Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP!!! IS THIS A VIRUS????


  • This topic is locked This topic is locked
7 replies to this topic

#1 turtle0423

turtle0423

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 24 July 2012 - 02:03 AM

For the past two days, I have been noticing that I had some weird popups of fake ads coming from my computer.... I tried to find a way to get rid of them but it didn't work... then yesterday I see that there's this weird green page that says redirecting which leads to different types of advertisement pages that include but not limited to jobsearch.monster.com, newsfudge.com, and some weird IP address numbers that were embedded in at the beginning of a website.... This often happened when I was trying to access a page to google and yahoo

I looked it up and the best result I got was the Google Redirect Virus however, I tried the solutions suggested by people such as CCleaner, Kapersky TTDS Killer and Malwarebytes (both found infected files to delete but did not delete the virus), and then went Safe Mode with Networking to end processes (I could not find the virus processes, all of them seemed normal),going to hosts to note pad and find any IP Addresses other than the usual 127.0.0.1 (but this was the IP Address that I found), and tried to find drivers via Device Manager to delete the virus (no results)...

Though the symptoms seemed familiar... None of the results helped me delete this virus.... Can anyone here help??? I'm worried that if I do not delete this ASAP, my computer will be at a much worse state...

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:18 PM

Posted 24 July 2012 - 02:25 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 turtle0423

turtle0423
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 24 July 2012 - 02:35 AM

TDSS KILLER LOG

00:32:30.0877 5652 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30
00:32:31.0438 5652 ============================================================
00:32:31.0438 5652 Current date / time: 2012/07/24 00:32:31.0438
00:32:31.0438 5652 SystemInfo:
00:32:31.0438 5652
00:32:31.0438 5652 OS Version: 6.1.7601 ServicePack: 1.0
00:32:31.0438 5652 Product type: Workstation
00:32:31.0438 5652 ComputerName: CHRISTY_KANG
00:32:31.0438 5652 UserName: Christy Kang
00:32:31.0438 5652 Windows directory: C:\Windows
00:32:31.0438 5652 System windows directory: C:\Windows
00:32:31.0438 5652 Running under WOW64
00:32:31.0438 5652 Processor architecture: Intel x64
00:32:31.0438 5652 Number of processors: 4
00:32:31.0438 5652 Page size: 0x1000
00:32:31.0438 5652 Boot type: Normal boot
00:32:31.0438 5652 ============================================================
00:32:34.0185 5652 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:32:34.0200 5652 Drive \Device\Harddisk1\DR1 - Size: 0x74200000 (1.81 Gb), SectorSize: 0x200, Cylinders: 0xEC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:32:35.0352 5652 ============================================================
00:32:35.0352 5652 \Device\Harddisk0\DR0:
00:32:35.0383 5652 MBR partitions:
00:32:35.0383 5652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1BC5800, BlocksNum 0x32000
00:32:35.0383 5652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BF7800, BlocksNum 0x3878E030
00:32:35.0383 5652 \Device\Harddisk1\DR1:
00:32:35.0383 5652 MBR partitions:
00:32:35.0383 5652 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x8D, BlocksNum 0x3A0F73
00:32:35.0383 5652 ============================================================
00:32:35.0463 5652 C: <-> \Device\Harddisk0\DR0\Partition1
00:32:35.0463 5652 ============================================================
00:32:35.0463 5652 Initialize success
00:32:35.0463 5652 ============================================================
00:32:50.0981 5820 ============================================================
00:32:50.0981 5820 Scan started
00:32:50.0981 5820 Mode: Manual; TDLFS;
00:32:50.0981 5820 ============================================================
00:32:52.0541 5820 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:32:52.0604 5820 1394ohci - ok
00:32:52.0775 5820 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
00:32:52.0791 5820 ACDaemon - ok
00:32:53.0072 5820 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:32:53.0087 5820 ACPI - ok
00:32:53.0119 5820 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:32:53.0119 5820 AcpiPmi - ok
00:32:53.0602 5820 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:32:53.0618 5820 AdobeFlashPlayerUpdateSvc - ok
00:32:53.0711 5820 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
00:32:53.0711 5820 adp94xx - ok
00:32:53.0789 5820 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
00:32:53.0789 5820 adpahci - ok
00:32:53.0852 5820 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
00:32:53.0867 5820 adpu320 - ok
00:32:53.0899 5820 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:32:53.0899 5820 AeLookupSvc - ok
00:32:54.0023 5820 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:32:54.0039 5820 AFD - ok
00:32:54.0086 5820 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:32:54.0086 5820 agp440 - ok
00:32:54.0117 5820 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:32:54.0117 5820 ALG - ok
00:32:54.0148 5820 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:32:54.0148 5820 aliide - ok
00:32:54.0195 5820 AMD External Events Utility (7288df84b363113ef5a5e182d48afc2c) C:\Windows\system32\atiesrxx.exe
00:32:54.0195 5820 AMD External Events Utility - ok
00:32:54.0211 5820 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:32:54.0226 5820 amdide - ok
00:32:54.0257 5820 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
00:32:54.0257 5820 AmdK8 - ok
00:32:58.0642 5820 amdkmdag (49c7d5f147dadffbed4e746903c7e15a) C:\Windows\system32\DRIVERS\atikmdag.sys
00:32:59.0562 5820 amdkmdag - ok
00:33:02.0324 5820 amdkmdap (2b76e84dc24a0ae24a26878acb82b631) C:\Windows\system32\DRIVERS\atikmpag.sys
00:33:02.0324 5820 amdkmdap - ok
00:33:02.0417 5820 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
00:33:02.0417 5820 AmdPPM - ok
00:33:02.0511 5820 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:33:02.0511 5820 amdsata - ok
00:33:02.0573 5820 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
00:33:02.0620 5820 amdsbs - ok
00:33:02.0682 5820 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:33:02.0682 5820 amdxata - ok
00:33:02.0729 5820 AMPPAL (9921e78bc29634235f4bf5809e7e8cde) C:\Windows\system32\DRIVERS\AMPPAL.sys
00:33:02.0729 5820 AMPPAL - ok
00:33:02.0729 5820 AMPPALP (9921e78bc29634235f4bf5809e7e8cde) C:\Windows\system32\DRIVERS\amppal.sys
00:33:02.0729 5820 AMPPALP - ok
00:33:03.0244 5820 AMPPALR3 (83a0e7ba4ae616d3654e700d9c5ff9db) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
00:33:03.0260 5820 AMPPALR3 - ok
00:33:04.0086 5820 ApfiltrService (29a7bf049ce611dcc51adecca23a466d) C:\Windows\system32\DRIVERS\Apfiltr.sys
00:33:04.0086 5820 ApfiltrService - ok
00:33:04.0180 5820 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:33:04.0180 5820 AppID - ok
00:33:04.0211 5820 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:33:04.0211 5820 AppIDSvc - ok
00:33:04.0305 5820 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:33:04.0305 5820 Appinfo - ok
00:33:04.0461 5820 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:33:04.0461 5820 Apple Mobile Device - ok
00:33:04.0539 5820 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
00:33:04.0539 5820 arc - ok
00:33:04.0570 5820 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
00:33:04.0570 5820 arcsas - ok
00:33:04.0617 5820 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
00:33:04.0617 5820 ArcSoftKsUFilter - ok
00:33:04.0757 5820 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:33:04.0820 5820 aspnet_state - ok
00:33:04.0869 5820 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:33:04.0870 5820 AsyncMac - ok
00:33:04.0890 5820 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:33:04.0891 5820 atapi - ok
00:33:04.0991 5820 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
00:33:05.0003 5820 athr - ok
00:33:05.0306 5820 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:33:05.0323 5820 AudioEndpointBuilder - ok
00:33:05.0328 5820 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:33:05.0331 5820 AudioSrv - ok
00:33:05.0369 5820 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:33:05.0371 5820 AxInstSV - ok
00:33:05.0453 5820 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
00:33:05.0458 5820 b06bdrv - ok
00:33:05.0555 5820 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:33:05.0588 5820 b57nd60a - ok
00:33:05.0683 5820 BBSvc (216ec30beaa9ae6818b21c969500d308) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
00:33:05.0699 5820 BBSvc - ok
00:33:05.0746 5820 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
00:33:05.0746 5820 BBUpdate - ok
00:33:05.0777 5820 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:33:05.0777 5820 BDESVC - ok
00:33:05.0808 5820 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:33:05.0808 5820 Beep - ok
00:33:06.0526 5820 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120619.001_6e2\BHDrvx64.sys
00:33:06.0541 5820 BHDrvx64 - ok
00:33:06.0572 5820 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:33:06.0572 5820 blbdrive - ok
00:33:07.0368 5820 Bluetooth Device Monitor (e52221ff68aabb5bee32a7dee69e7eab) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
00:33:07.0384 5820 Bluetooth Device Monitor - ok
00:33:07.0867 5820 Bluetooth Media Service (5cfa8896a5e10b226b0606b4c84d97ae) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
00:33:07.0883 5820 Bluetooth Media Service - ok
00:33:08.0070 5820 Bluetooth OBEX Service (03fe8826f70fc84401b554c4004c4593) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
00:33:08.0086 5820 Bluetooth OBEX Service - ok
00:33:08.0351 5820 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
00:33:08.0366 5820 Bonjour Service - ok
00:33:08.0819 5820 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:33:08.0834 5820 bowser - ok
00:33:08.0866 5820 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
00:33:08.0866 5820 BrFiltLo - ok
00:33:08.0881 5820 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
00:33:08.0881 5820 BrFiltUp - ok
00:33:08.0928 5820 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:33:08.0944 5820 Browser - ok
00:33:08.0990 5820 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:33:09.0006 5820 Brserid - ok
00:33:09.0022 5820 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:33:09.0022 5820 BrSerWdm - ok
00:33:09.0053 5820 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:33:09.0053 5820 BrUsbMdm - ok
00:33:09.0068 5820 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:33:09.0068 5820 BrUsbSer - ok
00:33:09.0100 5820 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
00:33:09.0115 5820 BthEnum - ok
00:33:09.0131 5820 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
00:33:09.0131 5820 BTHMODEM - ok
00:33:09.0178 5820 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
00:33:09.0178 5820 BthPan - ok
00:33:09.0240 5820 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
00:33:09.0240 5820 BTHPORT - ok
00:33:09.0287 5820 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:33:09.0287 5820 bthserv - ok
00:33:09.0474 5820 BTHSSecurityMgr (a5b3e8b2b78c7b3da56a0de490e6718c) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
00:33:09.0474 5820 BTHSSecurityMgr - ok
00:33:09.0490 5820 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
00:33:09.0490 5820 BTHUSB - ok
00:33:09.0505 5820 btmaux (a0ca8f0493d26e67436929856e32f585) C:\Windows\system32\DRIVERS\btmaux.sys
00:33:09.0505 5820 btmaux - ok
00:33:09.0568 5820 btmhsf (2b72e1339186a059be27bc1697f4a9c1) C:\Windows\system32\DRIVERS\btmhsf.sys
00:33:09.0568 5820 btmhsf - ok
00:33:09.0661 5820 ccSet_NIS (9a2a298479be9354fed42c9a40a9c214) C:\Windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys
00:33:09.0661 5820 ccSet_NIS - ok
00:33:09.0724 5820 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:33:09.0724 5820 cdfs - ok
00:33:09.0755 5820 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:33:09.0770 5820 cdrom - ok
00:33:09.0833 5820 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:33:09.0833 5820 CertPropSvc - ok
00:33:09.0864 5820 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
00:33:09.0864 5820 circlass - ok
00:33:09.0942 5820 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:33:09.0958 5820 CLFS - ok
00:33:10.0145 5820 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:33:10.0192 5820 clr_optimization_v2.0.50727_32 - ok
00:33:10.0301 5820 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:33:10.0316 5820 clr_optimization_v2.0.50727_64 - ok
00:33:10.0394 5820 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:33:10.0472 5820 clr_optimization_v4.0.30319_32 - ok
00:33:10.0566 5820 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:33:10.0660 5820 clr_optimization_v4.0.30319_64 - ok
00:33:10.0691 5820 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:33:10.0691 5820 CmBatt - ok
00:33:10.0722 5820 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:33:10.0722 5820 cmdide - ok
00:33:11.0268 5820 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
00:33:11.0299 5820 CNG - ok
00:33:11.0346 5820 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:33:11.0346 5820 Compbatt - ok
00:33:11.0362 5820 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:33:11.0377 5820 CompositeBus - ok
00:33:11.0393 5820 COMSysApp - ok
00:33:11.0408 5820 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
00:33:11.0424 5820 crcdisk - ok
00:33:11.0502 5820 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
00:33:11.0502 5820 CryptSvc - ok
00:33:11.0970 5820 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
00:33:11.0986 5820 cvhsvc - ok
00:33:12.0079 5820 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:33:12.0110 5820 DcomLaunch - ok
00:33:12.0142 5820 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:33:12.0173 5820 defragsvc - ok
00:33:12.0235 5820 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:33:12.0235 5820 DfsC - ok
00:33:12.0298 5820 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:33:12.0298 5820 Dhcp - ok
00:33:12.0313 5820 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:33:12.0313 5820 discache - ok
00:33:12.0360 5820 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
00:33:12.0360 5820 Disk - ok
00:33:12.0407 5820 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:33:12.0407 5820 Dnscache - ok
00:33:12.0438 5820 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:33:12.0454 5820 dot3svc - ok
00:33:12.0500 5820 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:33:12.0500 5820 DPS - ok
00:33:12.0532 5820 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:33:12.0532 5820 drmkaud - ok
00:33:12.0859 5820 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:33:12.0875 5820 DXGKrnl - ok
00:33:12.0937 5820 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
00:33:12.0937 5820 e1yexpress - ok
00:33:12.0968 5820 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:33:12.0984 5820 EapHost - ok
00:33:14.0182 5820 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
00:33:14.0275 5820 ebdrv - ok
00:33:14.0681 5820 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
00:33:14.0681 5820 eeCtrl - ok
00:33:15.0008 5820 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:33:15.0024 5820 EFS - ok
00:33:15.0476 5820 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:33:15.0508 5820 ehRecvr - ok
00:33:15.0570 5820 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:33:15.0570 5820 ehSched - ok
00:33:15.0804 5820 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
00:33:15.0835 5820 elxstor - ok
00:33:15.0976 5820 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:33:15.0976 5820 EraserUtilRebootDrv - ok
00:33:16.0007 5820 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:33:16.0007 5820 ErrDev - ok
00:33:16.0147 5820 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:33:16.0163 5820 EventSystem - ok
00:33:16.0740 5820 EvtEng (54fc81b0162478a72a93dbbeafb35671) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
00:33:16.0771 5820 EvtEng - ok
00:33:17.0021 5820 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:33:17.0021 5820 exfat - ok
00:33:17.0052 5820 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:33:17.0052 5820 fastfat - ok
00:33:17.0224 5820 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:33:17.0255 5820 Fax - ok
00:33:17.0302 5820 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
00:33:17.0302 5820 fdc - ok
00:33:17.0317 5820 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:33:17.0317 5820 fdPHost - ok
00:33:17.0333 5820 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:33:17.0333 5820 FDResPub - ok
00:33:17.0411 5820 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:33:17.0426 5820 FileInfo - ok
00:33:17.0458 5820 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:33:17.0458 5820 Filetrace - ok
00:33:17.0489 5820 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
00:33:17.0489 5820 flpydisk - ok
00:33:17.0551 5820 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:33:17.0551 5820 FltMgr - ok
00:33:17.0754 5820 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:33:17.0801 5820 FontCache - ok
00:33:17.0972 5820 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:33:17.0972 5820 FontCache3.0.0.0 - ok
00:33:18.0066 5820 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:33:18.0082 5820 FsDepends - ok
00:33:18.0160 5820 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:33:18.0160 5820 Fs_Rec - ok
00:33:18.0222 5820 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:33:18.0238 5820 fvevol - ok
00:33:18.0269 5820 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
00:33:18.0284 5820 gagp30kx - ok
00:33:18.0316 5820 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:33:18.0316 5820 GEARAspiWDM - ok
00:33:18.0472 5820 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:33:18.0503 5820 gpsvc - ok
00:33:18.0565 5820 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:33:18.0565 5820 hcw85cir - ok
00:33:18.0674 5820 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:33:18.0690 5820 HdAudAddService - ok
00:33:18.0721 5820 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:33:18.0737 5820 HDAudBus - ok
00:33:18.0752 5820 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
00:33:18.0752 5820 HidBatt - ok
00:33:18.0768 5820 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
00:33:18.0768 5820 HidBth - ok
00:33:18.0799 5820 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
00:33:18.0815 5820 HidIr - ok
00:33:18.0830 5820 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
00:33:18.0830 5820 hidserv - ok
00:33:18.0862 5820 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
00:33:18.0862 5820 HidUsb - ok
00:33:18.0877 5820 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:33:18.0893 5820 hkmsvc - ok
00:33:18.0908 5820 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:33:18.0908 5820 HomeGroupListener - ok
00:33:18.0940 5820 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:33:18.0940 5820 HomeGroupProvider - ok
00:33:18.0986 5820 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:33:18.0986 5820 HpSAMD - ok
00:33:19.0049 5820 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:33:19.0049 5820 HTTP - ok
00:33:19.0080 5820 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:33:19.0080 5820 hwpolicy - ok
00:33:19.0111 5820 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:33:19.0127 5820 i8042prt - ok
00:33:19.0205 5820 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\drivers\iaStor.sys
00:33:19.0205 5820 iaStor - ok
00:33:19.0345 5820 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
00:33:19.0345 5820 IAStorDataMgrSvc - ok
00:33:19.0439 5820 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:33:19.0454 5820 iaStorV - ok
00:33:19.0486 5820 iBtFltCoex (e049dd2969a2c0af9ff99dd5f1182695) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
00:33:19.0486 5820 iBtFltCoex - ok
00:33:19.0751 5820 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:33:19.0829 5820 idsvc - ok
00:33:20.0328 5820 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120626.001\IDSvia64.sys
00:33:20.0344 5820 IDSVia64 - ok
00:33:20.0515 5820 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
00:33:20.0515 5820 iirsp - ok
00:33:20.0640 5820 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:33:20.0671 5820 IKEEXT - ok
00:33:21.0779 5820 IntcAzAudAddService (cdb772f707ac24b43a20c821852ca61f) C:\Windows\system32\drivers\RTKVHD64.sys
00:33:21.0794 5820 IntcAzAudAddService - ok
00:33:22.0153 5820 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
00:33:22.0153 5820 IntcDAud - ok
00:33:22.0247 5820 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:33:22.0247 5820 intelide - ok
00:33:27.0520 5820 intelkmd (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdpmd64.sys
00:33:27.0738 5820 intelkmd - ok
00:33:28.0159 5820 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:33:28.0159 5820 intelppm - ok
00:33:28.0222 5820 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:33:28.0222 5820 IPBusEnum - ok
00:33:28.0268 5820 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:33:28.0268 5820 IpFilterDriver - ok
00:33:28.0300 5820 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:33:28.0300 5820 IPMIDRV - ok
00:33:28.0346 5820 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:33:28.0346 5820 IPNAT - ok
00:33:28.0877 5820 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
00:33:28.0908 5820 iPod Service - ok
00:33:28.0955 5820 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:33:28.0955 5820 IRENUM - ok
00:33:28.0986 5820 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:33:28.0986 5820 isapnp - ok
00:33:29.0048 5820 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:33:29.0048 5820 iScsiPrt - ok
00:33:29.0314 5820 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
00:33:29.0329 5820 jhi_service - ok
00:33:29.0407 5820 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:33:29.0423 5820 kbdclass - ok
00:33:29.0454 5820 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
00:33:29.0454 5820 kbdhid - ok
00:33:29.0501 5820 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:33:29.0501 5820 KeyIso - ok
00:33:29.0563 5820 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
00:33:29.0563 5820 KSecDD - ok
00:33:29.0594 5820 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
00:33:29.0594 5820 KSecPkg - ok
00:33:29.0641 5820 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:33:29.0657 5820 ksthunk - ok
00:33:29.0750 5820 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:33:29.0766 5820 KtmRm - ok
00:33:29.0875 5820 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
00:33:29.0875 5820 LanmanServer - ok
00:33:29.0953 5820 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:33:29.0953 5820 LanmanWorkstation - ok
00:33:30.0062 5820 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:33:30.0062 5820 lltdio - ok
00:33:30.0265 5820 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:33:30.0281 5820 lltdsvc - ok
00:33:30.0359 5820 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:33:30.0359 5820 lmhosts - ok
00:33:30.0593 5820 LMS (f4a17dcab576267c85663e64f3ace5a4) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
00:33:30.0608 5820 LMS - ok
00:33:30.0686 5820 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
00:33:30.0702 5820 LSI_FC - ok
00:33:30.0718 5820 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
00:33:30.0718 5820 LSI_SAS - ok
00:33:30.0780 5820 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
00:33:30.0780 5820 LSI_SAS2 - ok
00:33:30.0827 5820 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
00:33:30.0827 5820 LSI_SCSI - ok
00:33:30.0905 5820 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:33:30.0905 5820 luafv - ok
00:33:30.0967 5820 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
00:33:30.0967 5820 MBAMProtector - ok
00:33:31.0123 5820 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:33:31.0139 5820 MBAMService - ok
00:33:31.0186 5820 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:33:31.0201 5820 Mcx2Svc - ok
00:33:31.0232 5820 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
00:33:31.0232 5820 megasas - ok
00:33:31.0295 5820 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
00:33:31.0295 5820 MegaSR - ok
00:33:31.0357 5820 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
00:33:31.0357 5820 MEIx64 - ok
00:33:31.0435 5820 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:33:31.0435 5820 MMCSS - ok
00:33:31.0482 5820 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:33:31.0482 5820 Modem - ok
00:33:31.0498 5820 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:33:31.0498 5820 monitor - ok
00:33:31.0560 5820 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:33:31.0560 5820 mouclass - ok
00:33:31.0607 5820 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
00:33:31.0607 5820 mouhid - ok
00:33:31.0654 5820 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:33:31.0654 5820 mountmgr - ok
00:33:31.0685 5820 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:33:31.0685 5820 mpio - ok
00:33:31.0716 5820 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:33:31.0716 5820 mpsdrv - ok
00:33:31.0732 5820 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:33:31.0747 5820 MRxDAV - ok
00:33:31.0763 5820 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:33:31.0763 5820 mrxsmb - ok
00:33:31.0794 5820 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:33:31.0794 5820 mrxsmb10 - ok
00:33:31.0825 5820 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:33:31.0825 5820 mrxsmb20 - ok
00:33:31.0825 5820 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:33:31.0825 5820 msahci - ok
00:33:31.0872 5820 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:33:31.0888 5820 msdsm - ok
00:33:31.0919 5820 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:33:31.0919 5820 MSDTC - ok
00:33:31.0950 5820 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:33:31.0950 5820 Msfs - ok
00:33:31.0981 5820 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:33:31.0981 5820 mshidkmdf - ok
00:33:31.0981 5820 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:33:31.0997 5820 msisadrv - ok
00:33:32.0044 5820 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:33:32.0059 5820 MSiSCSI - ok
00:33:32.0059 5820 msiserver - ok
00:33:32.0090 5820 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:33:32.0090 5820 MSKSSRV - ok
00:33:32.0106 5820 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:33:32.0122 5820 MSPCLOCK - ok
00:33:32.0122 5820 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:33:32.0122 5820 MSPQM - ok
00:33:32.0153 5820 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:33:32.0168 5820 MsRPC - ok
00:33:32.0184 5820 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:33:32.0184 5820 mssmbios - ok
00:33:32.0215 5820 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:33:32.0215 5820 MSTEE - ok
00:33:32.0231 5820 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
00:33:32.0231 5820 MTConfig - ok
00:33:32.0246 5820 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:33:32.0246 5820 Mup - ok
00:33:32.0371 5820 MyWiFiDHCPDNS (4bbb9d9c4df259fae2d172c5bb25ddd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
00:33:32.0387 5820 MyWiFiDHCPDNS - ok
00:33:32.0480 5820 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:33:32.0496 5820 napagent - ok
00:33:32.0574 5820 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:33:32.0590 5820 NativeWifiP - ok
00:33:32.0777 5820 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120626.019\ENG64.SYS
00:33:32.0777 5820 NAVENG - ok
00:33:33.0073 5820 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120626.019\EX64.SYS
00:33:33.0167 5820 NAVEX15 - ok
00:33:33.0619 5820 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
00:33:33.0635 5820 NDIS - ok
00:33:33.0666 5820 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:33:33.0666 5820 NdisCap - ok
00:33:33.0697 5820 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:33:33.0697 5820 NdisTapi - ok
00:33:33.0728 5820 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:33:33.0728 5820 Ndisuio - ok
00:33:33.0775 5820 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:33:33.0791 5820 NdisWan - ok
00:33:33.0822 5820 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:33:33.0822 5820 NDProxy - ok
00:33:33.0869 5820 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:33:33.0869 5820 NetBIOS - ok
00:33:33.0900 5820 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:33:33.0900 5820 NetBT - ok
00:33:33.0947 5820 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:33:33.0962 5820 Netlogon - ok
00:33:34.0072 5820 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:33:34.0072 5820 Netman - ok
00:33:34.0274 5820 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:33:34.0321 5820 NetMsmqActivator - ok
00:33:34.0337 5820 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:33:34.0337 5820 NetPipeActivator - ok
00:33:34.0399 5820 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:33:34.0415 5820 netprofm - ok
00:33:34.0415 5820 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:33:34.0415 5820 NetTcpActivator - ok
00:33:34.0430 5820 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:33:34.0430 5820 NetTcpPortSharing - ok
00:33:44.0773 5820 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
00:33:44.0945 5820 NETwNs64 - ok
00:33:45.0553 5820 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
00:33:45.0553 5820 nfrd960 - ok
00:33:45.0803 5820 NIS (efbfe525e03c7444187262c85d776532) C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe
00:33:45.0818 5820 NIS - ok
00:33:46.0084 5820 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:33:46.0084 5820 NlaSvc - ok
00:33:46.0162 5820 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:33:46.0162 5820 Npfs - ok
00:33:46.0208 5820 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:33:46.0208 5820 nsi - ok
00:33:46.0271 5820 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:33:46.0271 5820 nsiproxy - ok
00:33:47.0846 5820 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:33:47.0893 5820 Ntfs - ok
00:33:48.0314 5820 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:33:48.0314 5820 Null - ok
00:33:48.0533 5820 nusb3hub (01266516e6e88d183a2b58722eeb4443) C:\Windows\system32\DRIVERS\nusb3hub.sys
00:33:48.0533 5820 nusb3hub - ok
00:33:48.0782 5820 nusb3xhc (5ec04f55cc5f165f21752712437df638) C:\Windows\system32\DRIVERS\nusb3xhc.sys
00:33:48.0798 5820 nusb3xhc - ok
00:33:52.0682 5820 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:33:52.0948 5820 nvlddmkm - ok
00:33:53.0525 5820 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:33:53.0540 5820 nvraid - ok
00:33:53.0572 5820 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:33:53.0587 5820 nvstor - ok
00:33:53.0634 5820 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:33:53.0634 5820 nv_agp - ok
00:33:53.0650 5820 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:33:53.0650 5820 ohci1394 - ok
00:33:53.0852 5820 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:33:53.0915 5820 ose - ok
00:33:57.0846 5820 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:33:58.0049 5820 osppsvc - ok
00:33:58.0876 5820 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:33:58.0876 5820 p2pimsvc - ok
00:33:59.0297 5820 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:33:59.0313 5820 p2psvc - ok
00:33:59.0812 5820 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
00:33:59.0812 5820 Parport - ok
00:33:59.0859 5820 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
00:33:59.0859 5820 partmgr - ok
00:34:00.0061 5820 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:34:00.0077 5820 PcaSvc - ok
00:34:00.0451 5820 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:34:00.0467 5820 pci - ok
00:34:00.0576 5820 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:34:00.0576 5820 pciide - ok
00:34:00.0732 5820 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
00:34:00.0732 5820 pcmcia - ok
00:34:00.0763 5820 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:34:00.0763 5820 pcw - ok
00:34:01.0013 5820 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:34:01.0044 5820 PEAUTH - ok
00:34:01.0341 5820 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:34:01.0341 5820 PerfHost - ok
00:34:01.0606 5820 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:34:01.0637 5820 pla - ok
00:34:01.0793 5820 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:34:01.0824 5820 PlugPlay - ok
00:34:02.0074 5820 PMBDeviceInfoProvider (ae6c778717de2f6b0c0b5335036d3363) c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
00:34:02.0261 5820 PMBDeviceInfoProvider - ok
00:34:02.0339 5820 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:34:02.0355 5820 PNRPAutoReg - ok
00:34:02.0401 5820 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:34:02.0448 5820 PNRPsvc - ok
00:34:02.0729 5820 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:34:02.0760 5820 PolicyAgent - ok
00:34:02.0838 5820 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:34:02.0838 5820 Power - ok
00:34:02.0994 5820 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:34:03.0010 5820 PptpMiniport - ok
00:34:03.0057 5820 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
00:34:03.0072 5820 Processor - ok
00:34:03.0166 5820 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
00:34:03.0181 5820 ProfSvc - ok
00:34:03.0291 5820 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:34:03.0291 5820 ProtectedStorage - ok
00:34:03.0337 5820 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:34:03.0337 5820 Psched - ok
00:34:03.0915 5820 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
00:34:04.0024 5820 ql2300 - ok
00:34:04.0695 5820 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
00:34:04.0710 5820 ql40xx - ok
00:34:04.0835 5820 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:34:04.0835 5820 QWAVE - ok
00:34:04.0866 5820 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:34:04.0866 5820 QWAVEdrv - ok
00:34:04.0882 5820 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:34:04.0882 5820 RasAcd - ok
00:34:04.0960 5820 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:34:04.0991 5820 RasAgileVpn - ok
00:34:05.0085 5820 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:34:05.0085 5820 RasAuto - ok
00:34:05.0303 5820 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:34:05.0303 5820 Rasl2tp - ok
00:34:05.0475 5820 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:34:05.0490 5820 RasMan - ok
00:34:05.0568 5820 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:34:05.0568 5820 RasPppoe - ok
00:34:05.0677 5820 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:34:05.0677 5820 RasSstp - ok
00:34:05.0833 5820 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:34:05.0865 5820 rdbss - ok
00:34:05.0911 5820 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
00:34:05.0911 5820 rdpbus - ok
00:34:05.0911 5820 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:34:05.0927 5820 RDPCDD - ok
00:34:05.0958 5820 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:34:05.0958 5820 RDPENCDD - ok
00:34:06.0005 5820 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:34:06.0005 5820 RDPREFMP - ok
00:34:06.0282 5820 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
00:34:06.0287 5820 RDPWD - ok
00:34:06.0379 5820 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:34:06.0382 5820 rdyboost - ok
00:34:07.0133 5820 RegSrvc (a436f5e7d80bbdbb0826d0f176d5bea8) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
00:34:07.0180 5820 RegSrvc - ok
00:34:07.0320 5820 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:34:07.0320 5820 RemoteAccess - ok
00:34:07.0460 5820 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:34:07.0460 5820 RemoteRegistry - ok
00:34:07.0772 5820 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
00:34:07.0788 5820 RFCOMM - ok
00:34:07.0835 5820 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:34:07.0835 5820 RpcEptMapper - ok
00:34:07.0866 5820 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:34:07.0866 5820 RpcLocator - ok
00:34:08.0022 5820 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:34:08.0022 5820 RpcSs - ok
00:34:08.0287 5820 RSPCIESTOR (f8fea7764348c59262b340916cbfeb40) C:\Windows\system32\DRIVERS\RtsPStor.sys
00:34:08.0287 5820 RSPCIESTOR - ok
00:34:08.0474 5820 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:34:08.0506 5820 rspndr - ok
00:34:08.0833 5820 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:34:08.0833 5820 RTL8167 - ok
00:34:08.0880 5820 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:34:08.0880 5820 SamSs - ok
00:34:09.0020 5820 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:34:09.0052 5820 sbp2port - ok
00:34:09.0114 5820 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:34:09.0114 5820 SCardSvr - ok
00:34:09.0286 5820 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:34:09.0286 5820 scfilter - ok
00:34:09.0473 5820 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:34:09.0504 5820 Schedule - ok
00:34:09.0535 5820 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:34:09.0535 5820 SCPolicySvc - ok
00:34:09.0598 5820 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
00:34:09.0598 5820 sdbus - ok
00:34:09.0676 5820 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:34:09.0691 5820 SDRSVC - ok
00:34:09.0738 5820 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:34:09.0738 5820 secdrv - ok
00:34:09.0769 5820 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:34:09.0785 5820 seclogon - ok
00:34:09.0816 5820 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
00:34:09.0816 5820 SENS - ok
00:34:09.0863 5820 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:34:09.0863 5820 SensrSvc - ok
00:34:09.0894 5820 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
00:34:09.0894 5820 Serenum - ok
00:34:09.0910 5820 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
00:34:09.0910 5820 Serial - ok
00:34:09.0956 5820 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
00:34:09.0956 5820 sermouse - ok
00:34:10.0003 5820 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:34:10.0019 5820 SessionEnv - ok
00:34:10.0050 5820 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
00:34:10.0050 5820 SFEP - ok
00:34:10.0081 5820 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:34:10.0097 5820 sffdisk - ok
00:34:10.0159 5820 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:34:10.0159 5820 sffp_mmc - ok
00:34:10.0190 5820 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:34:10.0190 5820 sffp_sd - ok
00:34:10.0222 5820 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
00:34:10.0222 5820 sfloppy - ok
00:34:10.0705 5820 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
00:34:10.0721 5820 Sftfs - ok
00:34:11.0392 5820 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
00:34:11.0407 5820 sftlist - ok
00:34:11.0516 5820 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
00:34:11.0532 5820 Sftplay - ok
00:34:11.0579 5820 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
00:34:11.0579 5820 Sftredir - ok
00:34:11.0672 5820 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
00:34:11.0672 5820 Sftvol - ok
00:34:11.0750 5820 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
00:34:11.0766 5820 sftvsa - ok
00:34:11.0828 5820 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:34:11.0844 5820 ShellHWDetection - ok
00:34:11.0922 5820 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
00:34:11.0922 5820 SiSRaid2 - ok
00:34:11.0969 5820 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
00:34:12.0000 5820 SiSRaid4 - ok
00:34:13.0669 5820 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
00:34:13.0794 5820 Skype C2C Service - ok
00:34:14.0200 5820 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
00:34:14.0200 5820 SkypeUpdate - ok
00:34:15.0120 5820 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:34:15.0120 5820 Smb - ok
00:34:15.0198 5820 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:34:15.0229 5820 SNMPTRAP - ok
00:34:15.0401 5820 SOHCImp (ddf2ec98af6fc70608a4f9ce4db52758) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
00:34:15.0401 5820 SOHCImp - ok
00:34:15.0416 5820 SOHDs (5fa03f5ea6efef6d17b4a1a48c40a23c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
00:34:15.0416 5820 SOHDs - ok
00:34:15.0588 5820 SpfService (65e5659e9c2a0762d05657c0e22a7ca2) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
00:34:15.0588 5820 SpfService - ok
00:34:15.0650 5820 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:34:15.0650 5820 spldr - ok
00:34:15.0869 5820 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:34:15.0884 5820 Spooler - ok
00:34:16.0508 5820 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:34:16.0586 5820 sppsvc - ok
00:34:16.0883 5820 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:34:16.0883 5820 sppuinotify - ok
00:34:17.0288 5820 SRTSP (df26fa7825f9cd39fceb3f2f27e813a7) C:\Windows\system32\drivers\NISx64\1300000.080\SRTSP64.SYS
00:34:17.0320 5820 SRTSP - ok
00:34:17.0335 5820 SRTSPX (a8ade1e0092b8097ddb76c9a6dc5f193) C:\Windows\system32\drivers\NISx64\1300000.080\SRTSPX64.SYS
00:34:17.0335 5820 SRTSPX - ok
00:34:17.0725 5820 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:34:17.0725 5820 srv - ok
00:34:17.0881 5820 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:34:17.0912 5820 srv2 - ok
00:34:17.0944 5820 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:34:17.0959 5820 srvnet - ok
00:34:18.0006 5820 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:34:18.0006 5820 SSDPSRV - ok
00:34:18.0131 5820 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:34:18.0131 5820 SstpSvc - ok
00:34:18.0195 5820 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
00:34:18.0195 5820 stexstor - ok
00:34:18.0616 5820 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:34:18.0648 5820 stisvc - ok
00:34:18.0726 5820 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:34:18.0726 5820 swenum - ok
00:34:19.0428 5820 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:34:19.0459 5820 swprv - ok
00:34:19.0880 5820 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1300000.080\SYMDS64.SYS
00:34:19.0896 5820 SymDS - ok
00:34:20.0520 5820 SymEFA (f016d755aadd6a16555809d4b289497e) C:\Windows\system32\drivers\NISx64\1300000.080\SYMEFA64.SYS
00:34:20.0582 5820 SymEFA - ok
00:34:21.0097 5820 SymEvent (36b77f5c9e21f88a8c8ec67ad5415819) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
00:34:21.0097 5820 SymEvent - ok
00:34:21.0175 5820 SymIRON (321b635a0c0ff48047d37f6f078c5342) C:\Windows\system32\drivers\NISx64\1300000.080\Ironx64.SYS
00:34:21.0175 5820 SymIRON - ok
00:34:21.0315 5820 SymNetS (5ea027a364116963e37a281b1949ffd5) C:\Windows\system32\drivers\NISx64\1300000.080\SYMNETS.SYS
00:34:21.0315 5820 SymNetS - ok
00:34:21.0705 5820 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:34:21.0768 5820 SysMain - ok
00:34:21.0939 5820 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:34:21.0939 5820 TabletInputService - ok
00:34:22.0033 5820 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:34:22.0064 5820 TapiSrv - ok
00:34:22.0142 5820 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:34:22.0142 5820 TBS - ok
00:34:23.0718 5820 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
00:34:23.0811 5820 Tcpip - ok
00:34:25.0886 5820 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
00:34:25.0902 5820 TCPIP6 - ok
00:34:26.0151 5820 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:34:26.0151 5820 tcpipreg - ok
00:34:26.0167 5820 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:34:26.0167 5820 TDPIPE - ok
00:34:26.0198 5820 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:34:26.0198 5820 TDTCP - ok
00:34:26.0260 5820 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:34:26.0276 5820 tdx - ok
00:34:26.0307 5820 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
00:34:26.0307 5820 TermDD - ok
00:34:26.0448 5820 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:34:26.0463 5820 TermService - ok
00:34:26.0494 5820 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:34:26.0494 5820 Themes - ok
00:34:26.0619 5820 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:34:26.0619 5820 THREADORDER - ok
00:34:26.0650 5820 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
00:34:26.0666 5820 TPM - ok
00:34:26.0697 5820 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:34:26.0697 5820 TrkWks - ok
00:34:26.0760 5820 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:34:26.0760 5820 TrustedInstaller - ok
00:34:26.0775 5820 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:34:26.0791 5820 tssecsrv - ok
00:34:26.0806 5820 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:34:26.0806 5820 TsUsbFlt - ok
00:34:26.0822 5820 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
00:34:26.0822 5820 TsUsbGD - ok
00:34:26.0853 5820 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:34:26.0853 5820 tunnel - ok
00:34:26.0869 5820 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
00:34:26.0869 5820 uagp35 - ok
00:34:26.0994 5820 uCamMonitor (1fe69f3c1ca1cf4b7ec7e2e9090fffdc) c:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
00:34:27.0072 5820 uCamMonitor - ok
00:34:27.0103 5820 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:34:27.0118 5820 udfs - ok
00:34:27.0134 5820 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:34:27.0150 5820 UI0Detect - ok
00:34:27.0196 5820 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:34:27.0196 5820 uliagpkx - ok
00:34:27.0212 5820 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
00:34:27.0212 5820 umbus - ok
00:34:27.0212 5820 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
00:34:27.0228 5820 UmPass - ok
00:34:27.0774 5820 UNS (db641944f7e4b14c13c3fefc89843f69) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
00:34:27.0836 5820 UNS - ok
00:34:28.0242 5820 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:34:28.0242 5820 upnphost - ok
00:34:28.0335 5820 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
00:34:28.0335 5820 USBAAPL64 - ok
00:34:28.0382 5820 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:34:28.0382 5820 usbccgp - ok
00:34:28.0460 5820 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:34:28.0460 5820 usbcir - ok
00:34:28.0507 5820 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:34:28.0554 5820 usbehci - ok
00:34:29.0037 5820 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:34:29.0068 5820 usbhub - ok
00:34:29.0131 5820 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:34:29.0131 5820 usbohci - ok
00:34:29.0146 5820 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
00:34:29.0162 5820 usbprint - ok
00:34:29.0193 5820 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
00:34:29.0193 5820 USBSTOR - ok
00:34:29.0224 5820 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:34:29.0224 5820 usbuhci - ok
00:34:29.0568 5820 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
00:34:29.0599 5820 usbvideo - ok
00:34:29.0708 5820 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:34:29.0708 5820 UxSms - ok
00:34:29.0989 5820 VAIO Event Service (203fd19d70549a2939e1ae3a36608151) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
00:34:30.0004 5820 VAIO Event Service - ok
00:34:30.0332 5820 VAIO Power Management (63dd41d4c6f5fd59beb08c88292ca76a) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
00:34:30.0348 5820 VAIO Power Management - ok
00:34:30.0457 5820 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:34:30.0457 5820 VaultSvc - ok
00:34:31.0315 5820 VCFw (c642c93a30dcf1514f2c0502f864ee81) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
00:34:31.0471 5820 VCFw - ok
00:34:32.0391 5820 VcmIAlzMgr (f9d722a62c881b59439f9fc27bc7e285) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
00:34:32.0532 5820 VcmIAlzMgr - ok
00:34:33.0062 5820 VcmINSMgr (2f06d134554ba84fe253dbc481dcfe6d) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
00:34:33.0171 5820 VcmINSMgr - ok
00:34:33.0421 5820 VcmXmlIfHelper (9bc1f203c5604c24f345bcfcd6956bae) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
00:34:33.0530 5820 VcmXmlIfHelper - ok
00:34:33.0733 5820 VCService (b26dab275900e604f247f5a8b72cffe1) C:\Program Files\Sony\VAIO Care\VCService.exe
00:34:33.0733 5820 VCService - ok
00:34:34.0279 5820 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:34:34.0279 5820 vdrvroot - ok
00:34:34.0840 5820 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:34:34.0887 5820 vds - ok
00:34:34.0996 5820 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:34:34.0996 5820 vga - ok
00:34:35.0074 5820 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:34:35.0074 5820 VgaSave - ok
00:34:35.0449 5820 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:34:35.0464 5820 vhdmp - ok
00:34:35.0574 5820 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:34:35.0589 5820 viaide - ok
00:34:35.0948 5820 VIPAppService (f211e659aaf2d82e4dbd6ea4a8178829) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
00:34:35.0964 5820 VIPAppService - ok
00:34:36.0198 5820 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:34:36.0213 5820 volmgr - ok
00:34:36.0478 5820 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:34:36.0494 5820 volmgrx - ok
00:34:36.0603 5820 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:34:36.0603 5820 volsnap - ok
00:34:36.0775 5820 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
00:34:36.0775 5820 vsmraid - ok
00:34:37.0929 5820 VSNService (6b427ef11b77646e7e3eefb2c4870191) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
00:34:37.0960 5820 VSNService - ok
00:34:38.0943 5820 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:34:39.0021 5820 VSS - ok
00:34:39.0754 5820 VUAgent (5498369d830f2d22104af518e50d8aaf) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
00:34:39.0801 5820 VUAgent - ok
00:34:40.0503 5820 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:34:40.0503 5820 vwifibus - ok
00:34:40.0581 5820 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:34:40.0597 5820 vwififlt - ok
00:34:40.0612 5820 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:34:40.0612 5820 vwifimp - ok
00:34:40.0768 5820 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:34:40.0784 5820 W32Time - ok
00:34:40.0831 5820 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
00:34:40.0831 5820 WacomPen - ok
00:34:40.0940 5820 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:34:40.0940 5820 WANARP - ok
00:34:40.0940 5820 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:34:40.0956 5820 Wanarpv6 - ok
00:34:41.0923 5820 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:34:42.0001 5820 WatAdminSvc - ok
00:34:42.0680 5820 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:34:42.0726 5820 wbengine - ok
00:34:43.0210 5820 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:34:43.0226 5820 WbioSrvc - ok
00:34:43.0366 5820 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:34:43.0382 5820 wcncsvc - ok
00:34:43.0413 5820 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:34:43.0413 5820 WcsPlugInService - ok
00:34:43.0491 5820 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
00:34:43.0491 5820 Wd - ok
00:34:43.0662 5820 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:34:43.0662 5820 Wdf01000 - ok
00:34:43.0709 5820 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:34:43.0709 5820 WdiServiceHost - ok
00:34:43.0709 5820 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:34:43.0709 5820 WdiSystemHost - ok
00:34:43.0803 5820 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:34:43.0834 5820 WebClient - ok
00:34:43.0865 5820 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:34:43.0896 5820 Wecsvc - ok
00:34:43.0912 5820 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:34:43.0912 5820 wercplsupport - ok
00:34:43.0943 5820 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:34:43.0943 5820 WerSvc - ok
00:34:44.0037 5820 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:34:44.0037 5820 WfpLwf - ok
00:34:44.0084 5820 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:34:44.0084 5820 WIMMount - ok
00:34:44.0099 5820 WinHttpAutoProxySvc - ok
00:34:44.0208 5820 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:34:44.0208 5820 Winmgmt - ok
00:34:44.0988 5820 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:34:45.0035 5820 WinRM - ok
00:34:45.0425 5820 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:34:45.0425 5820 WinUsb - ok
00:34:45.0521 5820 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:34:45.0552 5820 Wlansvc - ok
00:34:45.0786 5820 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:34:45.0802 5820 wlcrasvc - ok
00:34:46.0473 5820 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:34:46.0535 5820 wlidsvc - ok
00:34:47.0237 5820 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:34:47.0237 5820 WmiAcpi - ok
00:34:47.0409 5820 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:34:47.0487 5820 wmiApSrv - ok
00:34:47.0518 5820 WMPNetworkSvc - ok
00:34:47.0690 5820 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:34:47.0690 5820 WPCSvc - ok
00:34:47.0752 5820 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:34:47.0752 5820 WPDBusEnum - ok
00:34:47.0814 5820 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:34:47.0830 5820 ws2ifsl - ok
00:34:47.0830 5820 WSearch - ok
00:34:47.0846 5820 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:34:47.0861 5820 WudfPf - ok
00:34:47.0892 5820 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:34:47.0892 5820 WUDFRd - ok
00:34:47.0924 5820 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:34:47.0924 5820 wudfsvc - ok
00:34:48.0033 5820 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:34:48.0048 5820 WwanSvc - ok
00:34:48.0111 5820 X6va008 - ok
00:34:48.0173 5820 X6va009 - ok
00:34:48.0220 5820 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:34:49.0998 5820 \Device\Harddisk0\DR0 - ok
00:34:51.0153 5820 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
00:34:51.0356 5820 \Device\Harddisk1\DR1 - ok
00:34:51.0387 5820 Boot (0x1200) (16df17afa6fa1751b352a516c034f7e3) \Device\Harddisk0\DR0\Partition0
00:34:51.0402 5820 \Device\Harddisk0\DR0\Partition0 - ok
00:34:51.0418 5820 Boot (0x1200) (760584b9473d977a36be0cb3ad4e6294) \Device\Harddisk0\DR0\Partition1
00:34:51.0418 5820 \Device\Harddisk0\DR0\Partition1 - ok
00:34:51.0434 5820 Boot (0x1200) (497fc2c7ba9442ce95bdb9a3f058ce74) \Device\Harddisk1\DR1\Partition0
00:34:51.0434 5820 \Device\Harddisk1\DR1\Partition0 - ok
00:34:51.0434 5820 ============================================================
00:34:51.0434 5820 Scan finished
00:34:51.0434 5820 ============================================================
00:34:51.0449 5796 Detected object count: 0
00:34:51.0449 5796 Actual detected object count: 0
00:35:06.0319 5656 Deinitialize success

#4 turtle0423

turtle0423
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 24 July 2012 - 02:45 AM

aswMBR LOG (aka AVAST ENGINE BELOW

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-24 00:36:10
-----------------------------
00:36:10.694 OS Version: Windows x64 6.1.7601 Service Pack 1
00:36:10.694 Number of processors: 4 586 0x2A07
00:36:10.694 ComputerName: CHRISTY_KANG UserName: Christy Kang
00:36:12.535 Initialize success
00:37:17.451 AVAST engine defs: 12072302
00:37:20.054 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:37:20.056 Disk 0 Vendor: Hitachi_ JE3O Size: 476940MB BusType: 3
00:37:20.094 Disk 0 MBR read successfully
00:37:20.096 Disk 0 MBR scan
00:37:20.101 Disk 0 Windows 7 default MBR code
00:37:20.121 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14218 MB offset 2048
00:37:20.134 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29120512
00:37:20.159 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 462620 MB offset 29325312
00:37:20.258 Disk 0 scanning C:\Windows\system32\drivers
00:37:46.580 Service scanning
00:38:37.185 Modules scanning
00:38:37.196 Disk 0 trace - called modules:
00:38:37.217 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys
00:38:37.547 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80075c1060]
00:38:37.554 3 CLASSPNP.SYS[fffff88001fa843f] -> nt!IofCallDriver -> [0xfffffa8004e9bdb0]
00:38:37.561 5 ACPI.sys[fffff88000edb7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004e9a050]
00:38:41.417 AVAST engine scan C:\Windows
00:38:45.938 AVAST engine scan C:\Windows\system32
00:40:27.505 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
00:40:29.326 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
00:41:47.804 AVAST engine scan C:\Windows\system32\drivers
00:42:09.518 AVAST engine scan C:\Users\Christy Kang
00:44:32.337 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
00:44:32.338 The log file has been saved successfully to "C:\aswMBR LOG.txt"

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:18 PM

Posted 24 July 2012 - 02:49 AM

We need advanced tools to remove this one

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#6 turtle0423

turtle0423
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 24 July 2012 - 03:51 AM

ESET LIST OF THREATS

C:\Windows\Installer\{44593c15-50b0-7a27-4585-9b77e3ace328}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{44593c15-50b0-7a27-4585-9b77e3ace328}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:18 PM

Posted 24 July 2012 - 04:39 AM

Please follow my previous instructions :thumbup2:

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:18 PM

Posted 24 July 2012 - 09:02 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic462203.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users