Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Command Processor Prompt Keeps Popping Up


  • This topic is locked This topic is locked
8 replies to this topic

#1 2011Joe90

2011Joe90

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 15 July 2012 - 06:47 PM

I'm running a Windows Vista Home Premium 32 bit.

Norton internet security alerted me that it had blocked an attack on my computer.

I keep getting a user account control prompt for “Windows Command Processor”. The window shows the following: “C:\Windows\System32\cmd.exe/C”, “C:\Users\....\AppData\Local\Temp\kfialfcogiiclann.exe”.



Nortons sonar notification told me that it removed a file, which I think had the same filename as the .exe mentioned above.

The prompt keeps popping up, can you help me.

Edited by 2011Joe90, 15 July 2012 - 06:51 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:40 PM

Posted 15 July 2012 - 07:09 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 2011Joe90

2011Joe90
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 17 July 2012 - 02:07 PM

Norton informed me that it had blocked "Hacktool.rootkit". Also I can access certain websites e.g bbc, websites I cant access include this forum. This also happened when I tried to access the internet in safe mode with networking. I was able to get tdsskiller and aswmbr to scan, (scans below). However with ESET online scanner, I get the message "Can not get update. Is proxy configured?", I also triedthe online popup scanner wouldnt work got "cant find webpage, etc" as it is a website I cant access for some reason. Therefore there is no eset log attached.

TDSS killer:
18:29:01.0915 1436 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
18:29:02.0320 1436 ============================================================
18:29:02.0320 1436 Current date / time: 2012/07/16 18:29:02.0320
18:29:02.0320 1436 SystemInfo:
18:29:02.0320 1436
18:29:02.0320 1436 OS Version: 6.0.6002 ServicePack: 2.0
18:29:02.0320 1436 Product type: Workstation
18:29:02.0320 1436 ComputerName: JOSEPH-PC
18:29:02.0320 1436 UserName: Joseph
18:29:02.0320 1436 Windows directory: C:\Windows
18:29:02.0320 1436 System windows directory: C:\Windows
18:29:02.0320 1436 Processor architecture: Intel x86
18:29:02.0320 1436 Number of processors: 2
18:29:02.0320 1436 Page size: 0x1000
18:29:02.0320 1436 Boot type: Safe boot with network
18:29:02.0320 1436 ============================================================
18:29:03.0303 1436 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:29:03.0303 1436 Drive \Device\Harddisk1\DR1 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:29:03.0303 1436 ============================================================
18:29:03.0303 1436 \Device\Harddisk0\DR0:
18:29:03.0303 1436 MBR partitions:
18:29:03.0303 1436 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x6, StartLBA 0x1385000, BlocksNum 0xDF62000
18:29:03.0303 1436 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF2E7000, BlocksNum 0xD862000
18:29:03.0303 1436 \Device\Harddisk1\DR1:
18:29:03.0303 1436 MBR partitions:
18:29:03.0303 1436 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0x1DD17E0
18:29:03.0303 1436 ============================================================
18:29:03.0381 1436 C: <-> \Device\Harddisk0\DR0\Partition0
18:29:03.0444 1436 D: <-> \Device\Harddisk0\DR0\Partition1
18:29:03.0444 1436 ============================================================
18:29:03.0444 1436 Initialize success
18:29:03.0444 1436 ============================================================
18:29:29.0059 1268 ============================================================
18:29:29.0059 1268 Scan started
18:29:29.0059 1268 Mode: Manual; TDLFS;
18:29:29.0059 1268 ============================================================
18:29:29.0496 1268 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:29:29.0496 1268 !SASCORE - ok
18:29:30.0276 1268 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:29:30.0276 1268 ACPI - ok
18:29:30.0432 1268 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:29:30.0510 1268 AdobeFlashPlayerUpdateSvc - ok
18:29:30.0634 1268 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
18:29:30.0712 1268 adp94xx - ok
18:29:30.0790 1268 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
18:29:30.0837 1268 adpahci - ok
18:29:30.0853 1268 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
18:29:30.0853 1268 adpu160m - ok
18:29:30.0868 1268 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
18:29:30.0868 1268 adpu320 - ok
18:29:30.0978 1268 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
18:29:30.0978 1268 AeLookupSvc - ok
18:29:31.0118 1268 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:29:31.0165 1268 AFD - ok
18:29:31.0227 1268 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
18:29:31.0227 1268 agp440 - ok
18:29:31.0305 1268 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:29:31.0305 1268 aic78xx - ok
18:29:32.0272 1268 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files\common files\akamai/netsession_win_4f7fccd.dll
18:29:32.0335 1268 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
18:29:32.0335 1268 Akamai ( HiddenFile.Multi.Generic ) - warning
18:29:32.0335 1268 Akamai - detected HiddenFile.Multi.Generic (1)
18:29:32.0600 1268 ALaunchService (3845b6555de995f6c0c07ae2abcc0532) C:\Acer\ALaunch\ALaunchSvc.exe
18:29:32.0600 1268 ALaunchService - ok
18:29:32.0756 1268 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
18:29:32.0756 1268 ALG - ok
18:29:32.0912 1268 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
18:29:32.0912 1268 aliide - ok
18:29:32.0959 1268 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
18:29:32.0959 1268 amdagp - ok
18:29:32.0990 1268 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
18:29:32.0990 1268 amdide - ok
18:29:33.0006 1268 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
18:29:33.0006 1268 AmdK7 - ok
18:29:33.0006 1268 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
18:29:33.0021 1268 AmdK8 - ok
18:29:33.0146 1268 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
18:29:33.0146 1268 Appinfo - ok
18:29:33.0489 1268 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:29:33.0598 1268 Apple Mobile Device - ok
18:29:33.0676 1268 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
18:29:33.0676 1268 arc - ok
18:29:33.0739 1268 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
18:29:33.0754 1268 arcsas - ok
18:29:33.0957 1268 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:29:34.0035 1268 aspnet_state - ok
18:29:34.0207 1268 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:29:34.0207 1268 AsyncMac - ok
18:29:34.0269 1268 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:29:34.0269 1268 atapi - ok
18:29:34.0363 1268 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:29:34.0394 1268 AudioEndpointBuilder - ok
18:29:34.0394 1268 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:29:34.0394 1268 Audiosrv - ok
18:29:34.0488 1268 b57nd60x (fd49555c8235abe2c6f22af62edb694e) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:29:34.0550 1268 b57nd60x - ok
18:29:34.0722 1268 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
18:29:34.0737 1268 BBSvc - ok
18:29:34.0768 1268 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:29:34.0768 1268 Beep - ok
18:29:34.0862 1268 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
18:29:34.0878 1268 BFE - ok
18:29:35.0190 1268 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
18:29:35.0221 1268 BHDrvx86 - ok
18:29:35.0377 1268 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
18:29:35.0564 1268 BITS - ok
18:29:35.0595 1268 blbdrive - ok
18:29:35.0658 1268 BlueletAudio (1d866faf96d7369a1817ab208c04cf55) C:\Windows\system32\DRIVERS\blueletaudio.sys
18:29:35.0673 1268 BlueletAudio - ok
18:29:35.0704 1268 BlueletSCOAudio (8fc27b12a02b43947787f0ef1885df9b) C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys
18:29:35.0704 1268 BlueletSCOAudio - ok
18:29:35.0876 1268 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:29:35.0892 1268 Bonjour Service - ok
18:29:35.0954 1268 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:29:35.0954 1268 bowser - ok
18:29:36.0001 1268 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:29:36.0001 1268 BrFiltLo - ok
18:29:36.0016 1268 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:29:36.0016 1268 BrFiltUp - ok
18:29:36.0048 1268 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
18:29:36.0048 1268 Browser - ok
18:29:36.0079 1268 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:29:36.0079 1268 Brserid - ok
18:29:36.0094 1268 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:29:36.0094 1268 BrSerWdm - ok
18:29:36.0110 1268 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:29:36.0110 1268 BrUsbMdm - ok
18:29:36.0110 1268 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:29:36.0110 1268 BrUsbSer - ok
18:29:36.0157 1268 BT (c5cce2b26f73f8cf7f3c82159e79aa08) C:\Windows\system32\DRIVERS\btnetdrv.sys
18:29:36.0157 1268 BT - ok
18:29:36.0188 1268 Btcsrusb (d5d025b5f704817b42d13a3e443f7893) C:\Windows\system32\Drivers\btcusb.sys
18:29:36.0204 1268 Btcsrusb - ok
18:29:36.0250 1268 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
18:29:36.0250 1268 BthEnum - ok
18:29:36.0266 1268 BTHidEnum (ce643d0918123d76a5caab008fca9663) C:\Windows\system32\Drivers\vbtenum.sys
18:29:36.0266 1268 BTHidEnum - ok
18:29:36.0297 1268 BTHidMgr (dfca4fe4c8aec786b4d0f432eb730f48) C:\Windows\system32\Drivers\BTHidMgr.sys
18:29:36.0297 1268 BTHidMgr - ok
18:29:36.0328 1268 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:29:36.0328 1268 BTHMODEM - ok
18:29:36.0360 1268 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
18:29:36.0375 1268 BthPan - ok
18:29:36.0422 1268 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys
18:29:36.0438 1268 BTHPORT - ok
18:29:36.0484 1268 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
18:29:36.0484 1268 BthServ - ok
18:29:36.0516 1268 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys
18:29:36.0531 1268 BTHUSB - ok
18:29:36.0672 1268 ccHP (1fa1c0e73eca849bed29a47c508f7f17) C:\Windows\system32\drivers\NIS\1109000.00C\ccHPx86.sys
18:29:36.0703 1268 ccHP - ok
18:29:36.0750 1268 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:29:36.0765 1268 cdfs - ok
18:29:36.0812 1268 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:29:36.0812 1268 cdrom - ok
18:29:36.0874 1268 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:29:36.0874 1268 CertPropSvc - ok
18:29:36.0906 1268 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
18:29:36.0906 1268 circlass - ok
18:29:36.0952 1268 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:29:36.0984 1268 CLFS - ok
18:29:37.0062 1268 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:29:37.0062 1268 clr_optimization_v2.0.50727_32 - ok
18:29:37.0171 1268 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:29:37.0389 1268 clr_optimization_v4.0.30319_32 - ok
18:29:37.0498 1268 CLTNetCnService - ok
18:29:37.0545 1268 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:29:37.0545 1268 CmBatt - ok
18:29:37.0576 1268 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
18:29:37.0576 1268 cmdide - ok
18:29:37.0592 1268 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:29:37.0592 1268 Compbatt - ok
18:29:37.0592 1268 COMSysApp - ok
18:29:37.0608 1268 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
18:29:37.0608 1268 crcdisk - ok
18:29:37.0639 1268 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
18:29:37.0639 1268 Crusoe - ok
18:29:37.0686 1268 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
18:29:37.0686 1268 CryptSvc - ok
18:29:37.0810 1268 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:29:37.0857 1268 DcomLaunch - ok
18:29:37.0935 1268 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:29:37.0935 1268 DfsC - ok
18:29:38.0154 1268 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
18:29:38.0247 1268 DFSR - ok
18:29:38.0434 1268 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
18:29:38.0450 1268 Dhcp - ok
18:29:38.0544 1268 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:29:38.0544 1268 disk - ok
18:29:38.0809 1268 DiskDoctorService (7c85cc5570bf718d2b9ad9f53b1b5b55) C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
18:29:38.0856 1268 DiskDoctorService - ok
18:29:38.0934 1268 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
18:29:38.0934 1268 DKbFltr - ok
18:29:38.0996 1268 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
18:29:39.0012 1268 Dnscache - ok
18:29:39.0121 1268 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
18:29:39.0136 1268 dot3svc - ok
18:29:39.0183 1268 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
18:29:39.0183 1268 DPS - ok
18:29:39.0230 1268 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:29:39.0230 1268 drmkaud - ok
18:29:39.0308 1268 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:29:39.0324 1268 DXGKrnl - ok
18:29:39.0402 1268 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:29:39.0402 1268 E1G60 - ok
18:29:39.0417 1268 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
18:29:39.0417 1268 EapHost - ok
18:29:39.0511 1268 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:29:39.0526 1268 Ecache - ok
18:29:39.0636 1268 eDataSecurity Service (f54907aa07f60aff81e1e09e97af98b0) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
18:29:39.0682 1268 eDataSecurity Service - ok
18:29:39.0823 1268 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:29:39.0838 1268 eeCtrl - ok
18:29:39.0932 1268 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
18:29:39.0948 1268 ehRecvr - ok
18:29:40.0026 1268 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
18:29:40.0026 1268 ehSched - ok
18:29:40.0041 1268 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
18:29:40.0041 1268 ehstart - ok
18:29:40.0119 1268 eLockService (a7b5f3b9363f9ab1d4fe459baf3b15d6) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
18:29:40.0135 1268 eLockService - ok
18:29:40.0306 1268 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
18:29:40.0322 1268 elxstor - ok
18:29:40.0431 1268 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
18:29:40.0462 1268 EMDMgmt - ok
18:29:40.0525 1268 eNet Service (207e2dda01aac6ad64f0368ca59fc179) C:\Acer\Empowering Technology\eNet\eNet Service.exe
18:29:40.0540 1268 eNet Service - ok
18:29:40.0681 1268 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:29:40.0681 1268 EraserUtilRebootDrv - ok
18:29:40.0759 1268 eRecoveryService (a7b084bfbbd582a843d2f5c35220f962) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
18:29:40.0774 1268 eRecoveryService - ok
18:29:40.0852 1268 eSettingsService (06484e97d22f06de8de0f8e2bec6fa9e) C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
18:29:40.0852 1268 eSettingsService - ok
18:29:40.0930 1268 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
18:29:40.0930 1268 EventSystem - ok
18:29:41.0086 1268 EvtEng (54b6e150bff4a47eb0d204119d262e46) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:29:41.0102 1268 EvtEng - ok
18:29:41.0211 1268 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:29:41.0211 1268 exfat - ok
18:29:41.0274 1268 FANTOM (e3b0cd18146f9d51a34969e9bc2458d2) C:\Windows\system32\DRIVERS\fantom.sys
18:29:41.0274 1268 FANTOM - ok
18:29:41.0320 1268 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:29:41.0320 1268 fastfat - ok
18:29:41.0352 1268 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
18:29:41.0352 1268 fdc - ok
18:29:41.0383 1268 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
18:29:41.0383 1268 fdPHost - ok
18:29:41.0414 1268 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
18:29:41.0414 1268 FDResPub - ok
18:29:41.0476 1268 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:29:41.0492 1268 FileInfo - ok
18:29:41.0523 1268 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:29:41.0523 1268 Filetrace - ok
18:29:41.0695 1268 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:29:41.0726 1268 FLEXnet Licensing Service - ok
18:29:41.0757 1268 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
18:29:41.0757 1268 flpydisk - ok
18:29:41.0804 1268 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:29:41.0820 1268 FltMgr - ok
18:29:42.0007 1268 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
18:29:42.0022 1268 FontCache - ok
18:29:42.0163 1268 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:29:42.0163 1268 FontCache3.0.0.0 - ok
18:29:42.0241 1268 fssfltr (b0082808a6856a252f7cdd939892ce50) C:\Windows\system32\DRIVERS\fssfltr.sys
18:29:42.0241 1268 fssfltr - ok
18:29:42.0459 1268 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
18:29:42.0522 1268 fsssvc - ok
18:29:42.0724 1268 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
18:29:42.0724 1268 Fs_Rec - ok
18:29:42.0740 1268 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
18:29:42.0740 1268 gagp30kx - ok
18:29:42.0787 1268 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:29:42.0787 1268 GEARAspiWDM - ok
18:29:42.0849 1268 getPlus® Helper - ok
18:29:42.0927 1268 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
18:29:42.0943 1268 giveio - ok
18:29:43.0005 1268 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
18:29:43.0036 1268 gpsvc - ok
18:29:43.0130 1268 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
18:29:43.0130 1268 gupdate - ok
18:29:43.0161 1268 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
18:29:43.0161 1268 gupdatem - ok
18:29:43.0208 1268 gusvc (3fd5f79aa40b1c244c59de984e98dc37) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:29:43.0224 1268 gusvc - ok
18:29:43.0286 1268 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:29:43.0286 1268 HdAudAddService - ok
18:29:43.0364 1268 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:29:43.0380 1268 HDAudBus - ok
18:29:43.0395 1268 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:29:43.0395 1268 HidBth - ok
18:29:43.0426 1268 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
18:29:43.0426 1268 HidIr - ok
18:29:43.0458 1268 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
18:29:43.0458 1268 hidserv - ok
18:29:43.0504 1268 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:29:43.0504 1268 HidUsb - ok
18:29:43.0551 1268 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
18:29:43.0551 1268 hkmsvc - ok
18:29:43.0582 1268 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
18:29:43.0582 1268 HpCISSs - ok
18:29:43.0614 1268 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:29:43.0629 1268 HSFHWAZL - ok
18:29:43.0723 1268 HSF_DPV (347385d69c15e3d045aa1cb46e4cb86d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:29:43.0754 1268 HSF_DPV - ok
18:29:43.0816 1268 HSXHWAZL (919337d853703267da203e79a0ac1f2b) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:29:43.0832 1268 HSXHWAZL - ok
18:29:43.0879 1268 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:29:43.0894 1268 HTTP - ok
18:29:43.0941 1268 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
18:29:43.0941 1268 i2omp - ok
18:29:43.0988 1268 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:29:43.0988 1268 i8042prt - ok
18:29:44.0113 1268 IAANTMON (582f2d900a3ac34c98fbdc2c0abef6b9) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:29:44.0144 1268 IAANTMON - ok
18:29:44.0206 1268 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
18:29:44.0206 1268 iaStor - ok
18:29:44.0238 1268 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
18:29:44.0253 1268 iaStorV - ok
18:29:44.0409 1268 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:29:44.0425 1268 idsvc - ok
18:29:44.0721 1268 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20120713.001\IDSvix86.sys
18:29:44.0768 1268 IDSVix86 - ok
18:29:45.0096 1268 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:29:45.0174 1268 igfx - ok
18:29:45.0298 1268 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:29:45.0298 1268 iirsp - ok
18:29:45.0376 1268 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
18:29:45.0423 1268 IKEEXT - ok
18:29:45.0532 1268 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
18:29:45.0532 1268 int15 - ok
18:29:45.0720 1268 IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys
18:29:45.0782 1268 IntcAzAudAddService - ok
18:29:45.0969 1268 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:29:45.0969 1268 intelide - ok
18:29:46.0016 1268 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:29:46.0016 1268 intelppm - ok
18:29:46.0032 1268 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
18:29:46.0032 1268 IPBusEnum - ok
18:29:46.0063 1268 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:29:46.0063 1268 IpFilterDriver - ok
18:29:46.0110 1268 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
18:29:46.0125 1268 iphlpsvc - ok
18:29:46.0125 1268 IpInIp - ok
18:29:46.0172 1268 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
18:29:46.0172 1268 IPMIDRV - ok
18:29:46.0203 1268 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:29:46.0203 1268 IPNAT - ok
18:29:46.0328 1268 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
18:29:46.0359 1268 iPod Service - ok
18:29:46.0390 1268 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:29:46.0390 1268 IRENUM - ok
18:29:46.0422 1268 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
18:29:46.0422 1268 isapnp - ok
18:29:46.0484 1268 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:29:46.0484 1268 iScsiPrt - ok
18:29:46.0500 1268 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:29:46.0500 1268 iteatapi - ok
18:29:46.0546 1268 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:29:46.0546 1268 iteraid - ok
18:29:46.0578 1268 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:29:46.0578 1268 kbdclass - ok
18:29:46.0609 1268 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:29:46.0609 1268 kbdhid - ok
18:29:46.0656 1268 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:29:46.0656 1268 KeyIso - ok
18:29:46.0718 1268 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
18:29:46.0734 1268 KSecDD - ok
18:29:46.0796 1268 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
18:29:46.0812 1268 KtmRm - ok
18:29:46.0858 1268 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
18:29:46.0905 1268 LanmanServer - ok
18:29:46.0968 1268 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
18:29:46.0999 1268 LanmanWorkstation - ok
18:29:47.0092 1268 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:29:47.0124 1268 LightScribeService - ok
18:29:47.0186 1268 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:29:47.0186 1268 lltdio - ok
18:29:47.0233 1268 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
18:29:47.0248 1268 lltdsvc - ok
18:29:47.0295 1268 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
18:29:47.0295 1268 lmhosts - ok
18:29:47.0326 1268 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
18:29:47.0326 1268 LSI_FC - ok
18:29:47.0326 1268 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
18:29:47.0342 1268 LSI_SAS - ok
18:29:47.0342 1268 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
18:29:47.0358 1268 LSI_SCSI - ok
18:29:47.0404 1268 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:29:47.0404 1268 luafv - ok
18:29:47.0436 1268 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
18:29:47.0436 1268 Mcx2Svc - ok
18:29:47.0451 1268 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:29:47.0451 1268 mdmxsdk - ok
18:29:47.0467 1268 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
18:29:47.0467 1268 megasas - ok
18:29:47.0498 1268 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:29:47.0498 1268 MMCSS - ok
18:29:47.0560 1268 MobilityService - ok
18:29:47.0576 1268 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:29:47.0576 1268 Modem - ok
18:29:47.0607 1268 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:29:47.0607 1268 monitor - ok
18:29:47.0638 1268 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:29:47.0638 1268 mouclass - ok
18:29:47.0638 1268 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:29:47.0638 1268 mouhid - ok
18:29:47.0685 1268 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:29:47.0685 1268 MountMgr - ok
18:29:47.0732 1268 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
18:29:47.0732 1268 mpio - ok
18:29:47.0763 1268 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:29:47.0763 1268 mpsdrv - ok
18:29:47.0841 1268 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
18:29:47.0904 1268 MpsSvc - ok
18:29:47.0919 1268 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:29:47.0919 1268 Mraid35x - ok
18:29:47.0966 1268 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:29:47.0966 1268 MRxDAV - ok
18:29:48.0013 1268 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:29:48.0028 1268 mrxsmb - ok
18:29:48.0075 1268 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:29:48.0091 1268 mrxsmb10 - ok
18:29:48.0122 1268 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:29:48.0122 1268 mrxsmb20 - ok
18:29:48.0122 1268 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
18:29:48.0122 1268 msahci - ok
18:29:48.0153 1268 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
18:29:48.0153 1268 msdsm - ok
18:29:48.0184 1268 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
18:29:48.0184 1268 MSDTC - ok
18:29:48.0247 1268 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:29:48.0247 1268 Msfs - ok
18:29:48.0294 1268 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:29:48.0294 1268 msisadrv - ok
18:29:48.0325 1268 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
18:29:48.0325 1268 MSiSCSI - ok
18:29:48.0340 1268 msiserver - ok
18:29:48.0372 1268 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:29:48.0372 1268 MSKSSRV - ok
18:29:48.0403 1268 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:29:48.0403 1268 MSPCLOCK - ok
18:29:48.0418 1268 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:29:48.0418 1268 MSPQM - ok
18:29:48.0465 1268 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:29:48.0481 1268 MsRPC - ok
18:29:48.0496 1268 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:29:48.0496 1268 mssmbios - ok
18:29:48.0512 1268 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:29:48.0512 1268 MSTEE - ok
18:29:48.0528 1268 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:29:48.0528 1268 Mup - ok
18:29:48.0574 1268 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
18:29:48.0606 1268 napagent - ok
18:29:48.0668 1268 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:29:48.0684 1268 NativeWifiP - ok
18:29:48.0918 1268 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20120714.017\NAVENG.SYS
18:29:48.0918 1268 NAVENG - ok
18:29:49.0074 1268 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20120714.017\NAVEX15.SYS
18:29:49.0136 1268 NAVEX15 - ok
18:29:49.0370 1268 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:29:49.0432 1268 NDIS - ok
18:29:49.0448 1268 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:29:49.0448 1268 NdisTapi - ok
18:29:49.0479 1268 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:29:49.0479 1268 Ndisuio - ok
18:29:49.0526 1268 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:29:49.0526 1268 NdisWan - ok
18:29:49.0557 1268 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:29:49.0557 1268 NDProxy - ok
18:29:49.0573 1268 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:29:49.0573 1268 NetBIOS - ok
18:29:49.0620 1268 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:29:49.0635 1268 netbt - ok
18:29:49.0666 1268 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:29:49.0666 1268 Netlogon - ok
18:29:49.0713 1268 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
18:29:49.0713 1268 Netman - ok
18:29:49.0838 1268 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:29:49.0900 1268 NetMsmqActivator - ok
18:29:49.0900 1268 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:29:49.0900 1268 NetPipeActivator - ok
18:29:49.0963 1268 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
18:29:49.0978 1268 netprofm - ok
18:29:49.0994 1268 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:29:49.0994 1268 NetTcpActivator - ok
18:29:50.0010 1268 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:29:50.0010 1268 NetTcpPortSharing - ok
18:29:50.0197 1268 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys
18:29:50.0290 1268 NETw4v32 - ok
18:29:50.0743 1268 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
18:29:50.0821 1268 NETw5v32 - ok
18:29:50.0977 1268 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:29:50.0977 1268 nfrd960 - ok
18:29:51.0117 1268 NIS (b4187346f54e362daffe647b25a58d50) C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
18:29:51.0117 1268 NIS - ok
18:29:51.0164 1268 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
18:29:51.0180 1268 NlaSvc - ok
18:29:51.0226 1268 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:29:51.0226 1268 Npfs - ok
18:29:51.0258 1268 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
18:29:51.0258 1268 nsi - ok
18:29:51.0304 1268 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:29:51.0304 1268 nsiproxy - ok
18:29:51.0429 1268 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:29:51.0476 1268 Ntfs - ok
18:29:51.0538 1268 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
18:29:51.0538 1268 NTIDrvr - ok
18:29:51.0554 1268 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:29:51.0554 1268 ntrigdigi - ok
18:29:51.0570 1268 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:29:51.0570 1268 Null - ok
18:29:52.0069 1268 nvlddmkm (8e5e17b69830d7cc4691a8e564870c46) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:29:52.0225 1268 nvlddmkm - ok
18:29:52.0396 1268 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
18:29:52.0396 1268 nvraid - ok
18:29:52.0412 1268 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
18:29:52.0412 1268 nvstor - ok
18:29:52.0443 1268 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
18:29:52.0443 1268 nv_agp - ok
18:29:52.0443 1268 NwlnkFlt - ok
18:29:52.0443 1268 NwlnkFwd - ok
18:29:52.0630 1268 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:29:52.0646 1268 odserv - ok
18:29:52.0693 1268 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
18:29:52.0693 1268 ohci1394 - ok
18:29:52.0755 1268 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:29:52.0755 1268 ose - ok
18:29:52.0849 1268 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:29:52.0864 1268 p2pimsvc - ok
18:29:52.0880 1268 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:29:52.0880 1268 p2psvc - ok
18:29:52.0927 1268 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:29:52.0927 1268 Parport - ok
18:29:52.0974 1268 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
18:29:52.0974 1268 partmgr - ok
18:29:52.0989 1268 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:29:52.0989 1268 Parvdm - ok
18:29:53.0036 1268 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
18:29:53.0036 1268 PcaSvc - ok
18:29:53.0083 1268 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:29:53.0098 1268 pci - ok
18:29:53.0114 1268 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
18:29:53.0114 1268 pciide - ok
18:29:53.0130 1268 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:29:53.0145 1268 pcmcia - ok
18:29:53.0239 1268 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:29:53.0270 1268 PEAUTH - ok
18:29:53.0426 1268 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
18:29:53.0488 1268 pla - ok
18:29:53.0644 1268 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
18:29:53.0660 1268 PlugPlay - ok
18:29:53.0754 1268 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:29:53.0769 1268 PNRPAutoReg - ok
18:29:53.0769 1268 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:29:53.0769 1268 PNRPsvc - ok
18:29:53.0847 1268 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
18:29:53.0878 1268 PolicyAgent - ok
18:29:53.0941 1268 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:29:53.0941 1268 PptpMiniport - ok
18:29:53.0956 1268 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
18:29:53.0956 1268 Processor - ok
18:29:54.0034 1268 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
18:29:54.0050 1268 ProfSvc - ok
18:29:54.0081 1268 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:29:54.0081 1268 ProtectedStorage - ok
18:29:54.0128 1268 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:29:54.0128 1268 PSched - ok
18:29:54.0144 1268 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
18:29:54.0144 1268 PSDFilter - ok
18:29:54.0159 1268 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
18:29:54.0159 1268 PSDNServ - ok
18:29:54.0175 1268 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
18:29:54.0175 1268 psdvdisk - ok
18:29:54.0222 1268 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
18:29:54.0237 1268 PxHelp20 - ok
18:29:54.0331 1268 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
18:29:54.0346 1268 ql2300 - ok
18:29:54.0362 1268 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:29:54.0362 1268 ql40xx - ok
18:29:54.0409 1268 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
18:29:54.0456 1268 QWAVE - ok
18:29:54.0518 1268 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:29:54.0518 1268 QWAVEdrv - ok
18:29:54.0549 1268 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:29:54.0549 1268 RasAcd - ok
18:29:54.0580 1268 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
18:29:54.0580 1268 RasAuto - ok
18:29:54.0627 1268 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:29:54.0627 1268 Rasl2tp - ok
18:29:54.0674 1268 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
18:29:54.0721 1268 RasMan - ok
18:29:54.0783 1268 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:29:54.0783 1268 RasPppoe - ok
18:29:54.0830 1268 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:29:54.0830 1268 RasSstp - ok
18:29:54.0877 1268 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:29:54.0892 1268 rdbss - ok
18:29:54.0924 1268 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:29:54.0924 1268 RDPCDD - ok
18:29:54.0970 1268 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
18:29:54.0986 1268 rdpdr - ok
18:29:54.0986 1268 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:29:54.0986 1268 RDPENCDD - ok
18:29:55.0048 1268 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
18:29:55.0064 1268 RDPWD - ok
18:29:55.0204 1268 RegSrvc (3ff45b7f17d5837216abae652cc61540) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:29:55.0220 1268 RegSrvc - ok
18:29:55.0267 1268 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
18:29:55.0267 1268 RemoteAccess - ok
18:29:55.0314 1268 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
18:29:55.0329 1268 RemoteRegistry - ok
18:29:55.0376 1268 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
18:29:55.0376 1268 RFCOMM - ok
18:29:55.0438 1268 RichVideo (0a468612a19feb657d127e7c4810f6fc) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
18:29:55.0470 1268 RichVideo - ok
18:29:55.0516 1268 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
18:29:55.0516 1268 rimmptsk - ok
18:29:55.0532 1268 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
18:29:55.0532 1268 rimsptsk - ok
18:29:55.0548 1268 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
18:29:55.0548 1268 rismxdp - ok
18:29:55.0594 1268 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
18:29:55.0594 1268 ROOTMODEM - ok
18:29:55.0626 1268 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
18:29:55.0626 1268 RpcLocator - ok
18:29:55.0704 1268 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:29:55.0704 1268 RpcSs - ok
18:29:55.0750 1268 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:29:55.0750 1268 rspndr - ok
18:29:55.0782 1268 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:29:55.0797 1268 SamSs - ok
18:29:55.0860 1268 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:29:55.0860 1268 SASDIFSV - ok
18:29:55.0891 1268 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:29:55.0906 1268 SASKUTIL - ok
18:29:55.0922 1268 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:29:55.0922 1268 sbp2port - ok
18:29:55.0984 1268 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
18:29:55.0984 1268 SCardSvr - ok
18:29:56.0062 1268 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
18:29:56.0078 1268 Schedule - ok
18:29:56.0125 1268 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:29:56.0125 1268 SCPolicySvc - ok
18:29:56.0187 1268 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
18:29:56.0187 1268 sdbus - ok
18:29:56.0218 1268 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
18:29:56.0234 1268 SDRSVC - ok
18:29:56.0343 1268 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
18:29:56.0374 1268 SeaPort - ok
18:29:56.0390 1268 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:29:56.0390 1268 secdrv - ok
18:29:56.0437 1268 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
18:29:56.0437 1268 seclogon - ok
18:29:56.0452 1268 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
18:29:56.0452 1268 SENS - ok
18:29:56.0468 1268 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
18:29:56.0468 1268 Serenum - ok
18:29:56.0484 1268 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:29:56.0499 1268 Serial - ok
18:29:56.0515 1268 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:29:56.0515 1268 sermouse - ok
18:29:56.0577 1268 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
18:29:56.0577 1268 SessionEnv - ok
18:29:56.0593 1268 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
18:29:56.0593 1268 sffdisk - ok
18:29:56.0593 1268 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
18:29:56.0593 1268 sffp_mmc - ok
18:29:56.0608 1268 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
18:29:56.0624 1268 sffp_sd - ok
18:29:56.0624 1268 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:29:56.0624 1268 sfloppy - ok
18:29:56.0655 1268 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
18:29:56.0671 1268 SharedAccess - ok
18:29:56.0749 1268 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
18:29:56.0749 1268 ShellHWDetection - ok
18:29:56.0764 1268 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
18:29:56.0780 1268 sisagp - ok
18:29:56.0796 1268 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
18:29:56.0796 1268 SiSRaid2 - ok
18:29:56.0811 1268 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
18:29:56.0811 1268 SiSRaid4 - ok
18:29:57.0092 1268 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
18:29:57.0170 1268 slsvc - ok
18:29:57.0310 1268 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
18:29:57.0310 1268 SLUINotify - ok
18:29:57.0388 1268 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:29:57.0388 1268 Smb - ok
18:29:57.0435 1268 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
18:29:57.0451 1268 SNMPTRAP - ok
18:29:57.0591 1268 SNP2UVC (1c550748f896e53b7b0fe7717845132b) C:\Windows\system32\DRIVERS\snp2uvc.sys
18:29:57.0700 1268 SNP2UVC - ok
18:29:57.0872 1268 SpeedDiskService (a8493e43f9d4b22bbed2d424d03ed273) C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
18:29:57.0919 1268 SpeedDiskService - ok
18:29:58.0059 1268 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\Windows\system32\speedfan.sys
18:29:58.0075 1268 speedfan - ok
18:29:58.0122 1268 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:29:58.0122 1268 spldr - ok
18:29:58.0168 1268 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
18:29:58.0168 1268 Spooler - ok
18:29:58.0278 1268 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\NIS\1109000.00C\SRTSP.SYS
18:29:58.0309 1268 SRTSP - ok
18:29:58.0324 1268 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\NIS\1109000.00C\SRTSPX.SYS
18:29:58.0324 1268 SRTSPX - ok
18:29:58.0387 1268 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:29:58.0402 1268 srv - ok
18:29:58.0465 1268 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:29:58.0465 1268 srv2 - ok
18:29:58.0527 1268 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:29:58.0527 1268 srvnet - ok
18:29:58.0558 1268 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
18:29:58.0574 1268 SSDPSRV - ok
18:29:58.0621 1268 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
18:29:58.0621 1268 SstpSvc - ok
18:29:58.0730 1268 Start BT in service (87b8f74c32f34f581d2ef8cde8cdb187) C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
18:29:58.0730 1268 Start BT in service - ok
18:29:58.0792 1268 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
18:29:58.0792 1268 StillCam - ok
18:29:58.0870 1268 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
18:29:58.0886 1268 stisvc - ok
18:29:58.0917 1268 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:29:58.0917 1268 swenum - ok
18:29:58.0980 1268 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
18:29:58.0995 1268 swprv - ok
18:29:59.0042 1268 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:29:59.0042 1268 Symc8xx - ok
18:29:59.0136 1268 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\NIS\1109000.00C\SYMDS.SYS
18:29:59.0167 1268 SymDS - ok
18:29:59.0214 1268 SymDSMon (4c155fa65cbf81513e4b9d088737e9cf) C:\Windows\system32\drivers\SymDSMon.sys
18:29:59.0214 1268 SymDSMon - ok
18:29:59.0292 1268 SymEFA (10ba64273feff4df0a7ccb0ff3b9b26b) C:\Windows\system32\drivers\NIS\1109000.00C\SYMEFA.SYS
18:29:59.0292 1268 SymEFA - ok
18:29:59.0338 1268 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
18:29:59.0354 1268 SymEvent - ok
18:29:59.0401 1268 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\NIS\1109000.00C\Ironx86.SYS
18:29:59.0401 1268 SymIRON - ok
18:29:59.0463 1268 SYMSpeedDisk (e9983667331d463f1e5b34f9170a9ae0) C:\Windows\system32\drivers\SymSpeedDisk.sys
18:29:59.0463 1268 SYMSpeedDisk - ok
18:29:59.0526 1268 SYMTDIv (b501d61792d8355eae7eb4f7449a9d99) C:\Windows\System32\Drivers\NIS\1109000.00C\SYMTDIV.SYS
18:29:59.0526 1268 SYMTDIv - ok
18:29:59.0557 1268 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:29:59.0557 1268 Sym_hi - ok
18:29:59.0572 1268 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:29:59.0572 1268 Sym_u3 - ok
18:29:59.0619 1268 SynTP (5d6e865780aae258aba1a1484782cfec) C:\Windows\system32\DRIVERS\SynTP.sys
18:29:59.0619 1268 SynTP - ok
18:29:59.0697 1268 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
18:29:59.0713 1268 SysMain - ok
18:29:59.0744 1268 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
18:29:59.0760 1268 TabletInputService - ok
18:29:59.0822 1268 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
18:29:59.0822 1268 TapiSrv - ok
18:29:59.0853 1268 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
18:29:59.0853 1268 TBS - ok
18:29:59.0978 1268 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
18:30:00.0009 1268 Tcpip - ok
18:30:00.0040 1268 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
18:30:00.0040 1268 Tcpip6 - ok
18:30:00.0087 1268 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:30:00.0087 1268 tcpipreg - ok
18:30:00.0118 1268 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:30:00.0118 1268 TDPIPE - ok
18:30:00.0150 1268 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:30:00.0150 1268 TDTCP - ok
18:30:00.0196 1268 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:30:00.0196 1268 tdx - ok
18:30:00.0243 1268 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:30:00.0243 1268 TermDD - ok
18:30:00.0306 1268 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
18:30:00.0321 1268 TermService - ok
18:30:00.0696 1268 Texis Monitor (407db52b50c8c8154ff114dcec1fb73c) C:\SIMULIA\Documentation\monitor.exe
18:30:00.0805 1268 Texis Monitor - ok
18:30:00.0976 1268 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
18:30:00.0992 1268 Themes - ok
18:30:01.0023 1268 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:30:01.0023 1268 THREADORDER - ok
18:30:01.0039 1268 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
18:30:01.0039 1268 TrkWks - ok
18:30:01.0101 1268 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
18:30:01.0101 1268 TrustedInstaller - ok
18:30:01.0164 1268 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:30:01.0164 1268 tssecsrv - ok
18:30:01.0210 1268 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:30:01.0210 1268 tunmp - ok
18:30:01.0257 1268 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:30:01.0257 1268 tunnel - ok
18:30:01.0288 1268 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
18:30:01.0288 1268 uagp35 - ok
18:30:01.0320 1268 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:30:01.0335 1268 udfs - ok
18:30:01.0382 1268 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
18:30:01.0382 1268 UI0Detect - ok
18:30:01.0398 1268 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
18:30:01.0398 1268 uliagpkx - ok
18:30:01.0429 1268 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
18:30:01.0444 1268 uliahci - ok
18:30:01.0476 1268 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:30:01.0476 1268 UlSata - ok
18:30:01.0491 1268 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:30:01.0491 1268 ulsata2 - ok
18:30:01.0522 1268 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:30:01.0522 1268 umbus - ok
18:30:01.0569 1268 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
18:30:01.0569 1268 UMPass - ok
18:30:01.0616 1268 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
18:30:01.0632 1268 upnphost - ok
18:30:01.0678 1268 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
18:30:01.0678 1268 USBAAPL - ok
18:30:01.0741 1268 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
18:30:01.0741 1268 usbaudio - ok
18:30:01.0788 1268 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:30:01.0803 1268 usbccgp - ok
18:30:01.0834 1268 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:30:01.0834 1268 usbcir - ok
18:30:01.0866 1268 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:30:01.0866 1268 usbehci - ok
18:30:01.0897 1268 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:30:01.0912 1268 usbhub - ok
18:30:01.0928 1268 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:30:01.0928 1268 usbohci - ok
18:30:01.0975 1268 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:30:01.0975 1268 usbprint - ok
18:30:02.0006 1268 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:30:02.0006 1268 usbscan - ok
18:30:02.0037 1268 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:30:02.0037 1268 USBSTOR - ok
18:30:02.0053 1268 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:30:02.0053 1268 usbuhci - ok
18:30:02.0100 1268 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
18:30:02.0100 1268 UxSms - ok
18:30:02.0178 1268 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
18:30:02.0178 1268 VClone - ok
18:30:02.0209 1268 VComm (51750b0539986186c6931fc40d171521) C:\Windows\system32\DRIVERS\VComm.sys
18:30:02.0224 1268 VComm - ok
18:30:02.0240 1268 VcommMgr (6d9c891c0a761afed1f3609c2e56f2b9) C:\Windows\system32\Drivers\VcommMgr.sys
18:30:02.0240 1268 VcommMgr - ok
18:30:02.0302 1268 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
18:30:02.0334 1268 vds - ok
18:30:02.0349 1268 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
18:30:02.0349 1268 vga - ok
18:30:02.0365 1268 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:30:02.0365 1268 VgaSave - ok
18:30:02.0396 1268 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
18:30:02.0396 1268 viaagp - ok
18:30:02.0396 1268 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
18:30:02.0412 1268 ViaC7 - ok
18:30:02.0412 1268 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
18:30:02.0427 1268 viaide - ok
18:30:02.0427 1268 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:30:02.0443 1268 volmgr - ok
18:30:02.0505 1268 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:30:02.0521 1268 volmgrx - ok
18:30:02.0583 1268 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:30:02.0583 1268 volsnap - ok
18:30:02.0599 1268 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
18:30:02.0599 1268 vsmraid - ok
18:30:02.0724 1268 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
18:30:02.0755 1268 VSS - ok
18:30:02.0817 1268 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
18:30:02.0833 1268 W32Time - ok
18:30:02.0880 1268 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:30:02.0880 1268 WacomPen - ok
18:30:02.0911 1268 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:30:02.0926 1268 Wanarp - ok
18:30:02.0926 1268 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:30:02.0926 1268 Wanarpv6 - ok
18:30:02.0973 1268 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
18:30:02.0989 1268 wcncsvc - ok
18:30:03.0020 1268 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
18:30:03.0020 1268 WcsPlugInService - ok
18:30:03.0036 1268 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
18:30:03.0036 1268 Wd - ok
18:30:03.0098 1268 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:30:03.0114 1268 Wdf01000 - ok
18:30:03.0145 1268 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:30:03.0145 1268 WdiServiceHost - ok
18:30:03.0160 1268 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:30:03.0160 1268 WdiSystemHost - ok
18:30:03.0207 1268 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
18:30:03.0223 1268 WebClient - ok
18:30:03.0270 1268 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
18:30:03.0285 1268 Wecsvc - ok
18:30:03.0316 1268 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
18:30:03.0316 1268 wercplsupport - ok
18:30:03.0363 1268 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
18:30:03.0363 1268 WerSvc - ok
18:30:03.0426 1268 winachsf (3344b5c3209e538291398ff12f895155) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:30:03.0472 1268 winachsf - ok
18:30:03.0472 1268 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys
18:30:03.0472 1268 winbondcir - ok
18:30:03.0566 1268 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
18:30:03.0582 1268 WinDefend - ok
18:30:03.0597 1268 WinHttpAutoProxySvc - ok
18:30:03.0660 1268 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
18:30:03.0691 1268 Winmgmt - ok
18:30:03.0816 1268 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
18:30:03.0847 1268 WinRM - ok
18:30:03.0940 1268 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
18:30:03.0972 1268 Wlansvc - ok
18:30:04.0221 1268 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:30:04.0252 1268 wlidsvc - ok
18:30:04.0424 1268 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:30:04.0424 1268 WmiAcpi - ok
18:30:04.0502 1268 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
18:30:04.0502 1268 wmiApSrv - ok
18:30:04.0611 1268 WMIService (e8781cf1a4262881897444d22921a3a6) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
18:30:04.0627 1268 WMIService - ok
18:30:04.0752 1268 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:30:04.0783 1268 WMPNetworkSvc - ok
18:30:04.0954 1268 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
18:30:04.0970 1268 WPCSvc - ok
18:30:05.0032 1268 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
18:30:05.0048 1268 WPDBusEnum - ok
18:30:05.0142 1268 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:30:05.0142 1268 WpdUsb - ok
18:30:05.0344 1268 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:30:05.0360 1268 WPFFontCache_v0400 - ok
18:30:05.0391 1268 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:30:05.0391 1268 ws2ifsl - ok
18:30:05.0438 1268 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
18:30:05.0438 1268 wscsvc - ok
18:30:05.0469 1268 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
18:30:05.0469 1268 WSDPrintDevice - ok
18:30:05.0469 1268 WSearch - ok
18:30:05.0516 1268 WSVD (2584df81cc9f7e7bd3545691106f8cae) C:\Windows\system32\drivers\WSVD.sys
18:30:05.0516 1268 WSVD - ok
18:30:05.0688 1268 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
18:30:05.0766 1268 wuauserv - ok
18:30:05.0953 1268 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:30:05.0953 1268 WUDFRd - ok
18:30:05.0984 1268 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
18:30:05.0984 1268 wudfsvc - ok
18:30:06.0031 1268 XAudio (2e579520e114a9ca309f13bf40ad8292) C:\Windows\system32\DRIVERS\xaudio.sys
18:30:06.0031 1268 XAudio - ok
18:30:06.0078 1268 XAudioService (f82fc2c30a19442b95ae554215837c46) C:\Windows\system32\DRIVERS\xaudio.exe
18:30:06.0093 1268 XAudioService - ok
18:30:06.0187 1268 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
18:30:06.0187 1268 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
18:30:06.0234 1268 MBR (0x1B8) (0dce9a450e9979b9640d57e81152a29d) \Device\Harddisk0\DR0
18:30:06.0920 1268 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:30:06.0920 1268 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:30:06.0920 1268 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
18:30:07.0060 1268 \Device\Harddisk1\DR1 - ok
18:30:07.0076 1268 Boot (0x1200) (f58ffd33bcb116aec62cc176bbfb6a55) \Device\Harddisk0\DR0\Partition0
18:30:07.0076 1268 \Device\Harddisk0\DR0\Partition0 - ok
18:30:07.0123 1268 Boot (0x1200) (22598b111eadea6cce425863c7343c4f) \Device\Harddisk0\DR0\Partition1
18:30:07.0123 1268 \Device\Harddisk0\DR0\Partition1 - ok
18:30:07.0138 1268 Boot (0x1200) (05e08296c4babec2b30fd06d165ef4f8) \Device\Harddisk1\DR1\Partition0
18:30:07.0138 1268 \Device\Harddisk1\DR1\Partition0 - ok
18:30:07.0138 1268 ============================================================
18:30:07.0138 1268 Scan finished
18:30:07.0138 1268 ============================================================
18:30:07.0154 1084 Detected object count: 2
18:30:07.0154 1084 Actual detected object count: 2
18:32:31.0404 1084 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
18:32:31.0404 1084 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
18:32:31.0414 1084 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:32:31.0414 1084 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Aswmbr scan:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-16 22:16:10
-----------------------------
22:16:10.234 OS Version: Windows 6.0.6002 Service Pack 2
22:16:10.234 Number of processors: 2 586 0xF0D
22:16:10.234 ComputerName: JOSEPH-PC UserName: Joseph
22:16:13.479 Initialize success
22:16:29.266 AVAST engine defs: 12071600
22:16:31.856 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:16:31.856 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
22:16:31.887 Disk 0 MBR read successfully
22:16:31.887 Disk 0 MBR scan
22:16:31.903 Disk 0 unknown MBR code
22:16:31.918 Disk 0 Partition 1 00 12 Compaq diag NTFS 9993 MB offset 63
22:16:31.934 Disk 0 Partition 2 80 (A) 06 FAT16 NTFS 114372 MB offset 20467712
22:16:31.965 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 110788 MB offset 254701568
22:16:31.996 Disk 0 Partition 4 00 12 Compaq diag NTFS 3320 MB offset 481595392
22:16:32.027 Disk 0 scanning sectors +488394752
22:16:32.277 Disk 0 scanning C:\Windows\system32\drivers
22:17:11.027 Service scanning
22:18:04.114 Modules scanning
22:18:42.833 Disk 0 trace - called modules:
22:18:42.911 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iastor.sys
22:18:42.911 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864b2960]
22:18:42.927 3 CLASSPNP.SYS[891c18b3] -> nt!IofCallDriver -> [0x859e92a8]
22:18:42.927 5 acpi.sys[888916bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85a18030]
22:18:44.003 AVAST engine scan C:\Windows
22:18:59.635 AVAST engine scan C:\Windows\system32
22:29:51.262 AVAST engine scan C:\Windows\system32\drivers
22:30:52.274 AVAST engine scan C:\Users\Joseph
23:08:24.961 File: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\swkfjdai.exe **HIDDEN**
23:08:39.094 AVAST engine scan C:\ProgramData
23:23:05.081 Scan finished successfully
23:24:17.450 Disk 0 MBR has been saved successfully to "C:\Users\Joseph\Desktop\MBR.dat"
23:24:17.465 The log file has been saved successfully to "C:\Users\Joseph\Desktop\aswMBR.txt"


Had to uninstall microsoft bing and google toolbar, avast kept running slow at this. Also it spent a great deal time on this:

C:\Users\Joseph\AppData\Local\jitrpnnf\swkfjdai size 91 kb
I checked this file, it was modified 15/07/2012 19:42 around about the same time as the problem started. The file was flagged up in the scan but only under the startup folder in the start menu (as shown in the log).

Edited by 2011Joe90, 17 July 2012 - 02:09 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:40 PM

Posted 17 July 2012 - 02:13 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 2011Joe90

2011Joe90
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 17 July 2012 - 03:04 PM

Malwarebytes would not operate, when I clicked the icon, e.g program window would not open and scan did not occur. Was able to get minitoolbox to work:

MiniToolBox by Farbar Version: 15-07-2012
Ran by Joseph (administrator) on 17-07-2012 at 20:55:31
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Disconnected)
Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
Bluetooth PAN Network Adapter = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Joseph-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth PAN Network Adapter
Physical Address. . . . . . . . . : 00-10-60-EE-F7-8D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection
Physical Address. . . . . . . . . : 00-1C-BF-63-B4-86
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::943c:ec9:603e:8ab%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 17 July 2012 20:42:04
Lease Expires . . . . . . . . . . : 18 July 2012 20:42:03
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 201333951
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-F4-B8-2D-00-1C-BF-63-B4-86
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2EC73273-4966-487E-ABC4-EEE90B331911}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: myrouter.home
Address: 192.168.0.1

Name: google.com
Addresses: 2a00:1450:4009:809::1005
173.194.34.97
173.194.34.96
173.194.34.110
173.194.34.105
173.194.34.104
173.194.34.103
173.194.34.102
173.194.34.101
173.194.34.100
173.194.34.99
173.194.34.98



Pinging google.com [173.194.34.98] with 32 bytes of data:

Reply from 173.194.34.98: bytes=32 time=82ms TTL=58

Reply from 173.194.34.98: bytes=32 time=115ms TTL=58



Ping statistics for 173.194.34.98:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 82ms, Maximum = 115ms, Average = 98ms

Server: myrouter.home
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=265ms TTL=52

Reply from 209.191.122.70: bytes=32 time=282ms TTL=53



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 265ms, Maximum = 282ms, Average = 273ms

Server: myrouter.home
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [127.0.0.1] with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
16 ...00 10 60 ee f7 8d ...... Bluetooth PAN Network Adapter
9 ...00 1c bf 63 b4 86 ...... Intel® PRO/Wireless 3945ABG Network Connection
1 ........................... Software Loopback Interface 1
20 ...00 00 00 00 00 00 00 e0 isatap.home
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
18 ...00 00 00 00 00 00 00 e0 isatap.{2EC73273-4966-487E-ABC4-EEE90B331911}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.5 281
192.168.0.5 255.255.255.255 On-link 192.168.0.5 281
192.168.0.255 255.255.255.255 On-link 192.168.0.5 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.5 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.5 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
9 281 fe80::/64 On-link
9 281 fe80::943c:ec9:603e:8ab/128
On-link
1 306 ff00::/8 On-link
9 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

Edited by 2011Joe90, 17 July 2012 - 03:05 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:40 PM

Posted 17 July 2012 - 03:59 PM

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#7 2011Joe90

2011Joe90
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 18 July 2012 - 05:53 AM

Was able to get Malwarebytes to work but only in safe mode with networking. Could only get it to update using Chameleon and renaming the malwarebytes .exe file to .com. Malwarebytes found one threat but I think there are still more.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.17.13

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Joseph :: JOSEPH-PC [administrator]

17/07/2012 21:37:46
mbam-log-2012-07-17 (21-37-46).txt

Scan type: Full scan (C:\|D:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 672012
Time elapsed: 1 hour(s), 44 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Joseph\0.19162864015939485.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

(end)

The problem is still there. Will follow instructions and post on your suggested forum.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:40 PM

Posted 18 July 2012 - 06:46 AM

:thumbup2:

#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,961 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:40 PM

Posted 20 July 2012 - 10:43 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic461202.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take a few more days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users