Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Dropped.BCminer issue


  • This topic is locked This topic is locked
2 replies to this topic

#1 hamerhokie

hamerhokie

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 24 July 2012 - 01:24 AM

Yesterday I used Malwarebytes to remove something that was like Windows Security System, based on an article I found here. Today I noticed Firefox was opening tabs at random. Google directed me here after I ran Malwarebytes again and found references to Trojan.Dropped.BCminer.

I read another thread that recommended the use of three programs. I downloaded and used them all and here are the logs.

TDSS log:

23:13:18.0592 4264 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30
23:13:18.0873 4264 ============================================================
23:13:18.0873 4264 Current date / time: 2012/07/23 23:13:18.0873
23:13:18.0873 4264 SystemInfo:
23:13:18.0873 4264
23:13:18.0873 4264 OS Version: 6.1.7601 ServicePack: 1.0
23:13:18.0873 4264 Product type: Workstation
23:13:18.0873 4264 ComputerName: SANDY-LAPTOP
23:13:18.0888 4264 UserName: Sandy
23:13:18.0888 4264 Windows directory: C:\windows
23:13:18.0888 4264 System windows directory: C:\windows
23:13:18.0888 4264 Running under WOW64
23:13:18.0888 4264 Processor architecture: Intel x64
23:13:18.0888 4264 Number of processors: 2
23:13:18.0888 4264 Page size: 0x1000
23:13:18.0888 4264 Boot type: Normal boot
23:13:18.0888 4264 ============================================================
23:13:20.0214 4264 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:13:20.0230 4264 ============================================================
23:13:20.0230 4264 \Device\Harddisk0\DR0:
23:13:20.0230 4264 MBR partitions:
23:13:20.0230 4264 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23A94800
23:13:20.0230 4264 ============================================================
23:13:20.0261 4264 C: <-> \Device\Harddisk0\DR0\Partition0
23:13:20.0261 4264 ============================================================
23:13:20.0261 4264 Initialize success
23:13:20.0261 4264 ============================================================
23:13:32.0881 1836 ============================================================
23:13:32.0881 1836 Scan started
23:13:32.0881 1836 Mode: Manual; TDLFS;
23:13:32.0881 1836 ============================================================
23:13:34.0036 1836 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
23:13:34.0036 1836 1394ohci - ok
23:13:34.0098 1836 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
23:13:34.0098 1836 ACPI - ok
23:13:34.0145 1836 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
23:13:34.0145 1836 AcpiPmi - ok
23:13:34.0270 1836 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:13:34.0270 1836 AdobeARMservice - ok
23:13:34.0441 1836 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:13:34.0441 1836 AdobeFlashPlayerUpdateSvc - ok
23:13:34.0535 1836 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
23:13:34.0535 1836 adp94xx - ok
23:13:34.0613 1836 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
23:13:34.0613 1836 adpahci - ok
23:13:34.0660 1836 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
23:13:34.0675 1836 adpu320 - ok
23:13:34.0707 1836 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
23:13:34.0707 1836 AeLookupSvc - ok
23:13:34.0800 1836 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
23:13:34.0800 1836 AFD - ok
23:13:34.0847 1836 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
23:13:34.0847 1836 agp440 - ok
23:13:34.0909 1836 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
23:13:34.0909 1836 ALG - ok
23:13:34.0956 1836 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
23:13:34.0956 1836 aliide - ok
23:13:35.0019 1836 AMD External Events Utility (a8b81d750556fb9a9266ec65bfab63af) C:\windows\system32\atiesrxx.exe
23:13:35.0019 1836 AMD External Events Utility - ok
23:13:35.0050 1836 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
23:13:35.0050 1836 amdide - ok
23:13:35.0112 1836 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
23:13:35.0112 1836 AmdK8 - ok
23:13:36.0048 1836 amdkmdag (7a1ac757f3a2a3126a806b7319cab21b) C:\windows\system32\DRIVERS\atikmdag.sys
23:13:36.0126 1836 amdkmdag - ok
23:13:36.0391 1836 amdkmdap (eef6f806eedfd1c746071f1fd684870e) C:\windows\system32\DRIVERS\atikmpag.sys
23:13:36.0391 1836 amdkmdap - ok
23:13:36.0438 1836 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
23:13:36.0438 1836 AmdPPM - ok
23:13:36.0501 1836 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
23:13:36.0501 1836 amdsata - ok
23:13:36.0547 1836 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
23:13:36.0547 1836 amdsbs - ok
23:13:36.0579 1836 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
23:13:36.0579 1836 amdxata - ok
23:13:36.0625 1836 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\windows\system32\DRIVERS\amd_sata.sys
23:13:36.0625 1836 amd_sata - ok
23:13:36.0657 1836 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\windows\system32\DRIVERS\amd_xata.sys
23:13:36.0657 1836 amd_xata - ok
23:13:36.0703 1836 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
23:13:36.0703 1836 AppID - ok
23:13:36.0735 1836 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
23:13:36.0735 1836 AppIDSvc - ok
23:13:36.0781 1836 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
23:13:36.0797 1836 Appinfo - ok
23:13:36.0875 1836 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
23:13:36.0875 1836 arc - ok
23:13:36.0906 1836 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
23:13:36.0906 1836 arcsas - ok
23:13:36.0937 1836 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
23:13:36.0937 1836 AsyncMac - ok
23:13:36.0984 1836 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
23:13:36.0984 1836 atapi - ok
23:13:37.0093 1836 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
23:13:37.0093 1836 AudioEndpointBuilder - ok
23:13:37.0125 1836 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
23:13:37.0125 1836 AudioSrv - ok
23:13:37.0171 1836 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
23:13:37.0171 1836 AxInstSV - ok
23:13:37.0249 1836 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
23:13:37.0265 1836 b06bdrv - ok
23:13:37.0327 1836 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
23:13:37.0343 1836 b57nd60a - ok
23:13:37.0515 1836 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
23:13:37.0530 1836 BBSvc - ok
23:13:37.0608 1836 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
23:13:37.0608 1836 BBUpdate - ok
23:13:37.0671 1836 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
23:13:37.0671 1836 BDESVC - ok
23:13:37.0717 1836 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
23:13:37.0717 1836 Beep - ok
23:13:37.0967 1836 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120413.001\BHDrvx64.sys
23:13:37.0983 1836 BHDrvx64 - ok
23:13:38.0014 1836 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
23:13:38.0029 1836 blbdrive - ok
23:13:38.0045 1836 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
23:13:38.0061 1836 bowser - ok
23:13:38.0076 1836 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
23:13:38.0076 1836 BrFiltLo - ok
23:13:38.0123 1836 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
23:13:38.0123 1836 BrFiltUp - ok
23:13:38.0185 1836 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
23:13:38.0185 1836 Browser - ok
23:13:38.0248 1836 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
23:13:38.0248 1836 Brserid - ok
23:13:38.0295 1836 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
23:13:38.0295 1836 BrSerWdm - ok
23:13:38.0341 1836 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
23:13:38.0341 1836 BrUsbMdm - ok
23:13:38.0341 1836 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
23:13:38.0341 1836 BrUsbSer - ok
23:13:38.0373 1836 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
23:13:38.0373 1836 BTHMODEM - ok
23:13:38.0419 1836 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
23:13:38.0435 1836 bthserv - ok
23:13:38.0497 1836 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
23:13:38.0497 1836 cdfs - ok
23:13:38.0544 1836 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
23:13:38.0544 1836 cdrom - ok
23:13:38.0591 1836 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
23:13:38.0607 1836 CertPropSvc - ok
23:13:38.0653 1836 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
23:13:38.0669 1836 circlass - ok
23:13:38.0731 1836 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
23:13:38.0731 1836 CLFS - ok
23:13:38.0841 1836 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:13:38.0841 1836 clr_optimization_v2.0.50727_32 - ok
23:13:38.0919 1836 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:13:38.0919 1836 clr_optimization_v2.0.50727_64 - ok
23:13:39.0043 1836 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:13:39.0043 1836 clr_optimization_v4.0.30319_32 - ok
23:13:39.0090 1836 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:13:39.0090 1836 clr_optimization_v4.0.30319_64 - ok
23:13:39.0137 1836 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
23:13:39.0137 1836 CmBatt - ok
23:13:39.0168 1836 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
23:13:39.0168 1836 cmdide - ok
23:13:39.0262 1836 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
23:13:39.0262 1836 CNG - ok
23:13:39.0465 1836 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys
23:13:39.0480 1836 CnxtHdAudService - ok
23:13:39.0652 1836 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
23:13:39.0652 1836 Compbatt - ok
23:13:39.0683 1836 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
23:13:39.0683 1836 CompositeBus - ok
23:13:39.0699 1836 COMSysApp - ok
23:13:39.0730 1836 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
23:13:39.0730 1836 crcdisk - ok
23:13:39.0792 1836 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
23:13:39.0808 1836 CryptSvc - ok
23:13:39.0886 1836 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
23:13:39.0886 1836 DcomLaunch - ok
23:13:39.0948 1836 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
23:13:39.0948 1836 defragsvc - ok
23:13:40.0011 1836 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
23:13:40.0011 1836 DfsC - ok
23:13:40.0089 1836 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
23:13:40.0089 1836 Dhcp - ok
23:13:40.0120 1836 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
23:13:40.0120 1836 discache - ok
23:13:40.0151 1836 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
23:13:40.0151 1836 Disk - ok
23:13:40.0213 1836 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
23:13:40.0213 1836 Dnscache - ok
23:13:40.0276 1836 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
23:13:40.0276 1836 dot3svc - ok
23:13:40.0307 1836 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
23:13:40.0307 1836 DPS - ok
23:13:40.0354 1836 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
23:13:40.0354 1836 drmkaud - ok
23:13:40.0494 1836 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
23:13:40.0510 1836 DXGKrnl - ok
23:13:40.0541 1836 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
23:13:40.0541 1836 EapHost - ok
23:13:40.0837 1836 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
23:13:40.0869 1836 ebdrv - ok
23:13:41.0009 1836 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
23:13:41.0009 1836 eeCtrl - ok
23:13:41.0149 1836 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
23:13:41.0149 1836 EFS - ok
23:13:41.0274 1836 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
23:13:41.0274 1836 ehRecvr - ok
23:13:41.0305 1836 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
23:13:41.0305 1836 ehSched - ok
23:13:41.0430 1836 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
23:13:41.0430 1836 elxstor - ok
23:13:41.0571 1836 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:13:41.0571 1836 EraserUtilRebootDrv - ok
23:13:41.0602 1836 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
23:13:41.0602 1836 ErrDev - ok
23:13:41.0664 1836 ETD (5d82d501d2fee413b1f45f0302b5802c) C:\windows\system32\DRIVERS\ETD.sys
23:13:41.0664 1836 ETD - ok
23:13:41.0727 1836 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
23:13:41.0742 1836 EventSystem - ok
23:13:41.0773 1836 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
23:13:41.0773 1836 exfat - ok
23:13:41.0836 1836 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
23:13:41.0851 1836 fastfat - ok
23:13:41.0961 1836 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
23:13:41.0976 1836 Fax - ok
23:13:42.0007 1836 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
23:13:42.0007 1836 fdc - ok
23:13:42.0039 1836 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
23:13:42.0039 1836 fdPHost - ok
23:13:42.0054 1836 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
23:13:42.0070 1836 FDResPub - ok
23:13:42.0101 1836 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
23:13:42.0101 1836 FileInfo - ok
23:13:42.0117 1836 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
23:13:42.0117 1836 Filetrace - ok
23:13:42.0179 1836 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
23:13:42.0179 1836 flpydisk - ok
23:13:42.0226 1836 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
23:13:42.0241 1836 FltMgr - ok
23:13:42.0366 1836 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
23:13:42.0382 1836 FontCache - ok
23:13:42.0460 1836 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:13:42.0475 1836 FontCache3.0.0.0 - ok
23:13:42.0507 1836 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
23:13:42.0522 1836 FsDepends - ok
23:13:42.0553 1836 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
23:13:42.0553 1836 Fs_Rec - ok
23:13:42.0585 1836 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
23:13:42.0600 1836 fvevol - ok
23:13:42.0647 1836 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
23:13:42.0647 1836 FwLnk - ok
23:13:42.0678 1836 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
23:13:42.0678 1836 gagp30kx - ok
23:13:42.0787 1836 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
23:13:42.0803 1836 gpsvc - ok
23:13:42.0928 1836 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:13:42.0928 1836 gupdate - ok
23:13:42.0959 1836 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:13:42.0959 1836 gupdatem - ok
23:13:43.0021 1836 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:13:43.0021 1836 gusvc - ok
23:13:43.0084 1836 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
23:13:43.0084 1836 hcw85cir - ok
23:13:43.0146 1836 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
23:13:43.0162 1836 HdAudAddService - ok
23:13:43.0209 1836 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
23:13:43.0209 1836 HDAudBus - ok
23:13:43.0240 1836 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
23:13:43.0240 1836 HidBatt - ok
23:13:43.0302 1836 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
23:13:43.0302 1836 HidBth - ok
23:13:43.0333 1836 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
23:13:43.0333 1836 HidIr - ok
23:13:43.0365 1836 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
23:13:43.0365 1836 hidserv - ok
23:13:43.0411 1836 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
23:13:43.0411 1836 HidUsb - ok
23:13:43.0443 1836 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
23:13:43.0458 1836 hkmsvc - ok
23:13:43.0505 1836 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
23:13:43.0521 1836 HomeGroupListener - ok
23:13:43.0552 1836 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
23:13:43.0552 1836 HomeGroupProvider - ok
23:13:43.0708 1836 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
23:13:43.0708 1836 hpqcxs08 - ok
23:13:43.0739 1836 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
23:13:43.0739 1836 hpqddsvc - ok
23:13:43.0755 1836 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
23:13:43.0770 1836 HpSAMD - ok
23:13:43.0864 1836 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
23:13:43.0879 1836 HPSLPSVC - ok
23:13:43.0973 1836 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
23:13:43.0973 1836 HTTP - ok
23:13:43.0989 1836 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
23:13:44.0004 1836 hwpolicy - ok
23:13:44.0067 1836 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
23:13:44.0067 1836 i8042prt - ok
23:13:44.0145 1836 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
23:13:44.0145 1836 iaStorV - ok
23:13:44.0285 1836 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:13:44.0301 1836 idsvc - ok
23:13:44.0519 1836 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120505.001\IDSvia64.sys
23:13:44.0535 1836 IDSVia64 - ok
23:13:44.0644 1836 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
23:13:44.0644 1836 iirsp - ok
23:13:44.0784 1836 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
23:13:44.0784 1836 IKEEXT - ok
23:13:44.0815 1836 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
23:13:44.0831 1836 intelide - ok
23:13:44.0893 1836 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
23:13:44.0893 1836 intelppm - ok
23:13:44.0956 1836 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
23:13:44.0971 1836 IPBusEnum - ok
23:13:45.0018 1836 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
23:13:45.0018 1836 IpFilterDriver - ok
23:13:45.0049 1836 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
23:13:45.0049 1836 IPMIDRV - ok
23:13:45.0096 1836 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
23:13:45.0096 1836 IPNAT - ok
23:13:45.0143 1836 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
23:13:45.0143 1836 IRENUM - ok
23:13:45.0159 1836 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
23:13:45.0159 1836 isapnp - ok
23:13:45.0221 1836 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
23:13:45.0221 1836 iScsiPrt - ok
23:13:45.0252 1836 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
23:13:45.0252 1836 kbdclass - ok
23:13:45.0315 1836 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
23:13:45.0315 1836 kbdhid - ok
23:13:45.0346 1836 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:13:45.0361 1836 KeyIso - ok
23:13:45.0408 1836 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
23:13:45.0408 1836 KSecDD - ok
23:13:45.0517 1836 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
23:13:45.0517 1836 KSecPkg - ok
23:13:45.0658 1836 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
23:13:45.0658 1836 ksthunk - ok
23:13:45.0736 1836 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
23:13:45.0751 1836 KtmRm - ok
23:13:45.0798 1836 L1C (0e154da6ca9105354a07d0c576804037) C:\windows\system32\DRIVERS\L1C62x64.sys
23:13:45.0798 1836 L1C - ok
23:13:45.0845 1836 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
23:13:45.0861 1836 LanmanServer - ok
23:13:45.0907 1836 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
23:13:45.0907 1836 LanmanWorkstation - ok
23:13:45.0954 1836 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
23:13:45.0954 1836 lltdio - ok
23:13:46.0017 1836 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
23:13:46.0032 1836 lltdsvc - ok
23:13:46.0063 1836 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
23:13:46.0063 1836 lmhosts - ok
23:13:46.0110 1836 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
23:13:46.0110 1836 LSI_FC - ok
23:13:46.0141 1836 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
23:13:46.0141 1836 LSI_SAS - ok
23:13:46.0173 1836 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
23:13:46.0173 1836 LSI_SAS2 - ok
23:13:46.0219 1836 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
23:13:46.0235 1836 LSI_SCSI - ok
23:13:46.0282 1836 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
23:13:46.0282 1836 luafv - ok
23:13:46.0313 1836 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
23:13:46.0329 1836 Mcx2Svc - ok
23:13:46.0453 1836 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:13:46.0453 1836 MDM - ok
23:13:46.0485 1836 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
23:13:46.0485 1836 megasas - ok
23:13:46.0563 1836 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
23:13:46.0563 1836 MegaSR - ok
23:13:46.0609 1836 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
23:13:46.0609 1836 MMCSS - ok
23:13:46.0625 1836 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
23:13:46.0625 1836 Modem - ok
23:13:46.0672 1836 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
23:13:46.0672 1836 monitor - ok
23:13:46.0703 1836 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
23:13:46.0703 1836 mouclass - ok
23:13:46.0750 1836 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
23:13:46.0750 1836 mouhid - ok
23:13:46.0812 1836 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
23:13:46.0812 1836 mountmgr - ok
23:13:46.0906 1836 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:13:46.0906 1836 MozillaMaintenance - ok
23:13:46.0937 1836 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
23:13:46.0953 1836 mpio - ok
23:13:46.0968 1836 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
23:13:46.0984 1836 mpsdrv - ok
23:13:47.0031 1836 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
23:13:47.0031 1836 MRxDAV - ok
23:13:47.0093 1836 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
23:13:47.0093 1836 mrxsmb - ok
23:13:47.0171 1836 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
23:13:47.0187 1836 mrxsmb10 - ok
23:13:47.0218 1836 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
23:13:47.0233 1836 mrxsmb20 - ok
23:13:47.0265 1836 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
23:13:47.0265 1836 msahci - ok
23:13:47.0296 1836 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
23:13:47.0296 1836 msdsm - ok
23:13:47.0358 1836 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
23:13:47.0358 1836 MSDTC - ok
23:13:47.0405 1836 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
23:13:47.0405 1836 Msfs - ok
23:13:47.0436 1836 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
23:13:47.0436 1836 mshidkmdf - ok
23:13:47.0452 1836 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
23:13:47.0452 1836 msisadrv - ok
23:13:47.0499 1836 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
23:13:47.0499 1836 MSiSCSI - ok
23:13:47.0514 1836 msiserver - ok
23:13:47.0561 1836 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
23:13:47.0561 1836 MSKSSRV - ok
23:13:47.0577 1836 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
23:13:47.0592 1836 MSPCLOCK - ok
23:13:47.0592 1836 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
23:13:47.0592 1836 MSPQM - ok
23:13:47.0655 1836 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
23:13:47.0655 1836 MsRPC - ok
23:13:47.0701 1836 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
23:13:47.0701 1836 mssmbios - ok
23:13:47.0733 1836 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
23:13:47.0733 1836 MSTEE - ok
23:13:47.0764 1836 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
23:13:47.0764 1836 MTConfig - ok
23:13:47.0779 1836 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
23:13:47.0795 1836 Mup - ok
23:13:47.0857 1836 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
23:13:47.0873 1836 napagent - ok
23:13:47.0951 1836 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
23:13:47.0967 1836 NativeWifiP - ok
23:13:48.0091 1836 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120504.033\ENG64.SYS
23:13:48.0091 1836 NAVENG - ok
23:13:48.0294 1836 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120504.033\EX64.SYS
23:13:48.0310 1836 NAVEX15 - ok
23:13:48.0559 1836 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
23:13:48.0575 1836 NDIS - ok
23:13:48.0606 1836 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
23:13:48.0622 1836 NdisCap - ok
23:13:48.0669 1836 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
23:13:48.0669 1836 NdisTapi - ok
23:13:48.0700 1836 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
23:13:48.0700 1836 Ndisuio - ok
23:13:48.0731 1836 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
23:13:48.0747 1836 NdisWan - ok
23:13:48.0778 1836 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
23:13:48.0778 1836 NDProxy - ok
23:13:48.0871 1836 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
23:13:48.0871 1836 Net Driver HPZ12 - ok
23:13:48.0903 1836 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
23:13:48.0903 1836 NetBIOS - ok
23:13:48.0949 1836 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
23:13:48.0949 1836 NetBT - ok
23:13:48.0981 1836 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:13:48.0996 1836 Netlogon - ok
23:13:49.0059 1836 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
23:13:49.0059 1836 Netman - ok
23:13:49.0121 1836 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
23:13:49.0137 1836 netprofm - ok
23:13:49.0215 1836 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:13:49.0215 1836 NetTcpPortSharing - ok
23:13:49.0246 1836 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
23:13:49.0246 1836 nfrd960 - ok
23:13:49.0371 1836 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
23:13:49.0371 1836 NIS - ok
23:13:49.0433 1836 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
23:13:49.0433 1836 NlaSvc - ok
23:13:49.0464 1836 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
23:13:49.0464 1836 Npfs - ok
23:13:49.0495 1836 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
23:13:49.0495 1836 nsi - ok
23:13:49.0527 1836 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
23:13:49.0527 1836 nsiproxy - ok
23:13:49.0714 1836 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
23:13:49.0729 1836 Ntfs - ok
23:13:49.0854 1836 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
23:13:49.0870 1836 Null - ok
23:13:49.0932 1836 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
23:13:49.0932 1836 nvraid - ok
23:13:49.0963 1836 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
23:13:49.0963 1836 nvstor - ok
23:13:50.0026 1836 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
23:13:50.0026 1836 nv_agp - ok
23:13:50.0041 1836 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
23:13:50.0041 1836 ohci1394 - ok
23:13:50.0135 1836 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:13:50.0151 1836 ose - ok
23:13:50.0197 1836 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
23:13:50.0213 1836 p2pimsvc - ok
23:13:50.0275 1836 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
23:13:50.0291 1836 p2psvc - ok
23:13:50.0322 1836 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
23:13:50.0338 1836 Parport - ok
23:13:50.0369 1836 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
23:13:50.0369 1836 partmgr - ok
23:13:50.0431 1836 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
23:13:50.0431 1836 PcaSvc - ok
23:13:50.0478 1836 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
23:13:50.0478 1836 pci - ok
23:13:50.0509 1836 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
23:13:50.0509 1836 pciide - ok
23:13:50.0541 1836 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
23:13:50.0556 1836 pcmcia - ok
23:13:50.0572 1836 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
23:13:50.0572 1836 pcw - ok
23:13:50.0650 1836 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
23:13:50.0665 1836 PEAUTH - ok
23:13:50.0962 1836 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
23:13:50.0962 1836 PerfHost - ok
23:13:51.0024 1836 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
23:13:51.0024 1836 PGEffect - ok
23:13:51.0165 1836 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
23:13:51.0180 1836 pla - ok
23:13:51.0274 1836 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
23:13:51.0289 1836 PlugPlay - ok
23:13:51.0352 1836 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
23:13:51.0352 1836 Pml Driver HPZ12 - ok
23:13:51.0383 1836 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
23:13:51.0383 1836 PNRPAutoReg - ok
23:13:51.0430 1836 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
23:13:51.0430 1836 PNRPsvc - ok
23:13:51.0508 1836 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys
23:13:51.0523 1836 Point64 - ok
23:13:51.0601 1836 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
23:13:51.0601 1836 PolicyAgent - ok
23:13:51.0664 1836 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
23:13:51.0664 1836 Power - ok
23:13:51.0695 1836 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
23:13:51.0711 1836 PptpMiniport - ok
23:13:51.0742 1836 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
23:13:51.0742 1836 Processor - ok
23:13:51.0789 1836 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
23:13:51.0804 1836 ProfSvc - ok
23:13:51.0851 1836 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:13:51.0851 1836 ProtectedStorage - ok
23:13:51.0898 1836 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
23:13:51.0898 1836 Psched - ok
23:13:52.0054 1836 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
23:13:52.0085 1836 ql2300 - ok
23:13:52.0257 1836 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
23:13:52.0257 1836 ql40xx - ok
23:13:52.0303 1836 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
23:13:52.0303 1836 QWAVE - ok
23:13:52.0335 1836 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
23:13:52.0335 1836 QWAVEdrv - ok
23:13:52.0350 1836 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
23:13:52.0350 1836 RasAcd - ok
23:13:52.0397 1836 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
23:13:52.0397 1836 RasAgileVpn - ok
23:13:52.0428 1836 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
23:13:52.0444 1836 RasAuto - ok
23:13:52.0459 1836 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
23:13:52.0459 1836 Rasl2tp - ok
23:13:52.0537 1836 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
23:13:52.0537 1836 RasMan - ok
23:13:52.0569 1836 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
23:13:52.0569 1836 RasPppoe - ok
23:13:52.0600 1836 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
23:13:52.0615 1836 RasSstp - ok
23:13:52.0662 1836 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
23:13:52.0662 1836 rdbss - ok
23:13:52.0693 1836 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
23:13:52.0693 1836 rdpbus - ok
23:13:52.0709 1836 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
23:13:52.0709 1836 RDPCDD - ok
23:13:52.0756 1836 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
23:13:52.0756 1836 RDPENCDD - ok
23:13:52.0803 1836 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
23:13:52.0803 1836 RDPREFMP - ok
23:13:52.0865 1836 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
23:13:52.0865 1836 RDPWD - ok
23:13:52.0912 1836 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
23:13:52.0927 1836 rdyboost - ok
23:13:52.0974 1836 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
23:13:52.0974 1836 RemoteAccess - ok
23:13:53.0037 1836 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
23:13:53.0037 1836 RemoteRegistry - ok
23:13:53.0083 1836 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\windows\system32\Drivers\RimUsb_AMD64.sys
23:13:53.0099 1836 RimUsb - ok
23:13:53.0130 1836 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
23:13:53.0146 1836 RpcEptMapper - ok
23:13:53.0177 1836 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
23:13:53.0177 1836 RpcLocator - ok
23:13:53.0255 1836 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
23:13:53.0255 1836 RpcSs - ok
23:13:53.0302 1836 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
23:13:53.0302 1836 rspndr - ok
23:13:53.0380 1836 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
23:13:53.0380 1836 RSUSBSTOR - ok
23:13:53.0505 1836 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
23:13:53.0520 1836 RTL8192Ce - ok
23:13:53.0567 1836 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:13:53.0567 1836 SamSs - ok
23:13:53.0614 1836 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
23:13:53.0614 1836 sbp2port - ok
23:13:53.0832 1836 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
23:13:53.0863 1836 SBSDWSCService - ok
23:13:53.0895 1836 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
23:13:53.0910 1836 SCardSvr - ok
23:13:53.0973 1836 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
23:13:53.0973 1836 scfilter - ok
23:13:54.0082 1836 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
23:13:54.0097 1836 Schedule - ok
23:13:54.0144 1836 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
23:13:54.0144 1836 SCPolicySvc - ok
23:13:54.0191 1836 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
23:13:54.0191 1836 SDRSVC - ok
23:13:54.0269 1836 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
23:13:54.0269 1836 secdrv - ok
23:13:54.0285 1836 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
23:13:54.0300 1836 seclogon - ok
23:13:54.0347 1836 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
23:13:54.0347 1836 SENS - ok
23:13:54.0378 1836 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
23:13:54.0378 1836 SensrSvc - ok
23:13:54.0409 1836 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
23:13:54.0409 1836 Serenum - ok
23:13:54.0472 1836 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
23:13:54.0472 1836 Serial - ok
23:13:54.0503 1836 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
23:13:54.0503 1836 sermouse - ok
23:13:54.0550 1836 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
23:13:54.0565 1836 SessionEnv - ok
23:13:54.0597 1836 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
23:13:54.0597 1836 sffdisk - ok
23:13:54.0612 1836 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
23:13:54.0612 1836 sffp_mmc - ok
23:13:54.0628 1836 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
23:13:54.0628 1836 sffp_sd - ok
23:13:54.0643 1836 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
23:13:54.0643 1836 sfloppy - ok
23:13:54.0721 1836 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
23:13:54.0721 1836 ShellHWDetection - ok
23:13:54.0768 1836 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
23:13:54.0784 1836 SiSRaid2 - ok
23:13:54.0799 1836 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
23:13:54.0815 1836 SiSRaid4 - ok
23:13:54.0846 1836 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
23:13:54.0846 1836 Smb - ok
23:13:54.0893 1836 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
23:13:54.0893 1836 SNMPTRAP - ok
23:13:54.0909 1836 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
23:13:54.0909 1836 spldr - ok
23:13:54.0987 1836 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
23:13:55.0002 1836 Spooler - ok
23:13:55.0314 1836 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
23:13:55.0408 1836 sppsvc - ok
23:13:55.0533 1836 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
23:13:55.0548 1836 sppuinotify - ok
23:13:55.0735 1836 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
23:13:55.0751 1836 SRTSP - ok
23:13:55.0767 1836 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
23:13:55.0767 1836 SRTSPX - ok
23:13:55.0845 1836 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
23:13:55.0860 1836 srv - ok
23:13:55.0923 1836 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
23:13:55.0938 1836 srv2 - ok
23:13:55.0954 1836 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
23:13:55.0969 1836 srvnet - ok
23:13:56.0047 1836 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
23:13:56.0063 1836 SSDPSRV - ok
23:13:56.0079 1836 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
23:13:56.0079 1836 SstpSvc - ok
23:13:56.0141 1836 Steam Client Service - ok
23:13:56.0188 1836 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
23:13:56.0188 1836 stexstor - ok
23:13:56.0235 1836 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
23:13:56.0235 1836 StillCam - ok
23:13:56.0328 1836 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
23:13:56.0328 1836 stisvc - ok
23:13:56.0359 1836 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
23:13:56.0359 1836 swenum - ok
23:13:56.0453 1836 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
23:13:56.0453 1836 swprv - ok
23:13:56.0578 1836 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
23:13:56.0593 1836 SymDS - ok
23:13:56.0687 1836 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
23:13:56.0703 1836 SymEFA - ok
23:13:56.0734 1836 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
23:13:56.0734 1836 SymEvent - ok
23:13:56.0796 1836 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
23:13:56.0796 1836 SymIRON - ok
23:13:56.0843 1836 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
23:13:56.0859 1836 SymNetS - ok
23:13:57.0030 1836 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
23:13:57.0061 1836 SysMain - ok
23:13:57.0202 1836 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
23:13:57.0202 1836 TabletInputService - ok
23:13:57.0249 1836 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
23:13:57.0249 1836 TapiSrv - ok
23:13:57.0264 1836 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
23:13:57.0264 1836 TBS - ok
23:13:57.0592 1836 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
23:13:57.0623 1836 Tcpip - ok
23:13:57.0982 1836 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
23:13:57.0998 1836 TCPIP6 - ok
23:13:58.0169 1836 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
23:13:58.0169 1836 tcpipreg - ok
23:13:58.0232 1836 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
23:13:58.0247 1836 tdcmdpst - ok
23:13:58.0278 1836 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
23:13:58.0294 1836 TDPIPE - ok
23:13:58.0388 1836 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
23:13:58.0388 1836 TDTCP - ok
23:13:58.0434 1836 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
23:13:58.0434 1836 tdx - ok
23:13:58.0450 1836 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
23:13:58.0466 1836 TermDD - ok
23:13:58.0544 1836 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
23:13:58.0559 1836 TermService - ok
23:13:58.0575 1836 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
23:13:58.0590 1836 Themes - ok
23:13:58.0622 1836 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
23:13:58.0622 1836 THREADORDER - ok
23:13:58.0684 1836 TMachInfo (dfe9ba871b9f3dbb591bd113611cbcc0) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
23:13:58.0684 1836 TMachInfo - ok
23:13:58.0746 1836 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
23:13:58.0746 1836 TODDSrv - ok
23:13:58.0871 1836 TosCoSrv (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
23:13:58.0887 1836 TosCoSrv - ok
23:13:58.0965 1836 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
23:13:58.0965 1836 TOSHIBA HDD SSD Alert Service - ok
23:13:59.0012 1836 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
23:13:59.0012 1836 TrkWks - ok
23:13:59.0074 1836 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
23:13:59.0090 1836 TrustedInstaller - ok
23:13:59.0152 1836 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
23:13:59.0168 1836 tssecsrv - ok
23:13:59.0214 1836 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
23:13:59.0214 1836 TsUsbFlt - ok
23:13:59.0261 1836 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
23:13:59.0261 1836 TsUsbGD - ok
23:13:59.0339 1836 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
23:13:59.0339 1836 tunnel - ok
23:13:59.0417 1836 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
23:13:59.0433 1836 TVALZ - ok
23:13:59.0464 1836 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
23:13:59.0464 1836 uagp35 - ok
23:13:59.0526 1836 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
23:13:59.0542 1836 udfs - ok
23:13:59.0589 1836 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
23:13:59.0589 1836 UI0Detect - ok
23:13:59.0636 1836 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
23:13:59.0636 1836 uliagpkx - ok
23:13:59.0667 1836 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
23:13:59.0667 1836 umbus - ok
23:13:59.0682 1836 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
23:13:59.0698 1836 UmPass - ok
23:13:59.0745 1836 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
23:13:59.0760 1836 upnphost - ok
23:13:59.0838 1836 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
23:13:59.0838 1836 usbaudio - ok
23:13:59.0901 1836 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
23:13:59.0901 1836 usbccgp - ok
23:13:59.0963 1836 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
23:13:59.0979 1836 usbcir - ok
23:14:00.0041 1836 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
23:14:00.0041 1836 usbehci - ok
23:14:00.0124 1836 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
23:14:00.0134 1836 usbhub - ok
23:14:00.0184 1836 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
23:14:00.0194 1836 usbohci - ok
23:14:00.0224 1836 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
23:14:00.0224 1836 usbprint - ok
23:14:00.0254 1836 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
23:14:00.0254 1836 USBSTOR - ok
23:14:00.0294 1836 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
23:14:00.0294 1836 usbuhci - ok
23:14:00.0354 1836 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
23:14:00.0354 1836 usbvideo - ok
23:14:00.0394 1836 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
23:14:00.0394 1836 UxSms - ok
23:14:00.0444 1836 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:14:00.0454 1836 VaultSvc - ok
23:14:00.0474 1836 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
23:14:00.0484 1836 vdrvroot - ok
23:14:00.0564 1836 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
23:14:00.0574 1836 vds - ok
23:14:00.0634 1836 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
23:14:00.0634 1836 vga - ok
23:14:00.0664 1836 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
23:14:00.0664 1836 VgaSave - ok
23:14:00.0704 1836 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
23:14:00.0704 1836 vhdmp - ok
23:14:00.0724 1836 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
23:14:00.0724 1836 viaide - ok
23:14:00.0764 1836 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
23:14:00.0764 1836 volmgr - ok
23:14:00.0844 1836 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
23:14:00.0854 1836 volmgrx - ok
23:14:00.0904 1836 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
23:14:00.0904 1836 volsnap - ok
23:14:00.0944 1836 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
23:14:00.0944 1836 vsmraid - ok
23:14:01.0144 1836 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
23:14:01.0164 1836 VSS - ok
23:14:01.0304 1836 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
23:14:01.0304 1836 vwifibus - ok
23:14:01.0354 1836 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
23:14:01.0354 1836 vwififlt - ok
23:14:01.0424 1836 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
23:14:01.0434 1836 W32Time - ok
23:14:01.0484 1836 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
23:14:01.0484 1836 WacomPen - ok
23:14:01.0524 1836 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
23:14:01.0524 1836 WANARP - ok
23:14:01.0544 1836 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
23:14:01.0544 1836 Wanarpv6 - ok
23:14:01.0694 1836 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
23:14:01.0714 1836 WatAdminSvc - ok
23:14:01.0874 1836 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
23:14:01.0894 1836 wbengine - ok
23:14:02.0044 1836 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
23:14:02.0054 1836 WbioSrvc - ok
23:14:02.0104 1836 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
23:14:02.0114 1836 wcncsvc - ok
23:14:02.0144 1836 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
23:14:02.0154 1836 WcsPlugInService - ok
23:14:02.0200 1836 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
23:14:02.0200 1836 Wd - ok
23:14:02.0278 1836 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
23:14:02.0278 1836 Wdf01000 - ok
23:14:02.0310 1836 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
23:14:02.0310 1836 WdiServiceHost - ok
23:14:02.0325 1836 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
23:14:02.0325 1836 WdiSystemHost - ok
23:14:02.0372 1836 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
23:14:02.0388 1836 WebClient - ok
23:14:02.0419 1836 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
23:14:02.0419 1836 Wecsvc - ok
23:14:02.0450 1836 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
23:14:02.0450 1836 wercplsupport - ok
23:14:02.0497 1836 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
23:14:02.0497 1836 WerSvc - ok
23:14:02.0575 1836 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
23:14:02.0575 1836 WfpLwf - ok
23:14:02.0590 1836 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
23:14:02.0590 1836 WIMMount - ok
23:14:02.0606 1836 WinHttpAutoProxySvc - ok
23:14:02.0684 1836 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
23:14:02.0684 1836 Winmgmt - ok
23:14:02.0902 1836 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
23:14:02.0934 1836 WinRM - ok
23:14:03.0090 1836 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
23:14:03.0105 1836 WinUsb - ok
23:14:03.0214 1836 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
23:14:03.0230 1836 Wlansvc - ok
23:14:03.0324 1836 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:14:03.0324 1836 wlcrasvc - ok
23:14:03.0589 1836 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:14:03.0604 1836 wlidsvc - ok
23:14:03.0760 1836 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
23:14:03.0760 1836 WmiAcpi - ok
23:14:03.0854 1836 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
23:14:03.0854 1836 wmiApSrv - ok
23:14:03.0885 1836 WMPNetworkSvc - ok
23:14:03.0948 1836 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
23:14:03.0948 1836 WPCSvc - ok
23:14:03.0979 1836 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
23:14:03.0979 1836 WPDBusEnum - ok
23:14:04.0010 1836 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
23:14:04.0010 1836 ws2ifsl - ok
23:14:04.0057 1836 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys
23:14:04.0057 1836 WSDPrintDevice - ok
23:14:04.0072 1836 WSearch - ok
23:14:04.0119 1836 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
23:14:04.0119 1836 WudfPf - ok
23:14:04.0182 1836 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
23:14:04.0182 1836 WUDFRd - ok
23:14:04.0213 1836 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
23:14:04.0228 1836 wudfsvc - ok
23:14:04.0260 1836 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
23:14:04.0275 1836 WwanSvc - ok
23:14:04.0322 1836 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
23:14:05.0554 1836 \Device\Harddisk0\DR0 - ok
23:14:05.0601 1836 Boot (0x1200) (80ff801dbe2bbb8d72c04df77d231689) \Device\Harddisk0\DR0\Partition0
23:14:05.0601 1836 \Device\Harddisk0\DR0\Partition0 - ok
23:14:05.0601 1836 ============================================================
23:14:05.0601 1836 Scan finished
23:14:05.0601 1836 ============================================================
23:14:05.0632 3160 Detected object count: 0
23:14:05.0632 3160 Actual detected object count: 0


aswMBR results:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-23 23:21:04
-----------------------------
23:21:04.948 OS Version: Windows x64 6.1.7601 Service Pack 1
23:21:04.948 Number of processors: 2 586 0x100
23:21:04.948 ComputerName: SANDY-LAPTOP UserName: Sandy
23:21:06.843 Initialize success
23:24:41.193 AVAST engine defs: 12072302
23:25:04.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006e
23:25:04.265 Disk 0 Vendor: TOSHIBA_ FG02 Size: 305245MB BusType: 11
23:25:04.296 Disk 0 MBR read successfully
23:25:04.296 Disk 0 MBR scan
23:25:04.312 Disk 0 Windows VISTA default MBR code
23:25:04.312 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
23:25:04.343 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292137 MB offset 3074048
23:25:04.374 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11607 MB offset 601370624
23:25:04.421 Disk 0 scanning C:\windows\system32\drivers
23:25:18.570 Service scanning
23:26:11.786 Modules scanning
23:26:11.801 Disk 0 trace - called modules:
23:26:11.879 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
23:26:11.895 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003001390]
23:26:11.911 3 CLASSPNP.SYS[fffff88001bbb43f] -> nt!IofCallDriver -> [0xfffffa8002ed6ac0]
23:26:11.926 5 amd_xata.sys[fffff8800106e8b4] -> nt!IofCallDriver -> \Device\0000006e[0xfffffa8002ed0060]
23:26:13.439 AVAST engine scan C:\windows
23:26:17.527 AVAST engine scan C:\windows\system32
23:29:00.165 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
23:29:02.848 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
23:30:42.212 AVAST engine scan C:\windows\system32\drivers
23:31:07.851 AVAST engine scan C:\Users\Sandy
23:37:44.025 Disk 0 MBR has been saved successfully to "C:\Users\Sandy\Documents\MBR.dat"
23:37:44.041 The log file has been saved successfully to "C:\Users\Sandy\Documents\aswMBR.txt"

ESET Online Scanner results:

C:\Backup from Desktop\Users\Sandy\Downloads\XvidSetup(1).exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Backup from Desktop\Users\Sandy\Downloads\XvidSetup.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Sandy\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Sandy\AppData\Local\Temp\is357113909\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Sandy\Desktop files\Sandy\Downloads\XvidSetup(1).exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Users\Sandy\Desktop files\Sandy\Downloads\XvidSetup.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Windows\Installer\{396bc10f-2988-55c1-bcfd-d01a8cd3c029}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{396bc10f-2988-55c1-bcfd-d01a8cd3c029}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\System32\sysprep\CRYPTSP.dll_ a variant of Win32/Kryptik.AILY trojan cleaned by deleting - quarantined
Operating memory multiple threats

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:13 PM

Posted 24 July 2012 - 01:47 AM

We need advanced tools to remove this one

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,109 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:13 PM

Posted 27 July 2012 - 08:04 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic462646.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users