
13:44:48.0118 1584 ============================================================
13:44:48.0118 1584 Current date / time: 2012/07/17 13:44:48.0118
13:44:48.0118 1584 SystemInfo:
13:44:48.0118 1584
13:44:48.0118 1584 OS Version: 6.0.6002 ServicePack: 2.0
13:44:48.0118 1584 Product type: Workstation
13:44:48.0118 1584 ComputerName: JOSH-PC
13:44:48.0118 1584 UserName: Josh
13:44:48.0118 1584 Windows directory: C:\Windows
13:44:48.0118 1584 System windows directory: C:\Windows
13:44:48.0118 1584 Processor architecture: Intel x86
13:44:48.0118 1584 Number of processors: 2
13:44:48.0118 1584 Page size: 0x1000
13:44:48.0118 1584 Boot type: Safe boot with network
13:44:48.0118 1584 ============================================================
13:44:49.0304 1584 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:44:49.0319 1584 ============================================================
13:44:49.0319 1584 \Device\Harddisk0\DR0:
13:44:49.0319 1584 MBR partitions:
13:44:49.0319 1584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x8B4A800
13:44:49.0319 1584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9ED3000, BlocksNum 0x8B46000
13:44:49.0319 1584 ============================================================
13:44:49.0366 1584 C: <-> \Device\Harddisk0\DR0\Partition0
13:44:49.0413 1584 D: <-> \Device\Harddisk0\DR0\Partition1
13:44:49.0413 1584 ============================================================
13:44:49.0413 1584 Initialize success
13:44:49.0413 1584 ============================================================
13:44:56.0729 1348 ============================================================
13:44:56.0729 1348 Scan started
13:44:56.0729 1348 Mode: Manual;
13:44:56.0729 1348 ============================================================
13:44:58.0055 1348 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
13:44:58.0055 1348 ACDaemon - ok
13:44:58.0227 1348 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:44:58.0227 1348 ACPI - ok
13:44:58.0336 1348 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:44:58.0336 1348 AdobeFlashPlayerUpdateSvc - ok
13:44:58.0414 1348 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
13:44:58.0414 1348 adp94xx - ok
13:44:58.0461 1348 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
13:44:58.0461 1348 adpahci - ok
13:44:58.0508 1348 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
13:44:58.0508 1348 adpu160m - ok
13:44:58.0554 1348 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
13:44:58.0554 1348 adpu320 - ok
13:44:58.0617 1348 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:44:58.0617 1348 AeLookupSvc - ok
13:44:58.0679 1348 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:44:58.0695 1348 AFD - ok
13:44:58.0757 1348 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
13:44:58.0773 1348 agp440 - ok
13:44:58.0866 1348 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:44:58.0866 1348 aic78xx - ok
13:44:58.0929 1348 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:44:58.0944 1348 ALG - ok
13:44:58.0976 1348 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
13:44:58.0976 1348 aliide - ok
13:44:59.0007 1348 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
13:44:59.0007 1348 amdagp - ok
13:44:59.0022 1348 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
13:44:59.0022 1348 amdide - ok
13:44:59.0085 1348 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
13:44:59.0085 1348 AmdK7 - ok
13:44:59.0132 1348 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
13:44:59.0147 1348 AmdK8 - ok
13:44:59.0194 1348 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:44:59.0194 1348 Appinfo - ok
13:44:59.0256 1348 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
13:44:59.0256 1348 arc - ok
13:44:59.0319 1348 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
13:44:59.0319 1348 arcsas - ok
13:44:59.0366 1348 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:44:59.0366 1348 AsyncMac - ok
13:44:59.0428 1348 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:44:59.0428 1348 atapi - ok
13:44:59.0522 1348 athr (acdb46b1a467752a2f280c68c8461556) C:\Windows\system32\DRIVERS\athr.sys
13:44:59.0537 1348 athr - ok
13:44:59.0600 1348 Ati External Event Utility (80129b0f83f361130770d642e36f57ab) C:\Windows\system32\Ati2evxx.exe
13:44:59.0615 1348 Ati External Event Utility - ok
13:44:59.0896 1348 atikmdag (5e80c91ca04c46a9ac6d4f39e1bce636) C:\Windows\system32\DRIVERS\atikmdag.sys
13:45:00.0036 1348 atikmdag - ok
13:45:00.0224 1348 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:45:00.0224 1348 AudioEndpointBuilder - ok
13:45:00.0239 1348 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:45:00.0239 1348 Audiosrv - ok
13:45:00.0348 1348 Automatic LiveUpdate Scheduler (b5d974c1fd078a68c7536c561b031d39) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
13:45:00.0348 1348 Automatic LiveUpdate Scheduler - ok
13:45:00.0442 1348 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
13:45:00.0442 1348 BBSvc - ok
13:45:00.0520 1348 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
13:45:00.0536 1348 BCM43XV - ok
13:45:00.0629 1348 BCMH43XX (601259276b934f0c938bff4f558c5691) C:\Windows\system32\DRIVERS\bcmwlhigh6.sys
13:45:00.0645 1348 BCMH43XX - ok
13:45:00.0754 1348 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
13:45:00.0754 1348 BcmSqlStartupSvc - ok
13:45:00.0801 1348 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:45:00.0801 1348 Beep - ok
13:45:00.0863 1348 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
13:45:00.0863 1348 BFE - ok
13:45:01.0019 1348 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
13:45:01.0082 1348 BITS - ok
13:45:01.0097 1348 blbdrive - ok
13:45:01.0128 1348 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:45:01.0144 1348 bowser - ok
13:45:01.0175 1348 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:45:01.0175 1348 BrFiltLo - ok
13:45:01.0191 1348 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:45:01.0191 1348 BrFiltUp - ok
13:45:01.0238 1348 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:45:01.0238 1348 Browser - ok
13:45:01.0253 1348 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:45:01.0269 1348 Brserid - ok
13:45:01.0269 1348 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:45:01.0269 1348 BrSerWdm - ok
13:45:01.0284 1348 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:45:01.0284 1348 BrUsbMdm - ok
13:45:01.0300 1348 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:45:01.0300 1348 BrUsbSer - ok
13:45:01.0331 1348 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:45:01.0331 1348 BTHMODEM - ok
13:45:01.0362 1348 catchme - ok
13:45:01.0425 1348 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:45:01.0425 1348 cdfs - ok
13:45:01.0472 1348 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:45:01.0472 1348 cdrom - ok
13:45:01.0534 1348 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:45:01.0534 1348 CertPropSvc - ok
13:45:01.0565 1348 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
13:45:01.0565 1348 circlass - ok
13:45:01.0628 1348 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:45:01.0628 1348 CLFS - ok
13:45:01.0721 1348 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:45:01.0721 1348 clr_optimization_v2.0.50727_32 - ok
13:45:01.0830 1348 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:45:01.0846 1348 clr_optimization_v4.0.30319_32 - ok
13:45:01.0877 1348 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:45:01.0893 1348 CmBatt - ok
13:45:01.0908 1348 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
13:45:01.0908 1348 cmdide - ok
13:45:01.0940 1348 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:45:01.0940 1348 Compbatt - ok
13:45:01.0940 1348 COMSysApp - ok
13:45:01.0971 1348 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
13:45:01.0971 1348 crcdisk - ok
13:45:02.0002 1348 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
13:45:02.0002 1348 Crusoe - ok
13:45:02.0064 1348 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
13:45:02.0080 1348 CryptSvc - ok
13:45:02.0174 1348 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:45:02.0189 1348 DcomLaunch - ok
13:45:02.0236 1348 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:45:02.0236 1348 DfsC - ok
13:45:02.0408 1348 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
13:45:02.0454 1348 DFSR - ok
13:45:02.0642 1348 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
13:45:02.0642 1348 Dhcp - ok
13:45:02.0720 1348 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:45:02.0735 1348 disk - ok
13:45:02.0782 1348 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
13:45:02.0782 1348 DKbFltr - ok
13:45:02.0813 1348 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
13:45:02.0829 1348 Dnscache - ok
13:45:02.0876 1348 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
13:45:02.0876 1348 dot3svc - ok
13:45:02.0938 1348 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:45:02.0938 1348 DPS - ok
13:45:03.0000 1348 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:45:03.0032 1348 drmkaud - ok
13:45:03.0172 1348 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:45:03.0188 1348 DXGKrnl - ok
13:45:03.0234 1348 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:45:03.0234 1348 E1G60 - ok
13:45:03.0281 1348 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:45:03.0281 1348 EapHost - ok
13:45:03.0344 1348 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:45:03.0344 1348 Ecache - ok
13:45:03.0437 1348 eDataSecurity Service (f54907aa07f60aff81e1e09e97af98b0) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
13:45:03.0453 1348 eDataSecurity Service - ok
13:45:03.0546 1348 eeCtrl (70aeac5d481b2904b40f2173e280b1b5) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:45:03.0546 1348 eeCtrl - ok
13:45:03.0609 1348 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
13:45:03.0624 1348 ehRecvr - ok
13:45:03.0656 1348 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
13:45:03.0656 1348 ehSched - ok
13:45:03.0656 1348 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
13:45:03.0671 1348 ehstart - ok
13:45:03.0983 1348 eLockService (a7b5f3b9363f9ab1d4fe459baf3b15d6) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
13:45:03.0983 1348 eLockService - ok
13:45:04.0124 1348 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
13:45:04.0139 1348 elxstor - ok
13:45:04.0202 1348 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
13:45:04.0217 1348 EMDMgmt - ok
13:45:04.0280 1348 eNet Service (207e2dda01aac6ad64f0368ca59fc179) C:\Acer\Empowering Technology\eNet\eNet Service.exe
13:45:04.0280 1348 eNet Service - ok
13:45:04.0342 1348 eRecoveryService (59fccaf915ba89dd98cadf08da91afee) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
13:45:04.0342 1348 eRecoveryService - ok
13:45:04.0373 1348 eSettingsService (06484e97d22f06de8de0f8e2bec6fa9e) C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
13:45:04.0373 1348 eSettingsService - ok
13:45:04.0436 1348 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
13:45:04.0436 1348 EventSystem - ok
13:45:04.0514 1348 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:45:04.0514 1348 exfat - ok
13:45:04.0545 1348 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:45:04.0560 1348 fastfat - ok
13:45:04.0638 1348 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
13:45:04.0638 1348 fdc - ok
13:45:04.0685 1348 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:45:04.0685 1348 fdPHost - ok
13:45:04.0716 1348 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:45:04.0716 1348 FDResPub - ok
13:45:04.0779 1348 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:45:04.0779 1348 FileInfo - ok
13:45:04.0841 1348 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:45:04.0841 1348 Filetrace - ok
13:45:04.0872 1348 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
13:45:04.0872 1348 flpydisk - ok
13:45:04.0950 1348 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:45:04.0950 1348 FltMgr - ok
13:45:05.0091 1348 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
13:45:05.0106 1348 FontCache - ok
13:45:05.0200 1348 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:45:05.0200 1348 FontCache3.0.0.0 - ok
13:45:05.0278 1348 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
13:45:05.0278 1348 Fs_Rec - ok
13:45:05.0340 1348 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
13:45:05.0340 1348 gagp30kx - ok
13:45:05.0450 1348 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
13:45:05.0465 1348 gpsvc - ok
13:45:05.0574 1348 gupdate1c98c6692e50e1a (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
13:45:05.0574 1348 gupdate1c98c6692e50e1a - ok
13:45:05.0606 1348 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
13:45:05.0606 1348 gupdatem - ok
13:45:05.0668 1348 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:45:05.0668 1348 gusvc - ok
13:45:05.0715 1348 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:45:05.0730 1348 HdAudAddService - ok
13:45:05.0808 1348 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:45:05.0824 1348 HDAudBus - ok
13:45:05.0855 1348 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:45:05.0855 1348 HidBth - ok
13:45:05.0855 1348 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:45:05.0855 1348 HidIr - ok
13:45:05.0902 1348 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
13:45:05.0902 1348 hidserv - ok
13:45:05.0933 1348 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:45:05.0933 1348 HidUsb - ok
13:45:05.0980 1348 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:45:05.0980 1348 hkmsvc - ok
13:45:06.0027 1348 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
13:45:06.0027 1348 HpCISSs - ok
13:45:06.0105 1348 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
13:45:06.0120 1348 HSFHWAZL - ok
13:45:06.0214 1348 HSF_DPV (9efa5fec26cec696a66a891ac90b412d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:45:06.0245 1348 HSF_DPV - ok
13:45:06.0276 1348 HSXHWAZL (7e775360ece92156ced6ed3b1daf6208) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
13:45:06.0276 1348 HSXHWAZL - ok
13:45:06.0323 1348 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:45:06.0339 1348 HTTP - ok
13:45:06.0370 1348 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
13:45:06.0370 1348 i2omp - ok
13:45:06.0417 1348 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:45:06.0417 1348 i8042prt - ok
13:45:06.0510 1348 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:45:06.0542 1348 ialm - ok
13:45:06.0698 1348 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
13:45:06.0698 1348 iaStorV - ok
13:45:06.0854 1348 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:45:06.0854 1348 IDriverT - ok
13:45:07.0025 1348 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:45:07.0056 1348 idsvc - ok
13:45:07.0197 1348 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:45:07.0197 1348 iirsp - ok
13:45:07.0275 1348 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
13:45:07.0290 1348 IKEEXT - ok
13:45:07.0368 1348 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
13:45:07.0368 1348 int15 - ok
13:45:07.0524 1348 IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys
13:45:07.0571 1348 IntcAzAudAddService - ok
13:45:07.0727 1348 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
13:45:07.0727 1348 intelide - ok
13:45:07.0774 1348 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
13:45:07.0774 1348 intelppm - ok
13:45:07.0821 1348 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:45:07.0836 1348 IPBusEnum - ok
13:45:07.0883 1348 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:45:07.0883 1348 IpFilterDriver - ok
13:45:07.0930 1348 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
13:45:07.0946 1348 iphlpsvc - ok
13:45:07.0961 1348 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
13:45:07.0977 1348 IPMIDRV - ok
13:45:08.0039 1348 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:45:08.0039 1348 IPNAT - ok
13:45:08.0070 1348 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
13:45:08.0086 1348 irda - ok
13:45:08.0133 1348 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:45:08.0133 1348 IRENUM - ok
13:45:08.0180 1348 Irmon (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
13:45:08.0180 1348 Irmon - ok
13:45:08.0242 1348 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
13:45:08.0242 1348 isapnp - ok
13:45:08.0304 1348 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:45:08.0304 1348 iScsiPrt - ok
13:45:08.0336 1348 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:45:08.0351 1348 iteatapi - ok
13:45:08.0351 1348 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:45:08.0351 1348 iteraid - ok
13:45:08.0382 1348 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:45:08.0382 1348 kbdclass - ok
13:45:08.0445 1348 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:45:08.0445 1348 kbdhid - ok
13:45:08.0507 1348 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:45:08.0507 1348 KeyIso - ok
13:45:08.0554 1348 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
13:45:08.0570 1348 KSecDD - ok
13:45:08.0632 1348 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:45:08.0648 1348 KtmRm - ok
13:45:08.0694 1348 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
13:45:08.0710 1348 LanmanServer - ok
13:45:08.0772 1348 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
13:45:08.0772 1348 LanmanWorkstation - ok
13:45:08.0882 1348 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
13:45:08.0882 1348 LightScribeService - ok
13:45:09.0131 1348 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
13:45:09.0194 1348 LiveUpdate - ok
13:45:09.0350 1348 LiveUpdate Notice Service (2d1389e05a807d956829f44bd4b60389) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
13:45:09.0365 1348 LiveUpdate Notice Service - ok
13:45:09.0521 1348 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:45:09.0521 1348 lltdio - ok
13:45:09.0552 1348 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:45:09.0552 1348 lltdsvc - ok
13:45:09.0599 1348 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:45:09.0599 1348 lmhosts - ok
13:45:09.0708 1348 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
13:45:09.0708 1348 LSI_FC - ok
13:45:09.0755 1348 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
13:45:09.0755 1348 LSI_SAS - ok
13:45:09.0818 1348 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
13:45:09.0833 1348 LSI_SCSI - ok
13:45:09.0880 1348 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:45:09.0880 1348 luafv - ok
13:45:09.0989 1348 lxeaCATSCustConnectService (2349335a8033fd9834d1c401eae1c9bf) C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe
13:45:09.0989 1348 lxeaCATSCustConnectService - ok
13:45:10.0005 1348 lxea_device - ok
13:45:10.0067 1348 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
13:45:10.0067 1348 MBAMSwissArmy - ok
13:45:10.0114 1348 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
13:45:10.0114 1348 Mcx2Svc - ok
13:45:10.0192 1348 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:45:10.0192 1348 mdmxsdk - ok
13:45:10.0270 1348 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
13:45:10.0270 1348 megasas - ok
13:45:10.0286 1348 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:45:10.0286 1348 MMCSS - ok
13:45:10.0364 1348 MobilityService - ok
13:45:10.0410 1348 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:45:10.0410 1348 Modem - ok
13:45:10.0473 1348 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:45:10.0473 1348 monitor - ok
13:45:10.0535 1348 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\Windows\system32\DRIVERS\motccgp.sys
13:45:10.0535 1348 motccgp - ok
13:45:10.0582 1348 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\Windows\system32\DRIVERS\motccgpfl.sys
13:45:10.0582 1348 motccgpfl - ok
13:45:10.0629 1348 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys
13:45:10.0629 1348 motmodem - ok
13:45:10.0644 1348 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motport.sys
13:45:10.0644 1348 motport - ok
13:45:10.0691 1348 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:45:10.0691 1348 mouclass - ok
13:45:10.0722 1348 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:45:10.0722 1348 mouhid - ok
13:45:10.0785 1348 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:45:10.0785 1348 MountMgr - ok
13:45:10.0847 1348 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
13:45:10.0847 1348 MpFilter - ok
13:45:10.0925 1348 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
13:45:10.0925 1348 mpio - ok
13:45:10.0956 1348 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:45:10.0956 1348 mpsdrv - ok
13:45:11.0050 1348 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
13:45:11.0050 1348 MpsSvc - ok
13:45:11.0097 1348 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:45:11.0097 1348 Mraid35x - ok
13:45:11.0159 1348 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:45:11.0159 1348 MRxDAV - ok
13:45:11.0206 1348 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:45:11.0206 1348 mrxsmb - ok
13:45:11.0237 1348 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:45:11.0237 1348 mrxsmb10 - ok
13:45:11.0284 1348 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:45:11.0284 1348 mrxsmb20 - ok
13:45:11.0315 1348 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
13:45:11.0315 1348 msahci - ok
13:45:11.0362 1348 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
13:45:11.0362 1348 msdsm - ok
13:45:11.0409 1348 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:45:11.0409 1348 MSDTC - ok
13:45:11.0456 1348 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:45:11.0456 1348 Msfs - ok
13:45:11.0502 1348 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:45:11.0502 1348 msisadrv - ok
13:45:11.0549 1348 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:45:11.0565 1348 MSiSCSI - ok
13:45:11.0565 1348 msiserver - ok
13:45:11.0612 1348 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:45:11.0612 1348 MSKSSRV - ok
13:45:11.0690 1348 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
13:45:11.0690 1348 MsMpSvc - ok
13:45:11.0752 1348 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:45:11.0752 1348 MSPCLOCK - ok
13:45:11.0768 1348 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:45:11.0768 1348 MSPQM - ok
13:45:11.0830 1348 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:45:11.0830 1348 MsRPC - ok
13:45:11.0877 1348 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:45:11.0877 1348 mssmbios - ok
13:45:11.0924 1348 MSSQL$MSSMLBIZ - ok
13:45:11.0970 1348 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:45:11.0970 1348 MSSQLServerADHelper - ok
13:45:12.0017 1348 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:45:12.0033 1348 MSTEE - ok
13:45:12.0048 1348 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:45:12.0048 1348 Mup - ok
13:45:12.0126 1348 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
13:45:12.0142 1348 napagent - ok
13:45:12.0220 1348 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:45:12.0220 1348 NativeWifiP - ok
13:45:12.0314 1348 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:45:12.0314 1348 NDIS - ok
13:45:12.0360 1348 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:45:12.0360 1348 NdisTapi - ok
13:45:12.0423 1348 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:45:12.0423 1348 Ndisuio - ok
13:45:12.0470 1348 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:45:12.0470 1348 NdisWan - ok
13:45:12.0516 1348 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:45:12.0532 1348 NDProxy - ok
13:45:12.0532 1348 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:45:12.0532 1348 NetBIOS - ok
13:45:12.0610 1348 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:45:12.0610 1348 netbt - ok
13:45:12.0672 1348 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:45:12.0672 1348 Netlogon - ok
13:45:12.0735 1348 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:45:12.0735 1348 Netman - ok
13:45:12.0797 1348 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:45:12.0797 1348 netprofm - ok
13:45:12.0922 1348 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:45:12.0922 1348 NetTcpPortSharing - ok
13:45:12.0969 1348 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:45:12.0984 1348 nfrd960 - ok
13:45:13.0031 1348 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:45:13.0031 1348 NisDrv - ok
13:45:13.0125 1348 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
13:45:13.0140 1348 NisSrv - ok
13:45:13.0187 1348 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:45:13.0187 1348 NlaSvc - ok
13:45:13.0250 1348 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:45:13.0250 1348 Npfs - ok
13:45:13.0296 1348 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
13:45:13.0296 1348 NSCIRDA - ok
13:45:13.0328 1348 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:45:13.0328 1348 nsi - ok
13:45:13.0390 1348 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:45:13.0390 1348 nsiproxy - ok
13:45:13.0499 1348 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:45:13.0530 1348 Ntfs - ok
13:45:13.0577 1348 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
13:45:13.0577 1348 NTIDrvr - ok
13:45:13.0593 1348 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:45:13.0593 1348 ntrigdigi - ok
13:45:13.0624 1348 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:45:13.0624 1348 Null - ok
13:45:13.0655 1348 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
13:45:13.0655 1348 nvraid - ok
13:45:13.0718 1348 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
13:45:13.0718 1348 nvstor - ok
13:45:13.0733 1348 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
13:45:13.0749 1348 nv_agp - ok
13:45:13.0827 1348 o2flash (d955d5de998db2476bf0892be3a96c26) C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
13:45:13.0827 1348 o2flash - ok
13:45:13.0858 1348 O2MDRDR (36ed541ff0ad27d7f1c1e8f86f026309) C:\Windows\system32\DRIVERS\o2media.sys
13:45:13.0858 1348 O2MDRDR - ok
13:45:13.0905 1348 O2SDRDR (f3d467025d365a96b5e51c6229562716) C:\Windows\system32\DRIVERS\o2sd.sys
13:45:13.0920 1348 O2SDRDR - ok
13:45:14.0061 1348 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:45:14.0061 1348 odserv - ok
13:45:14.0092 1348 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:45:14.0092 1348 ohci1394 - ok
13:45:14.0154 1348 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:45:14.0154 1348 ose - ok
13:45:14.0264 1348 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:45:14.0279 1348 p2pimsvc - ok
13:45:14.0279 1348 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:45:14.0295 1348 p2psvc - ok
13:45:14.0342 1348 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:45:14.0342 1348 Parport - ok
13:45:14.0404 1348 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
13:45:14.0404 1348 partmgr - ok
13:45:14.0420 1348 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:45:14.0420 1348 Parvdm - ok
13:45:14.0482 1348 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:45:14.0482 1348 PcaSvc - ok
13:45:14.0544 1348 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:45:14.0544 1348 pci - ok
13:45:14.0576 1348 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
13:45:14.0576 1348 pciide - ok
13:45:14.0654 1348 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
13:45:14.0654 1348 pcmcia - ok
13:45:14.0747 1348 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:45:14.0778 1348 PEAUTH - ok
13:45:24.0263 1348 pla (b66b35789679d9befc5be5d0c10d0fe7) C:\Windows\system32\pla.dll
13:45:38.0412 1348 Suspicious file (NoAccess): C:\Windows\system32\pla.dll. md5: b66b35789679d9befc5be5d0c10d0fe7
13:45:38.0412 1348 pla ( LockedFile.Multi.Generic ) - warning
13:45:38.0412 1348 pla - detected LockedFile.Multi.Generic (1)
13:45:38.0600 1348 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
13:45:38.0600 1348 PlugPlay - ok
13:45:38.0693 1348 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:45:38.0693 1348 PNRPAutoReg - ok
13:45:38.0709 1348 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:45:38.0724 1348 PNRPsvc - ok
13:45:38.0740 1348 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
13:45:38.0756 1348 PolicyAgent - ok
13:45:38.0849 1348 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:45:38.0849 1348 PptpMiniport - ok
13:45:38.0880 1348 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
13:45:38.0880 1348 Processor - ok
13:45:38.0927 1348 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
13:45:38.0927 1348 ProfSvc - ok
13:45:38.0990 1348 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:45:38.0990 1348 ProtectedStorage - ok
13:45:39.0036 1348 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:45:39.0052 1348 PSched - ok
13:45:39.0068 1348 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
13:45:39.0068 1348 PSDFilter - ok
13:45:39.0114 1348 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
13:45:39.0114 1348 PSDNServ - ok
13:45:39.0130 1348 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
13:45:39.0130 1348 psdvdisk - ok
13:45:39.0208 1348 PTDLBus (cf62509ee0f1894fbaf0fc9e1e38f7da) C:\Windows\system32\DRIVERS\PTDLBus.sys
13:45:39.0208 1348 PTDLBus - ok
13:45:39.0255 1348 PTDLMdm (65175d88d60a8361fa85e9d6ebfb27ce) C:\Windows\system32\DRIVERS\PTDLMdm.sys
13:45:39.0255 1348 PTDLMdm - ok
13:45:39.0302 1348 PTDLVsp (e2a62c2f31e5f73f8131de790743d014) C:\Windows\system32\DRIVERS\PTDLVsp.sys
13:45:39.0302 1348 PTDLVsp - ok
13:45:39.0317 1348 PTDLWWAN (d689421b875097191088858daf98bb52) C:\Windows\system32\DRIVERS\PTDLWWAN.sys
13:45:39.0333 1348 PTDLWWAN - ok
13:45:39.0442 1348 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
13:45:39.0458 1348 ql2300 - ok
13:45:39.0489 1348 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:45:39.0489 1348 ql40xx - ok
13:45:39.0520 1348 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:45:39.0520 1348 QWAVE - ok
13:45:39.0582 1348 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:45:39.0582 1348 QWAVEdrv - ok
13:45:39.0645 1348 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:45:39.0645 1348 RasAcd - ok
13:45:39.0707 1348 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:45:39.0707 1348 RasAuto - ok
13:45:39.0754 1348 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:45:39.0754 1348 Rasl2tp - ok
13:45:39.0832 1348 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
13:45:39.0832 1348 RasMan - ok
13:45:39.0894 1348 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:45:39.0894 1348 RasPppoe - ok
13:45:39.0910 1348 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:45:39.0910 1348 RasSstp - ok
13:45:39.0972 1348 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:45:39.0972 1348 rdbss - ok
13:45:40.0035 1348 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:45:40.0035 1348 RDPCDD - ok
13:45:40.0097 1348 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
13:45:40.0113 1348 rdpdr - ok
13:45:40.0144 1348 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:45:40.0144 1348 RDPENCDD - ok
13:45:40.0222 1348 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
13:45:40.0222 1348 RDPWD - ok
13:45:40.0284 1348 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:45:40.0284 1348 RemoteAccess - ok
13:45:40.0331 1348 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
13:45:40.0347 1348 RemoteRegistry - ok
13:45:40.0440 1348 RichVideo (2de0a33a7e58bedc8d70b1940e0ffe28) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
13:45:40.0456 1348 RichVideo - ok
13:45:40.0487 1348 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:45:40.0487 1348 RpcLocator - ok
13:45:40.0581 1348 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:45:40.0581 1348 RpcSs - ok
13:45:40.0643 1348 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:45:40.0643 1348 rspndr - ok
13:45:40.0721 1348 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
13:45:40.0721 1348 RTL8169 - ok
13:45:40.0752 1348 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:45:40.0752 1348 SamSs - ok
13:45:40.0784 1348 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:45:40.0784 1348 sbp2port - ok
13:45:40.0846 1348 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
13:45:40.0846 1348 SCardSvr - ok
13:45:40.0924 1348 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
13:45:40.0940 1348 Schedule - ok
13:45:40.0986 1348 SCMNdisP (3b68015683c27cb00c7a6b60a37cbcfd) C:\Windows\system32\DRIVERS\scmndisp.sys
13:45:40.0986 1348 SCMNdisP - ok
13:45:41.0049 1348 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:45:41.0049 1348 SCPolicySvc - ok
13:45:41.0096 1348 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
13:45:41.0096 1348 sdbus - ok
13:45:41.0158 1348 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:45:41.0158 1348 SDRSVC - ok
13:45:41.0267 1348 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
13:45:41.0283 1348 SeaPort - ok
13:45:41.0298 1348 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:45:41.0298 1348 secdrv - ok
13:45:41.0361 1348 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:45:41.0361 1348 seclogon - ok
13:45:41.0376 1348 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
13:45:41.0376 1348 SENS - ok
13:45:41.0408 1348 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:45:41.0408 1348 Serenum - ok
13:45:41.0423 1348 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:45:41.0423 1348 Serial - ok
13:45:41.0454 1348 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:45:41.0454 1348 sermouse - ok
13:45:41.0517 1348 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:45:41.0517 1348 SessionEnv - ok
13:45:41.0548 1348 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
13:45:41.0564 1348 sffdisk - ok
13:45:41.0564 1348 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
13:45:41.0579 1348 sffp_mmc - ok
13:45:41.0610 1348 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
13:45:41.0610 1348 sffp_sd - ok
13:45:41.0626 1348 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:45:41.0626 1348 sfloppy - ok
13:45:41.0688 1348 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:45:41.0688 1348 SharedAccess - ok
13:45:41.0751 1348 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
13:45:41.0751 1348 ShellHWDetection - ok
13:45:41.0798 1348 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
13:45:41.0813 1348 sisagp - ok
13:45:41.0829 1348 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
13:45:41.0829 1348 SiSRaid2 - ok
13:45:41.0876 1348 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
13:45:41.0876 1348 SiSRaid4 - ok
13:45:42.0110 1348 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
13:45:42.0188 1348 slsvc - ok
13:45:42.0328 1348 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
13:45:42.0328 1348 SLUINotify - ok
13:45:42.0390 1348 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:45:42.0390 1348 Smb - ok
13:45:42.0453 1348 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:45:42.0453 1348 SNMPTRAP - ok
13:45:42.0609 1348 SNP2UVC (1c550748f896e53b7b0fe7717845132b) C:\Windows\system32\DRIVERS\snp2uvc.sys
13:45:42.0640 1348 SNP2UVC - ok
13:45:42.0812 1348 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:45:42.0812 1348 spldr - ok
13:45:42.0874 1348 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
13:45:42.0874 1348 Spooler - ok
13:45:42.0983 1348 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:45:42.0983 1348 SQLBrowser - ok
13:45:43.0030 1348 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:45:43.0030 1348 SQLWriter - ok
13:45:43.0124 1348 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:45:43.0124 1348 srv - ok
13:45:43.0186 1348 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:45:43.0186 1348 srv2 - ok
13:45:43.0202 1348 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:45:43.0202 1348 srvnet - ok
13:45:43.0264 1348 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:45:43.0280 1348 SSDPSRV - ok
13:45:43.0342 1348 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:45:43.0342 1348 SstpSvc - ok
13:45:43.0467 1348 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
13:45:43.0482 1348 stisvc - ok
13:45:43.0514 1348 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:45:43.0514 1348 swenum - ok
13:45:43.0576 1348 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
13:45:43.0592 1348 swprv - ok
13:45:43.0638 1348 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:45:43.0638 1348 Symc8xx - ok
13:45:43.0654 1348 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:45:43.0670 1348 Sym_hi - ok
13:45:43.0701 1348 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:45:43.0701 1348 Sym_u3 - ok
13:45:43.0732 1348 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
13:45:43.0748 1348 SynTP - ok
13:45:43.0826 1348 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
13:45:43.0826 1348 SysMain - ok
13:45:43.0857 1348 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:45:43.0857 1348 TabletInputService - ok
13:45:43.0935 1348 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
13:45:43.0935 1348 TapiSrv - ok
13:45:43.0982 1348 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:45:43.0997 1348 TBS - ok
13:45:44.0122 1348 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
13:45:44.0138 1348 Tcpip - ok
13:45:44.0153 1348 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
13:45:44.0169 1348 Tcpip6 - ok
13:45:44.0231 1348 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
13:45:44.0231 1348 tcpipreg - ok
13:45:44.0294 1348 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:45:44.0294 1348 TDPIPE - ok
13:45:44.0309 1348 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:45:44.0309 1348 TDTCP - ok
13:45:44.0387 1348 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:45:44.0387 1348 tdx - ok
13:45:44.0450 1348 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:45:44.0450 1348 TermDD - ok
13:45:44.0496 1348 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
13:45:44.0512 1348 TermService - ok
13:45:44.0574 1348 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
13:45:44.0590 1348 Themes - ok
13:45:44.0652 1348 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:45:44.0652 1348 THREADORDER - ok
13:45:44.0699 1348 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:45:44.0699 1348 TrkWks - ok
13:45:44.0762 1348 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
13:45:44.0762 1348 TrustedInstaller - ok
13:45:44.0808 1348 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:45:44.0808 1348 tssecsrv - ok
13:45:44.0871 1348 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:45:44.0871 1348 tunmp - ok
13:45:44.0933 1348 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:45:44.0933 1348 tunnel - ok
13:45:44.0996 1348 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
13:45:44.0996 1348 uagp35 - ok
13:45:45.0089 1348 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:45:45.0105 1348 udfs - ok
13:45:45.0183 1348 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:45:45.0183 1348 UI0Detect - ok
13:45:45.0214 1348 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
13:45:45.0214 1348 uliagpkx - ok
13:45:45.0292 1348 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
13:45:45.0308 1348 uliahci - ok
13:45:45.0323 1348 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:45:45.0339 1348 UlSata - ok
13:45:45.0401 1348 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:45:45.0401 1348 ulsata2 - ok
13:45:45.0464 1348 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:45:45.0464 1348 umbus - ok
13:45:45.0557 1348 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:45:45.0557 1348 upnphost - ok
13:45:45.0620 1348 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:45:45.0635 1348 usbccgp - ok
13:45:45.0698 1348 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:45:45.0698 1348 usbcir - ok
13:45:45.0791 1348 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:45:45.0791 1348 usbehci - ok
13:45:45.0822 1348 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:45:45.0822 1348 usbhub - ok
13:45:45.0916 1348 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
13:45:45.0916 1348 usbohci - ok
13:45:45.0963 1348 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:45:45.0963 1348 usbprint - ok
13:45:46.0072 1348 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:45:46.0072 1348 usbscan - ok
13:45:46.0197 1348 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:45:46.0197 1348 USBSTOR - ok
13:45:46.0244 1348 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
13:45:46.0259 1348 usbuhci - ok
13:45:46.0275 1348 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
13:45:46.0275 1348 usbvideo - ok
13:45:46.0306 1348 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
13:45:46.0322 1348 UxSms - ok
13:45:46.0368 1348 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
13:45:46.0384 1348 vds - ok
13:45:46.0400 1348 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
13:45:46.0400 1348 vga - ok
13:45:46.0431 1348 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:45:46.0431 1348 VgaSave - ok
13:45:46.0446 1348 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
13:45:46.0462 1348 viaagp - ok
13:45:46.0462 1348 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
13:45:46.0478 1348 ViaC7 - ok
13:45:46.0524 1348 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
13:45:46.0540 1348 viaide - ok
13:45:46.0618 1348 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:45:46.0618 1348 volmgr - ok
13:45:46.0712 1348 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:45:46.0727 1348 volmgrx - ok
13:45:46.0774 1348 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:45:46.0774 1348 volsnap - ok
13:45:46.0805 1348 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
13:45:46.0821 1348 vsmraid - ok
13:45:46.0899 1348 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
13:45:46.0930 1348 VSS - ok
13:45:46.0977 1348 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
13:45:46.0992 1348 W32Time - ok
13:45:47.0070 1348 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:45:47.0070 1348 WacomPen - ok
13:45:47.0180 1348 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:45:47.0195 1348 Wanarp - ok
13:45:47.0226 1348 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:45:47.0226 1348 Wanarpv6 - ok
13:45:47.0258 1348 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
13:45:47.0273 1348 wcncsvc - ok
13:45:47.0320 1348 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:45:47.0320 1348 WcsPlugInService - ok
13:45:47.0367 1348 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
13:45:47.0382 1348 Wd - ok
13:45:47.0414 1348 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:45:47.0414 1348 WdiServiceHost - ok
13:45:47.0414 1348 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:45:47.0429 1348 WdiSystemHost - ok
13:45:47.0507 1348 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
13:45:47.0523 1348 WebClient - ok
13:45:47.0601 1348 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
13:45:47.0601 1348 Wecsvc - ok
13:45:47.0679 1348 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:45:47.0694 1348 wercplsupport - ok
13:45:47.0772 1348 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
13:45:47.0772 1348 WerSvc - ok
13:45:47.0835 1348 winachsf (cf27edac75c87f2b776d9218f02f8301) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:45:47.0850 1348 winachsf - ok
13:45:47.0944 1348 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
13:45:47.0944 1348 WinDefend - ok
13:45:47.0975 1348 WinHttpAutoProxySvc - ok
13:45:48.0100 1348 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
13:45:48.0116 1348 Winmgmt - ok
13:45:48.0225 1348 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
13:45:48.0256 1348 WinRM - ok
13:45:48.0318 1348 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
13:45:48.0334 1348 Wlansvc - ok
13:45:48.0381 1348 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:45:48.0396 1348 WmiAcpi - ok
13:45:48.0459 1348 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
13:45:48.0474 1348 wmiApSrv - ok
13:45:48.0615 1348 WMIService (e8781cf1a4262881897444d22921a3a6) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
13:45:48.0615 1348 WMIService - ok
13:45:48.0771 1348 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:45:48.0786 1348 WMPNetworkSvc - ok
13:45:48.0911 1348 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
13:45:48.0927 1348 WPCSvc - ok
13:45:48.0958 1348 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
13:45:48.0958 1348 WPDBusEnum - ok
13:45:49.0020 1348 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:45:49.0020 1348 WpdUsb - ok
13:45:49.0223 1348 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:45:49.0239 1348 WPFFontCache_v0400 - ok
13:45:49.0301 1348 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:45:49.0301 1348 ws2ifsl - ok
13:45:49.0379 1348 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
13:45:49.0395 1348 wscsvc - ok
13:45:49.0395 1348 WSearch - ok
13:45:49.0504 1348 WSWNA3100 (d0697918519a4cf059c2c7e3b9e93a53) C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
13:45:49.0520 1348 WSWNA3100 - ok
13:45:49.0676 1348 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
13:45:49.0722 1348 wuauserv - ok
13:45:49.0878 1348 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:45:49.0878 1348 WUDFRd - ok
13:45:49.0910 1348 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:45:49.0925 1348 wudfsvc - ok
13:45:49.0941 1348 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
13:45:49.0956 1348 XAudio - ok
13:45:49.0988 1348 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
13:45:50.0003 1348 XAudioService - ok
13:45:50.0050 1348 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
13:45:50.0050 1348 yukonwlh - ok
13:45:50.0159 1348 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
13:45:50.0159 1348 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok
13:45:50.0175 1348 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
13:45:53.0888 1348 \Device\Harddisk0\DR0 - ok
13:45:53.0919 1348 Boot (0x1200) (997e8bd71313f39ff32ce6101324050c) \Device\Harddisk0\DR0\Partition0
13:45:53.0919 1348 \Device\Harddisk0\DR0\Partition0 - ok
13:45:53.0950 1348 Boot (0x1200) (6936e6f507538347ed7f825864c53b78) \Device\Harddisk0\DR0\Partition1
13:45:53.0950 1348 \Device\Harddisk0\DR0\Partition1 - ok
13:45:53.0950 1348 ============================================================
13:45:53.0950 1348 Scan finished
13:45:53.0950 1348 ============================================================
13:45:53.0966 1452 Detected object count: 1
13:45:53.0966 1452 Actual detected object count: 1
13:47:03.0323 1452 pla ( LockedFile.Multi.Generic ) - skipped by user
13:47:03.0323 1452 pla ( LockedFile.Multi.Generic ) - User select action: Skip



aswMBR Log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-17 13:53:10
-----------------------------
13:53:10.563 OS Version: Windows 6.0.6002 Service Pack 2
13:53:10.563 Number of processors: 2 586 0x6802
13:53:10.563 ComputerName: JOSH-PC UserName: Josh
13:53:12.669 Initialize success
13:53:51.014 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:53:51.014 Disk 0 Vendor: TOSHIBA_MK1637GSX DL050J Size: 152627MB BusType: 3
13:53:51.138 Disk 0 MBR read successfully
13:53:51.138 Disk 0 MBR scan
13:53:51.138 Disk 0 unknown MBR code
13:53:51.185 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
13:53:51.216 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71317 MB offset 20482048
13:53:51.248 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71308 MB offset 166539264
13:53:51.279 Disk 0 scanning sectors +312578048
13:53:51.466 Disk 0 scanning C:\Windows\system32\drivers
13:54:17.331 Service scanning
13:54:55.566 Modules scanning
13:55:15.706 Disk 0 trace - called modules:
13:55:15.753 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
13:55:16.736 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8538cac8]
13:55:16.736 3 CLASSPNP.SYS[87bbe8b3] -> nt!IofCallDriver -> [0x85224898]
13:55:16.751 5 acpi.sys[8074b6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8522eb98]
13:55:16.751 Scan finished successfully
14:01:18.531 Disk 0 MBR has been saved successfully to "C:\Users\Josh\Desktop\MBR.dat"
14:01:18.546 The log file has been saved successfully to "C:\Users\Josh\Desktop\aswMBRLog.txt"


Again Thanks!

Attached Files

  • Attached File  MBR.zip   463bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:52 AM

Posted 18 July 2012 - 09:29 AM

13:44:48.0118 1584 Boot type: Safe boot with network

From your log. Are you able to start the computer in Normal Mode?
If not do you get any error message?

===

Suspicious file (NoAccess): C:\Windows\system32\pla.dll. md5: b66b35789679d9befc5be5d0c10d0fe7

Lets check this file.

>>> Run Jotti's malware scan: Please copy this line (in bold):
C:\Windows\system32\pla.dll
  • Go to Jotti's malware scan and click the Browse button,
  • A window will open, right-click in the File name field and choose Paste.
  • Click the Submit button and let the scan run uninterrupted.
  • At the end right-click the Permalink button and choose "Copy the link". Posted Image
  • Open Notepad (Start => All Programs => Accessories) and click "Edition" => "Paste".
Please copy and paste these Permalink in your next reply.
If Jotti is busy, please go to http://www.virustotal.com
===

Please run the ComboFix tool and post a fresh log. Make sure you disable your security programs.
You may be asked to update the program please do.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:52 AM

Posted 24 July 2012 - 07:19 AM

Are you still with me?

#6 4ntim4lw4re

4ntim4lw4re
  • Topic Starter

  • Members
  • 453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:52 AM

Posted 24 July 2012 - 08:07 AM

Yes, Sorry I haven't posted. I have tried running the scan on Jotti and on Virustotal and the browser just seems to freeze up every time. The computer continues running but never uploads the file in question. I have tried in regular windows as well as in safe mode. Any suggestions?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:52 AM

Posted 25 July 2012 - 07:10 AM

This is the function of the file.

Do you see a need fot it?

Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.

===

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

What are the issues with the file listed on the Title of the topic?

Are your updates with Microsoft up to date?

#8 4ntim4lw4re

4ntim4lw4re
  • Topic Starter

  • Members
  • 453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:52 AM

Posted 25 July 2012 - 09:12 AM

Hi,

I don't see a need for this file. Here is the Security Check log file:

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Wise Registry Cleaner 5.9.1
Java™ 6 Update 23
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.45.2 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Google Chrome 19.0.1084.52
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Empowering Technology eSettings Service capuserv.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````


The file that is referenced in the first post just seemed to keep coming up in the scans so I thought it might have something to do with the virus activity. Apparently not. And all windows updates are installed to date.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:52 AM

Posted 26 July 2012 - 06:51 AM

Please run the TDSSKiller tool and remove this entry.
pla (b66b35789679d9befc5be5d0c10d0fe7) C:\Windows\system32\pla.dll

The file will be sent to the quarantine folder.

Should you need it you will be able to restore it.

You should be able to right-click the file in Quarantine and select Restore.
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 23


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

If these old version are still listed in your Add/Remove Programs list after the update to Ver. 11 remove them.
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.45.2 Flash Player out of Date!


Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

I do not see any trace of WinFXDocObj.exe in the logs you submitted.
Where and when do you get an error message?

#10 4ntim4lw4re

4ntim4lw4re
  • Topic Starter

  • Members
  • 453 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:52 AM

Posted 26 July 2012 - 08:44 AM

I have updated all aforementioned programs to the newest versions. I did quarantine C:\Windows\system32\pla.dll file with TDSSKiller. I believe the WinFXDocObj.exe file was coming up in the first combofix scans. The computer seems to be running a lot better thus far. Any further steps to take?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:52 AM

Posted 26 July 2012 - 09:22 AM

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Wait a while before delete the TDSSKiller folder just in can you need to restore pla.dll




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users