Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hacktool.rootkit


  • Please log in to reply
6 replies to this topic

#1 demo18c

demo18c

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 21 July 2012 - 01:28 PM

Im getting steady hit of Hacktool.rootkit but it is bein blocked by Norton. The problem is I am getting google reroutes and various pop ups. Anyway to fix?

Windows Vista Sp2

Edited by Queen-Evie, 21 July 2012 - 02:09 PM.
moved from Vista


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:40 AM

Posted 21 July 2012 - 02:32 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 demo18c

demo18c
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 22 July 2012 - 07:06 AM

TDSS


07:50:23.0837 2196 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
07:50:24.0150 2196 ============================================================
07:50:24.0150 2196 Current date / time: 2012/07/22 07:50:24.0150
07:50:24.0150 2196 SystemInfo:
07:50:24.0150 2196
07:50:24.0150 2196 OS Version: 6.0.6002 ServicePack: 2.0
07:50:24.0150 2196 Product type: Workstation
07:50:24.0151 2196 ComputerName: RASHAD-PC
07:50:24.0151 2196 UserName: rashad
07:50:24.0151 2196 Windows directory: C:\Windows
07:50:24.0151 2196 System windows directory: C:\Windows
07:50:24.0151 2196 Running under WOW64
07:50:24.0151 2196 Processor architecture: Intel x64
07:50:24.0151 2196 Number of processors: 2
07:50:24.0151 2196 Page size: 0x1000
07:50:24.0151 2196 Boot type: Safe boot with network
07:50:24.0151 2196 ============================================================
07:50:24.0879 2196 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:50:24.0887 2196 ============================================================
07:50:24.0887 2196 \Device\Harddisk0\DR0:
07:50:24.0887 2196 MBR partitions:
07:50:24.0887 2196 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23CDBF10
07:50:24.0887 2196 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23CDBF4F, BlocksNum 0x1751772
07:50:24.0887 2196 ============================================================
07:50:24.0910 2196 C: <-> \Device\Harddisk0\DR0\Partition0
07:50:24.0949 2196 D: <-> \Device\Harddisk0\DR0\Partition1
07:50:24.0949 2196 ============================================================
07:50:24.0949 2196 Initialize success
07:50:24.0949 2196 ============================================================
07:50:31.0923 2352 ============================================================
07:50:31.0923 2352 Scan started
07:50:31.0923 2352 Mode: Manual;
07:50:31.0923 2352 ============================================================
07:50:34.0828 2352 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
07:50:34.0832 2352 ACPI - ok
07:50:34.0870 2352 ACPIService (b0c2cea708685e8ad10f028211a2d973) C:\Windows\system32\DRIVERS\OSDACPI.SYS
07:50:34.0870 2352 ACPIService - ok
07:50:34.0920 2352 ADIHdAudAddService (3ad4b78ecbab5673515f0b466d126348) C:\Windows\system32\drivers\ADIHdAud.sys
07:50:34.0932 2352 ADIHdAudAddService - ok
07:50:35.0121 2352 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:50:35.0130 2352 AdobeFlashPlayerUpdateSvc - ok
07:50:35.0178 2352 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
07:50:35.0190 2352 adp94xx - ok
07:50:35.0251 2352 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
07:50:35.0258 2352 adpahci - ok
07:50:35.0314 2352 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
07:50:35.0319 2352 adpu160m - ok
07:50:35.0338 2352 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
07:50:35.0349 2352 adpu320 - ok
07:50:35.0385 2352 AEADIFilters (28c0b0a6cb61bdd1fef877d4d0f69fbf) C:\Windows\system32\AEADISRV.EXE
07:50:35.0387 2352 AEADIFilters - ok
07:50:35.0409 2352 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
07:50:35.0410 2352 AeLookupSvc - ok
07:50:35.0463 2352 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
07:50:35.0627 2352 AFD - ok
07:50:35.0657 2352 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
07:50:35.0659 2352 agp440 - ok
07:50:35.0725 2352 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
07:50:35.0727 2352 aic78xx - ok
07:50:35.0848 2352 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
07:50:35.0850 2352 ALG - ok
07:50:35.0897 2352 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
07:50:35.0898 2352 aliide - ok
07:50:35.0903 2352 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
07:50:35.0904 2352 amdide - ok
07:50:35.0977 2352 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
07:50:35.0978 2352 AmdK8 - ok
07:50:36.0176 2352 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
07:50:36.0177 2352 Appinfo - ok
07:50:36.0268 2352 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:50:36.0273 2352 Apple Mobile Device - ok
07:50:36.0332 2352 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
07:50:36.0334 2352 arc - ok
07:50:36.0476 2352 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
07:50:36.0477 2352 arcsas - ok
07:50:36.0506 2352 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
07:50:36.0507 2352 AsyncMac - ok
07:50:36.0549 2352 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
07:50:36.0550 2352 atapi - ok
07:50:36.0612 2352 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
07:50:36.0659 2352 AudioEndpointBuilder - ok
07:50:36.0665 2352 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
07:50:36.0668 2352 AudioSrv - ok
07:50:36.0764 2352 Automatic LiveUpdate Scheduler (2843669c89a00950195f51dbb5db0b8e) c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
07:50:36.0775 2352 Automatic LiveUpdate Scheduler - ok
07:50:36.0888 2352 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
07:50:36.0951 2352 BITS - ok
07:50:36.0993 2352 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
07:50:36.0994 2352 blbdrive - ok
07:50:37.0061 2352 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
07:50:37.0074 2352 Bonjour Service - ok
07:50:37.0121 2352 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
07:50:37.0123 2352 bowser - ok
07:50:37.0159 2352 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
07:50:37.0160 2352 BrFiltLo - ok
07:50:37.0171 2352 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
07:50:37.0173 2352 BrFiltUp - ok
07:50:37.0210 2352 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
07:50:37.0215 2352 Browser - ok
07:50:37.0254 2352 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
07:50:37.0256 2352 Brserid - ok
07:50:37.0266 2352 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
07:50:37.0268 2352 BrSerWdm - ok
07:50:37.0276 2352 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
07:50:37.0279 2352 BrUsbMdm - ok
07:50:37.0285 2352 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
07:50:37.0287 2352 BrUsbSer - ok
07:50:37.0319 2352 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys
07:50:37.0320 2352 BthEnum - ok
07:50:37.0345 2352 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
07:50:37.0348 2352 BTHMODEM - ok
07:50:37.0371 2352 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
07:50:37.0373 2352 BthPan - ok
07:50:37.0437 2352 BTHPORT (e1466882252ff51edde48c3f7eda2591) C:\Windows\system32\Drivers\BTHport.sys
07:50:37.0453 2352 BTHPORT - ok
07:50:37.0492 2352 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
07:50:37.0494 2352 BthServ - ok
07:50:37.0523 2352 BTHUSB (970192cded77a128e7e30722e5ee6b9c) C:\Windows\system32\Drivers\BTHUSB.sys
07:50:37.0524 2352 BTHUSB - ok
07:50:37.0564 2352 btwaudio (52833836d889e1e36f79f4ce975ae8de) C:\Windows\system32\drivers\btwaudio.sys
07:50:37.0566 2352 btwaudio - ok
07:50:37.0582 2352 btwavdt (124f5e01803d89332e956c25681395b9) C:\Windows\system32\drivers\btwavdt.sys
07:50:37.0586 2352 btwavdt - ok
07:50:37.0611 2352 btwl2cap (398f9effe659bb79e73259153a884261) C:\Windows\system32\DRIVERS\btwl2cap.sys
07:50:37.0612 2352 btwl2cap - ok
07:50:37.0633 2352 btwrchid (ff7717cf84333cba4287ac6fe423b385) C:\Windows\system32\DRIVERS\btwrchid.sys
07:50:37.0634 2352 btwrchid - ok
07:50:37.0703 2352 CalendarSynchService (1cb986ea67eaffbbe348c47b5cbea776) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
07:50:37.0705 2352 CalendarSynchService - ok
07:50:37.0768 2352 ccEvtMgr (5a6fd8778a42fd0bdc6f6ed9a181669b) c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
07:50:37.0781 2352 ccEvtMgr - ok
07:50:37.0786 2352 ccSetMgr (5a6fd8778a42fd0bdc6f6ed9a181669b) c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
07:50:37.0787 2352 ccSetMgr - ok
07:50:37.0839 2352 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
07:50:37.0841 2352 cdfs - ok
07:50:37.0876 2352 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
07:50:37.0877 2352 cdrom - ok
07:50:37.0915 2352 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
07:50:37.0916 2352 CertPropSvc - ok
07:50:37.0944 2352 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
07:50:37.0945 2352 circlass - ok
07:50:37.0968 2352 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
07:50:37.0975 2352 CLFS - ok
07:50:38.0090 2352 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:50:38.0136 2352 clr_optimization_v2.0.50727_32 - ok
07:50:38.0449 2352 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:50:38.0452 2352 clr_optimization_v2.0.50727_64 - ok
07:50:38.0519 2352 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:50:38.0565 2352 clr_optimization_v4.0.30319_32 - ok
07:50:38.0605 2352 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:50:38.0618 2352 clr_optimization_v4.0.30319_64 - ok
07:50:38.0710 2352 CLTNetCnService (5a6fd8778a42fd0bdc6f6ed9a181669b) c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
07:50:38.0711 2352 CLTNetCnService - ok
07:50:38.0742 2352 clwvd (83e25cd95bdb330be374ef2af5047e81) C:\Windows\system32\DRIVERS\clwvd.sys
07:50:38.0743 2352 clwvd - ok
07:50:38.0765 2352 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
07:50:38.0766 2352 cmdide - ok
07:50:38.0788 2352 COH_Mon (4ac0614de43f8787ec1556560c752af8) C:\Windows\system32\Drivers\COH_Mon.sys
07:50:38.0789 2352 COH_Mon - ok
07:50:38.0845 2352 comHost (41cc83c49ced7ebc4d6c5adfb4eaff00) c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
07:50:38.0888 2352 comHost - ok
07:50:38.0892 2352 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
07:50:38.0893 2352 Compbatt - ok
07:50:38.0895 2352 COMSysApp - ok
07:50:38.0929 2352 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
07:50:38.0930 2352 crcdisk - ok
07:50:38.0992 2352 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
07:50:39.0003 2352 CryptSvc - ok
07:50:39.0069 2352 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
07:50:39.0084 2352 DcomLaunch - ok
07:50:39.0140 2352 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
07:50:39.0142 2352 DfsC - ok
07:50:39.0319 2352 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
07:50:39.0446 2352 DFSR - ok
07:50:39.0542 2352 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
07:50:39.0551 2352 Dhcp - ok
07:50:39.0575 2352 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
07:50:39.0576 2352 disk - ok
07:50:39.0607 2352 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
07:50:39.0609 2352 Dnscache - ok
07:50:39.0636 2352 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
07:50:39.0647 2352 dot3svc - ok
07:50:39.0686 2352 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
07:50:39.0690 2352 DPS - ok
07:50:39.0713 2352 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
07:50:39.0714 2352 drmkaud - ok
07:50:39.0768 2352 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
07:50:39.0787 2352 DXGKrnl - ok
07:50:39.0855 2352 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
07:50:39.0859 2352 E1G60 - ok
07:50:39.0872 2352 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
07:50:39.0873 2352 EapHost - ok
07:50:39.0905 2352 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
07:50:39.0909 2352 Ecache - ok
07:50:39.0990 2352 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
07:50:40.0002 2352 eeCtrl - ok
07:50:40.0086 2352 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
07:50:40.0094 2352 ehRecvr - ok
07:50:40.0111 2352 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
07:50:40.0114 2352 ehSched - ok
07:50:40.0131 2352 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
07:50:40.0132 2352 ehstart - ok
07:50:40.0163 2352 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
07:50:40.0178 2352 elxstor - ok
07:50:40.0251 2352 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
07:50:40.0266 2352 EMDMgmt - ok
07:50:40.0412 2352 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
07:50:40.0466 2352 EraserUtilRebootDrv - ok
07:50:40.0488 2352 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
07:50:40.0489 2352 ErrDev - ok
07:50:40.0527 2352 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
07:50:40.0534 2352 EventSystem - ok
07:50:40.0577 2352 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
07:50:40.0588 2352 exfat - ok
07:50:40.0609 2352 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
07:50:40.0644 2352 fastfat - ok
07:50:40.0672 2352 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
07:50:40.0674 2352 fdc - ok
07:50:40.0697 2352 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
07:50:40.0698 2352 fdPHost - ok
07:50:40.0705 2352 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
07:50:40.0706 2352 FDResPub - ok
07:50:40.0719 2352 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
07:50:40.0721 2352 FileInfo - ok
07:50:40.0767 2352 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
07:50:40.0768 2352 Filetrace - ok
07:50:40.0779 2352 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
07:50:40.0780 2352 flpydisk - ok
07:50:40.0800 2352 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
07:50:40.0804 2352 FltMgr - ok
07:50:40.0934 2352 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
07:50:41.0003 2352 FontCache - ok
07:50:41.0100 2352 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:50:41.0101 2352 FontCache3.0.0.0 - ok
07:50:41.0121 2352 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
07:50:41.0122 2352 Fs_Rec - ok
07:50:41.0140 2352 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
07:50:41.0142 2352 gagp30kx - ok
07:50:41.0246 2352 GameConsoleService (6139ae70e943b2a57ad04b70a316c0a0) C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
07:50:41.0274 2352 GameConsoleService - ok
07:50:41.0309 2352 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:50:41.0310 2352 GEARAspiWDM - ok
07:50:41.0363 2352 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
07:50:41.0377 2352 gpsvc - ok
07:50:41.0429 2352 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:50:41.0434 2352 gupdate - ok
07:50:41.0436 2352 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:50:41.0436 2352 gupdatem - ok
07:50:41.0506 2352 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:50:41.0522 2352 HDAudBus - ok
07:50:41.0573 2352 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
07:50:41.0574 2352 HidBth - ok
07:50:41.0585 2352 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
07:50:41.0586 2352 HidIr - ok
07:50:41.0608 2352 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
07:50:41.0609 2352 hidserv - ok
07:50:41.0632 2352 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
07:50:41.0633 2352 HidUsb - ok
07:50:41.0660 2352 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
07:50:41.0662 2352 hkmsvc - ok
07:50:41.0740 2352 HP Health Check Service (cb383ab0b8ba871d893b86d3c9a3ed9f) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
07:50:41.0782 2352 HP Health Check Service - ok
07:50:41.0805 2352 HP Touch Screen Enhance (37dbb588642aff23bcb4124122cd8fa5) c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE
07:50:41.0808 2352 HP Touch Screen Enhance - ok
07:50:41.0842 2352 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
07:50:41.0843 2352 HpCISSs - ok
07:50:41.0892 2352 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
07:50:41.0909 2352 HTTP - ok
07:50:41.0954 2352 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
07:50:41.0955 2352 i2omp - ok
07:50:41.0981 2352 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
07:50:41.0983 2352 i8042prt - ok
07:50:42.0033 2352 iaStor (6dc3789c1643e94302390a7f402c4b7e) C:\Windows\system32\drivers\iastor.sys
07:50:42.0036 2352 iaStor - ok
07:50:42.0082 2352 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
07:50:42.0090 2352 iaStorV - ok
07:50:42.0201 2352 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:50:42.0219 2352 idsvc - ok
07:50:42.0323 2352 IDSvia64 (a31e293169beb4381027eb7ca7ea2174) C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20120614.001\IDSvia64.sys
07:50:42.0345 2352 IDSvia64 - ok
07:50:42.0766 2352 igfx (3fd8f49a16803072d104dfb9ca5dd015) C:\Windows\system32\DRIVERS\igdkmd64.sys
07:50:42.0979 2352 igfx - ok
07:50:43.0152 2352 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
07:50:43.0154 2352 iirsp - ok
07:50:43.0189 2352 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
07:50:43.0226 2352 IKEEXT - ok
07:50:43.0268 2352 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
07:50:43.0269 2352 intelide - ok
07:50:43.0282 2352 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
07:50:43.0283 2352 intelppm - ok
07:50:43.0349 2352 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
07:50:43.0351 2352 IPBusEnum - ok
07:50:43.0376 2352 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:50:43.0378 2352 IpFilterDriver - ok
07:50:43.0380 2352 IpInIp - ok
07:50:43.0388 2352 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
07:50:43.0389 2352 IPMIDRV - ok
07:50:43.0406 2352 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
07:50:43.0408 2352 IPNAT - ok
07:50:43.0490 2352 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
07:50:43.0507 2352 iPod Service - ok
07:50:43.0532 2352 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
07:50:43.0533 2352 IRENUM - ok
07:50:43.0553 2352 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
07:50:43.0554 2352 isapnp - ok
07:50:43.0582 2352 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
07:50:43.0584 2352 iScsiPrt - ok
07:50:43.0625 2352 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
07:50:43.0626 2352 iteatapi - ok
07:50:43.0649 2352 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
07:50:43.0651 2352 iteraid - ok
07:50:43.0658 2352 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
07:50:43.0659 2352 kbdclass - ok
07:50:43.0681 2352 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
07:50:43.0682 2352 kbdhid - ok
07:50:43.0705 2352 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
07:50:43.0707 2352 KeyIso - ok
07:50:43.0748 2352 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
07:50:43.0793 2352 KSecDD - ok
07:50:43.0850 2352 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
07:50:43.0851 2352 ksthunk - ok
07:50:43.0896 2352 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
07:50:43.0933 2352 KtmRm - ok
07:50:44.0030 2352 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
07:50:44.0099 2352 LanmanServer - ok
07:50:44.0173 2352 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
07:50:44.0258 2352 LanmanWorkstation - ok
07:50:44.0599 2352 LiveUpdate (36375738dc0b3cd1f764268008e74fdf) c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
07:50:44.0660 2352 LiveUpdate - ok
07:50:44.0751 2352 LiveUpdate Notice (5a6fd8778a42fd0bdc6f6ed9a181669b) c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
07:50:44.0752 2352 LiveUpdate Notice - ok
07:50:44.0964 2352 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
07:50:44.0973 2352 lltdio - ok
07:50:45.0019 2352 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
07:50:45.0076 2352 lltdsvc - ok
07:50:45.0134 2352 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
07:50:45.0135 2352 lmhosts - ok
07:50:45.0147 2352 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
07:50:45.0150 2352 LSI_FC - ok
07:50:45.0180 2352 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
07:50:45.0182 2352 LSI_SAS - ok
07:50:45.0193 2352 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
07:50:45.0215 2352 LSI_SCSI - ok
07:50:45.0291 2352 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
07:50:45.0293 2352 luafv - ok
07:50:45.0408 2352 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
07:50:45.0410 2352 MBAMProtector - ok
07:50:45.0537 2352 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
07:50:45.0568 2352 MBAMService - ok
07:50:45.0703 2352 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
07:50:45.0741 2352 Mcx2Svc - ok
07:50:45.0784 2352 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
07:50:45.0785 2352 megasas - ok
07:50:45.0817 2352 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
07:50:45.0852 2352 MegaSR - ok
07:50:45.0905 2352 Microsoft SharePoint Workspace Audit Service - ok
07:50:45.0929 2352 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
07:50:45.0930 2352 MMCSS - ok
07:50:46.0018 2352 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
07:50:46.0019 2352 Modem - ok
07:50:46.0064 2352 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
07:50:46.0065 2352 monitor - ok
07:50:46.0088 2352 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
07:50:46.0088 2352 mouclass - ok
07:50:46.0110 2352 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
07:50:46.0111 2352 mouhid - ok
07:50:46.0124 2352 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
07:50:46.0126 2352 MountMgr - ok
07:50:46.0273 2352 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:50:46.0303 2352 MozillaMaintenance - ok
07:50:46.0356 2352 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
07:50:46.0369 2352 mpio - ok
07:50:46.0390 2352 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
07:50:46.0393 2352 mpsdrv - ok
07:50:46.0450 2352 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
07:50:46.0451 2352 Mraid35x - ok
07:50:46.0503 2352 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
07:50:46.0541 2352 MRxDAV - ok
07:50:46.0587 2352 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:50:46.0590 2352 mrxsmb - ok
07:50:46.0605 2352 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:50:46.0609 2352 mrxsmb10 - ok
07:50:46.0616 2352 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:50:46.0617 2352 mrxsmb20 - ok
07:50:46.0725 2352 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
07:50:46.0727 2352 msahci - ok
07:50:46.0743 2352 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
07:50:46.0745 2352 msdsm - ok
07:50:46.0814 2352 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
07:50:46.0817 2352 MSDTC - ok
07:50:46.0838 2352 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
07:50:46.0839 2352 Msfs - ok
07:50:46.0857 2352 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
07:50:46.0858 2352 msisadrv - ok
07:50:46.0898 2352 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
07:50:46.0911 2352 MSiSCSI - ok
07:50:46.0913 2352 msiserver - ok
07:50:46.0939 2352 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
07:50:46.0941 2352 MSKSSRV - ok
07:50:46.0991 2352 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
07:50:46.0992 2352 MSPCLOCK - ok
07:50:47.0013 2352 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
07:50:47.0014 2352 MSPQM - ok
07:50:47.0049 2352 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
07:50:47.0057 2352 MsRPC - ok
07:50:47.0070 2352 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
07:50:47.0070 2352 mssmbios - ok
07:50:47.0075 2352 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
07:50:47.0076 2352 MSTEE - ok
07:50:47.0098 2352 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
07:50:47.0099 2352 Mup - ok
07:50:47.0140 2352 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
07:50:47.0154 2352 napagent - ok
07:50:47.0198 2352 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
07:50:47.0209 2352 NativeWifiP - ok
07:50:47.0367 2352 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120622.005\ENG64.SYS
07:50:47.0505 2352 NAVENG - ok
07:50:47.0603 2352 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120622.005\EX64.SYS
07:50:47.0643 2352 NAVEX15 - ok
07:50:47.0794 2352 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
07:50:47.0803 2352 NDIS - ok
07:50:47.0834 2352 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
07:50:47.0834 2352 NdisTapi - ok
07:50:47.0845 2352 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
07:50:47.0846 2352 Ndisuio - ok
07:50:47.0874 2352 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
07:50:47.0935 2352 NdisWan - ok
07:50:47.0961 2352 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
07:50:47.0962 2352 NDProxy - ok
07:50:48.0018 2352 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
07:50:48.0019 2352 NetBIOS - ok
07:50:48.0051 2352 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
07:50:48.0110 2352 netbt - ok
07:50:48.0138 2352 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
07:50:48.0139 2352 Netlogon - ok
07:50:48.0168 2352 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
07:50:48.0176 2352 Netman - ok
07:50:48.0205 2352 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
07:50:48.0263 2352 netprofm - ok
07:50:48.0387 2352 netr28x (6d323d55dbe94cb408fc657dce8c7a3c) C:\Windows\system32\DRIVERS\netr28x.sys
07:50:48.0431 2352 netr28x - ok
07:50:48.0728 2352 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:50:48.0730 2352 NetTcpPortSharing - ok
07:50:48.0761 2352 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
07:50:48.0763 2352 nfrd960 - ok
07:50:48.0794 2352 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
07:50:48.0805 2352 NlaSvc - ok
07:50:48.0825 2352 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
07:50:48.0826 2352 Npfs - ok
07:50:48.0835 2352 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
07:50:48.0838 2352 nsi - ok
07:50:48.0862 2352 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
07:50:48.0863 2352 nsiproxy - ok
07:50:49.0028 2352 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
07:50:49.0072 2352 Ntfs - ok
07:50:49.0192 2352 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
07:50:49.0193 2352 Null - ok
07:50:49.0219 2352 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
07:50:49.0221 2352 nvraid - ok
07:50:49.0260 2352 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
07:50:49.0262 2352 nvstor - ok
07:50:49.0306 2352 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
07:50:49.0361 2352 nv_agp - ok
07:50:49.0413 2352 NwlnkFlt - ok
07:50:49.0420 2352 NwlnkFwd - ok
07:50:49.0468 2352 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
07:50:49.0469 2352 ohci1394 - ok
07:50:49.0532 2352 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:50:49.0594 2352 ose - ok
07:50:49.0893 2352 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:50:50.0023 2352 osppsvc - ok
07:50:50.0297 2352 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
07:50:50.0317 2352 p2pimsvc - ok
07:50:50.0328 2352 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
07:50:50.0334 2352 p2psvc - ok
07:50:50.0456 2352 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
07:50:50.0458 2352 Parport - ok
07:50:50.0484 2352 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
07:50:50.0486 2352 partmgr - ok
07:50:50.0512 2352 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
07:50:50.0514 2352 PcaSvc - ok
07:50:50.0548 2352 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
07:50:50.0559 2352 pci - ok
07:50:50.0587 2352 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
07:50:50.0588 2352 pciide - ok
07:50:50.0611 2352 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
07:50:50.0622 2352 pcmcia - ok
07:50:50.0727 2352 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
07:50:50.0742 2352 PEAUTH - ok
07:50:50.0880 2352 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
07:50:50.0905 2352 PerfHost - ok
07:50:51.0064 2352 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
07:50:51.0120 2352 pla - ok
07:50:51.0206 2352 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
07:50:51.0262 2352 PlugPlay - ok
07:50:51.0373 2352 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
07:50:51.0380 2352 PNRPAutoReg - ok
07:50:51.0390 2352 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
07:50:51.0401 2352 PNRPsvc - ok
07:50:51.0468 2352 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
07:50:51.0530 2352 PolicyAgent - ok
07:50:51.0591 2352 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
07:50:51.0593 2352 PptpMiniport - ok
07:50:51.0652 2352 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
07:50:51.0654 2352 Processor - ok
07:50:51.0687 2352 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
07:50:51.0756 2352 ProfSvc - ok
07:50:51.0779 2352 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
07:50:51.0781 2352 ProtectedStorage - ok
07:50:51.0817 2352 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
07:50:51.0819 2352 PSched - ok
07:50:51.0901 2352 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
07:50:51.0925 2352 ql2300 - ok
07:50:51.0942 2352 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
07:50:52.0013 2352 ql40xx - ok
07:50:52.0050 2352 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
07:50:52.0061 2352 QWAVE - ok
07:50:52.0088 2352 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
07:50:52.0089 2352 QWAVEdrv - ok
07:50:52.0112 2352 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
07:50:52.0112 2352 RasAcd - ok
07:50:52.0140 2352 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
07:50:52.0164 2352 RasAuto - ok
07:50:52.0230 2352 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:50:52.0232 2352 Rasl2tp - ok
07:50:52.0269 2352 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
07:50:52.0291 2352 RasMan - ok
07:50:52.0424 2352 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
07:50:52.0425 2352 RasPppoe - ok
07:50:52.0442 2352 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
07:50:52.0443 2352 RasSstp - ok
07:50:52.0511 2352 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
07:50:52.0568 2352 rdbss - ok
07:50:52.0701 2352 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:50:52.0702 2352 RDPCDD - ok
07:50:52.0792 2352 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
07:50:52.0815 2352 rdpdr - ok
07:50:52.0843 2352 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
07:50:52.0844 2352 RDPENCDD - ok
07:50:52.0876 2352 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
07:50:53.0093 2352 RDPWD - ok
07:50:53.0122 2352 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
07:50:53.0124 2352 RemoteAccess - ok
07:50:53.0174 2352 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
07:50:53.0177 2352 RemoteRegistry - ok
07:50:53.0241 2352 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys
07:50:53.0327 2352 RFCOMM - ok
07:50:53.0356 2352 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
07:50:53.0358 2352 RpcLocator - ok
07:50:53.0418 2352 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
07:50:53.0424 2352 RpcSs - ok
07:50:53.0458 2352 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
07:50:53.0460 2352 rspndr - ok
07:50:53.0492 2352 RTL8169 (82b66abf055611024e5dbb9fa556c11d) C:\Windows\system32\DRIVERS\Rtlh64.sys
07:50:53.0504 2352 RTL8169 - ok
07:50:53.0538 2352 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
07:50:53.0539 2352 SamSs - ok
07:50:53.0559 2352 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
07:50:53.0562 2352 sbp2port - ok
07:50:53.0617 2352 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
07:50:53.0630 2352 SCardSvr - ok
07:50:53.0661 2352 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
07:50:53.0663 2352 SCDEmu - ok
07:50:53.0762 2352 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
07:50:53.0856 2352 Schedule - ok
07:50:53.0888 2352 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
07:50:53.0889 2352 SCPolicySvc - ok
07:50:53.0917 2352 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
07:50:53.0930 2352 SDRSVC - ok
07:50:53.0956 2352 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:50:53.0959 2352 secdrv - ok
07:50:53.0972 2352 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
07:50:53.0974 2352 seclogon - ok
07:50:53.0986 2352 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
07:50:53.0988 2352 SENS - ok
07:50:54.0008 2352 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
07:50:54.0009 2352 Serenum - ok
07:50:54.0044 2352 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
07:50:54.0047 2352 Serial - ok
07:50:54.0106 2352 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
07:50:54.0123 2352 sermouse - ok
07:50:54.0180 2352 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
07:50:54.0183 2352 SessionEnv - ok
07:50:54.0247 2352 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
07:50:54.0249 2352 sffdisk - ok
07:50:54.0254 2352 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
07:50:54.0255 2352 sffp_mmc - ok
07:50:54.0297 2352 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
07:50:54.0298 2352 sffp_sd - ok
07:50:54.0303 2352 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
07:50:54.0304 2352 sfloppy - ok
07:50:54.0349 2352 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
07:50:54.0355 2352 ShellHWDetection - ok
07:50:54.0369 2352 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
07:50:54.0370 2352 SiSRaid2 - ok
07:50:54.0385 2352 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
07:50:54.0387 2352 SiSRaid4 - ok
07:50:54.0434 2352 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe
07:50:54.0458 2352 SkypeUpdate - ok
07:50:54.0598 2352 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
07:50:54.0640 2352 slsvc - ok
07:50:54.0737 2352 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
07:50:54.0740 2352 SLUINotify - ok
07:50:54.0757 2352 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
07:50:54.0758 2352 Smb - ok
07:50:54.0799 2352 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
07:50:54.0800 2352 SNMPTRAP - ok
07:50:54.0832 2352 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
07:50:54.0833 2352 spldr - ok
07:50:54.0899 2352 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
07:50:54.0925 2352 Spooler - ok
07:50:55.0009 2352 SRTSP (7e4cc24a23262a84ae99dbffef69a6b0) C:\Windows\system32\Drivers\SRTSP64.SYS
07:50:55.0065 2352 SRTSP - ok
07:50:55.0126 2352 SRTSPL (8b1dedeba049a3e1daf8219eec87eb00) C:\Windows\system32\Drivers\SRTSPL64.SYS
07:50:55.0138 2352 SRTSPL - ok
07:50:55.0185 2352 SRTSPX (3db35652e4460da6730bb44908fa39cb) C:\Windows\system32\Drivers\SRTSPX64.SYS
07:50:55.0187 2352 SRTSPX - ok
07:50:55.0227 2352 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
07:50:55.0241 2352 srv - ok
07:50:55.0315 2352 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
07:50:55.0384 2352 srv2 - ok
07:50:55.0414 2352 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
07:50:55.0418 2352 srvnet - ok
07:50:55.0445 2352 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
07:50:55.0456 2352 SSDPSRV - ok
07:50:55.0483 2352 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
07:50:55.0495 2352 SstpSvc - ok
07:50:55.0612 2352 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
07:50:55.0621 2352 stisvc - ok
07:50:55.0652 2352 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
07:50:55.0653 2352 swenum - ok
07:50:55.0691 2352 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
07:50:55.0704 2352 swprv - ok
07:50:55.0837 2352 Symantec Core LC (438fafe708c93b2236fc26b6f2bd5fd0) C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
07:50:55.0899 2352 Symantec Core LC - ok
07:50:56.0004 2352 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
07:50:56.0005 2352 Symc8xx - ok
07:50:56.0059 2352 SYMDNS (002e73df2a07785e93943eefc16edb57) C:\Windows\System32\Drivers\SYMDNS.SYS
07:50:56.0060 2352 SYMDNS - ok
07:50:56.0098 2352 SymEvent (70c8d165063eb76f1a373b74456d2aab) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
07:50:56.0109 2352 SymEvent - ok
07:50:56.0173 2352 SYMFW (c785ca33d3dbcdf604e58c3a2eb1818a) C:\Windows\System32\Drivers\SYMFW.SYS
07:50:56.0176 2352 SYMFW - ok
07:50:56.0205 2352 SYMNDISV (8357806b06b514f6edf9d10cfdce2853) C:\Windows\System32\Drivers\SYMNDISV.SYS
07:50:56.0206 2352 SYMNDISV - ok
07:50:56.0248 2352 SYMREDRV (e05fbad45a96fb25f58bb0a9538a337e) C:\Windows\System32\Drivers\SYMREDRV.SYS
07:50:56.0249 2352 SYMREDRV - ok
07:50:56.0326 2352 SYMTDI (a30def26951b77788a71b1033d275e65) C:\Windows\System32\Drivers\SYMTDI.SYS
07:50:56.0328 2352 SYMTDI - ok
07:50:56.0365 2352 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
07:50:56.0447 2352 Sym_hi - ok
07:50:56.0477 2352 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
07:50:56.0478 2352 Sym_u3 - ok
07:50:56.0563 2352 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
07:50:56.0584 2352 SysMain - ok
07:50:56.0613 2352 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
07:50:56.0615 2352 TabletInputService - ok
07:50:56.0650 2352 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
07:50:56.0658 2352 TapiSrv - ok
07:50:56.0670 2352 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
07:50:56.0672 2352 TBS - ok
07:50:56.0809 2352 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
07:50:56.0837 2352 Tcpip - ok
07:50:56.0853 2352 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
07:50:56.0862 2352 Tcpip6 - ok
07:50:56.0911 2352 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
07:50:56.0912 2352 tcpipreg - ok
07:50:56.0947 2352 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
07:50:56.0953 2352 TDPIPE - ok
07:50:56.0975 2352 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
07:50:56.0976 2352 TDTCP - ok
07:50:57.0005 2352 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
07:50:57.0006 2352 tdx - ok
07:50:57.0036 2352 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
07:50:57.0037 2352 TermDD - ok
07:50:57.0120 2352 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
07:50:57.0172 2352 TermService - ok
07:50:57.0232 2352 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
07:50:57.0235 2352 Themes - ok
07:50:57.0311 2352 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
07:50:57.0312 2352 THREADORDER - ok
07:50:57.0339 2352 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
07:50:57.0344 2352 TrkWks - ok
07:50:57.0384 2352 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
07:50:57.0385 2352 TrustedInstaller - ok
07:50:57.0431 2352 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:50:57.0433 2352 tssecsrv - ok
07:50:57.0452 2352 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
07:50:57.0453 2352 tunmp - ok
07:50:57.0480 2352 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
07:50:57.0481 2352 tunnel - ok
07:50:57.0625 2352 tvnserver (aaf458cc200326bef602b5339400bf86) C:\Program Files (x86)\TightVNC\tvnserver.exe
07:50:57.0645 2352 tvnserver - ok
07:50:57.0689 2352 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
07:50:57.0691 2352 uagp35 - ok
07:50:57.0738 2352 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
07:50:57.0746 2352 udfs - ok
07:50:57.0789 2352 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
07:50:57.0791 2352 UI0Detect - ok
07:50:57.0820 2352 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
07:50:57.0822 2352 uliagpkx - ok
07:50:57.0855 2352 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
07:50:57.0882 2352 uliahci - ok
07:50:57.0914 2352 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
07:50:57.0926 2352 UlSata - ok
07:50:57.0958 2352 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
07:50:57.0969 2352 ulsata2 - ok
07:50:58.0003 2352 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
07:50:58.0005 2352 umbus - ok
07:50:58.0050 2352 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
07:50:58.0057 2352 upnphost - ok
07:50:58.0120 2352 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
07:50:58.0121 2352 USBAAPL64 - ok
07:50:58.0200 2352 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
07:50:58.0204 2352 usbccgp - ok
07:50:58.0248 2352 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
07:50:58.0250 2352 usbcir - ok
07:50:58.0276 2352 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
07:50:58.0277 2352 usbehci - ok
07:50:58.0350 2352 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
07:50:58.0408 2352 usbhub - ok
07:50:58.0431 2352 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
07:50:58.0433 2352 usbohci - ok
07:50:58.0440 2352 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
07:50:58.0442 2352 usbprint - ok
07:50:58.0456 2352 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:50:58.0457 2352 USBSTOR - ok
07:50:58.0472 2352 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
07:50:58.0473 2352 usbuhci - ok
07:50:58.0488 2352 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
07:50:58.0499 2352 usbvideo - ok
07:50:58.0520 2352 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
07:50:58.0522 2352 UxSms - ok
07:50:58.0555 2352 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
07:50:58.0598 2352 vds - ok
07:50:58.0678 2352 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
07:50:58.0680 2352 vga - ok
07:50:58.0701 2352 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
07:50:58.0702 2352 VgaSave - ok
07:50:58.0741 2352 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
07:50:58.0742 2352 viaide - ok
07:50:58.0774 2352 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
07:50:58.0776 2352 volmgr - ok
07:50:58.0815 2352 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
07:50:58.0855 2352 volmgrx - ok
07:50:58.0919 2352 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
07:50:58.0923 2352 volsnap - ok
07:50:59.0011 2352 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
07:50:59.0032 2352 vsmraid - ok
07:50:59.0125 2352 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
07:50:59.0179 2352 VSS - ok
07:50:59.0292 2352 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
07:50:59.0323 2352 W32Time - ok
07:50:59.0411 2352 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
07:50:59.0412 2352 WacomPen - ok
07:50:59.0455 2352 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
07:50:59.0456 2352 Wanarp - ok
07:50:59.0464 2352 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
07:50:59.0465 2352 Wanarpv6 - ok
07:50:59.0541 2352 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
07:50:59.0593 2352 wcncsvc - ok
07:50:59.0660 2352 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
07:50:59.0662 2352 WcsPlugInService - ok
07:50:59.0687 2352 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
07:50:59.0688 2352 Wd - ok
07:50:59.0733 2352 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
07:50:59.0734 2352 WDC_SAM - ok
07:50:59.0793 2352 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
07:50:59.0869 2352 Wdf01000 - ok
07:50:59.0884 2352 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
07:50:59.0886 2352 WdiServiceHost - ok
07:50:59.0891 2352 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
07:50:59.0894 2352 WdiSystemHost - ok
07:50:59.0956 2352 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
07:50:59.0960 2352 WebClient - ok
07:51:00.0023 2352 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
07:51:00.0076 2352 Wecsvc - ok
07:51:00.0129 2352 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
07:51:00.0135 2352 wercplsupport - ok
07:51:00.0178 2352 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
07:51:00.0183 2352 WerSvc - ok
07:51:00.0190 2352 WinHttpAutoProxySvc - ok
07:51:00.0279 2352 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
07:51:00.0290 2352 Winmgmt - ok
07:51:00.0511 2352 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
07:51:00.0560 2352 WinRM - ok
07:51:00.0706 2352 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
07:51:00.0749 2352 Wlansvc - ok
07:51:00.0818 2352 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
07:51:00.0819 2352 WmiAcpi - ok
07:51:00.0881 2352 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
07:51:00.0891 2352 wmiApSrv - ok
07:51:00.0930 2352 WMPNetworkSvc - ok
07:51:00.0957 2352 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
07:51:00.0969 2352 WPCSvc - ok
07:51:00.0991 2352 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
07:51:00.0995 2352 WPDBusEnum - ok
07:51:01.0030 2352 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
07:51:01.0032 2352 WpdUsb - ok
07:51:01.0156 2352 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:51:01.0224 2352 WPFFontCache_v0400 - ok
07:51:01.0371 2352 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
07:51:01.0372 2352 ws2ifsl - ok
07:51:01.0380 2352 WSearch - ok
07:51:01.0542 2352 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
07:51:01.0624 2352 wuauserv - ok
07:51:01.0724 2352 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:51:01.0726 2352 WUDFRd - ok
07:51:01.0746 2352 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
07:51:01.0748 2352 wudfsvc - ok
07:51:01.0812 2352 WysePocketCloud (7868f4758712393cb08a82917a8a9927) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
07:51:01.0824 2352 WysePocketCloud - ok
07:51:01.0900 2352 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0
07:51:02.0097 2352 \Device\Harddisk0\DR0 - ok
07:51:02.0101 2352 Boot (0x1200) (aabfd34201eb02326d50d732fee0a097) \Device\Harddisk0\DR0\Partition0
07:51:02.0102 2352 \Device\Harddisk0\DR0\Partition0 - ok
07:51:02.0107 2352 Boot (0x1200) (d73655bf6f53d906c59ab00e91e8f754) \Device\Harddisk0\DR0\Partition1
07:51:02.0109 2352 \Device\Harddisk0\DR0\Partition1 - ok
07:51:02.0110 2352 ============================================================
07:51:02.0110 2352 Scan finished
07:51:02.0110 2352 ============================================================
07:51:02.0132 2344 Detected object count: 0
07:51:02.0132 2344 Actual detected object count: 0

#4 demo18c

demo18c
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 22 July 2012 - 07:21 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-22 07:54:07
-----------------------------
07:54:07.847 OS Version: Windows x64 6.0.6002 Service Pack 2
07:54:07.847 Number of processors: 2 586 0xF0D
07:54:07.847 ComputerName: RASHAD-PC UserName: rashad
07:54:09.200 Initialize success
08:00:27.570 AVAST engine defs: 12072200
08:04:27.449 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:04:27.449 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
08:04:27.459 Disk 0 MBR read successfully
08:04:27.459 Disk 0 MBR scan
08:04:27.469 Disk 0 unknown MBR code
08:04:27.469 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 293303 MB offset 63
08:04:27.509 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11938 MB offset 600686415
08:04:27.549 Disk 0 scanning C:\Windows\system32\drivers
08:04:35.091 Service scanning
08:05:01.138 Modules scanning
08:05:01.138 Disk 0 trace - called modules:
08:05:01.144 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
08:05:01.144 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a6d6d0]
08:05:01.145 3 CLASSPNP.SYS[fffffa60011cec33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003dc5050]
08:05:03.890 AVAST engine scan C:\Windows
08:05:06.149 AVAST engine scan C:\Windows\system32
08:07:01.166 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
08:07:04.762 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
08:08:33.766 AVAST engine scan C:\Windows\system32\drivers
08:08:44.765 AVAST engine scan C:\Users\rashad
08:16:56.604 AVAST engine scan C:\ProgramData
08:18:50.495 Scan finished successfully
08:20:58.207 Disk 0 MBR has been saved successfully to "C:\Users\rashad\Desktop\MBR.dat"
08:20:58.230 The log file has been saved successfully to "C:\Users\rashad\Desktop\aswMBR.txt"

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:40 AM

Posted 22 July 2012 - 07:36 AM

We need advanced tools to remove this one

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#6 demo18c

demo18c
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 22 July 2012 - 09:53 AM

C:\WINDOWS\Installer\{2a2511ef-a75e-ff2a-a0df-c6cc1174c08b}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\WINDOWS\Installer\{2a2511ef-a75e-ff2a-a0df-c6cc1174c08b}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\WINDOWS\Installer\{2a2511ef-a75e-ff2a-a0df-c6cc1174c08b}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
Operating memory multiple threats

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:40 AM

Posted 22 July 2012 - 09:57 AM

Please read my previous instructions :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users