Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Horse & Trojan.Zeroaccess [Solved]


  • This topic is locked This topic is locked

#1
nateumn

nateumn

    New Member

  • Member
  • Pip
  • 9 posts
Hi,

I've recently been infected with a Trojan. I'm running Symantec Antivirus 10.2 and it pops up occasionally in the Alerts as Trojan.Horse & Trojan.Zeroaccess. The infected file name almost always begins with 800000cd.@.

I've run Symantec and Malwarebytes in Safe Mode and it appears to clear up most of the problems. My computer is still running slow, so I thought I would see if someone here could help me clean house. It appears that everyone here does a great job of walking people through and cleaning their computers!

As requested, I ran OTL and am attaching the .txt files

Thank you so much in advance for the support!



OTL logfile created on: 6/12/2012 12:58:43 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Chubby II\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 28.57% Memory free
3.98 Gb Paging File | 2.60 Gb Available in Paging File | 65.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.86 Gb Total Space | 124.26 Gb Free Space | 55.75% Space Free | Partition Type: NTFS

Computer Name: CHUBBYII-PC | User Name: Chubby II | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/12 12:56:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chubby II\Desktop\OTL.exe
PRC - [2012/05/04 09:13:33 | 000,400,344 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2012/05/03 15:38:41 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/06 08:09:59 | 000,453,240 | ---- | M] (http://www.express-files.com/) -- C:\Program Files\ExpressFiles\ExpressFiles.exe
PRC - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/05/05 20:59:40 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010/01/06 17:24:32 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/10/26 17:30:00 | 000,413,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2009/10/17 00:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2009/10/03 00:32:51 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/09/16 10:55:22 | 001,961,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2009/09/16 10:52:18 | 000,136,080 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2009/09/16 10:52:04 | 000,075,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SavUI.exe
PRC - [2009/09/16 10:51:34 | 000,031,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2009/09/11 14:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/27 18:38:28 | 000,803,304 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2009/08/18 20:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/08/12 13:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009/07/20 04:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2009/06/04 22:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/04 16:08:10 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/05/04 16:07:42 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/04/21 13:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/04 09:13:42 | 001,952,728 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2012/05/04 09:13:41 | 000,162,776 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012/05/04 09:13:40 | 000,021,976 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012/05/03 15:38:40 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/27 23:01:43 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/09/02 06:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/03 15:38:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/28 10:40:25 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/05/05 20:59:40 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/09/16 10:55:22 | 001,961,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/16 10:52:02 | 000,121,744 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2009/09/16 10:51:34 | 000,031,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2009/08/18 20:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/04 16:07:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/05/04 16:07:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/04/21 13:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2008/09/18 12:57:32 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2012/06/12 10:49:46 | 000,083,064 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SMR250.SYS -- (SMR250)
DRV - [2012/05/16 03:00:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120611.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/16 03:00:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120611.002\NAVENG.SYS -- (NAVENG)
DRV - [2012/05/15 23:15:56 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/15 23:15:51 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/22 09:22:37 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/05/05 20:46:38 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/10/05 12:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/27 02:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009/07/20 04:29:00 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/09 15:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/07/05 21:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/06/30 23:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/03/04 15:07:52 | 000,319,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/03/04 15:07:52 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/03/04 15:07:52 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/01/16 13:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/01/17 19:24:44 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/01/09 17:46:26 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2007/01/09 17:46:26 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alothome.com/en
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.c...on=1.1.3001.0(B)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://search.alot.c...ion=1.0.15000(G)&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/03 15:38:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/04/08 20:36:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/11/22 08:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chubby II\AppData\Roaming\Mozilla\Extensions
[2012/05/11 15:21:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chubby II\AppData\Roaming\Mozilla\Firefox\Profiles\mr5lsj9q.default\extensions
[2012/05/04 09:25:46 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Chubby II\AppData\Roaming\Mozilla\Firefox\Profiles\mr5lsj9q.default\extensions\[email protected]
[2012/05/11 15:21:39 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\Chubby II\AppData\Roaming\Mozilla\Firefox\Profiles\mr5lsj9q.default\extensions\[email protected]
[2012/04/29 20:57:59 | 000,002,205 | ---- | M] () -- C:\Users\Chubby II\AppData\Roaming\Mozilla\Firefox\Profiles\mr5lsj9q.default\searchplugins\alot-search.xml
[2012/01/20 09:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/03 15:38:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/20 09:48:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/20 09:48:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\alothelper.dll (Vertro)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ExpressFiles] C:\Program Files\ExpressFiles\ExpressFiles.exe (http://www.express-files.com/)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [XeroxRegistation] C:\Users\Chubby II\AppData\Local\Temp\Xerox\EReg\EReg.exe (Xerox Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.101.101.101 134.84.84.84
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AC14166-2FCE-44CB-A4FB-6E8CF9E225DC}: DhcpNameServer = 128.101.101.101 134.84.84.84
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/12 12:55:21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Chubby II\Desktop\OTL.exe
[2012/06/12 10:49:46 | 000,083,064 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SMR250.SYS
[2012/06/12 10:33:11 | 000,000,000 | ---D | C] -- C:\Users\Chubby II\AppData\Roaming\FixZeroAccess
[2012/06/11 21:05:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/11 16:38:54 | 000,000,000 | ---D | C] -- C:\Users\Chubby II\AppData\Local\NPE
[2012/06/11 16:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/06/11 11:13:54 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/07 12:17:21 | 000,000,000 | ---D | C] -- C:\Users\Chubby II\AppData\Roaming\FastStone
[2012/06/07 12:17:21 | 000,000,000 | ---D | C] -- C:\Users\Chubby II\AppData\Local\FastStone
[2012/06/07 12:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture
[2012/06/07 12:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\FastStone Capture
[2012/06/07 07:10:28 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2012/06/04 12:51:24 | 000,000,000 | ---D | C] -- C:\Users\Chubby II\Desktop\BMES

========== Files - Modified Within 30 Days ==========

[2012/06/12 12:56:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chubby II\Desktop\OTL.exe
[2012/06/12 12:51:50 | 000,010,951 | ---- | M] () -- C:\Users\Chubby II\Desktop\image_analysis.m
[2012/06/12 12:51:21 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 12:51:21 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 12:35:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/12 10:52:34 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/12 10:49:46 | 000,083,064 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SMR250.SYS
[2012/06/12 10:48:06 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/06/12 10:48:06 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/06/11 16:18:00 | 000,003,676 | ---- | M] () -- C:\090C0000.VBN
[2012/06/08 15:42:17 | 000,002,052 | -H-- | M] () -- C:\Users\Chubby II\Documents\Default.rdp
[2012/06/07 12:15:49 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Capture.lnk
[2012/05/14 08:49:24 | 000,419,752 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/06/12 12:44:02 | 000,001,648 | ---- | C] () -- C:\windows\Installer\{fde5aca0-deb2-a2b2-d27f-195e0cd65773}\U\00000001.@
[2012/06/11 16:18:00 | 000,003,676 | ---- | C] () -- C:\090C0000.VBN
[2012/06/08 15:19:52 | 000,010,951 | ---- | C] () -- C:\Users\Chubby II\Desktop\image_analysis.m
[2012/06/07 12:15:49 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Capture.lnk
[2012/03/08 19:35:22 | 000,004,096 | -H-- | C] () -- C:\Users\Chubby II\AppData\Local\keyfile3.drm
[2012/01/11 15:00:41 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{fde5aca0-deb2-a2b2-d27f-195e0cd65773}\@
[2012/01/11 15:00:41 | 000,002,048 | -HS- | C] () -- C:\Users\Chubby II\AppData\Local\{fde5aca0-deb2-a2b2-d27f-195e0cd65773}\@
[2011/11/28 16:15:20 | 000,001,936 | ---- | C] () -- C:\windows\System32\nethasp.ini
[2011/11/21 22:16:35 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2011/11/22 07:43:32 | 000,000,000 | ---D | M] -- C:\Users\Chubby II\AppData\Roaming\ASUS WebStorage
[2012/04/01 23:31:41 | 000,000,000 | ---D | M] -- C:\Users\Chubby II\AppData\Roaming\calibre
[2011/11/29 16:35:09 | 000,000,000 | ---D | M] -- C:\Users\Chubby II\AppData\Roaming\Carl Zeiss
[2010/01/07 17:43:29 | 000,000,000 | ---D | M] -- C:\Users\Chubby II\AppData\Roaming\E-Cam
[2012/06/12 12:41:13 | 000,000,000 | ---D | M] -- C:\Users\Chubby II\AppData\Roaming\ExpressFiles
[2012/06/12 10:33:11 | 000,000,000 | ---D | M] -- C:\Users\Chubby II\AppData\Roaming\FixZeroAccess
[2011/11/22 08:52:06 | 000,000,000 | ---D | M] -- C:\Users\Chubby II\AppData\Roaming\Thunderbird
[2011/12/20 10:50:53 | 000,000,000 | ---D | M] -- C:\Users\Chubby II\AppData\Roaming\Xerox
[2012/06/11 11:38:42 | 000,022,148 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Attached Files


  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello nateumn and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: You have very nasty infection! I would strongly advice you to backup all your important data from your system before you begin with the fix.

This malware tends to disable you whole system and let you with nothing. Please backup your data.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now


Step 4

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply

Step 5

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Combofix log
  • aswMBR log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
nateumn

nateumn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi maliprog,

I have followed your instructions and ran 1) TDSSkiller, 2) Combofix, and 3) aswMBR. The following messages will contain the log files. Unfortunately, I did not get a log file from Combofix. I made sure to disable Symantec, and allowed to run to completion, but no file was created. One thing I did notice is that I appear to be unable to disable the firewall in the control panel (at least the screen looks different from normal). Any suggestions?

TDSSKiller

08:17:50.0971 6120 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
08:17:51.0845 6120 ============================================================
08:17:51.0845 6120 Current date / time: 2012/06/13 08:17:51.0845
08:17:51.0845 6120 SystemInfo:
08:17:51.0845 6120
08:17:51.0845 6120 OS Version: 6.1.7601 ServicePack: 1.0
08:17:51.0845 6120 Product type: Workstation
08:17:51.0845 6120 ComputerName: CHUBBYII-PC
08:17:51.0845 6120 UserName: Chubby II
08:17:51.0845 6120 Windows directory: C:\windows
08:17:51.0845 6120 System windows directory: C:\windows
08:17:51.0845 6120 Processor architecture: Intel x86
08:17:51.0845 6120 Number of processors: 2
08:17:51.0845 6120 Page size: 0x1000
08:17:51.0845 6120 Boot type: Normal boot
08:17:51.0845 6120 ============================================================
08:17:54.0824 6120 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:17:54.0824 6120 ============================================================
08:17:54.0824 6120 \Device\Harddisk0\DR0:
08:17:54.0824 6120 MBR partitions:
08:17:54.0824 6120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BDBA800
08:17:54.0824 6120 ============================================================
08:17:54.0856 6120 C: <-> \Device\Harddisk0\DR0\Partition0
08:17:54.0856 6120 ============================================================
08:17:54.0856 6120 Initialize success
08:17:54.0856 6120 ============================================================
08:18:11.0423 2796 ============================================================
08:18:11.0423 2796 Scan started
08:18:11.0423 2796 Mode: Manual; SigCheck; TDLFS;
08:18:11.0423 2796 ============================================================
08:18:12.0905 2796 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
08:18:14.0839 2796 1394ohci - ok
08:18:14.0980 2796 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
08:18:15.0136 2796 ACPI - ok
08:18:15.0198 2796 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
08:18:16.0649 2796 AcpiPmi - ok
08:18:16.0867 2796 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
08:18:17.0117 2796 adp94xx - ok
08:18:17.0413 2796 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
08:18:17.0522 2796 adpahci - ok
08:18:17.0554 2796 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
08:18:17.0710 2796 adpu320 - ok
08:18:17.0819 2796 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
08:18:17.0928 2796 AeLookupSvc - ok
08:18:18.0068 2796 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
08:18:18.0209 2796 AFD - ok
08:18:18.0373 2796 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
08:18:18.0451 2796 agp440 - ok
08:18:18.0513 2796 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
08:18:18.0607 2796 aic78xx - ok
08:18:18.0700 2796 aksfridge (730e9d3bb324fb1899005aea63c6782d) C:\windows\system32\drivers\aksfridge.sys
08:18:18.0887 2796 aksfridge - ok
08:18:18.0950 2796 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
08:18:19.0199 2796 ALG - ok
08:18:19.0246 2796 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
08:18:19.0324 2796 aliide - ok
08:18:19.0418 2796 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
08:18:19.0636 2796 amdagp - ok
08:18:19.0714 2796 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
08:18:19.0808 2796 amdide - ok
08:18:19.0855 2796 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
08:18:20.0011 2796 AmdK8 - ok
08:18:20.0057 2796 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
08:18:20.0572 2796 AmdPPM - ok
08:18:20.0635 2796 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
08:18:20.0775 2796 amdsata - ok
08:18:20.0900 2796 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
08:18:21.0025 2796 amdsbs - ok
08:18:21.0056 2796 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
08:18:21.0165 2796 amdxata - ok
08:18:21.0274 2796 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
08:18:21.0883 2796 AppID - ok
08:18:21.0929 2796 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
08:18:22.0444 2796 AppIDSvc - ok
08:18:22.0491 2796 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
08:18:22.0959 2796 Appinfo - ok
08:18:23.0068 2796 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:18:23.0209 2796 Apple Mobile Device - ok
08:18:23.0271 2796 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
08:18:23.0458 2796 arc - ok
08:18:23.0489 2796 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
08:18:23.0645 2796 arcsas - ok
08:18:23.0677 2796 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\windows\system32\drivers\AsUpIO.sys
08:18:26.0906 2796 AsUpIO - ok
08:18:26.0984 2796 AsusService (c4fb2613d3c75364bb159b9c23a00e7a) C:\Windows\System32\AsusService.exe
08:18:27.0405 2796 AsusService ( UnsignedFile.Multi.Generic ) - warning
08:18:27.0405 2796 AsusService - detected UnsignedFile.Multi.Generic (1)
08:18:27.0436 2796 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
08:18:28.0123 2796 AsyncMac - ok
08:18:28.0154 2796 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
08:18:28.0310 2796 atapi - ok
08:18:28.0637 2796 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
08:18:29.0183 2796 athr - ok
08:18:29.0527 2796 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
08:18:29.0932 2796 AudioEndpointBuilder - ok
08:18:29.0948 2796 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
08:18:30.0509 2796 Audiosrv - ok
08:18:30.0572 2796 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
08:18:31.0227 2796 AxInstSV - ok
08:18:31.0399 2796 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
08:18:31.0882 2796 b06bdrv - ok
08:18:32.0038 2796 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
08:18:32.0475 2796 b57nd60x - ok
08:18:32.0615 2796 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
08:18:33.0130 2796 BBSvc - ok
08:18:33.0193 2796 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
08:18:33.0567 2796 BDESVC - ok
08:18:33.0629 2796 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
08:18:34.0269 2796 Beep - ok
08:18:34.0441 2796 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
08:18:34.0924 2796 BITS - ok
08:18:34.0955 2796 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
08:18:35.0408 2796 blbdrive - ok
08:18:35.0548 2796 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:18:35.0813 2796 Bonjour Service - ok
08:18:35.0860 2796 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
08:18:36.0328 2796 bowser - ok
08:18:36.0359 2796 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
08:18:36.0781 2796 BrFiltLo - ok
08:18:36.0827 2796 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
08:18:37.0451 2796 BrFiltUp - ok
08:18:37.0483 2796 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
08:18:38.0153 2796 BridgeMP - ok
08:18:38.0231 2796 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
08:18:38.0871 2796 Browser - ok
08:18:38.0965 2796 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
08:18:39.0511 2796 Brserid - ok
08:18:39.0620 2796 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
08:18:40.0244 2796 BrSerWdm - ok
08:18:40.0259 2796 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
08:18:40.0821 2796 BrUsbMdm - ok
08:18:40.0852 2796 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
08:18:41.0539 2796 BrUsbSer - ok
08:18:41.0586 2796 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
08:18:42.0163 2796 BthEnum - ok
08:18:42.0210 2796 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
08:18:42.0709 2796 BTHMODEM - ok
08:18:42.0771 2796 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
08:18:43.0395 2796 BthPan - ok
08:18:43.0520 2796 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
08:18:44.0113 2796 BTHPORT - ok
08:18:44.0284 2796 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
08:18:44.0768 2796 bthserv - ok
08:18:44.0815 2796 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
08:18:45.0330 2796 BTHUSB - ok
08:18:45.0376 2796 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys
08:18:45.0595 2796 btusbflt - ok
08:18:45.0626 2796 btwaudio - ok
08:18:45.0642 2796 btwavdt - ok
08:18:45.0657 2796 btwl2cap - ok
08:18:45.0673 2796 btwrchid - ok
08:18:45.0766 2796 ccEvtMgr (975b74eea1c5e88ac974c50ccc158e30) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
08:18:45.0907 2796 ccEvtMgr - ok
08:18:45.0922 2796 ccSetMgr (975b74eea1c5e88ac974c50ccc158e30) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
08:18:46.0016 2796 ccSetMgr - ok
08:18:46.0063 2796 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
08:18:46.0578 2796 cdfs - ok
08:18:46.0718 2796 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
08:18:47.0248 2796 cdrom - ok
08:18:47.0311 2796 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
08:18:47.0888 2796 CertPropSvc - ok
08:18:47.0935 2796 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
08:18:48.0418 2796 circlass - ok
08:18:48.0481 2796 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
08:18:48.0684 2796 CLFS - ok
08:18:49.0074 2796 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:18:49.0464 2796 clr_optimization_v2.0.50727_32 - ok
08:18:49.0542 2796 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:18:49.0698 2796 clr_optimization_v4.0.30319_32 - ok
08:18:49.0854 2796 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
08:18:50.0275 2796 CmBatt - ok
08:18:50.0353 2796 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
08:18:50.0431 2796 cmdide - ok
08:18:50.0571 2796 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
08:18:50.0743 2796 CNG - ok
08:18:50.0774 2796 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
08:18:50.0930 2796 Compbatt - ok
08:18:50.0961 2796 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
08:18:51.0242 2796 CompositeBus - ok
08:18:51.0242 2796 COMSysApp - ok
08:18:51.0289 2796 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
08:18:51.0460 2796 crcdisk - ok
08:18:51.0538 2796 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll
08:18:52.0022 2796 CryptSvc - ok
08:18:52.0209 2796 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
08:18:52.0443 2796 DcomLaunch - ok
08:18:52.0506 2796 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
08:18:52.0942 2796 defragsvc - ok
08:18:53.0052 2796 DefWatch (20ebbf7e2a86b2bf9bf5072762d321d7) C:\Program Files\Symantec AntiVirus\DefWatch.exe
08:18:53.0176 2796 DefWatch - ok
08:18:53.0239 2796 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
08:18:53.0582 2796 DfsC - ok
08:18:53.0707 2796 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
08:18:54.0003 2796 Dhcp - ok
08:18:54.0034 2796 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
08:18:54.0596 2796 discache - ok
08:18:54.0643 2796 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
08:18:54.0752 2796 Disk - ok
08:18:54.0814 2796 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
08:18:55.0095 2796 Dnscache - ok
08:18:55.0189 2796 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
08:18:55.0610 2796 dot3svc - ok
08:18:55.0704 2796 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
08:18:55.0984 2796 DPS - ok
08:18:56.0031 2796 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
08:18:56.0406 2796 drmkaud - ok
08:18:56.0624 2796 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
08:18:56.0811 2796 DXGKrnl - ok
08:18:56.0889 2796 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
08:18:57.0342 2796 EapHost - ok
08:18:57.0841 2796 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
08:18:58.0418 2796 ebdrv - ok
08:18:58.0668 2796 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
08:18:58.0886 2796 eeCtrl - ok
08:18:59.0229 2796 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
08:18:59.0666 2796 EFS - ok
08:18:59.0806 2796 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
08:18:59.0994 2796 elxstor - ok
08:19:00.0165 2796 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:19:00.0321 2796 EraserUtilRebootDrv - ok
08:19:00.0430 2796 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
08:19:00.0758 2796 ErrDev - ok
08:19:00.0852 2796 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
08:19:01.0132 2796 EventSystem - ok
08:19:01.0257 2796 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
08:19:01.0554 2796 exfat - ok
08:19:01.0663 2796 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
08:19:01.0990 2796 fastfat - ok
08:19:02.0178 2796 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
08:19:02.0786 2796 Fax - ok
08:19:02.0833 2796 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
08:19:03.0067 2796 fdc - ok
08:19:03.0114 2796 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
08:19:03.0363 2796 fdPHost - ok
08:19:03.0410 2796 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
08:19:03.0722 2796 FDResPub - ok
08:19:03.0769 2796 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
08:19:03.0878 2796 FileInfo - ok
08:19:03.0925 2796 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
08:19:04.0252 2796 Filetrace - ok
08:19:04.0440 2796 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:19:04.0783 2796 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
08:19:04.0783 2796 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
08:19:04.0814 2796 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
08:19:05.0110 2796 flpydisk - ok
08:19:05.0188 2796 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
08:19:05.0298 2796 FltMgr - ok
08:19:05.0485 2796 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
08:19:05.0672 2796 FontCache - ok
08:19:05.0828 2796 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:19:05.0922 2796 FontCache3.0.0.0 - ok
08:19:05.0968 2796 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
08:19:06.0062 2796 FsDepends - ok
08:19:06.0109 2796 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\windows\system32\DRIVERS\fssfltr.sys
08:19:06.0202 2796 fssfltr - ok
08:19:06.0639 2796 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
08:19:07.0076 2796 fsssvc - ok
08:19:07.0372 2796 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
08:19:07.0450 2796 Fs_Rec - ok
08:19:07.0591 2796 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
08:19:07.0747 2796 fvevol - ok
08:19:07.0794 2796 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
08:19:07.0918 2796 gagp30kx - ok
08:19:08.0059 2796 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
08:19:08.0152 2796 GEARAspiWDM - ok
08:19:08.0277 2796 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
08:19:08.0605 2796 gpsvc - ok
08:19:08.0730 2796 hardlock (a9d587e31dbee3e9bd97fefece0ba874) C:\windows\system32\drivers\hardlock.sys
08:19:09.0182 2796 hardlock - ok
08:19:09.0198 2796 hasplms - ok
08:19:09.0291 2796 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
08:19:09.0525 2796 hcw85cir - ok
08:19:09.0650 2796 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
08:19:09.0962 2796 HdAudAddService - ok
08:19:10.0024 2796 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
08:19:10.0368 2796 HDAudBus - ok
08:19:10.0492 2796 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
08:19:10.0695 2796 HidBatt - ok
08:19:10.0758 2796 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
08:19:11.0054 2796 HidBth - ok
08:19:11.0101 2796 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
08:19:11.0428 2796 HidIr - ok
08:19:11.0475 2796 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
08:19:11.0850 2796 hidserv - ok
08:19:11.0881 2796 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
08:19:12.0068 2796 HidUsb - ok
08:19:12.0130 2796 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
08:19:12.0427 2796 hkmsvc - ok
08:19:12.0520 2796 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
08:19:12.0848 2796 HomeGroupListener - ok
08:19:12.0910 2796 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
08:19:13.0144 2796 HomeGroupProvider - ok
08:19:13.0191 2796 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
08:19:13.0300 2796 HpSAMD - ok
08:19:13.0425 2796 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
08:19:13.0753 2796 HTTP - ok
08:19:13.0800 2796 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
08:19:13.0878 2796 hwpolicy - ok
08:19:13.0940 2796 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
08:19:14.0314 2796 i8042prt - ok
08:19:14.0486 2796 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
08:19:14.0762 2796 IAANTMON - ok
08:19:14.0871 2796 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
08:19:15.0012 2796 iaStor - ok
08:19:15.0105 2796 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
08:19:15.0386 2796 iaStorV - ok
08:19:15.0636 2796 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:19:15.0916 2796 idsvc - ok
08:19:17.0211 2796 igfx (81f7c715528ab621c6af58869d4b07b9) C:\windows\system32\DRIVERS\igdkmd32.sys
08:19:17.0632 2796 igfx - ok
08:19:18.0038 2796 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
08:19:18.0132 2796 iirsp - ok
08:19:18.0288 2796 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
08:19:18.0802 2796 IKEEXT - ok
08:19:19.0458 2796 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
08:19:19.0879 2796 IntcAzAudAddService - ok
08:19:20.0113 2796 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
08:19:20.0222 2796 intelide - ok
08:19:20.0269 2796 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
08:19:20.0534 2796 intelppm - ok
08:19:20.0612 2796 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
08:19:21.0111 2796 IPBusEnum - ok
08:19:21.0142 2796 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
08:19:21.0408 2796 IpFilterDriver - ok
08:19:21.0548 2796 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
08:19:21.0860 2796 iphlpsvc - ok
08:19:21.0907 2796 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
08:19:22.0032 2796 IPMIDRV - ok
08:19:22.0094 2796 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
08:19:22.0266 2796 IPNAT - ok
08:19:22.0468 2796 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
08:19:22.0578 2796 iPod Service - ok
08:19:22.0624 2796 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
08:19:22.0999 2796 IRENUM - ok
08:19:23.0046 2796 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
08:19:23.0170 2796 isapnp - ok
08:19:23.0326 2796 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
08:19:23.0498 2796 iScsiPrt - ok
08:19:23.0529 2796 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
08:19:23.0670 2796 kbdclass - ok
08:19:23.0701 2796 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
08:19:23.0841 2796 kbdhid - ok
08:19:23.0888 2796 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
08:19:23.0997 2796 kbfiltr - ok
08:19:24.0044 2796 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:19:24.0184 2796 KeyIso - ok
08:19:24.0231 2796 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
08:19:24.0309 2796 KSecDD - ok
08:19:24.0372 2796 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
08:19:24.0496 2796 KSecPkg - ok
08:19:24.0574 2796 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
08:19:24.0762 2796 KtmRm - ok
08:19:24.0808 2796 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys
08:19:25.0011 2796 L1C - ok
08:19:25.0105 2796 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll
08:19:25.0417 2796 LanmanServer - ok
08:19:25.0479 2796 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
08:19:25.0916 2796 LanmanWorkstation - ok
08:19:26.0587 2796 LiveUpdate (e8a9ac5f30833cd62e3530e2fdbf81df) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
08:19:26.0977 2796 LiveUpdate - ok
08:19:27.0258 2796 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
08:19:27.0445 2796 lltdio - ok
08:19:27.0570 2796 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
08:19:27.0741 2796 lltdsvc - ok
08:19:27.0772 2796 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
08:19:27.0928 2796 lmhosts - ok
08:19:28.0084 2796 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
08:19:28.0178 2796 LSI_FC - ok
08:19:28.0209 2796 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
08:19:28.0287 2796 LSI_SAS - ok
08:19:28.0318 2796 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
08:19:28.0381 2796 LSI_SAS2 - ok
08:19:28.0396 2796 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
08:19:28.0584 2796 LSI_SCSI - ok
08:19:28.0615 2796 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
08:19:28.0833 2796 luafv - ok
08:19:28.0911 2796 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys
08:19:28.0989 2796 MBAMProtector - ok
08:19:29.0208 2796 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
08:19:29.0379 2796 MBAMService - ok
08:19:29.0582 2796 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
08:19:29.0676 2796 megasas - ok
08:19:29.0738 2796 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
08:19:29.0910 2796 MegaSR - ok
08:19:30.0019 2796 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
08:19:30.0300 2796 Microsoft Office Groove Audit Service - ok
08:19:30.0346 2796 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
08:19:30.0627 2796 MMCSS - ok
08:19:30.0674 2796 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
08:19:30.0861 2796 Modem - ok
08:19:30.0955 2796 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
08:19:31.0236 2796 monitor - ok
08:19:31.0282 2796 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
08:19:31.0423 2796 mouclass - ok
08:19:31.0485 2796 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
08:19:31.0813 2796 mouhid - ok
08:19:31.0906 2796 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
08:19:32.0047 2796 mountmgr - ok
08:19:32.0109 2796 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:19:32.0374 2796 MozillaMaintenance - ok
08:19:32.0468 2796 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
08:19:32.0671 2796 mpio - ok
08:19:32.0733 2796 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
08:19:33.0076 2796 mpsdrv - ok
08:19:33.0139 2796 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
08:19:33.0498 2796 MRxDAV - ok
08:19:33.0560 2796 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
08:19:33.0872 2796 mrxsmb - ok
08:19:33.0934 2796 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
08:19:34.0044 2796 mrxsmb10 - ok
08:19:34.0090 2796 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
08:19:34.0246 2796 mrxsmb20 - ok
08:19:34.0356 2796 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
08:19:34.0480 2796 msahci - ok
08:19:34.0543 2796 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
08:19:34.0855 2796 msdsm - ok
08:19:34.0948 2796 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
08:19:35.0884 2796 MSDTC - ok
08:19:35.0931 2796 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
08:19:36.0321 2796 Msfs - ok
08:19:36.0352 2796 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
08:19:36.0836 2796 mshidkmdf - ok
08:19:36.0852 2796 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
08:19:36.0961 2796 msisadrv - ok
08:19:37.0008 2796 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
08:19:37.0351 2796 MSiSCSI - ok
08:19:37.0366 2796 msiserver - ok
08:19:37.0429 2796 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
08:19:37.0928 2796 MSKSSRV - ok
08:19:37.0944 2796 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
08:19:38.0365 2796 MSPCLOCK - ok
08:19:38.0396 2796 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
08:19:38.0646 2796 MSPQM - ok
08:19:38.0708 2796 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
08:19:38.0802 2796 MsRPC - ok
08:19:38.0848 2796 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
08:19:39.0004 2796 mssmbios - ok
08:19:39.0067 2796 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
08:19:39.0426 2796 MSTEE - ok
08:19:39.0472 2796 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
08:19:39.0800 2796 MTConfig - ok
08:19:39.0831 2796 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
08:19:39.0987 2796 Mup - ok
08:19:40.0143 2796 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
08:19:40.0408 2796 napagent - ok
08:19:40.0518 2796 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
08:19:40.0783 2796 NativeWifiP - ok
08:19:41.0048 2796 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120611.002\NAVENG.SYS
08:19:41.0220 2796 NAVENG - ok
08:19:41.0672 2796 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120611.002\NAVEX15.SYS
08:19:41.0859 2796 NAVEX15 - ok
08:19:42.0374 2796 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
08:19:46.0711 2796 NDIS - ok
08:19:46.0758 2796 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
08:19:47.0226 2796 NdisCap - ok
08:19:47.0272 2796 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
08:19:47.0647 2796 NdisTapi - ok
08:19:47.0725 2796 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
08:19:48.0037 2796 Ndisuio - ok
08:19:48.0130 2796 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
08:19:48.0458 2796 NdisWan - ok
08:19:48.0598 2796 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
08:19:49.0066 2796 NDProxy - ok
08:19:49.0098 2796 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
08:19:49.0410 2796 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:19:49.0410 2796 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:19:49.0472 2796 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
08:19:49.0924 2796 NetBIOS - ok
08:19:50.0002 2796 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
08:19:50.0517 2796 NetBT - ok
08:19:50.0611 2796 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:19:50.0907 2796 Netlogon - ok
08:19:51.0016 2796 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
08:19:51.0391 2796 Netman - ok
08:19:51.0547 2796 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
08:19:52.0155 2796 netprofm - ok
08:19:52.0311 2796 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:19:52.0483 2796 NetTcpPortSharing - ok
08:19:52.0608 2796 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
08:19:52.0717 2796 nfrd960 - ok
08:19:52.0795 2796 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
08:19:53.0232 2796 NlaSvc - ok
08:19:53.0278 2796 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
08:19:53.0653 2796 Npfs - ok
08:19:53.0684 2796 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
08:19:54.0058 2796 nsi - ok
08:19:54.0121 2796 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
08:19:54.0417 2796 nsiproxy - ok
08:19:54.0714 2796 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
08:19:54.0963 2796 Ntfs - ok
08:19:55.0306 2796 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
08:19:55.0650 2796 Null - ok
08:19:55.0712 2796 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
08:19:55.0837 2796 nvraid - ok
08:19:55.0915 2796 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
08:19:56.0024 2796 nvstor - ok
08:19:56.0086 2796 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
08:19:56.0274 2796 nv_agp - ok
08:19:56.0492 2796 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:19:56.0820 2796 odserv - ok
08:19:56.0976 2796 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
08:19:57.0256 2796 ohci1394 - ok
08:19:57.0412 2796 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:19:57.0943 2796 ose - ok
08:19:58.0052 2796 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
08:19:58.0426 2796 p2pimsvc - ok
08:19:58.0520 2796 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
08:19:58.0770 2796 p2psvc - ok
08:19:58.0848 2796 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
08:19:59.0160 2796 Parport - ok
08:19:59.0222 2796 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
08:19:59.0331 2796 partmgr - ok
08:19:59.0378 2796 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
08:19:59.0690 2796 Parvdm - ok
08:19:59.0768 2796 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
08:20:00.0064 2796 PcaSvc - ok
08:20:00.0174 2796 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
08:20:00.0314 2796 pci - ok
08:20:00.0330 2796 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
08:20:00.0423 2796 pciide - ok
08:20:00.0501 2796 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
08:20:00.0595 2796 pcmcia - ok
08:20:00.0626 2796 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
08:20:00.0766 2796 pcw - ok
08:20:00.0938 2796 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
08:20:01.0359 2796 PEAUTH - ok
08:20:01.0765 2796 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
08:20:02.0373 2796 pla - ok
08:20:02.0623 2796 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
08:20:02.0950 2796 PlugPlay - ok
08:20:03.0028 2796 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
08:20:03.0247 2796 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:20:03.0247 2796 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:20:03.0294 2796 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
08:20:03.0559 2796 PNRPAutoReg - ok
08:20:03.0730 2796 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
08:20:03.0949 2796 PNRPsvc - ok
08:20:04.0042 2796 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
08:20:04.0339 2796 PolicyAgent - ok
08:20:04.0417 2796 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
08:20:04.0869 2796 Power - ok
08:20:04.0978 2796 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
08:20:05.0322 2796 PptpMiniport - ok
08:20:05.0368 2796 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
08:20:05.0634 2796 Processor - ok
08:20:05.0727 2796 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll
08:20:06.0039 2796 ProfSvc - ok
08:20:06.0070 2796 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:20:06.0258 2796 ProtectedStorage - ok
08:20:06.0320 2796 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
08:20:06.0757 2796 Psched - ok
08:20:07.0053 2796 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
08:20:07.0287 2796 ql2300 - ok
08:20:07.0615 2796 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
08:20:07.0740 2796 ql40xx - ok
08:20:07.0896 2796 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
08:20:08.0161 2796 QWAVE - ok
08:20:08.0208 2796 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
08:20:08.0410 2796 QWAVEdrv - ok
08:20:08.0488 2796 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
08:20:08.0738 2796 RasAcd - ok
08:20:08.0863 2796 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
08:20:09.0175 2796 RasAgileVpn - ok
08:20:09.0237 2796 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
08:20:09.0580 2796 RasAuto - ok
08:20:09.0690 2796 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
08:20:10.0080 2796 Rasl2tp - ok
08:20:10.0189 2796 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
08:20:10.0610 2796 RasMan - ok
08:20:10.0672 2796 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
08:20:10.0969 2796 RasPppoe - ok
08:20:11.0031 2796 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
08:20:11.0484 2796 RasSstp - ok
08:20:11.0562 2796 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
08:20:11.0998 2796 rdbss - ok
08:20:12.0061 2796 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
08:20:12.0295 2796 rdpbus - ok
08:20:12.0357 2796 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
08:20:12.0716 2796 RDPCDD - ok
08:20:12.0747 2796 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
08:20:13.0122 2796 RDPENCDD - ok
08:20:13.0168 2796 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
08:20:13.0527 2796 RDPREFMP - ok
08:20:13.0621 2796 RDPWD (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys
08:20:13.0933 2796 RDPWD - ok
08:20:14.0073 2796 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
08:20:14.0182 2796 rdyboost - ok
08:20:14.0245 2796 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
08:20:14.0682 2796 RemoteAccess - ok
08:20:14.0744 2796 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
08:20:15.0040 2796 RemoteRegistry - ok
08:20:15.0150 2796 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
08:20:15.0352 2796 RFCOMM - ok
08:20:15.0430 2796 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
08:20:15.0789 2796 RpcEptMapper - ok
08:20:15.0930 2796 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
08:20:16.0210 2796 RpcLocator - ok
08:20:16.0304 2796 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
08:20:16.0632 2796 RpcSs - ok
08:20:16.0772 2796 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
08:20:17.0053 2796 rspndr - ok
08:20:17.0146 2796 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:20:17.0458 2796 SamSs - ok
08:20:17.0630 2796 SavRoam (c2320ef4c3d759f8abc679ece791ce34) C:\Program Files\Symantec AntiVirus\SavRoam.exe
08:20:17.0755 2796 SavRoam - ok
08:20:17.0926 2796 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
08:20:18.0051 2796 sbp2port - ok
08:20:18.0129 2796 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
08:20:18.0535 2796 SCardSvr - ok
08:20:18.0675 2796 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
08:20:18.0909 2796 scfilter - ok
08:20:19.0112 2796 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
08:20:19.0549 2796 Schedule - ok
08:20:19.0705 2796 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
08:20:20.0032 2796 SCPolicySvc - ok
08:20:20.0095 2796 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
08:20:20.0469 2796 SDRSVC - ok
08:20:20.0734 2796 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
08:20:21.0015 2796 SeaPort - ok
08:20:21.0140 2796 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
08:20:21.0530 2796 secdrv - ok
08:20:21.0608 2796 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
08:20:21.0936 2796 seclogon - ok
08:20:21.0982 2796 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
08:20:22.0341 2796 SENS - ok
08:20:22.0419 2796 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
08:20:22.0684 2796 Serenum - ok
08:20:22.0747 2796 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
08:20:23.0059 2796 Serial - ok
08:20:23.0106 2796 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
08:20:23.0402 2796 sermouse - ok
08:20:23.0496 2796 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
08:20:23.0948 2796 SessionEnv - ok
08:20:23.0995 2796 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
08:20:24.0322 2796 sffdisk - ok
08:20:24.0354 2796 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
08:20:24.0697 2796 sffp_mmc - ok
08:20:24.0759 2796 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
08:20:25.0087 2796 sffp_sd - ok
08:20:25.0118 2796 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
08:20:25.0477 2796 sfloppy - ok
08:20:25.0586 2796 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
08:20:26.0007 2796 ShellHWDetection - ok
08:20:26.0070 2796 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
08:20:26.0132 2796 sisagp - ok
08:20:26.0226 2796 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
08:20:26.0304 2796 SiSRaid2 - ok
08:20:26.0350 2796 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
08:20:26.0538 2796 SiSRaid4 - ok
08:20:26.0553 2796 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
08:20:26.0834 2796 Smb - ok
08:20:26.0896 2796 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
08:20:27.0255 2796 SNMPTRAP - ok
08:20:27.0474 2796 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
08:20:27.0583 2796 SPBBCDrv - ok
08:20:27.0630 2796 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
08:20:27.0754 2796 spldr - ok
08:20:27.0864 2796 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
08:20:28.0238 2796 Spooler - ok
08:20:28.0815 2796 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
08:20:30.0781 2796 sppsvc - ok
08:20:31.0015 2796 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
08:20:31.0358 2796 sppuinotify - ok
08:20:31.0561 2796 SRTSP (3cb2f35789632f0bae8a1b9edb08e965) C:\windows\system32\Drivers\SRTSP.SYS
08:20:31.0701 2796 SRTSP - ok
08:20:31.0779 2796 SRTSPL (d69f1be5fd6da685a4c0e36d58a29e85) C:\windows\system32\Drivers\SRTSPL.SYS
08:20:31.0920 2796 SRTSPL - ok
08:20:31.0967 2796 SRTSPX (1af60c53c43e2e672bbda3ba9a947d48) C:\windows\system32\Drivers\SRTSPX.SYS
08:20:32.0060 2796 SRTSPX - ok
08:20:32.0123 2796 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
08:20:32.0653 2796 srv - ok
08:20:32.0731 2796 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
08:20:32.0981 2796 srv2 - ok
08:20:33.0012 2796 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
08:20:33.0293 2796 srvnet - ok
08:20:33.0386 2796 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
08:20:33.0792 2796 SSDPSRV - ok
08:20:33.0854 2796 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
08:20:34.0291 2796 SstpSvc - ok
08:20:34.0338 2796 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
08:20:34.0431 2796 stexstor - ok
08:20:34.0572 2796 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
08:20:34.0899 2796 StiSvc - ok
08:20:34.0915 2796 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
08:20:35.0055 2796 swenum - ok
08:20:35.0149 2796 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
08:20:35.0617 2796 swprv - ok
08:20:36.0132 2796 Symantec AntiVirus (1fda6b0527dd0dd71b324fcfc60a5f29) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
08:20:36.0382 2796 Symantec AntiVirus - ok
08:20:36.0772 2796 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\windows\system32\Drivers\SYMEVENT.SYS
08:20:36.0928 2796 SymEvent - ok
08:20:36.0975 2796 SYMREDRV (829830a3ca1c5e329d68e26c9cd2de8d) C:\windows\System32\Drivers\SYMREDRV.SYS
08:20:37.0131 2796 SYMREDRV - ok
08:20:37.0193 2796 SYMTDI (b1aa9704124b494c34e8d372e6654196) C:\windows\System32\Drivers\SYMTDI.SYS
08:20:37.0412 2796 SYMTDI - ok
08:20:37.0536 2796 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
08:20:37.0708 2796 SynTP - ok
08:20:38.0004 2796 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
08:20:38.0285 2796 SysMain - ok
08:20:38.0363 2796 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
08:20:38.0784 2796 TabletInputService - ok
08:20:38.0878 2796 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
08:20:39.0362 2796 TapiSrv - ok
08:20:39.0408 2796 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
08:20:39.0845 2796 TBS - ok
08:20:40.0220 2796 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
08:20:40.0422 2796 Tcpip - ok
08:20:40.0922 2796 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
08:20:41.0171 2796 TCPIP6 - ok
08:20:41.0514 2796 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
08:20:41.0889 2796 tcpipreg - ok
08:20:42.0076 2796 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
08:20:42.0294 2796 TDPIPE - ok
08:20:42.0372 2796 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
08:20:42.0575 2796 TDTCP - ok
08:20:42.0638 2796 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
08:20:42.0950 2796 tdx - ok
08:20:42.0996 2796 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
08:20:43.0121 2796 TermDD - ok
08:20:43.0262 2796 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
08:20:43.0511 2796 TermService - ok
08:20:43.0574 2796 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
08:20:43.0870 2796 Themes - ok
08:20:43.0917 2796 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
08:20:44.0135 2796 THREADORDER - ok
08:20:44.0213 2796 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
08:20:44.0541 2796 TrkWks - ok
08:20:44.0634 2796 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
08:20:44.0868 2796 TrustedInstaller - ok
08:20:44.0978 2796 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
08:20:45.0243 2796 tssecsrv - ok
08:20:45.0321 2796 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
08:20:45.0555 2796 TsUsbFlt - ok
08:20:45.0633 2796 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
08:20:45.0992 2796 tunnel - ok
08:20:46.0116 2796 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
08:20:46.0226 2796 uagp35 - ok
08:20:46.0319 2796 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
08:20:46.0569 2796 udfs - ok
08:20:46.0662 2796 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
08:20:46.0943 2796 UI0Detect - ok
08:20:46.0990 2796 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
08:20:47.0084 2796 uliagpkx - ok
08:20:47.0162 2796 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
08:20:47.0349 2796 umbus - ok
08:20:47.0396 2796 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
08:20:47.0567 2796 UmPass - ok
08:20:47.0676 2796 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
08:20:47.0910 2796 upnphost - ok
08:20:48.0004 2796 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
08:20:48.0254 2796 USBAAPL - ok
08:20:48.0300 2796 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
08:20:48.0566 2796 usbccgp - ok
08:20:48.0612 2796 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
08:20:48.0909 2796 usbcir - ok
08:20:48.0940 2796 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
08:20:49.0190 2796 usbehci - ok
08:20:49.0299 2796 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
08:20:49.0517 2796 usbhub - ok
08:20:49.0564 2796 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
08:20:49.0767 2796 usbohci - ok
08:20:49.0876 2796 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
08:20:50.0094 2796 usbprint - ok
08:20:50.0172 2796 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
08:20:50.0406 2796 USBSTOR - ok
08:20:50.0438 2796 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
08:20:50.0687 2796 usbuhci - ok
08:20:50.0750 2796 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
08:20:50.0952 2796 usbvideo - ok
08:20:50.0999 2796 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
08:20:51.0327 2796 UxSms - ok
08:20:51.0374 2796 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:20:51.0576 2796 VaultSvc - ok
08:20:51.0639 2796 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
08:20:51.0764 2796 vdrvroot - ok
08:20:51.0966 2796 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
08:20:52.0419 2796 vds - ok
08:20:52.0466 2796 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
08:20:52.0575 2796 vga - ok
08:20:52.0684 2796 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
08:20:52.0824 2796 VgaSave - ok
08:20:52.0902 2796 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
08:20:53.0074 2796 vhdmp - ok
08:20:53.0121 2796 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
08:20:53.0261 2796 viaagp - ok
08:20:53.0324 2796 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
08:20:53.0448 2796 ViaC7 - ok
08:20:53.0495 2796 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
08:20:53.0589 2796 viaide - ok
08:20:53.0620 2796 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
08:20:53.0714 2796 volmgr - ok
08:20:53.0823 2796 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
08:20:53.0932 2796 volmgrx - ok
08:20:54.0041 2796 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
08:20:54.0135 2796 volsnap - ok
08:20:54.0322 2796 vpnagent (caafa2333b428a12bfa97ecd389f59c5) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
08:20:54.0478 2796 vpnagent - ok
08:20:54.0540 2796 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\windows\system32\DRIVERS\vpnva.sys
08:20:54.0618 2796 vpnva - ok
08:20:54.0743 2796 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
08:20:54.0837 2796 vsmraid - ok
08:20:55.0086 2796 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
08:20:55.0523 2796 VSS - ok
08:20:55.0617 2796 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
08:20:55.0913 2796 vwifibus - ok
08:20:55.0960 2796 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
08:20:56.0178 2796 vwififlt - ok
08:20:56.0241 2796 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
08:20:56.0428 2796 vwifimp - ok
08:20:56.0553 2796 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
08:20:56.0927 2796 W32Time - ok
08:20:56.0974 2796 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
08:20:57.0177 2796 WacomPen - ok
08:20:57.0255 2796 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
08:20:57.0567 2796 WANARP - ok
08:20:57.0567 2796 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
08:20:57.0738 2796 Wanarpv6 - ok
08:20:58.0004 2796 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
08:20:58.0596 2796 wbengine - ok
08:20:58.0721 2796 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
08:20:58.0986 2796 WbioSrvc - ok
08:20:59.0127 2796 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
08:20:59.0454 2796 wcncsvc - ok
08:20:59.0564 2796 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
08:20:59.0798 2796 WcsPlugInService - ok
08:20:59.0891 2796 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
08:21:00.0016 2796 Wd - ok
08:21:00.0141 2796 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
08:21:00.0297 2796 Wdf01000 - ok
08:21:00.0344 2796 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
08:21:00.0546 2796 WdiServiceHost - ok
08:21:00.0562 2796 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
08:21:00.0734 2796 WdiSystemHost - ok
08:21:00.0843 2796 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
08:21:01.0046 2796 WebClient - ok
08:21:01.0217 2796 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
08:21:01.0467 2796 Wecsvc - ok
08:21:01.0514 2796 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
08:21:01.0716 2796 wercplsupport - ok
08:21:02.0403 2796 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
08:21:02.0668 2796 WerSvc - ok
08:21:03.0292 2796 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
08:21:03.0573 2796 WfpLwf - ok
08:21:03.0635 2796 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
08:21:03.0744 2796 WIMMount - ok
08:21:03.0994 2796 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
08:21:04.0150 2796 WinDefend - ok
08:21:04.0181 2796 WinHttpAutoProxySvc - ok
08:21:04.0368 2796 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
08:21:04.0634 2796 Winmgmt - ok
08:21:04.0899 2796 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
08:21:05.0211 2796 WinRM - ok
08:21:05.0336 2796 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
08:21:05.0585 2796 WinUsb - ok
08:21:06.0286 2796 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
08:21:06.0435 2796 Wlansvc - ok
08:21:06.0779 2796 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:21:06.0981 2796 wlcrasvc - ok
08:21:07.0340 2796 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:21:07.0808 2796 wlidsvc - ok
08:21:08.0058 2796 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
08:21:08.0245 2796 WmiAcpi - ok
08:21:08.0370 2796 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
08:21:08.0916 2796 wmiApSrv - ok
08:21:09.0259 2796 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
08:21:09.0618 2796 WMPNetworkSvc - ok
08:21:09.0958 2796 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
08:21:10.0161 2796 WPCSvc - ok
08:21:10.0223 2796 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
08:21:10.0426 2796 WPDBusEnum - ok
08:21:10.0551 2796 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
08:21:10.0863 2796 ws2ifsl - ok
08:21:10.0909 2796 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
08:21:11.0190 2796 wscsvc - ok
08:21:11.0206 2796 WSearch - ok
08:21:11.0627 2796 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
08:21:11.0939 2796 wuauserv - ok
08:21:12.0298 2796 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
08:21:12.0625 2796 WudfPf - ok
08:21:12.0797 2796 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
08:21:13.0171 2796 WUDFRd - ok
08:21:13.0234 2796 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
08:21:13.0374 2796 wudfsvc - ok
08:21:13.0452 2796 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
08:21:13.0655 2796 WwanSvc - ok
08:21:13.0717 2796 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:21:14.0560 2796 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:21:14.0560 2796 \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:21:14.0575 2796 Boot (0x1200) (d43161f242c6e7a4f4c3007cb466416b) \Device\Harddisk0\DR0\Partition0
08:21:14.0591 2796 \Device\Harddisk0\DR0\Partition0 - ok
08:21:14.0591 2796 ============================================================
08:21:14.0591 2796 Scan finished
08:21:14.0591 2796 ============================================================
08:21:14.0622 2912 Detected object count: 5
08:21:14.0622 2912 Actual detected object count: 5
08:21:52.0655 2912 AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
08:21:52.0655 2912 AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:21:52.0655 2912 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
08:21:52.0655 2912 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:21:52.0655 2912 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:21:52.0655 2912 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:21:52.0671 2912 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:21:52.0671 2912 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:21:52.0671 2912 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:21:52.0671 2912 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
08:22:06.0243 2908 ============================================================
08:22:06.0243 2908 Scan started
08:22:06.0243 2908 Mode: Manual; SigCheck; TDLFS;
08:22:06.0243 2908 ============================================================
08:22:07.0631 2908 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
08:22:07.0974 2908 1394ohci - ok
08:22:08.0083 2908 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
08:22:08.0177 2908 ACPI - ok
08:22:08.0177 2908 Scan interrupted by user!
08:22:08.0177 2908 Scan interrupted by user!
08:22:08.0177 2908 Scan interrupted by user!
08:22:08.0177 2908 ============================================================
08:22:08.0177 2908 Scan finished
08:22:08.0177 2908 ============================================================
08:22:08.0208 3268 Detected object count: 0
08:22:08.0208 3268 Actual detected object count: 0
08:22:11.0016 5924 ============================================================
08:22:11.0016 5924 Scan started
08:22:11.0016 5924 Mode: Manual; SigCheck; TDLFS;
08:22:11.0016 5924 ============================================================
08:22:12.0405 5924 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
08:22:12.0623 5924 1394ohci - ok
08:22:12.0654 5924 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
08:22:12.0748 5924 ACPI - ok
08:22:12.0810 5924 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
08:22:12.0982 5924 AcpiPmi - ok
08:22:13.0153 5924 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
08:22:13.0247 5924 adp94xx - ok
08:22:13.0372 5924 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
08:22:13.0465 5924 adpahci - ok
08:22:13.0512 5924 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
08:22:13.0590 5924 adpu320 - ok
08:22:13.0668 5924 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
08:22:13.0793 5924 AeLookupSvc - ok
08:22:13.0933 5924 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
08:22:14.0027 5924 AFD - ok
08:22:14.0105 5924 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
08:22:14.0183 5924 agp440 - ok
08:22:14.0292 5924 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
08:22:14.0370 5924 aic78xx - ok
08:22:14.0526 5924 aksfridge (730e9d3bb324fb1899005aea63c6782d) C:\windows\system32\drivers\aksfridge.sys
08:22:14.0620 5924 aksfridge - ok
08:22:14.0635 5924 Scan interrupted by user!
08:22:14.0635 5924 Scan interrupted by user!
08:22:14.0635 5924 Scan interrupted by user!
08:22:14.0635 5924 ============================================================
08:22:14.0635 5924 Scan finished
08:22:14.0635 5924 ============================================================
08:22:14.0682 4520 Detected object count: 0
08:22:14.0682 4520 Actual detected object count: 0
08:22:43.0184 4760 ============================================================
08:22:43.0184 4760 Scan started
08:22:43.0184 4760 Mode: Manual; SigCheck; TDLFS;
08:22:43.0184 4760 ============================================================
08:22:43.0652 4760 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
08:22:43.0854 4760 1394ohci - ok
08:22:43.0979 4760 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
08:22:44.0057 4760 ACPI - ok
08:22:44.0104 4760 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
08:22:44.0229 4760 AcpiPmi - ok
08:22:44.0338 4760 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
08:22:44.0416 4760 adp94xx - ok
08:22:44.0541 4760 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
08:22:44.0619 4760 adpahci - ok
08:22:44.0681 4760 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
08:22:44.0853 4760 adpu320 - ok
08:22:44.0915 4760 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
08:22:45.0149 4760 AeLookupSvc - ok
08:22:45.0274 4760 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
08:22:45.0492 4760 AFD - ok
08:22:45.0539 4760 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
08:22:45.0648 4760 agp440 - ok
08:22:45.0711 4760 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
08:22:45.0820 4760 aic78xx - ok
08:22:45.0929 4760 aksfridge (730e9d3bb324fb1899005aea63c6782d) C:\windows\system32\drivers\aksfridge.sys
08:22:46.0116 4760 aksfridge - ok
08:22:46.0179 4760 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
08:22:46.0304 4760 ALG - ok
08:22:46.0335 4760 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
08:22:46.0413 4760 aliide - ok
08:22:46.0460 4760 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
08:22:46.0522 4760 amdagp - ok
08:22:46.0553 4760 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
08:22:46.0616 4760 amdide - ok
08:22:46.0662 4760 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
08:22:46.0865 4760 AmdK8 - ok
08:22:46.0881 4760 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
08:22:47.0021 4760 AmdPPM - ok
08:22:47.0162 4760 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
08:22:47.0224 4760 amdsata - ok
08:22:47.0286 4760 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
08:22:47.0396 4760 amdsbs - ok
08:22:47.0458 4760 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
08:22:47.0520 4760 amdxata - ok
08:22:47.0614 4760 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
08:22:47.0942 4760 AppID - ok
08:22:47.0988 4760 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
08:22:48.0269 4760 AppIDSvc - ok
08:22:48.0316 4760 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
08:22:48.0534 4760 Appinfo - ok
08:22:48.0628 4760 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:22:48.0784 4760 Apple Mobile Device - ok
08:22:48.0846 4760 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
08:22:48.0909 4760 arc - ok
08:22:48.0956 4760 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
08:22:49.0018 4760 arcsas - ok
08:22:49.0049 4760 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\windows\system32\drivers\AsUpIO.sys
08:22:49.0112 4760 AsUpIO - ok
08:22:49.0205 4760 AsusService (c4fb2613d3c75364bb159b9c23a00e7a) C:\Windows\System32\AsusService.exe
08:22:49.0408 4760 AsusService ( UnsignedFile.Multi.Generic ) - warning
08:22:49.0408 4760 AsusService - detected UnsignedFile.Multi.Generic (1)
08:22:49.0439 4760 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
08:22:49.0751 4760 AsyncMac - ok
08:22:49.0782 4760 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
08:22:49.0860 4760 atapi - ok
08:22:50.0172 4760 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
08:22:50.0438 4760 athr - ok
08:22:50.0781 4760 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
08:22:50.0968 4760 AudioEndpointBuilder - ok
08:22:50.0984 4760 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
08:22:51.0264 4760 Audiosrv - ok
08:22:51.0342 4760 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
08:22:51.0498 4760 AxInstSV - ok
08:22:51.0686 4760 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
08:22:51.0888 4760 b06bdrv - ok
08:22:51.0998 4760 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
08:22:52.0185 4760 b57nd60x - ok
08:22:52.0310 4760 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
08:22:52.0528 4760 BBSvc - ok
08:22:52.0575 4760 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
08:22:52.0824 4760 BDESVC - ok
08:22:52.0871 4760 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
08:22:53.0168 4760 Beep - ok
08:22:53.0386 4760 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
08:22:53.0682 4760 BITS - ok
08:22:53.0698 4760 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
08:22:53.0885 4760 blbdrive - ok
08:22:54.0041 4760 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:22:54.0182 4760 Bonjour Service - ok
08:22:54.0228 4760 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
08:22:54.0338 4760 bowser - ok
08:22:54.0384 4760 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
08:22:54.0556 4760 BrFiltLo - ok
08:22:54.0572 4760 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
08:22:54.0774 4760 BrFiltUp - ok
08:22:54.0806 4760 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
08:22:55.0102 4760 BridgeMP - ok
08:22:55.0180 4760 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
08:22:55.0430 4760 Browser - ok
08:22:55.0523 4760 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
08:22:55.0726 4760 Brserid - ok
08:22:55.0757 4760 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
08:22:55.0913 4760 BrSerWdm - ok
08:22:55.0929 4760 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
08:22:56.0116 4760 BrUsbMdm - ok
08:22:56.0132 4760 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
08:22:56.0272 4760 BrUsbSer - ok
08:22:56.0303 4760 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
08:22:56.0475 4760 BthEnum - ok
08:22:56.0522 4760 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
08:22:56.0662 4760 BTHMODEM - ok
08:22:56.0693 4760 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
08:22:56.0865 4760 BthPan - ok
08:22:56.0958 4760 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
08:22:57.0130 4760 BTHPORT - ok
08:22:57.0177 4760 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
08:22:57.0426 4760 bthserv - ok
08:22:57.0489 4760 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
08:22:57.0660 4760 BTHUSB - ok
08:22:57.0692 4760 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys
08:22:57.0770 4760 btusbflt - ok
08:22:57.0785 4760 btwaudio - ok
08:22:57.0801 4760 btwavdt - ok
08:22:57.0801 4760 btwl2cap - ok
08:22:57.0832 4760 btwrchid - ok
08:22:57.0957 4760 ccEvtMgr (975b74eea1c5e88ac974c50ccc158e30) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
08:22:58.0050 4760 ccEvtMgr - ok
08:22:58.0066 4760 ccSetMgr (975b74eea1c5e88ac974c50ccc158e30) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
08:22:58.0222 4760 ccSetMgr - ok
08:22:58.0284 4760 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
08:22:58.0550 4760 cdfs - ok
08:22:58.0628 4760 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
08:22:58.0862 4760 cdrom - ok
08:22:58.0924 4760 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
08:22:59.0283 4760 CertPropSvc - ok
08:22:59.0330 4760 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
08:22:59.0501 4760 circlass - ok
08:22:59.0610 4760 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
08:22:59.0688 4760 CLFS - ok
08:22:59.0813 4760 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:23:00.0047 4760 clr_optimization_v2.0.50727_32 - ok
08:23:00.0141 4760 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:23:00.0219 4760 clr_optimization_v4.0.30319_32 - ok
08:23:00.0266 4760 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
08:23:00.0390 4760 CmBatt - ok
08:23:00.0437 4760 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
08:23:00.0500 4760 cmdide - ok
08:23:00.0624 4760 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
08:23:00.0780 4760 CNG - ok
08:23:00.0827 4760 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
08:23:00.0921 4760 Compbatt - ok
08:23:00.0952 4760 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
08:23:01.0092 4760 CompositeBus - ok
08:23:01.0124 4760 COMSysApp - ok
08:23:01.0202 4760 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
08:23:01.0264 4760 crcdisk - ok
08:23:01.0358 4760 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll
08:23:01.0576 4760 CryptSvc - ok
08:23:01.0732 4760 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
08:23:01.0982 4760 DcomLaunch - ok
08:23:02.0075 4760 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
08:23:02.0309 4760 defragsvc - ok
08:23:02.0418 4760 DefWatch (20ebbf7e2a86b2bf9bf5072762d321d7) C:\Program Files\Symantec AntiVirus\DefWatch.exe
08:23:02.0559 4760 DefWatch - ok
08:23:02.0621 4760 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
08:23:02.0902 4760 DfsC - ok
08:23:03.0089 4760 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
08:23:03.0323 4760 Dhcp - ok
08:23:03.0339 4760 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
08:23:03.0588 4760 discache - ok
08:23:03.0620 4760 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
08:23:03.0729 4760 Disk - ok
08:23:03.0791 4760 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
08:23:04.0025 4760 Dnscache - ok
08:23:04.0119 4760 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
08:23:04.0368 4760 dot3svc - ok
08:23:04.0446 4760 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
08:23:04.0836 4760 DPS - ok
08:23:04.0868 4760 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
08:23:05.0070 4760 drmkaud - ok
08:23:05.0258 4760 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
08:23:05.0367 4760 DXGKrnl - ok
08:23:05.0429 4760 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
08:23:05.0632 4760 EapHost - ok
08:23:06.0490 4760 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
08:23:06.0896 4760 ebdrv - ok
08:23:07.0052 4760 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
08:23:07.0192 4760 eeCtrl - ok
08:23:07.0426 4760 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
08:23:07.0754 4760 EFS - ok
08:23:08.0003 4760 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
08:23:08.0159 4760 elxstor - ok
08:23:08.0237 4760 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:23:08.0300 4760 EraserUtilRebootDrv - ok
08:23:08.0346 4760 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
08:23:08.0440 4760 ErrDev - ok
08:23:08.0565 4760 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
08:23:08.0830 4760 EventSystem - ok
08:23:08.0892 4760 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
08:23:09.0080 4760 exfat - ok
08:23:09.0126 4760 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
08:23:09.0438 4760 fastfat - ok
08:23:09.0594 4760 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
08:23:09.0969 4760 Fax - ok
08:23:10.0062 4760 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
08:23:10.0203 4760 fdc - ok
08:23:10.0250 4760 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
08:23:10.0421 4760 fdPHost - ok
08:23:10.0452 4760 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
08:23:10.0718 4760 FDResPub - ok
08:23:10.0764 4760 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
08:23:10.0874 4760 FileInfo - ok
08:23:10.0920 4760 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
08:23:11.0139 4760 Filetrace - ok
08:23:11.0326 4760 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:23:11.0529 4760 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
08:23:11.0529 4760 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
08:23:11.0560 4760 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
08:23:11.0778 4760 flpydisk - ok
08:23:11.0856 4760 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
08:23:11.0934 4760 FltMgr - ok
08:23:12.0090 4760 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
08:23:12.0246 4760 FontCache - ok
08:23:12.0418 4760 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:23:12.0496 4760 FontCache3.0.0.0 - ok
08:23:12.0527 4760 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
08:23:12.0652 4760 FsDepends - ok
08:23:12.0714 4760 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\windows\system32\DRIVERS\fssfltr.sys
08:23:12.0808 4760 fssfltr - ok
08:23:13.0260 4760 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
08:23:13.0760 4760 fsssvc - ok
08:23:14.0056 4760 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
08:23:14.0118 4760 Fs_Rec - ok
08:23:14.0212 4760 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
08:23:14.0368 4760 fvevol - ok
08:23:14.0430 4760 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
08:23:14.0493 4760 gagp30kx - ok
08:23:14.0540 4760 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
08:23:14.0602 4760 GEARAspiWDM - ok
08:23:14.0789 4760 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
08:23:15.0117 4760 gpsvc - ok
08:23:15.0257 4760 hardlock (a9d587e31dbee3e9bd97fefece0ba874) C:\windows\system32\drivers\hardlock.sys
08:23:15.0460 4760 hardlock - ok
08:23:15.0476 4760 hasplms - ok
08:23:15.0522 4760 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
08:23:15.0756 4760 hcw85cir - ok
08:23:15.0897 4760 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
08:23:16.0068 4760 HdAudAddService - ok
08:23:16.0131 4760 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
08:23:16.0302 4760 HDAudBus - ok
08:23:16.0349 4760 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
08:23:16.0521 4760 HidBatt - ok
08:23:16.0552 4760 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
08:23:16.0739 4760 HidBth - ok
08:23:16.0770 4760 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
08:23:16.0926 4760 HidIr - ok
08:23:16.0973 4760 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
08:23:17.0192 4760 hidserv - ok
08:23:17.0223 4760 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
08:23:17.0441 4760 HidUsb - ok
08:23:17.0519 4760 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
08:23:17.0784 4760 hkmsvc - ok
08:23:17.0862 4760 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
08:23:18.0034 4760 HomeGroupListener - ok
08:23:18.0112 4760 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
08:23:18.0268 4760 HomeGroupProvider - ok
08:23:18.0346 4760 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
08:23:18.0424 4760 HpSAMD - ok
08:23:18.0596 4760 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
08:23:18.0939 4760 HTTP - ok
08:23:19.0064 4760 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
08:23:19.0126 4760 hwpolicy - ok
08:23:19.0173 4760 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
08:23:19.0438 4760 i8042prt - ok
08:23:19.0610 4760 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
08:23:19.0844 4760 IAANTMON - ok
08:23:19.0968 4760 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
08:23:20.0093 4760 iaStor - ok
08:23:20.0218 4760 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
08:23:20.0390 4760 iaStorV - ok
08:23:20.0639 4760 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:23:20.0858 4760 idsvc - ok
08:23:22.0340 4760 igfx (81f7c715528ab621c6af58869d4b07b9) C:\windows\system32\DRIVERS\igdkmd32.sys
08:23:22.0761 4760 igfx - ok
08:23:23.0057 4760 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
08:23:23.0120 4760 iirsp - ok
08:23:23.0307 4760 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
08:23:23.0572 4760 IKEEXT - ok
08:23:24.0336 4760 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
08:23:24.0602 4760 IntcAzAudAddService - ok
08:23:24.0945 4760 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
08:23:25.0007 4760 intelide - ok
08:23:25.0070 4760 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
08:23:25.0335 4760 intelppm - ok
08:23:25.0382 4760 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
08:23:25.0662 4760 IPBusEnum - ok
08:23:25.0694 4760 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
08:23:25.0896 4760 IpFilterDriver - ok
08:23:26.0037 4760 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
08:23:26.0458 4760 iphlpsvc - ok
08:23:26.0505 4760 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
08:23:26.0661 4760 IPMIDRV - ok
08:23:26.0723 4760 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
08:23:27.0020 4760 IPNAT - ok
08:23:27.0269 4760 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
08:23:27.0410 4760 iPod Service - ok
08:23:27.0456 4760 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
08:23:27.0566 4760 IRENUM - ok
08:23:27.0628 4760 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
08:23:27.0737 4760 isapnp - ok
08:23:27.0862 4760 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
08:23:27.0987 4760 iScsiPrt - ok
08:23:28.0034 4760 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
08:23:28.0127 4760 kbdclass - ok
08:23:28.0158 4760 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
08:23:28.0283 4760 kbdhid - ok
08:23:28.0314 4760 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
08:23:28.0392 4760 kbfiltr - ok
08:23:28.0424 4760 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:23:28.0642 4760 KeyIso - ok
08:23:28.0673 4760 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
08:23:28.0736 4760 KSecDD - ok
08:23:28.0798 4760 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
08:23:28.0876 4760 KSecPkg - ok
08:23:28.0970 4760 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
08:23:29.0204 4760 KtmRm - ok
08:23:29.0250 4760 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys
08:23:29.0453 4760 L1C - ok
08:23:29.0547 4760 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll
08:23:29.0812 4760 LanmanServer - ok
08:23:29.0952 4760 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
08:23:30.0218 4760 LanmanWorkstation - ok
08:23:31.0029 4760 LiveUpdate (e8a9ac5f30833cd62e3530e2fdbf81df) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
08:23:31.0419 4760 LiveUpdate - ok
08:23:31.0731 4760 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
08:23:31.0918 4760 lltdio - ok
08:23:31.0980 4760 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
08:23:32.0324 4760 lltdsvc - ok
08:23:32.0355 4760 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
08:23:32.0604 4760 lmhosts - ok
08:23:32.0667 4760 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
08:23:32.0760 4760 LSI_FC - ok
08:23:32.0792 4760 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
08:23:32.0916 4760 LSI_SAS - ok
08:23:32.0932 4760 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
08:23:33.0014 4760 LSI_SAS2 - ok
08:23:33.0052 4760 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
08:23:33.0122 4760 LSI_SCSI - ok
08:23:33.0169 4760 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
08:23:33.0310 4760 luafv - ok
08:23:33.0356 4760 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys
08:23:33.0419 4760 MBAMProtector - ok
08:23:33.0575 4760 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
08:23:33.0746 4760 MBAMService - ok
08:23:33.0856 4760 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
08:23:33.0934 4760 megasas - ok
08:23:33.0980 4760 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
08:23:34.0090 4760 MegaSR - ok
08:23:34.0589 4760 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
08:23:34.0714 4760 Microsoft Office Groove Audit Service - ok
08:23:34.0760 4760 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
08:23:34.0948 4760 MMCSS - ok
08:23:35.0010 4760 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
08:23:35.0135 4760 Modem - ok
08:23:35.0197 4760 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
08:23:35.0275 4760 monitor - ok
08:23:35.0338 4760 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
08:23:35.0400 4760 mouclass - ok
08:23:35.0462 4760 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
08:23:35.0540 4760 mouhid - ok
08:23:35.0603 4760 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
08:23:35.0743 4760 mountmgr - ok
08:23:35.0977 4760 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:23:36.0133 4760 MozillaMaintenance - ok
08:23:36.0353 4760 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
08:23:36.0462 4760 mpio - ok
08:23:36.0524 4760 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
08:23:36.0665 4760 mpsdrv - ok
08:23:36.0743 4760 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
08:23:36.0867 4760 MRxDAV - ok
08:23:36.0945 4760 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
08:23:37.0086 4760 mrxsmb - ok
08:23:37.0148 4760 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
08:23:37.0284 4760 mrxsmb10 - ok
08:23:37.0333 4760 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
08:23:37.0411 4760 mrxsmb20 - ok
08:23:37.0458 4760 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
08:23:37.0536 4760 msahci - ok
08:23:38.0347 4760 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
08:23:38.0425 4760 msdsm - ok
08:23:38.0877 4760 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
08:23:39.0049 4760 MSDTC - ok
08:23:39.0111 4760 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
08:23:39.0236 4760 Msfs - ok
08:23:39.0283 4760 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
08:23:39.0408 4760 mshidkmdf - ok
08:23:39.0439 4760 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
08:23:39.0501 4760 msisadrv - ok
08:23:39.0595 4760 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
08:23:39.0720 4760 MSiSCSI - ok
08:23:39.0751 4760 msiserver - ok
08:23:39.0829 4760 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
08:23:39.0969 4760 MSKSSRV - ok
08:23:40.0016 4760 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
08:23:40.0157 4760 MSPCLOCK - ok
08:23:40.0235 4760 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
08:23:40.0359 4760 MSPQM - ok
08:23:40.0453 4760 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
08:23:40.0531 4760 MsRPC - ok
08:23:40.0609 4760 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
08:23:40.0687 4760 mssmbios - ok
08:23:40.0734 4760 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
08:23:40.0859 4760 MSTEE - ok
08:23:40.0968 4760 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
08:23:41.0030 4760 MTConfig - ok
08:23:41.0077 4760 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
08:23:41.0155 4760 Mup - ok
08:23:41.0264 4760 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
08:23:41.0405 4760 napagent - ok
08:23:41.0529 4760 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
08:23:41.0623 4760 NativeWifiP - ok
08:23:42.0465 4760 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120611.002\NAVENG.SYS
08:23:42.0528 4760 NAVENG - ok
08:23:42.0824 4760 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120611.002\NAVEX15.SYS
08:23:42.0980 4760 NAVEX15 - ok
08:23:43.0323 4760 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
08:23:43.0448 4760 NDIS - ok
08:23:43.0573 4760 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
08:23:43.0698 4760 NdisCap - ok
08:23:43.0745 4760 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
08:23:43.0854 4760 NdisTapi - ok
08:23:43.0916 4760 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
08:23:44.0041 4760 Ndisuio - ok
08:23:44.0119 4760 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
08:23:44.0259 4760 NdisWan - ok
08:23:44.0337 4760 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
08:23:44.0462 4760 NDProxy - ok
08:23:44.0509 4760 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
08:23:44.0556 4760 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:23:44.0556 4760 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:23:44.0634 4760 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
08:23:44.0759 4760 NetBIOS - ok
08:23:44.0837 4760 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
08:23:44.0977 4760 NetBT - ok
08:23:45.0024 4760 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:23:45.0149 4760 Netlogon - ok
08:23:45.0258 4760 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
08:23:45.0429 4760 Netman - ok
08:23:45.0523 4760 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
08:23:45.0663 4760 netprofm - ok
08:23:45.0851 4760 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:23:45.0913 4760 NetTcpPortSharing - ok
08:23:45.0991 4760 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
08:23:46.0053 4760 nfrd960 - ok
08:23:46.0194 4760 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
08:23:46.0319 4760 NlaSvc - ok
08:23:46.0365 4760 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
08:23:46.0490 4760 Npfs - ok
08:23:46.0568 4760 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
08:23:46.0693 4760 nsi - ok
08:23:46.0755 4760 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
08:23:46.0880 4760 nsiproxy - ok
08:23:47.0083 4760 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
08:23:47.0239 4760 Ntfs - ok
08:23:47.0535 4760 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
08:23:47.0660 4760 Null - ok
08:23:48.0284 4760 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
08:23:48.0362 4760 nvraid - ok
08:23:48.0425 4760 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
08:23:48.0503 4760 nvstor - ok
08:23:49.0173 4760 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
08:23:49.0251 4760 nv_agp - ok
08:23:49.0985 4760 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:23:50.0141 4760 odserv - ok
08:23:50.0203 4760 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
08:23:50.0297 4760 ohci1394 - ok
08:23:51.0342 4760 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:23:51.0576 4760 ose - ok
08:23:51.0669 4760 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
08:23:51.0794 4760 p2pimsvc - ok
08:23:51.0888 4760 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
08:23:51.0981 4760 p2psvc - ok
08:23:52.0106 4760 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
08:23:52.0184 4760 Parport - ok
08:23:52.0247 4760 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
08:23:52.0325 4760 partmgr - ok
08:23:52.0403 4760 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
08:23:52.0481 4760 Parvdm - ok
08:23:52.0543 4760 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
08:23:52.0652 4760 PcaSvc - ok
08:23:52.0730 4760 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
08:23:52.0808 4760 pci - ok
08:23:52.0839 4760 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
08:23:52.0917 4760 pciide - ok
08:23:53.0011 4760 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
08:23:53.0089 4760 pcmcia - ok
08:23:53.0151 4760 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
08:23:53.0214 4760 pcw - ok
08:23:53.0292 4760 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
08:23:53.0463 4760 PEAUTH - ok
08:23:53.0931 4760 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
08:23:54.0119 4760 pla - ok
08:23:54.0399 4760 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
08:23:54.0493 4760 PlugPlay - ok
08:23:54.0555 4760 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
08:23:54.0602 4760 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:23:54.0602 4760 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:23:54.0665 4760 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
08:23:54.0743 4760 PNRPAutoReg - ok
08:23:54.0789 4760 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
08:23:54.0883 4760 PNRPsvc - ok
08:23:54.0992 4760 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
08:23:55.0148 4760 PolicyAgent - ok
08:23:55.0211 4760 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
08:23:55.0351 4760 Power - ok
08:23:55.0460 4760 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
08:23:55.0585 4760 PptpMiniport - ok
08:23:55.0632 4760 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
08:23:55.0710 4760 Processor - ok
08:23:55.0788 4760 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll
08:23:55.0928 4760 ProfSvc - ok
08:23:55.0991 4760 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:23:56.0115 4760 ProtectedStorage - ok
08:23:56.0178 4760 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
08:23:56.0365 4760 Psched - ok
08:23:57.0504 4760 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
08:23:57.0644 4760 ql2300 - ok
08:23:58.0190 4760 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
08:23:58.0299 4760 ql40xx - ok
08:23:58.0362 4760 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
08:23:58.0471 4760 QWAVE - ok
08:23:58.0518 4760 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
08:23:58.0596 4760 QWAVEdrv - ok
08:23:58.0689 4760 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
08:23:58.0830 4760 RasAcd - ok
08:23:58.0877 4760 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
08:23:59.0001 4760 RasAgileVpn - ok
08:23:59.0064 4760 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
08:23:59.0204 4760 RasAuto - ok
08:23:59.0251 4760 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
08:23:59.0391 4760 Rasl2tp - ok
08:23:59.0485 4760 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
08:23:59.0641 4760 RasMan - ok
08:23:59.0735 4760 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
08:23:59.0875 4760 RasPppoe - ok
08:23:59.0953 4760 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
08:24:00.0062 4760 RasSstp - ok
08:24:00.0187 4760 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
08:24:00.0312 4760 rdbss - ok
08:24:00.0421 4760 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
08:24:00.0499 4760 rdpbus - ok
08:24:00.0561 4760 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
08:24:00.0686 4760 RDPCDD - ok
08:24:00.0717 4760 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
08:24:00.0842 4760 RDPENCDD - ok
08:24:00.0905 4760 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
08:24:01.0014 4760 RDPREFMP - ok
08:24:02.0137 4760 RDPWD (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys
08:24:02.0246 4760 RDPWD - ok
08:24:02.0355 4760 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
08:24:02.0433 4760 rdyboost - ok
08:24:02.0511 4760 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
08:24:02.0652 4760 RemoteAccess - ok
08:24:02.0714 4760 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
08:24:02.0855 4760 RemoteRegistry - ok
08:24:03.0291 4760 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
08:24:03.0385 4760 RFCOMM - ok
08:24:03.0463 4760 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
08:24:03.0603 4760 RpcEptMapper - ok
08:24:03.0635 4760 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
08:24:03.0728 4760 RpcLocator - ok
08:24:03.0837 4760 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
08:24:03.0978 4760 RpcSs - ok
08:24:04.0056 4760 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
08:24:04.0181 4760 rspndr - ok
08:24:04.0227 4760 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:24:04.0352 4760 SamSs - ok
08:24:05.0023 4760 SavRoam (c2320ef4c3d759f8abc679ece791ce34) C:\Program Files\Symantec AntiVirus\SavRoam.exe
08:24:05.0117 4760 SavRoam - ok
08:24:05.0647 4760 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
08:24:05.0725 4760 sbp2port - ok
08:24:05.0787 4760 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
08:24:05.0928 4760 SCardSvr - ok
08:24:05.0990 4760 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
08:24:06.0115 4760 scfilter - ok
08:24:06.0302 4760 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
08:24:06.0474 4760 Schedule - ok
08:24:06.0599 4760 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
08:24:06.0724 4760 SCPolicySvc - ok
08:24:06.0802 4760 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
08:24:06.0895 4760 SDRSVC - ok
08:24:07.0067 4760 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
08:24:07.0254 4760 SeaPort - ok
08:24:07.0410 4760 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
08:24:07.0550 4760 secdrv - ok
08:24:07.0613 4760 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
08:24:07.0753 4760 seclogon - ok
08:24:07.0831 4760 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
08:24:07.0956 4760 SENS - ok
08:24:08.0065 4760 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
08:24:08.0143 4760 Serenum - ok
08:24:08.0440 4760 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
08:24:08.0518 4760 Serial - ok
08:24:08.0564 4760 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
08:24:08.0642 4760 sermouse - ok
08:24:08.0767 4760 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
08:24:08.0908 4760 SessionEnv - ok
08:24:08.0986 4760 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
08:24:09.0064 4760 sffdisk - ok
08:24:09.0110 4760 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
08:24:09.0188 4760 sffp_mmc - ok
08:24:09.0329 4760 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
08:24:09.0391 4760 sffp_sd - ok
08:24:09.0485 4760 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
08:24:09.0547 4760 sfloppy - ok
08:24:09.0766 4760 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
08:24:09.0937 4760 ShellHWDetection - ok
08:24:09.0984 4760 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
08:24:10.0062 4760 sisagp - ok
08:24:10.0124 4760 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
08:24:10.0202 4760 SiSRaid2 - ok
08:24:10.0249 4760 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
08:24:10.0327 4760 SiSRaid4 - ok
08:24:10.0358 4760 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
08:24:10.0499 4760 Smb - ok
08:24:10.0592 4760 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
08:24:10.0702 4760 SNMPTRAP - ok
08:24:11.0029 4760 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
08:24:11.0123 4760 SPBBCDrv - ok
08:24:11.0201 4760 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
08:24:11.0263 4760 spldr - ok
08:24:11.0840 4760 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
08:24:12.0043 4760 Spooler - ok
08:24:13.0229 4760 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
08:24:14.0336 4760 sppsvc - ok
08:24:14.0742 4760 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
08:24:14.0867 4760 sppuinotify - ok
08:24:15.0132 4760 SRTSP (3cb2f35789632f0bae8a1b9edb08e965) C:\windows\system32\Drivers\SRTSP.SYS
08:24:15.0210 4760 SRTSP - ok
08:24:15.0288 4760 SRTSPL (d69f1be5fd6da685a4c0e36d58a29e85) C:\windows\system32\Drivers\SRTSPL.SYS
08:24:15.0366 4760 SRTSPL - ok
08:24:15.0413 4760 SRTSPX (1af60c53c43e2e672bbda3ba9a947d48) C:\windows\system32\Drivers\SRTSPX.SYS
08:24:15.0475 4760 SRTSPX - ok
08:24:15.0616 4760 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
08:24:15.0772 4760 srv - ok
08:24:15.0943 4760 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
08:24:16.0037 4760 srv2 - ok
08:24:16.0427 4760 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
08:24:16.0520 4760 srvnet - ok
08:24:16.0848 4760 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
08:24:16.0988 4760 SSDPSRV - ok
08:24:17.0144 4760 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
08:24:17.0285 4760 SstpSvc - ok
08:24:17.0410 4760 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
08:24:17.0488 4760 stexstor - ok
08:24:17.0644 4760 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
08:24:17.0768 4760 StiSvc - ok
08:24:17.0815 4760 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
08:24:17.0878 4760 swenum - ok
08:24:17.0987 4760 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
08:24:18.0143 4760 swprv - ok
08:24:19.0266 4760 Symantec AntiVirus (1fda6b0527dd0dd71b324fcfc60a5f29) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
08:24:19.0516 4760 Symantec AntiVirus - ok
08:24:20.0888 4760 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\windows\system32\Drivers\SYMEVENT.SYS
08:24:20.0966 4760 SymEvent - ok
08:24:21.0091 4760 SYMREDRV (829830a3ca1c5e329d68e26c9cd2de8d) C:\windows\System32\Drivers\SYMREDRV.SYS
08:24:21.0185 4760 SYMREDRV - ok
08:24:21.0372 4760 SYMTDI (b1aa9704124b494c34e8d372e6654196) C:\windows\System32\Drivers\SYMTDI.SYS
08:24:21.0466 4760 SYMTDI - ok
08:24:21.0544 4760 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
08:24:21.0622 4760 SynTP - ok
08:24:22.0230 4760 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
08:24:22.0402 4760 SysMain - ok
08:24:22.0495 4760 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
08:24:22.0620 4760 TabletInputService - ok
08:24:22.0729 4760 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
08:24:22.0870 4760 TapiSrv - ok
08:24:22.0979 4760 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
08:24:23.0135 4760 TBS - ok
08:24:23.0790 4760 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
08:24:23.0946 4760 Tcpip - ok
08:24:24.0617 4760 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
08:24:24.0773 4760 TCPIP6 - ok
08:24:25.0319 4760 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
08:24:25.0444 4760 tcpipreg - ok
08:24:25.0584 4760 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
08:24:25.0662 4760 TDPIPE - ok
08:24:25.0709 4760 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
08:24:25.0787 4760 TDTCP - ok
08:24:25.0896 4760 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
08:24:26.0036 4760 tdx - ok
08:24:26.0302 4760 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
08:24:26.0364 4760 TermDD - ok
08:24:26.0848 4760 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
08:24:27.0004 4760 TermService - ok
08:24:27.0066 4760 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
08:24:27.0206 4760 Themes - ok
08:24:27.0581 4760 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
08:24:27.0706 4760 THREADORDER - ok
08:24:27.0862 4760 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
08:24:27.0986 4760 TrkWks - ok
08:24:28.0408 4760 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
08:24:28.0548 4760 TrustedInstaller - ok
08:24:28.0626 4760 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
08:24:28.0766 4760 tssecsrv - ok
08:24:29.0032 4760 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
08:24:29.0094 4760 TsUsbFlt - ok
08:24:29.0172 4760 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
08:24:29.0297 4760 tunnel - ok
08:24:29.0375 4760 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
08:24:29.0453 4760 uagp35 - ok
08:24:29.0593 4760 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
08:24:29.0734 4760 udfs - ok
08:24:29.0905 4760 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
08:24:30.0014 4760 UI0Detect - ok
08:24:30.0092 4760 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
08:24:30.0170 4760 uliagpkx - ok
08:24:30.0326 4760 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
08:24:30.0404 4760 umbus - ok
08:24:30.0451 4760 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
08:24:30.0514 4760 UmPass - ok
08:24:30.0654 4760 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
08:24:30.0826 4760 upnphost - ok
08:24:30.0872 4760 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
08:24:30.0950 4760 USBAAPL - ok
08:24:30.0997 4760 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
08:24:31.0106 4760 usbccgp - ok
08:24:31.0216 4760 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
08:24:31.0309 4760 usbcir - ok
08:24:31.0606 4760 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
08:24:31.0668 4760 usbehci - ok
08:24:32.0417 4760 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
08:24:32.0495 4760 usbhub - ok
08:24:32.0604 4760 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
08:24:32.0682 4760 usbohci - ok
08:24:32.0744 4760 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
08:24:32.0822 4760 usbprint - ok
08:24:32.0900 4760 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
08:24:32.0994 4760 USBSTOR - ok
08:24:33.0181 4760 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
08:24:33.0259 4760 usbuhci - ok
08:24:33.0478 4760 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
08:24:33.0556 4760 usbvideo - ok
08:24:33.0790 4760 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
08:24:33.0914 4760 UxSms - ok
08:24:33.0961 4760 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:24:34.0086 4760 VaultSvc - ok
08:24:34.0180 4760 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
08:24:34.0242 4760 vdrvroot - ok
08:24:34.0460 4760 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
08:24:34.0679 4760 vds - ok
08:24:34.0726 4760 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
08:24:34.0804 4760 vga - ok
08:24:34.0897 4760 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
08:24:35.0022 4760 VgaSave - ok
08:24:35.0084 4760 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
08:24:35.0178 4760 vhdmp - ok
08:24:35.0256 4760 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
08:24:35.0318 4760 viaagp - ok
08:24:35.0396 4760 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
08:24:35.0474 4760 ViaC7 - ok
08:24:35.0646 4760 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
08:24:35.0708 4760 viaide - ok
08:24:35.0818 4760 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
08:24:35.0896 4760 volmgr - ok
08:24:36.0457 4760 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
08:24:36.0535 4760 volmgrx - ok
08:24:36.0629 4760 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
08:24:36.0738 4760 volsnap - ok
08:24:37.0284 4760 vpnagent (caafa2333b428a12bfa97ecd389f59c5) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
08:24:37.0456 4760 vpnagent - ok
08:24:37.0658 4760 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\windows\system32\DRIVERS\vpnva.sys
08:24:37.0705 4760 vpnva - ok
08:24:37.0768 4760 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
08:24:37.0846 4760 vsmraid - ok
08:24:38.0392 4760 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
08:24:38.0672 4760 VSS - ok
08:24:38.0797 4760 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
08:24:38.0875 4760 vwifibus - ok
08:24:39.0218 4760 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
08:24:39.0296 4760 vwififlt - ok
08:24:39.0343 4760 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
08:24:39.0452 4760 vwifimp - ok
08:24:39.0920 4760 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
08:24:40.0076 4760 W32Time - ok
08:24:40.0154 4760 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
08:24:40.0232 4760 WacomPen - ok
08:24:40.0295 4760 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
08:24:40.0435 4760 WANARP - ok
08:24:40.0451 4760 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
08:24:40.0576 4760 Wanarpv6 - ok
08:24:41.0153 4760 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
08:24:41.0387 4760 wbengine - ok
08:24:41.0668 4760 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
08:24:41.0792 4760 WbioSrvc - ok
08:24:41.0995 4760 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
08:24:42.0104 4760 wcncsvc - ok
08:24:42.0198 4760 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
08:24:42.0276 4760 WcsPlugInService - ok
08:24:42.0370 4760 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
08:24:42.0448 4760 Wd - ok
08:24:42.0619 4760 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
08:24:42.0760 4760 Wdf01000 - ok
08:24:43.0087 4760 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
08:24:43.0181 4760 WdiServiceHost - ok
08:24:43.0212 4760 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
08:24:43.0321 4760 WdiSystemHost - ok
08:24:43.0524 4760 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
08:24:43.0633 4760 WebClient - ok
08:24:43.0711 4760 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
08:24:43.0883 4760 Wecsvc - ok
08:24:44.0039 4760 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
08:24:44.0226 4760 wercplsupport - ok
08:24:44.0304 4760 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
08:24:44.0444 4760 WerSvc - ok
08:24:44.0476 4760 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
08:24:44.0663 4760 WfpLwf - ok
08:24:44.0678 4760 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
08:24:44.0803 4760 WIMMount - ok
08:24:45.0068 4760 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
08:24:45.0302 4760 WinDefend - ok
08:24:45.0318 4760 WinHttpAutoProxySvc - ok
08:24:45.0505 4760 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
08:24:45.0848 4760 Winmgmt - ok
08:24:46.0145 4760 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
08:24:46.0394 4760 WinRM - ok
08:24:46.0488 4760 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
08:24:46.0644 4760 WinUsb - ok
08:24:46.0847 4760 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
08:24:47.0174 4760 Wlansvc - ok
08:24:47.0299 4760 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:24:47.0393 4760 wlcrasvc - ok
08:24:47.0876 4760 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:24:48.0204 4760 wlidsvc - ok
08:24:48.0563 4760 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
08:24:48.0703 4760 WmiAcpi - ok
08:24:48.0844 4760 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
08:24:49.0187 4760 wmiApSrv - ok
08:24:49.0561 4760 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
08:24:49.0811 4760 WMPNetworkSvc - ok
08:24:50.0092 4760 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
08:24:50.0544 4760 WPCSvc - ok
08:24:50.0622 4760 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
08:24:50.0794 4760 WPDBusEnum - ok
08:24:51.0090 4760 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
08:24:51.0325 4760 ws2ifsl - ok
08:24:51.0382 4760 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
08:24:51.0532 4760 wscsvc - ok
08:24:51.0563 4760 WSearch - ok
08:24:53.0778 4760 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
08:24:54.0199 4760 wuauserv - ok
08:24:54.0605 4760 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
08:24:54.0917 4760 WudfPf - ok
08:24:54.0979 4760 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
08:24:55.0276 4760 WUDFRd - ok
08:24:55.0323 4760 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
08:24:55.0697 4760 wudfsvc - ok
08:24:55.0775 4760 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
08:24:55.0993 4760 WwanSvc - ok
08:24:56.0071 4760 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:24:57.0039 4760 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:24:57.0039 4760 \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:24:57.0070 4760 Boot (0x1200) (d43161f242c6e7a4f4c3007cb466416b) \Device\Harddisk0\DR0\Partition0
08:24:57.0070 4760 \Device\Harddisk0\DR0\Partition0 - ok
08:24:57.0070 4760 ============================================================
08:24:57.0070 4760 Scan finished
08:24:57.0070 4760 ============================================================
08:24:57.0117 4876 Detected object count: 5
08:24:57.0117 4876 Actual detected object count: 5
08:26:23.0915 4876 AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
08:26:23.0915 4876 AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:26:23.0915 4876 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
08:26:23.0915 4876 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:26:23.0915 4876 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:26:23.0915 4876 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:26:23.0931 4876 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:26:23.0931 4876 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:26:23.0931 4876 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:26:23.0931 4876 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
08:26:27.0191 5964 Deinitialize success
  • 0

#4
nateumn

nateumn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-13 09:45:22
-----------------------------
09:45:22.571 OS Version: Windows 6.1.7601 Service Pack 1
09:45:22.571 Number of processors: 2 586 0x1C0A
09:45:22.582 ComputerName: CHUBBYII-PC UserName: Chubby II
09:46:45.178 Initialize success
09:47:30.547 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:47:30.555 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
09:47:30.572 Disk 0 MBR read successfully
09:47:30.578 Disk 0 MBR scan
09:47:30.584 Disk 0 Windows 7 default MBR code
09:47:30.605 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 228213 MB offset 2048
09:47:30.647 Disk 0 Partition 2 00 1B Hidd FAT32 MSDOS5.0 10240 MB offset 467382272
09:47:30.667 Disk 0 Partition 3 00 EF EFI FAT 18 MB offset 488353792
09:47:30.683 Disk 0 scanning sectors +488392065
09:47:30.764 Disk 0 scanning C:\windows\system32\drivers
09:47:45.135 Service scanning
09:48:58.136 Modules scanning
09:50:28.239 Disk 0 trace - called modules:
09:50:28.271 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
09:50:28.274 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8536a2e0]
09:50:28.275 3 CLASSPNP.SYS[8868f59e] -> nt!IofCallDriver -> [0x84971900]
09:50:28.275 5 ACPI.sys[87e953d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x83c22028]
09:50:28.276 Scan finished successfully
09:51:37.100 Disk 0 MBR has been saved successfully to "C:\Users\Chubby II\Desktop\MBR.dat"
09:51:37.115 The log file has been saved successfully to "C:\Users\Chubby II\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   567bytes   121 downloads

  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Now please restart your system. Run TDSSKiller again and select Delete option for this

\Device\Harddisk0\DR0 ( TDSS File System )
\Device\Harddisk0\DR0 ( TDSS File System )



Make sure to restart your system after this and then try to run Combofix again. Hopefully we will get log. Please post both logs (TDSSKiller and Combofix log).
  • 0

#6
nateumn

nateumn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Still no luck with the combofix log. Am I correct to be looking for it as C:\Combofix.txt? I've searched my computer for it and didn't have luck.

Here is the log from TDSSkiller:

14:06:18.0836 3188 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
14:06:19.0834 3188 ============================================================
14:06:19.0850 3188 Current date / time: 2012/06/13 14:06:19.0834
14:06:19.0850 3188 SystemInfo:
14:06:19.0850 3188
14:06:19.0850 3188 OS Version: 6.1.7601 ServicePack: 1.0
14:06:19.0850 3188 Product type: Workstation
14:06:19.0850 3188 ComputerName: CHUBBYII-PC
14:06:19.0850 3188 UserName: Chubby II
14:06:19.0850 3188 Windows directory: C:\windows
14:06:19.0850 3188 System windows directory: C:\windows
14:06:19.0850 3188 Processor architecture: Intel x86
14:06:19.0850 3188 Number of processors: 2
14:06:19.0850 3188 Page size: 0x1000
14:06:19.0850 3188 Boot type: Normal boot
14:06:19.0850 3188 ============================================================
14:06:21.0394 3188 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:06:21.0394 3188 ============================================================
14:06:21.0394 3188 \Device\Harddisk0\DR0:
14:06:21.0394 3188 MBR partitions:
14:06:21.0394 3188 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BDBA800
14:06:21.0394 3188 ============================================================
14:06:21.0425 3188 C: <-> \Device\Harddisk0\DR0\Partition0
14:06:21.0441 3188 ============================================================
14:06:21.0441 3188 Initialize success
14:06:21.0441 3188 ============================================================
14:06:27.0915 3172 ============================================================
14:06:27.0915 3172 Scan started
14:06:27.0915 3172 Mode: Manual; SigCheck; TDLFS;
14:06:27.0915 3172 ============================================================
14:06:29.0802 3172 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
14:06:30.0723 3172 1394ohci - ok
14:06:30.0816 3172 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
14:06:30.0941 3172 ACPI - ok
14:06:31.0004 3172 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
14:06:31.0269 3172 AcpiPmi - ok
14:06:31.0425 3172 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
14:06:31.0643 3172 adp94xx - ok
14:06:31.0768 3172 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
14:06:31.0971 3172 adpahci - ok
14:06:32.0064 3172 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
14:06:32.0205 3172 adpu320 - ok
14:06:32.0252 3172 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
14:06:33.0032 3172 AeLookupSvc - ok
14:06:33.0156 3172 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
14:06:33.0796 3172 AFD - ok
14:06:33.0999 3172 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
14:06:34.0124 3172 agp440 - ok
14:06:34.0202 3172 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
14:06:34.0248 3172 aic78xx - ok
14:06:34.0326 3172 aksfridge (730e9d3bb324fb1899005aea63c6782d) C:\windows\system32\drivers\aksfridge.sys
14:06:35.0387 3172 aksfridge - ok
14:06:35.0465 3172 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
14:06:36.0370 3172 ALG - ok
14:06:36.0713 3172 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
14:06:36.0760 3172 aliide - ok
14:06:36.0869 3172 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
14:06:36.0916 3172 amdagp - ok
14:06:36.0978 3172 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
14:06:37.0025 3172 amdide - ok
14:06:37.0088 3172 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
14:06:37.0509 3172 AmdK8 - ok
14:06:37.0571 3172 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
14:06:37.0852 3172 AmdPPM - ok
14:06:37.0946 3172 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
14:06:38.0008 3172 amdsata - ok
14:06:38.0086 3172 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
14:06:38.0226 3172 amdsbs - ok
14:06:38.0258 3172 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
14:06:38.0304 3172 amdxata - ok
14:06:38.0429 3172 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
14:06:38.0819 3172 AppID - ok
14:06:38.0866 3172 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
14:06:39.0506 3172 AppIDSvc - ok
14:06:39.0584 3172 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
14:06:40.0270 3172 Appinfo - ok
14:06:40.0426 3172 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:06:41.0440 3172 Apple Mobile Device - ok
14:06:41.0549 3172 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
14:06:42.0688 3172 arc - ok
14:06:42.0797 3172 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
14:06:42.0922 3172 arcsas - ok
14:06:42.0984 3172 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\windows\system32\drivers\AsUpIO.sys
14:06:43.0078 3172 AsUpIO - ok
14:06:43.0156 3172 AsusService (c4fb2613d3c75364bb159b9c23a00e7a) C:\Windows\System32\AsusService.exe
14:06:43.0468 3172 AsusService ( UnsignedFile.Multi.Generic ) - warning
14:06:43.0468 3172 AsusService - detected UnsignedFile.Multi.Generic (1)
14:06:43.0515 3172 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
14:06:47.0493 3172 AsyncMac - ok
14:06:47.0555 3172 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
14:06:47.0602 3172 atapi - ok
14:06:52.0922 3172 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
14:06:53.0780 3172 athr - ok
14:06:54.0170 3172 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
14:06:54.0326 3172 AudioEndpointBuilder - ok
14:06:54.0341 3172 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
14:06:54.0482 3172 Audiosrv - ok
14:06:54.0653 3172 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
14:06:54.0856 3172 AxInstSV - ok
14:06:55.0215 3172 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
14:06:55.0402 3172 b06bdrv - ok
14:06:55.0511 3172 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
14:06:55.0854 3172 b57nd60x - ok
14:06:56.0291 3172 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
14:06:56.0385 3172 BBSvc - ok
14:06:56.0603 3172 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
14:06:56.0884 3172 BDESVC - ok
14:06:56.0931 3172 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
14:06:57.0882 3172 Beep - ok
14:06:58.0054 3172 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
14:06:59.0006 3172 BITS - ok
14:06:59.0037 3172 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
14:06:59.0146 3172 blbdrive - ok
14:06:59.0333 3172 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:06:59.0427 3172 Bonjour Service - ok
14:06:59.0489 3172 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
14:06:59.0567 3172 bowser - ok
14:06:59.0614 3172 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
14:06:59.0739 3172 BrFiltLo - ok
14:06:59.0754 3172 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
14:06:59.0848 3172 BrFiltUp - ok
14:06:59.0895 3172 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
14:07:00.0066 3172 BridgeMP - ok
14:07:00.0129 3172 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
14:07:00.0659 3172 Browser - ok
14:07:00.0768 3172 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
14:07:01.0080 3172 Brserid - ok
14:07:01.0112 3172 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
14:07:01.0392 3172 BrSerWdm - ok
14:07:01.0408 3172 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
14:07:01.0751 3172 BrUsbMdm - ok
14:07:01.0782 3172 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
14:07:02.0063 3172 BrUsbSer - ok
14:07:02.0110 3172 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
14:07:02.0548 3172 BthEnum - ok
14:07:02.0688 3172 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
14:07:02.0891 3172 BTHMODEM - ok
14:07:03.0000 3172 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
14:07:03.0437 3172 BthPan - ok
14:07:03.0624 3172 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
14:07:03.0983 3172 BTHPORT - ok
14:07:04.0045 3172 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
14:07:04.0451 3172 bthserv - ok
14:07:04.0498 3172 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
14:07:04.0779 3172 BTHUSB - ok
14:07:04.0841 3172 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys
14:07:04.0903 3172 btusbflt - ok
14:07:04.0919 3172 btwaudio - ok
14:07:04.0950 3172 btwavdt - ok
14:07:04.0950 3172 btwl2cap - ok
14:07:04.0966 3172 btwrchid - ok
14:07:05.0075 3172 ccEvtMgr (975b74eea1c5e88ac974c50ccc158e30) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
14:07:05.0122 3172 ccEvtMgr - ok
14:07:05.0122 3172 ccSetMgr (975b74eea1c5e88ac974c50ccc158e30) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
14:07:05.0262 3172 ccSetMgr - ok
14:07:05.0325 3172 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
14:07:06.0276 3172 cdfs - ok
14:07:06.0370 3172 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
14:07:06.0853 3172 cdrom - ok
14:07:06.0931 3172 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
14:07:07.0337 3172 CertPropSvc - ok
14:07:07.0384 3172 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
14:07:07.0524 3172 circlass - ok
14:07:07.0665 3172 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
14:07:07.0774 3172 CLFS - ok
14:07:07.0914 3172 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:07:07.0961 3172 clr_optimization_v2.0.50727_32 - ok
14:07:08.0070 3172 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:07:08.0133 3172 clr_optimization_v4.0.30319_32 - ok
14:07:08.0164 3172 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
14:07:08.0257 3172 CmBatt - ok
14:07:08.0289 3172 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
14:07:08.0335 3172 cmdide - ok
14:07:08.0429 3172 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
14:07:08.0523 3172 CNG - ok
14:07:08.0569 3172 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
14:07:08.0616 3172 Compbatt - ok
14:07:08.0725 3172 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
14:07:08.0803 3172 CompositeBus - ok
14:07:08.0835 3172 COMSysApp - ok
14:07:08.0866 3172 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
14:07:08.0913 3172 crcdisk - ok
14:07:09.0006 3172 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll
14:07:09.0131 3172 CryptSvc - ok
14:07:09.0271 3172 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
14:07:09.0443 3172 DcomLaunch - ok
14:07:09.0677 3172 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
14:07:10.0005 3172 defragsvc - ok
14:07:10.0129 3172 DefWatch (20ebbf7e2a86b2bf9bf5072762d321d7) C:\Program Files\Symantec AntiVirus\DefWatch.exe
14:07:10.0161 3172 DefWatch - ok
14:07:10.0254 3172 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
14:07:10.0504 3172 DfsC - ok
14:07:10.0660 3172 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
14:07:10.0894 3172 Dhcp - ok
14:07:10.0941 3172 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
14:07:11.0128 3172 discache - ok
14:07:11.0190 3172 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
14:07:11.0268 3172 Disk - ok
14:07:11.0346 3172 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
14:07:11.0565 3172 Dnscache - ok
14:07:11.0658 3172 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
14:07:12.0079 3172 dot3svc - ok
14:07:12.0251 3172 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
14:07:12.0563 3172 DPS - ok
14:07:12.0610 3172 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
14:07:12.0750 3172 drmkaud - ok
14:07:12.0922 3172 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
14:07:13.0015 3172 DXGKrnl - ok
14:07:13.0078 3172 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
14:07:13.0249 3172 EapHost - ok
14:07:14.0014 3172 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
14:07:14.0544 3172 ebdrv - ok
14:07:14.0872 3172 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:07:15.0090 3172 eeCtrl - ok
14:07:15.0324 3172 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
14:07:15.0855 3172 EFS - ok
14:07:15.0995 3172 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
14:07:16.0135 3172 elxstor - ok
14:07:16.0245 3172 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:07:16.0307 3172 EraserUtilRebootDrv - ok
14:07:16.0354 3172 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
14:07:16.0759 3172 ErrDev - ok
14:07:16.0884 3172 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
14:07:17.0539 3172 EventSystem - ok
14:07:17.0617 3172 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
14:07:17.0961 3172 exfat - ok
14:07:18.0023 3172 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
14:07:18.0366 3172 fastfat - ok
14:07:18.0507 3172 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
14:07:18.0725 3172 Fax - ok
14:07:18.0803 3172 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
14:07:19.0053 3172 fdc - ok
14:07:19.0193 3172 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
14:07:19.0443 3172 fdPHost - ok
14:07:19.0505 3172 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
14:07:20.0020 3172 FDResPub - ok
14:07:20.0082 3172 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
14:07:20.0129 3172 FileInfo - ok
14:07:20.0176 3172 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
14:07:20.0581 3172 Filetrace - ok
14:07:20.0893 3172 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:07:21.0159 3172 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:07:21.0159 3172 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:07:21.0190 3172 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
14:07:21.0502 3172 flpydisk - ok
14:07:21.0595 3172 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
14:07:21.0658 3172 FltMgr - ok
14:07:21.0892 3172 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
14:07:22.0641 3172 FontCache - ok
14:07:22.0750 3172 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:07:23.0062 3172 FontCache3.0.0.0 - ok
14:07:23.0140 3172 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
14:07:23.0717 3172 FsDepends - ok
14:07:23.0795 3172 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\windows\system32\DRIVERS\fssfltr.sys
14:07:24.0294 3172 fssfltr - ok
14:07:24.0731 3172 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
14:07:28.0069 3172 fsssvc - ok
14:07:28.0413 3172 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
14:07:28.0459 3172 Fs_Rec - ok
14:07:28.0569 3172 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
14:07:28.0662 3172 fvevol - ok
14:07:28.0725 3172 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
14:07:28.0803 3172 gagp30kx - ok
14:07:28.0849 3172 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
14:07:28.0896 3172 GEARAspiWDM - ok
14:07:29.0083 3172 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
14:07:29.0442 3172 gpsvc - ok
14:07:29.0676 3172 hardlock (a9d587e31dbee3e9bd97fefece0ba874) C:\windows\system32\drivers\hardlock.sys
14:07:30.0019 3172 hardlock - ok
14:07:30.0019 3172 hasplms - ok
14:07:30.0066 3172 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
14:07:30.0487 3172 hcw85cir - ok
14:07:30.0628 3172 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
14:07:30.0799 3172 HdAudAddService - ok
14:07:30.0877 3172 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
14:07:31.0189 3172 HDAudBus - ok
14:07:31.0252 3172 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
14:07:31.0501 3172 HidBatt - ok
14:07:31.0533 3172 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
14:07:31.0845 3172 HidBth - ok
14:07:31.0907 3172 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
14:07:32.0172 3172 HidIr - ok
14:07:32.0219 3172 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
14:07:32.0593 3172 hidserv - ok
14:07:32.0671 3172 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
14:07:33.0046 3172 HidUsb - ok
14:07:33.0171 3172 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
14:07:33.0498 3172 hkmsvc - ok
14:07:33.0654 3172 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
14:07:34.0450 3172 HomeGroupListener - ok
14:07:34.0543 3172 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
14:07:34.0855 3172 HomeGroupProvider - ok
14:07:34.0918 3172 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
14:07:34.0965 3172 HpSAMD - ok
14:07:35.0136 3172 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
14:07:36.0400 3172 HTTP - ok
14:07:36.0447 3172 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
14:07:36.0587 3172 hwpolicy - ok
14:07:36.0665 3172 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
14:07:36.0961 3172 i8042prt - ok
14:07:37.0149 3172 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
14:07:37.0242 3172 IAANTMON - ok
14:07:37.0367 3172 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
14:07:37.0507 3172 iaStor - ok
14:07:37.0695 3172 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
14:07:37.0773 3172 iaStorV - ok
14:07:38.0085 3172 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:07:38.0256 3172 idsvc - ok
14:07:39.0660 3172 igfx (81f7c715528ab621c6af58869d4b07b9) C:\windows\system32\DRIVERS\igdkmd32.sys
14:07:40.0565 3172 igfx - ok
14:07:41.0423 3172 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
14:07:41.0548 3172 iirsp - ok
14:07:41.0704 3172 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
14:07:42.0203 3172 IKEEXT - ok
14:07:42.0811 3172 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
14:07:43.0342 3172 IntcAzAudAddService - ok
14:07:43.0888 3172 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
14:07:43.0935 3172 intelide - ok
14:07:43.0997 3172 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
14:07:44.0137 3172 intelppm - ok
14:07:44.0169 3172 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
14:07:44.0371 3172 IPBusEnum - ok
14:07:44.0605 3172 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
14:07:44.0917 3172 IpFilterDriver - ok
14:07:45.0058 3172 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
14:07:45.0339 3172 iphlpsvc - ok
14:07:45.0526 3172 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
14:07:45.0604 3172 IPMIDRV - ok
14:07:45.0838 3172 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
14:07:46.0041 3172 IPNAT - ok
14:07:46.0212 3172 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
14:07:46.0321 3172 iPod Service - ok
14:07:46.0384 3172 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
14:07:46.0509 3172 IRENUM - ok
14:07:46.0633 3172 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
14:07:46.0711 3172 isapnp - ok
14:07:46.0821 3172 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
14:07:46.0899 3172 iScsiPrt - ok
14:07:46.0961 3172 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
14:07:47.0023 3172 kbdclass - ok
14:07:47.0070 3172 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
14:07:47.0133 3172 kbdhid - ok
14:07:47.0179 3172 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
14:07:47.0289 3172 kbfiltr - ok
14:07:47.0351 3172 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
14:07:47.0569 3172 KeyIso - ok
14:07:47.0647 3172 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
14:07:47.0694 3172 KSecDD - ok
14:07:47.0819 3172 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
14:07:47.0881 3172 KSecPkg - ok
14:07:48.0084 3172 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
14:07:48.0459 3172 KtmRm - ok
14:07:48.0521 3172 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys
14:07:48.0895 3172 L1C - ok
14:07:49.0005 3172 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll
14:07:49.0332 3172 LanmanServer - ok
14:07:49.0410 3172 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
14:07:49.0566 3172 LanmanWorkstation - ok
14:07:50.0986 3172 LiveUpdate (e8a9ac5f30833cd62e3530e2fdbf81df) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
14:07:51.0360 3172 LiveUpdate - ok
14:07:51.0922 3172 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
14:07:52.0296 3172 lltdio - ok
14:07:52.0452 3172 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
14:07:52.0827 3172 lltdsvc - ok
14:07:52.0889 3172 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
14:07:53.0139 3172 lmhosts - ok
14:07:53.0232 3172 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
14:07:53.0295 3172 LSI_FC - ok
14:07:53.0341 3172 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
14:07:53.0388 3172 LSI_SAS - ok
14:07:53.0419 3172 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
14:07:53.0482 3172 LSI_SAS2 - ok
14:07:53.0513 3172 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
14:07:54.0168 3172 LSI_SCSI - ok
14:07:54.0231 3172 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
14:07:54.0901 3172 luafv - ok
14:07:54.0995 3172 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys
14:07:55.0369 3172 MBAMProtector - ok
14:07:55.0681 3172 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:07:55.0775 3172 MBAMService - ok
14:07:55.0822 3172 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
14:07:55.0915 3172 megasas - ok
14:07:55.0993 3172 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
14:07:56.0118 3172 MegaSR - ok
14:07:56.0212 3172 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:07:56.0259 3172 Microsoft Office Groove Audit Service - ok
14:07:56.0305 3172 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
14:07:56.0586 3172 MMCSS - ok
14:07:56.0617 3172 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
14:07:56.0867 3172 Modem - ok
14:07:56.0914 3172 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
14:07:57.0054 3172 monitor - ok
14:07:57.0117 3172 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
14:07:57.0179 3172 mouclass - ok
14:07:57.0226 3172 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
14:07:57.0397 3172 mouhid - ok
14:07:57.0475 3172 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
14:07:57.0522 3172 mountmgr - ok
14:07:57.0631 3172 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:07:57.0694 3172 MozillaMaintenance - ok
14:07:57.0772 3172 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
14:07:57.0819 3172 mpio - ok
14:07:57.0897 3172 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
14:07:58.0115 3172 mpsdrv - ok
14:07:58.0177 3172 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
14:07:58.0411 3172 MRxDAV - ok
14:07:58.0489 3172 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
14:07:58.0692 3172 mrxsmb - ok
14:07:58.0786 3172 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
14:07:58.0957 3172 mrxsmb10 - ok
14:07:59.0004 3172 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
14:07:59.0301 3172 mrxsmb20 - ok
14:07:59.0347 3172 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
14:07:59.0394 3172 msahci - ok
14:07:59.0457 3172 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
14:07:59.0519 3172 msdsm - ok
14:07:59.0581 3172 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
14:07:59.0806 3172 MSDTC - ok
14:07:59.0977 3172 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
14:08:00.0149 3172 Msfs - ok
14:08:00.0180 3172 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
14:08:00.0352 3172 mshidkmdf - ok
14:08:00.0383 3172 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
14:08:00.0430 3172 msisadrv - ok
14:08:00.0523 3172 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
14:08:00.0726 3172 MSiSCSI - ok
14:08:00.0742 3172 msiserver - ok
14:08:00.0804 3172 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
14:08:00.0929 3172 MSKSSRV - ok
14:08:00.0960 3172 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
14:08:01.0132 3172 MSPCLOCK - ok
14:08:01.0147 3172 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
14:08:01.0257 3172 MSPQM - ok
14:08:01.0366 3172 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
14:08:01.0413 3172 MsRPC - ok
14:08:01.0615 3172 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
14:08:01.0693 3172 mssmbios - ok
14:08:01.0771 3172 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
14:08:01.0896 3172 MSTEE - ok
14:08:01.0912 3172 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
14:08:02.0005 3172 MTConfig - ok
14:08:02.0224 3172 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
14:08:02.0271 3172 Mup - ok
14:08:02.0458 3172 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
14:08:02.0645 3172 napagent - ok
14:08:02.0770 3172 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
14:08:03.0160 3172 NativeWifiP - ok
14:08:03.0487 3172 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120611.002\NAVENG.SYS
14:08:03.0534 3172 NAVENG - ok
14:08:03.0831 3172 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120611.002\NAVEX15.SYS
14:08:03.0987 3172 NAVEX15 - ok
14:08:05.0609 3172 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
14:08:05.0718 3172 NDIS - ok
14:08:05.0812 3172 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
14:08:05.0968 3172 NdisCap - ok
14:08:06.0030 3172 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
14:08:06.0217 3172 NdisTapi - ok
14:08:06.0311 3172 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
14:08:06.0623 3172 Ndisuio - ok
14:08:07.0013 3172 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
14:08:07.0169 3172 NdisWan - ok
14:08:07.0247 3172 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
14:08:07.0528 3172 NDProxy - ok
14:08:07.0575 3172 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
14:08:07.0653 3172 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:08:07.0653 3172 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:08:07.0715 3172 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
14:08:07.0933 3172 NetBIOS - ok
14:08:08.0027 3172 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
14:08:08.0199 3172 NetBT - ok
14:08:08.0261 3172 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
14:08:08.0339 3172 Netlogon - ok
14:08:08.0511 3172 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
14:08:09.0259 3172 Netman - ok
14:08:09.0400 3172 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
14:08:09.0852 3172 netprofm - ok
14:08:10.0117 3172 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:08:10.0195 3172 NetTcpPortSharing - ok
14:08:10.0242 3172 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
14:08:10.0305 3172 nfrd960 - ok
14:08:10.0414 3172 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
14:08:10.0788 3172 NlaSvc - ok
14:08:10.0913 3172 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
14:08:11.0256 3172 Npfs - ok
14:08:11.0319 3172 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
14:08:11.0662 3172 nsi - ok
14:08:11.0709 3172 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
14:08:12.0021 3172 nsiproxy - ok
14:08:12.0426 3172 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
14:08:12.0582 3172 Ntfs - ok
14:08:12.0925 3172 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
14:08:13.0347 3172 Null - ok
14:08:13.0409 3172 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
14:08:13.0503 3172 nvraid - ok
14:08:13.0581 3172 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
14:08:13.0659 3172 nvstor - ok
14:08:13.0737 3172 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
14:08:13.0815 3172 nv_agp - ok
14:08:14.0033 3172 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:08:14.0158 3172 odserv - ok
14:08:14.0220 3172 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
14:08:14.0485 3172 ohci1394 - ok
14:08:14.0579 3172 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:08:14.0657 3172 ose - ok
14:08:14.0766 3172 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
14:08:15.0078 3172 p2pimsvc - ok
14:08:15.0234 3172 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
14:08:15.0921 3172 p2psvc - ok
14:08:15.0999 3172 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
14:08:19.0805 3172 Parport - ok
14:08:19.0836 3172 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
14:08:19.0977 3172 partmgr - ok
14:08:19.0992 3172 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
14:08:20.0398 3172 Parvdm - ok
14:08:20.0460 3172 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
14:08:20.0710 3172 PcaSvc - ok
14:08:20.0928 3172 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
14:08:20.0991 3172 pci - ok
14:08:21.0037 3172 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
14:08:21.0084 3172 pciide - ok
14:08:21.0162 3172 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
14:08:21.0225 3172 pcmcia - ok
14:08:21.0271 3172 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
14:08:21.0318 3172 pcw - ok
14:08:21.0443 3172 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
14:08:21.0615 3172 PEAUTH - ok
14:08:22.0083 3172 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
14:08:22.0535 3172 pla - ok
14:08:23.0565 3172 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
14:08:23.0721 3172 PlugPlay - ok
14:08:23.0814 3172 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
14:08:23.0923 3172 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:08:23.0923 3172 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:08:23.0955 3172 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
14:08:24.0282 3172 PNRPAutoReg - ok
14:08:24.0391 3172 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
14:08:24.0454 3172 PNRPsvc - ok
14:08:24.0594 3172 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
14:08:24.0719 3172 PolicyAgent - ok
14:08:24.0813 3172 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
14:08:24.0969 3172 Power - ok
14:08:25.0062 3172 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
14:08:25.0343 3172 PptpMiniport - ok
14:08:25.0390 3172 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
14:08:25.0733 3172 Processor - ok
14:08:25.0827 3172 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll
14:08:26.0123 3172 ProfSvc - ok
14:08:26.0248 3172 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
14:08:26.0388 3172 ProtectedStorage - ok
14:08:26.0466 3172 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
14:08:26.0767 3172 Psched - ok
14:08:27.0136 3172 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
14:08:27.0354 3172 ql2300 - ok
14:08:27.0724 3172 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
14:08:27.0813 3172 ql40xx - ok
14:08:27.0899 3172 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
14:08:28.0104 3172 QWAVE - ok
14:08:28.0133 3172 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
14:08:28.0302 3172 QWAVEdrv - ok
14:08:28.0346 3172 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
14:08:29.0173 3172 RasAcd - ok
14:08:29.0266 3172 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
14:08:29.0953 3172 RasAgileVpn - ok
14:08:30.0046 3172 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
14:08:30.0390 3172 RasAuto - ok
14:08:30.0546 3172 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
14:08:31.0638 3172 Rasl2tp - ok
14:08:31.0825 3172 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
14:08:33.0868 3172 RasMan - ok
14:08:33.0946 3172 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
14:08:35.0054 3172 RasPppoe - ok
14:08:35.0101 3172 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
14:08:35.0881 3172 RasSstp - ok
14:08:36.0068 3172 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
14:08:37.0300 3172 rdbss - ok
14:08:37.0347 3172 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
14:08:38.0221 3172 rdpbus - ok
14:08:38.0330 3172 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
14:08:40.0264 3172 RDPCDD - ok
14:08:40.0311 3172 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
14:08:41.0731 3172 RDPENCDD - ok
14:08:41.0746 3172 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
14:08:42.0402 3172 RDPREFMP - ok
14:08:42.0511 3172 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys
14:08:43.0728 3172 RDPWD - ok
14:08:43.0915 3172 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
14:08:44.0196 3172 rdyboost - ok
14:08:44.0632 3172 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
14:08:44.0960 3172 RemoteAccess - ok
14:08:46.0239 3172 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
14:08:47.0409 3172 RemoteRegistry - ok
14:08:47.0674 3172 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
14:08:47.0893 3172 RFCOMM - ok
14:08:47.0940 3172 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
14:08:48.0423 3172 RpcEptMapper - ok
14:08:48.0470 3172 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
14:08:48.0922 3172 RpcLocator - ok
14:08:49.0063 3172 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
14:08:49.0562 3172 RpcSs - ok
14:08:49.0671 3172 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
14:08:49.0921 3172 rspndr - ok
14:08:49.0983 3172 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
14:08:50.0170 3172 SamSs - ok
14:08:50.0295 3172 SavRoam (c2320ef4c3d759f8abc679ece791ce34) C:\Program Files\Symantec AntiVirus\SavRoam.exe
14:08:50.0358 3172 SavRoam - ok
14:08:50.0436 3172 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
14:08:50.0482 3172 sbp2port - ok
14:08:50.0545 3172 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
14:08:50.0826 3172 SCardSvr - ok
14:08:50.0888 3172 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
14:08:51.0325 3172 scfilter - ok
14:08:51.0528 3172 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
14:08:51.0902 3172 Schedule - ok
14:08:51.0980 3172 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
14:08:52.0214 3172 SCPolicySvc - ok
14:08:52.0292 3172 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
14:08:52.0776 3172 SDRSVC - ok
14:08:52.0994 3172 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
14:08:53.0056 3172 SeaPort - ok
14:08:53.0212 3172 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
14:08:53.0634 3172 secdrv - ok
14:08:53.0774 3172 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
14:08:54.0242 3172 seclogon - ok
14:08:54.0429 3172 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
14:08:54.0741 3172 SENS - ok
14:08:54.0788 3172 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
14:08:55.0693 3172 Serenum - ok
14:08:55.0755 3172 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
14:08:56.0114 3172 Serial - ok
14:08:56.0177 3172 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
14:08:56.0551 3172 sermouse - ok
14:08:56.0645 3172 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
14:08:57.0159 3172 SessionEnv - ok
14:08:57.0222 3172 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
14:08:57.0737 3172 sffdisk - ok
14:08:57.0783 3172 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
14:08:58.0080 3172 sffp_mmc - ok
14:08:58.0111 3172 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
14:08:58.0329 3172 sffp_sd - ok
14:08:58.0376 3172 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
14:08:58.0657 3172 sfloppy - ok
14:08:58.0782 3172 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
14:08:59.0000 3172 ShellHWDetection - ok
14:08:59.0047 3172 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
14:08:59.0141 3172 sisagp - ok
14:08:59.0203 3172 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
14:08:59.0265 3172 SiSRaid2 - ok
14:08:59.0297 3172 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
14:08:59.0375 3172 SiSRaid4 - ok
14:08:59.0437 3172 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
14:08:59.0889 3172 Smb - ok
14:08:59.0967 3172 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
14:09:00.0404 3172 SNMPTRAP - ok
14:09:00.0607 3172 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
14:09:00.0810 3172 SPBBCDrv - ok
14:09:00.0857 3172 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
14:09:00.0950 3172 spldr - ok
14:09:01.0044 3172 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
14:09:01.0481 3172 Spooler - ok
14:09:02.0323 3172 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
14:09:03.0087 3172 sppsvc - ok
14:09:03.0509 3172 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
14:09:03.0727 3172 sppuinotify - ok
14:09:03.0883 3172 SRTSP (3cb2f35789632f0bae8a1b9edb08e965) C:\windows\system32\Drivers\SRTSP.SYS
14:09:03.0930 3172 SRTSP - ok
14:09:04.0055 3172 SRTSPL (d69f1be5fd6da685a4c0e36d58a29e85) C:\windows\system32\Drivers\SRTSPL.SYS
14:09:05.0037 3172 SRTSPL - ok
14:09:05.0287 3172 SRTSPX (1af60c53c43e2e672bbda3ba9a947d48) C:\windows\system32\Drivers\SRTSPX.SYS
14:09:05.0443 3172 SRTSPX - ok
14:09:05.0583 3172 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
14:09:05.0927 3172 srv - ok
14:09:06.0020 3172 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
14:09:06.0239 3172 srv2 - ok
14:09:06.0317 3172 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
14:09:06.0504 3172 srvnet - ok
14:09:06.0582 3172 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
14:09:07.0190 3172 SSDPSRV - ok
14:09:07.0237 3172 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
14:09:07.0487 3172 SstpSvc - ok
14:09:07.0580 3172 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
14:09:07.0627 3172 stexstor - ok
14:09:07.0814 3172 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
14:09:08.0189 3172 StiSvc - ok
14:09:08.0516 3172 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
14:09:08.0688 3172 swenum - ok
14:09:09.0265 3172 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
14:09:09.0749 3172 swprv - ok
14:09:10.0263 3172 Symantec AntiVirus (1fda6b0527dd0dd71b324fcfc60a5f29) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
14:09:10.0856 3172 Symantec AntiVirus - ok
14:09:11.0231 3172 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\windows\system32\Drivers\SYMEVENT.SYS
14:09:11.0293 3172 SymEvent - ok
14:09:11.0418 3172 SYMREDRV (829830a3ca1c5e329d68e26c9cd2de8d) C:\windows\System32\Drivers\SYMREDRV.SYS
14:09:11.0496 3172 SYMREDRV - ok
14:09:11.0589 3172 SYMTDI (b1aa9704124b494c34e8d372e6654196) C:\windows\System32\Drivers\SYMTDI.SYS
14:09:11.0667 3172 SYMTDI - ok
14:09:11.0808 3172 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
14:09:11.0933 3172 SynTP - ok
14:09:12.0323 3172 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
14:09:12.0947 3172 SysMain - ok
14:09:13.0025 3172 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
14:09:13.0633 3172 TabletInputService - ok
14:09:13.0758 3172 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
14:09:14.0366 3172 TapiSrv - ok
14:09:14.0444 3172 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
14:09:14.0678 3172 TBS - ok
14:09:15.0084 3172 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
14:09:15.0255 3172 Tcpip - ok
14:09:32.0072 3172 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
14:09:32.0447 3172 TCPIP6 - ok
14:09:37.0875 3172 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
14:09:38.0421 3172 tcpipreg - ok
14:09:38.0499 3172 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
14:09:39.0123 3172 TDPIPE - ok
14:09:39.0201 3172 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
14:09:39.0638 3172 TDTCP - ok
14:09:39.0716 3172 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
14:09:40.0325 3172 tdx - ok
14:09:40.0824 3172 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
14:09:41.0058 3172 TermDD - ok
14:09:41.0214 3172 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
14:09:42.0025 3172 TermService - ok
14:09:42.0087 3172 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
14:09:42.0696 3172 Themes - ok
14:09:42.0758 3172 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
14:09:43.0335 3172 THREADORDER - ok
14:09:43.0413 3172 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
14:09:43.0772 3172 TrkWks - ok
14:09:43.0928 3172 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
14:09:44.0412 3172 TrustedInstaller - ok
14:09:44.0537 3172 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
14:09:44.0989 3172 tssecsrv - ok
14:09:45.0051 3172 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
14:09:45.0722 3172 TsUsbFlt - ok
14:09:45.0800 3172 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
14:09:48.0015 3172 tunnel - ok
14:09:48.0062 3172 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
14:09:48.0468 3172 uagp35 - ok
14:09:48.0593 3172 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
14:09:49.0092 3172 udfs - ok
14:09:49.0154 3172 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
14:09:50.0293 3172 UI0Detect - ok
14:09:50.0387 3172 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
14:09:50.0527 3172 uliagpkx - ok
14:09:50.0777 3172 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
14:09:51.0416 3172 umbus - ok
14:09:51.0557 3172 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
14:09:51.0837 3172 UmPass - ok
14:09:51.0962 3172 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
14:09:52.0805 3172 upnphost - ok
14:09:52.0867 3172 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
14:09:53.0522 3172 USBAAPL - ok
14:09:53.0616 3172 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
14:09:54.0209 3172 usbccgp - ok
14:09:54.0271 3172 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
14:09:54.0692 3172 usbcir - ok
14:09:54.0739 3172 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
14:09:55.0035 3172 usbehci - ok
14:09:55.0113 3172 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
14:09:55.0706 3172 usbhub - ok
14:09:55.0753 3172 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
14:09:56.0096 3172 usbohci - ok
14:09:56.0143 3172 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
14:09:56.0517 3172 usbprint - ok
14:09:56.0564 3172 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
14:09:57.0157 3172 USBSTOR - ok
14:09:57.0204 3172 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
14:09:57.0937 3172 usbuhci - ok
14:09:58.0015 3172 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
14:09:58.0374 3172 usbvideo - ok
14:09:58.0436 3172 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
14:09:59.0372 3172 UxSms - ok
14:09:59.0450 3172 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
14:10:00.0152 3172 VaultSvc - ok
14:10:00.0199 3172 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
14:10:00.0433 3172 vdrvroot - ok
14:10:00.0605 3172 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
14:10:01.0509 3172 vds - ok
14:10:01.0541 3172 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
14:10:03.0693 3172 vga - ok
14:10:03.0740 3172 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
14:10:04.0068 3172 VgaSave - ok
14:10:04.0146 3172 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
14:10:04.0395 3172 vhdmp - ok
14:10:04.0458 3172 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
14:10:05.0425 3172 viaagp - ok
14:10:05.0472 3172 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
14:10:06.0470 3172 ViaC7 - ok
14:10:06.0517 3172 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
14:10:06.0689 3172 viaide - ok
14:10:06.0751 3172 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
14:10:06.0876 3172 volmgr - ok
14:10:06.0969 3172 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
14:10:07.0110 3172 volmgrx - ok
14:10:07.0219 3172 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
14:10:07.0375 3172 volsnap - ok
14:10:07.0671 3172 vpnagent (caafa2333b428a12bfa97ecd389f59c5) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
14:10:08.0186 3172 vpnagent - ok
14:10:08.0217 3172 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\windows\system32\DRIVERS\vpnva.sys
14:10:08.0436 3172 vpnva - ok
14:10:08.0514 3172 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
14:10:08.0654 3172 vsmraid - ok
14:10:08.0951 3172 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
14:10:09.0637 3172 VSS - ok
14:10:09.0668 3172 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
14:10:10.0043 3172 vwifibus - ok
14:10:10.0105 3172 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
14:10:10.0495 3172 vwififlt - ok
14:10:10.0542 3172 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
14:10:10.0854 3172 vwifimp - ok
14:10:10.0963 3172 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
14:10:11.0447 3172 W32Time - ok
14:10:11.0493 3172 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
14:10:11.0774 3172 WacomPen - ok
14:10:11.0883 3172 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
14:10:12.0289 3172 WANARP - ok
14:10:12.0305 3172 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
14:10:12.0476 3172 Wanarpv6 - ok
14:10:12.0975 3172 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
14:10:13.0896 3172 wbengine - ok
14:10:13.0974 3172 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
14:10:14.0270 3172 WbioSrvc - ok
14:10:14.0395 3172 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
14:10:14.0816 3172 wcncsvc - ok
14:10:14.0863 3172 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
14:10:15.0270 3172 WcsPlugInService - ok
14:10:15.0628 3172 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
14:10:16.0393 3172 Wd - ok
14:10:16.0549 3172 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
14:10:17.0032 3172 Wdf01000 - ok
14:10:17.0110 3172 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
14:10:18.0312 3172 WdiServiceHost - ok
14:10:18.0312 3172 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
14:10:18.0780 3172 WdiSystemHost - ok
14:10:18.0982 3172 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
14:10:19.0466 3172 WebClient - ok
14:10:19.0560 3172 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
14:10:20.0464 3172 Wecsvc - ok
14:10:20.0511 3172 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
14:10:21.0338 3172 wercplsupport - ok
14:10:21.0400 3172 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
14:10:22.0492 3172 WerSvc - ok
14:10:22.0524 3172 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
14:10:23.0584 3172 WfpLwf - ok
14:10:23.0616 3172 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
14:10:25.0004 3172 WIMMount - ok
14:10:25.0269 3172 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
14:10:26.0346 3172 WinDefend - ok
14:10:26.0361 3172 WinHttpAutoProxySvc - ok
14:10:26.0626 3172 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
14:10:26.0954 3172 Winmgmt - ok
14:10:29.0824 3172 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
14:10:30.0370 3172 WinRM - ok
14:10:30.0526 3172 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
14:10:31.0135 3172 WinUsb - ok
14:10:31.0462 3172 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
14:10:31.0790 3172 Wlansvc - ok
14:10:31.0915 3172 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:10:32.0211 3172 wlcrasvc - ok
14:10:32.0726 3172 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:10:33.0537 3172 wlidsvc - ok
14:10:36.0486 3172 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
14:10:37.0297 3172 WmiAcpi - ok
14:10:37.0468 3172 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
14:10:38.0108 3172 wmiApSrv - ok
14:10:39.0559 3172 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:10:41.0618 3172 WMPNetworkSvc - ok
14:10:44.0176 3172 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
14:10:44.0769 3172 WPCSvc - ok
14:10:44.0847 3172 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
14:10:45.0237 3172 WPDBusEnum - ok
14:10:45.0362 3172 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
14:10:46.0376 3172 ws2ifsl - ok
14:10:47.0328 3172 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
14:10:48.0139 3172 wscsvc - ok
14:10:48.0201 3172 WSearch - ok
14:10:50.0666 3172 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
14:10:51.0119 3172 wuauserv - ok
14:10:53.0443 3172 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
14:10:54.0395 3172 WudfPf - ok
14:10:54.0738 3172 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
14:10:55.0440 3172 WUDFRd - ok
14:10:55.0565 3172 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
14:10:55.0970 3172 wudfsvc - ok
14:10:56.0142 3172 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
14:10:57.0171 3172 WwanSvc - ok
14:10:57.0281 3172 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:11:00.0853 3172 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:11:00.0853 3172 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:11:01.0415 3172 Boot (0x1200) (d43161f242c6e7a4f4c3007cb466416b) \Device\Harddisk0\DR0\Partition0
14:11:01.0415 3172 \Device\Harddisk0\DR0\Partition0 - ok
14:11:01.0415 3172 ============================================================
14:11:01.0415 3172 Scan finished
14:11:01.0415 3172 ============================================================
14:11:01.0461 0740 Detected object count: 5
14:11:01.0461 0740 Actual detected object count: 5
14:12:47.0284 0740 AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:47.0284 0740 AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:47.0300 0740 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:47.0300 0740 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:47.0300 0740 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:47.0300 0740 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:47.0300 0740 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:12:47.0300 0740 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:47.0596 0740 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
14:12:47.0612 0740 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
14:12:47.0690 0740 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:12:52.0838 0740 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
14:12:52.0932 0740 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
14:12:52.0947 0740 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
14:12:53.0010 0740 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
14:12:53.0041 0740 \Device\Harddisk0\DR0\TDLFS - deleted
14:12:53.0041 0740 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
14:14:02.0150 3272 Deinitialize success
  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Leave Combofix for now. Let's see where we stand.

Step 1

Please run aswMBR one more time and post log as you did last time.

Step 2

Run OTL again

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
hklmsoftwareclientsstartmenuinternet|command /rs
hklmsoftwareclientsstartmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.txt. This file is also saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here to me

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • asMBR log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#8
nateumn

nateumn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-13 15:23:07
-----------------------------
15:23:07.247 OS Version: Windows 6.1.7601 Service Pack 1
15:23:07.247 Number of processors: 2 586 0x1C0A
15:23:07.294 ComputerName: CHUBBYII-PC UserName: Chubby II
15:23:09.634 Initialize success
15:23:28.668 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:23:28.668 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
15:23:28.699 Disk 0 MBR read successfully
15:23:28.699 Disk 0 MBR scan
15:23:28.715 Disk 0 Windows 7 default MBR code
15:23:28.730 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 228213 MB offset 2048
15:23:28.808 Disk 0 Partition 2 00 1B Hidd FAT32 MSDOS5.0 10240 MB offset 467382272
15:23:28.824 Disk 0 Partition 3 00 EF EFI FAT 18 MB offset 488353792
15:23:28.840 Disk 0 scanning sectors +488392065
15:23:28.902 Disk 0 scanning C:\windows\system32\drivers
15:23:46.862 Service scanning
15:24:22.152 Modules scanning
15:24:55.943 Disk 0 trace - called modules:
15:24:55.990 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
15:24:55.990 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853698a0]
15:24:56.006 3 CLASSPNP.SYS[885ae59e] -> nt!IofCallDriver -> [0x84975338]
15:24:56.021 5 ACPI.sys[87eb93d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84553028]
15:24:56.037 Scan finished successfully
15:25:03.197 Disk 0 MBR has been saved successfully to "C:\Users\Chubby II\Desktop\MBR.dat"
15:25:03.213 The log file has been saved successfully to "C:\Users\Chubby II\Desktop\aswMBR.txt"
  • 0

#9
nateumn

nateumn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL:

OTL logfile created on: 6/13/2012 3:29:03 PM - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Chubby II\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 41.30% Memory free
3.98 Gb Paging File | 2.86 Gb Available in Paging File | 71.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.86 Gb Total Space | 124.09 Gb Free Space | 55.68% Space Free | Partition Type: NTFS

Computer Name: CHUBBYII-PC | User Name: Chubby II | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/12 12:56:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chubby II\Desktop\OTL.exe
PRC - [2012/05/03 15:38:41 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/06 08:10:01 | 000,172,664 | ---- | M] (http://www.express-files.com/) -- C:\Program Files\ExpressFiles\EFupdater.exe
PRC - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/05/05 20:59:40 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010/01/06 17:24:32 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/10/26 17:30:00 | 000,413,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2009/10/17 00:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2009/10/03 00:32:51 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/09/16 10:55:22 | 001,961,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2009/09/16 10:52:18 | 000,136,080 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2009/09/16 10:52:04 | 000,075,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SavUI.exe
PRC - [2009/09/16 10:51:34 | 000,031,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2009/09/11 14:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/27 18:38:28 | 000,803,304 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2009/08/18 20:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/08/12 13:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009/07/20 04:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2009/06/04 22:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/04 16:08:10 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/05/04 16:07:42 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/04/21 13:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/03 15:38:40 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/27 23:01:43 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/09/02 06:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/03 15:38:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/28 10:40:25 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/05/05 20:59:40 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/09/16 10:55:22 | 001,961,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/16 10:52:02 | 000,121,744 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2009/09/16 10:51:34 | 000,031,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2009/08/18 20:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/04 16:07:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/05/04 16:07:42 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/04/21 13:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2008/09/18 12:57:32 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\CHUBBY~1\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/05/16 03:00:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120611.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/16 03:00:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120611.002\NAVENG.SYS -- (NAVENG)
DRV - [2012/05/15 23:15:56 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/15 23:15:51 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/22 09:22:37 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/05/05 20:46:38 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/10/05 12:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/27 02:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009/07/20 04:29:00 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/09 15:18:56 | 000,587,776 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009/07/05 21:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/06/30 23:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/03/04 15:07:52 | 000,319,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/03/04 15:07:52 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/03/04 15:07:52 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/01/16 13:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/01/17 19:24:44 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/01/09 17:46:26 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2007/01/09 17:46:26 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alothome.com/en
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.c...on=1.1.3001.0(B)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..keyword.URL: "http://search.alot.c...ion=1.0.15000(G)&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/03 15:38:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/04/08 20:36:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/11/22 08:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chubby II\AppData\Roaming\Mozilla\Extensions
[2012/05/11 15:21:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chubby II\AppData\Roaming\Mozilla\Firefox\Profiles\mr5lsj9q.default\extensions
[2012/05/04 09:25:46 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Chubby II\AppData\Roaming\Mozilla\Firefox\Profiles\mr5lsj9q.default\extensions\[email protected]
[2012/05/11 15:21:39 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\Chubby II\AppData\Roaming\Mozilla\Firefox\Profiles\mr5lsj9q.default\extensions\[email protected]
[2012/04/29 20:57:59 | 000,002,205 | ---- | M] () -- C:\Users\Chubby II\AppData\Roaming\Mozilla\Firefox\Profiles\mr5lsj9q.default\searchplugins\alot-search.xml
[2012/01/20 09:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/03 15:38:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/20 09:48:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/20 09:48:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\alothelper.dll (Vertro)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ExpressFiles] C:\Program Files\ExpressFiles\ExpressFiles.exe (http://www.express-files.com/)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [XeroxRegistation] C:\Users\Chubby II\AppData\Local\Temp\Xerox\EReg\EReg.exe (Xerox Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.101.101.101 134.84.84.84
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AC14166-2FCE-44CB-A4FB-6E8CF9E225DC}: DhcpNameServer = 128.101.101.101 134.84.84.84
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/13 09:36:07 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/06/13 09:36:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/13 09:32:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Chubby II\Desktop\aswMBR.exe
[2012/06/13 09:31:11 | 004,556,459 | R--- | C] (Swearware) -- C:\Users\Chubby II\Desktop\ComboFix.exe
[2012/06/12 13:33:40 | 000,000,000 | ---D | C] -- C:\Users\Chubby II\AppData\Local\CrashDumps
[2012/06/12 12:55:21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Chubby II\Desktop\OTL.exe
[2012/06/12 10:33:11 | 000,000,000 | ---D | C] -- C:\Users\Chubby II\AppData\Roaming\FixZeroAccess
[2012/06/11 21:05:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/11 16:38:54 | 000,000,000 | ---D | C] -- C:\Users\Chubby II\AppData\Local\NPE
[2012/06/11 16:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/06/11 11:13:54 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/07 12:17:21 | 000,000,000 | ---D | C] -- C:\Users\Chubby II\AppData\Roaming\FastStone
[2012/06/07 12:17:21 | 000,000,000 | ---D | C] -- C:\Users\Chubby II\AppData\Local\FastStone
[2012/06/07 12:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture
[2012/06/07 12:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\FastStone Capture
[2012/06/07 07:10:28 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2012/06/04 12:51:24 | 000,000,000 | ---D | C] -- C:\Users\Chubby II\Desktop\BMES
[2012/05/21 16:40:50 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chubby II\Desktop\TDSSKiller.exe

========== Files - Modified Within 30 Days ==========

[2012/06/13 15:25:03 | 000,000,512 | ---- | M] () -- C:\Users\Chubby II\Desktop\MBR.dat
[2012/06/13 14:28:15 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 14:28:15 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 14:17:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/13 14:16:46 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/13 12:39:01 | 000,002,052 | -H-- | M] () -- C:\Users\Chubby II\Documents\Default.rdp
[2012/06/13 12:19:30 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/06/13 12:19:30 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/06/13 11:07:20 | 000,419,752 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/06/13 09:52:14 | 000,000,567 | ---- | M] () -- C:\Users\Chubby II\Desktop\MBR.zip
[2012/06/13 09:32:50 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Chubby II\Desktop\aswMBR.exe
[2012/06/13 09:32:34 | 004,556,459 | R--- | M] (Swearware) -- C:\Users\Chubby II\Desktop\ComboFix.exe
[2012/06/13 08:16:02 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chubby II\Desktop\TDSSKiller.exe
[2012/06/12 12:56:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Chubby II\Desktop\OTL.exe
[2012/06/07 12:15:49 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Capture.lnk

========== Files Created - No Company Name ==========

[2012/06/13 15:39:08 | 000,001,648 | ---- | C] () -- C:\windows\Installer\{fde5aca0-deb2-a2b2-d27f-195e0cd65773}\U\00000001.@
[2012/06/13 09:52:14 | 000,000,567 | ---- | C] () -- C:\Users\Chubby II\Desktop\MBR.zip
[2012/06/13 09:51:37 | 000,000,512 | ---- | C] () -- C:\Users\Chubby II\Desktop\MBR.dat
[2012/06/07 12:15:49 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Capture.lnk
[2012/03/08 19:35:22 | 000,004,096 | -H-- | C] () -- C:\Users\Chubby II\AppData\Local\keyfile3.drm
[2012/01/11 15:00:41 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{fde5aca0-deb2-a2b2-d27f-195e0cd65773}\@
[2012/01/11 15:00:41 | 000,002,048 | -HS- | C] () -- C:\Users\Chubby II\AppData\Local\{fde5aca0-deb2-a2b2-d27f-195e0cd65773}\@
[2011/11/28 16:15:20 | 000,001,936 | ---- | C] () -- C:\windows\System32\nethasp.ini
[2011/11/21 22:16:35 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2011/11/22 07:43:32 | 000,000,000 | ---D | M] -- C:\Users\Chubby II\AppData\Roaming\ASUS WebStorage
[2012/04/01 23:31:41 | 000,000,000 | ---D | M] -- C:\Users\Chubby II\AppData\Roaming\calibre
[2011/11/29 16:35:09 | 000,000,000 | ---D | M] -- C:\Users\Chubby II\AppData\Roaming\Carl Zeiss
[2010/01/07 17:43:29 | 000,000,000 | ---D | M] -- C:\Users\Chubby II\AppData\Roaming\E-Cam
[2012/06/13 14:18:53 | 000,000,000 | ---D | M] -- C:\Users\Chubby II\AppData\Roaming\ExpressFiles
[2012/06/12 10:33:11 | 000,000,000 | ---D | M] -- C:\Users\Chubby II\AppData\Roaming\FixZeroAccess
[2011/11/22 08:52:06 | 000,000,000 | ---D | M] -- C:\Users\Chubby II\AppData\Roaming\Thunderbird
[2011/12/20 10:50:53 | 000,000,000 | ---D | M] -- C:\Users\Chubby II\AppData\Roaming\Xerox
[2012/06/11 11:38:42 | 000,023,400 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%*. /mp /s >

< hklmsoftwareclientsstartmenuinternet|command /rs >

< hklmsoftwareclientsstartmenuinternet|command /64 /rs >

< End of report >
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi nateumn,

Let's remove bad entries.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2012/06/13 15:39:08 | 000,001,648 | ---- | C] () -- C:\windows\Installer\{fde5aca0-deb2-a2b2-d27f-195e0cd65773}\U\00000001.@
    [2012/01/11 15:00:41 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{fde5aca0-deb2-a2b2-d27f-195e0cd65773}\@
    [2012/01/11 15:00:41 | 000,002,048 | -HS- | C] () -- C:\Users\Chubby II\AppData\Local\{fde5aca0-deb2-a2b2-d27f-195e0cd65773}\@

    :Files
    C:\Users\Chubby II\AppData\Local\{fde5aca0-deb2-a2b2-d27f-195e0cd65773}

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles
Step 2

Delete your version of Combofix.

Download Combofix from the link below but rename it to svchost.exe before saving it to your desktop. To do this you must right click on link and choose Save as... . Now enter svchost.exe for the name and save it to your desktop.


Combofix

==================================


Double click on the renamed ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.
If ComboFix runs, please post the log.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

Advertisements


#11
nateumn

nateumn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL Fix Log:

========== OTL ==========
File C:\windows\Installer\{fde5aca0-deb2-a2b2-d27f-195e0cd65773}\U\00000001.@ not found.
C:\Windows\Installer\{fde5aca0-deb2-a2b2-d27f-195e0cd65773}\@ moved successfully.
C:\Users\Chubby II\AppData\Local\{fde5aca0-deb2-a2b2-d27f-195e0cd65773}\@ moved successfully.
========== FILES ==========
C:\Users\Chubby II\AppData\Local\{fde5aca0-deb2-a2b2-d27f-195e0cd65773}\U folder moved successfully.
C:\Users\Chubby II\AppData\Local\{fde5aca0-deb2-a2b2-d27f-195e0cd65773}\L folder moved successfully.
C:\Users\Chubby II\AppData\Local\{fde5aca0-deb2-a2b2-d27f-195e0cd65773} folder moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.48.0 log created on 06142012_075546




ComboFix log

ComboFix 12-06-14.01 - Chubby II 06/14/2012 8:24.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2038.752 [GMT -5:00]
Running from: c:\users\Chubby II\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\alotappbar
c:\program files\alotappbar\alotUninst.exe
c:\program files\alotappbar\bin\alotappbar.dll
c:\program files\alotappbar\bin\alothelper.dll
c:\program files\alotappbar\bin\ALOTSettings.exe
c:\program files\alotappbar\bin\alotwidgets.exe
c:\program files\alotappbar\bin\BHO\ALOTHelperBHO.dll
c:\program files\Mozilla Maintenance Service
c:\program files\Mozilla Maintenance Service\maintenanceservice.exe
c:\program files\Mozilla Maintenance Service\Uninstall.exe
c:\programdata\FullRemove.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\spool\prtprocs\w32x86\x5pp.dll
c:\windows\system32\spool\prtprocs\w32x86\Xrpp_b.dll
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MozillaMaintenance
-------\Service_MozillaMaintenance
.
.
((((((((((((((((((((((((( Files Created from 2012-05-14 to 2012-06-14 )))))))))))))))))))))))))))))))
.
.
2012-06-14 13:40 . 2012-06-14 13:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-14 12:55 . 2012-06-14 12:55 -------- d-----w- C:\_OTL
2012-06-13 14:46 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 14:43 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 14:43 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 14:43 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 14:43 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 14:42 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 14:42 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 14:42 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 13:25 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 18:33 . 2012-06-13 21:50 -------- d-----w- c:\users\Chubby II\AppData\Local\CrashDumps
2012-06-12 18:12 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{680D9366-DE7A-4F9F-B1F6-EA32652519AE}\mpengine.dll
2012-06-12 15:33 . 2012-06-12 15:33 -------- d-----w- c:\users\Chubby II\AppData\Roaming\FixZeroAccess
2012-06-12 02:05 . 2012-06-13 19:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-11 21:38 . 2012-06-12 16:14 -------- d-----w- c:\users\Chubby II\AppData\Local\NPE
2012-06-11 21:38 . 2012-06-11 21:39 -------- d-----w- c:\programdata\Norton
2012-06-07 17:17 . 2012-06-07 17:17 -------- d-----w- c:\users\Chubby II\AppData\Roaming\FastStone
2012-06-07 17:17 . 2012-06-07 17:17 -------- d-----w- c:\users\Chubby II\AppData\Local\FastStone
2012-06-07 17:15 . 2012-06-07 17:15 -------- d-----w- c:\program files\FastStone Capture
2012-06-07 12:10 . 2012-06-07 12:10 -------- d-sh--w- c:\windows\system32\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 20:56 . 2011-11-22 14:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 04:39 . 2012-05-09 14:10 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 14:10 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-09 14:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:27 . 2012-05-09 14:10 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-03 20:38 . 2012-01-20 14:49 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-01-06 3058304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2011-11-22 2429]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-01-06 2018032]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-05-04 115560]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2009-09-16 136080]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ExpressFiles"="c:\program files\ExpressFiles\ExpressFiles.exe" [2012-03-06 453240]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Chubby II\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-12-22 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2009-09-16 121744]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-05-06 583360]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-16 106656]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.alothome.com/en
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Chubby II\AppData\Roaming\Mozilla\Firefox\Profiles\mr5lsj9q.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?src_id=30664&client_id=a8a8137878d8784c2874f878&camp_id=4054&install_time=2012-04-30T01:57Z&pr=auto&tb_version=1.0.15000(G)&q=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - c:\program files\alotappbar\bin\BHO\ALOTHelperBHO.dll
Toolbar-Locked - (no file)
Toolbar-{A531D99C-5A22-449b-83DA-872725C6D0ED} - c:\program files\alotappbar\bin\ALOTHelper.dll
AddRemove-alotAppbar - c:\program files\alotappbar\alotUninst.exe
AddRemove-MozillaMaintenanceService - c:\program files\Mozilla Maintenance Service\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(308)
c:\progra~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\hasplms.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-06-14 08:53:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-14 13:53
.
Pre-Run: 132,535,238,656 bytes free
Post-Run: 133,398,757,376 bytes free
.
- - End Of File - - 67E1F286338C73C175B8242CBD89B664
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Nice. Combofix did great job! Test your system after this step and let me know results.

Step 1

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Step 2

Please don't forget to include these items in your reply:

  • VRT log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi nateumn,

Are you still with me. Did you manage to run VRT?
  • 0

#14
nateumn

nateumn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
still here, just took a long time to run. Here's the log

Status: Deleted (events: 213)
6/15/2012 10:02:31 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05B00001.VBN High
6/15/2012 10:02:23 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880000.VBN High
6/15/2012 10:02:34 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05B00000.VBN High
6/15/2012 10:02:23 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880000.VBN//CryptZ High
6/15/2012 10:02:34 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05B00000.VBN//CryptZ High
6/15/2012 10:02:31 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05B00001.VBN//CryptZ High
6/15/2012 10:02:38 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880001.VBN High
6/15/2012 10:02:38 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06880001.VBN//CryptZ High
6/15/2012 10:02:52 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09B80000.VBN High
6/15/2012 10:02:52 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09B80000.VBN//CryptZ High
6/15/2012 10:02:57 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C6C0000.VBN High
6/15/2012 10:02:57 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C6C0000.VBN//CryptZ High
6/15/2012 10:03:01 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C6C0001.VBN High
6/15/2012 10:03:01 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C6C0001.VBN//CryptZ High
6/15/2012 10:03:05 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C6C0002.VBN High
6/15/2012 10:03:05 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C6C0002.VBN//CryptZ High
6/15/2012 10:03:09 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C6C0003.VBN High
6/15/2012 10:03:09 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C6C0003.VBN//CryptZ High
6/15/2012 10:03:13 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C6C0004.VBN High
6/15/2012 10:03:13 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C6C0004.VBN//CryptZ High
6/15/2012 10:03:18 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0000\4FFF963E.VBN High
6/15/2012 10:03:18 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0000\4FFF963E.VBN//CryptZ High
6/15/2012 10:03:22 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0001\4FFC9206.VBN High
6/15/2012 10:03:22 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0001\4FFC9206.VBN//CryptZ High
6/15/2012 10:03:26 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0002\4FFC9299.VBN High
6/15/2012 10:03:26 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0002\4FFC9299.VBN//CryptZ High
6/15/2012 10:04:25 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0003\4FFC93B4.VBN High
6/15/2012 10:04:25 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0003\4FFC93B4.VBN//CryptZ High
6/15/2012 10:04:33 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0004\4FFC9405.VBN High
6/15/2012 10:04:33 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0004\4FFC9405.VBN//CryptZ High
6/15/2012 10:04:29 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0005\4FFC9548.VBN High
6/15/2012 10:04:29 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0005\4FFC9548.VBN//CryptZ High
6/15/2012 10:04:37 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0006\4FFC96AC.VBN High
6/15/2012 10:04:37 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0006\4FFC96AC.VBN//CryptZ High
6/15/2012 10:04:41 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0008\4FFC9831.VBN High
6/15/2012 10:04:41 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0008\4FFC9831.VBN//CryptZ High
6/15/2012 10:04:45 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0007\4FFC9739.VBN High
6/15/2012 10:04:45 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\013C0007\4FFC9739.VBN//CryptZ High
6/15/2012 10:04:48 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\046C0000\4FFCC1AE.VBN High
6/15/2012 10:04:48 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\046C0000\4FFCC1AE.VBN//CryptZ High
6/15/2012 10:04:53 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04780000\4FF8E67F.VBN High
6/15/2012 10:04:53 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04780000\4FF8E67F.VBN//CryptZ High
6/15/2012 10:04:57 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540000\4FD7696C.VBN High
6/15/2012 10:04:57 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540000\4FD7696C.VBN//CryptZ High
6/15/2012 10:05:01 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540001\4FD769E9.VBN High
6/15/2012 10:05:01 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540001\4FD769E9.VBN//CryptZ High
6/15/2012 10:05:05 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540002\4FD76AC4.VBN High
6/15/2012 10:05:05 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540002\4FD76AC4.VBN//CryptZ High
6/15/2012 10:05:10 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540003\4FD76C2E.VBN High
6/15/2012 10:05:10 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540003\4FD76C2E.VBN//CryptZ High
6/15/2012 10:05:14 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540004\4FD76DFE.VBN High
6/15/2012 10:05:14 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540004\4FD76DFE.VBN//CryptZ High
6/15/2012 10:05:20 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540005\4FD76F7F.VBN High
6/15/2012 10:05:20 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540005\4FD76F7F.VBN//CryptZ High
6/15/2012 10:05:24 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540006\4FD770A7.VBN High
6/15/2012 10:05:24 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540006\4FD770A7.VBN//CryptZ High
6/15/2012 10:05:28 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540007\4FD771F6.VBN High
6/15/2012 10:05:28 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540007\4FD771F6.VBN//CryptZ High
6/15/2012 10:06:28 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540008\4FD7734A.VBN High
6/15/2012 10:06:28 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540008\4FD7734A.VBN//CryptZ High
6/15/2012 10:06:39 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540009\4FD77453.VBN High
6/15/2012 10:06:39 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540009\4FD77453.VBN//CryptZ High
6/15/2012 10:06:34 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0854000A\4FD77E5C.VBN High
6/15/2012 10:06:34 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0854000A\4FD77E5C.VBN//CryptZ High
6/15/2012 10:06:43 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0854000B\4FD77F85.VBN High
6/15/2012 10:06:43 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0854000B\4FD77F85.VBN//CryptZ High
6/15/2012 10:06:47 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0854000C\4FD77FF6.VBN High
6/15/2012 10:06:47 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0854000C\4FD77FF6.VBN//CryptZ High
6/15/2012 10:06:52 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0854000D\4FD7814D.VBN High
6/15/2012 10:06:52 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0854000D\4FD7814D.VBN//CryptZ High
6/15/2012 10:06:56 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0854000E\4FD782C2.VBN High
6/15/2012 10:06:56 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0854000E\4FD782C2.VBN//CryptZ High
6/15/2012 10:07:00 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0854000F\4FD78416.VBN High
6/15/2012 10:07:00 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0854000F\4FD78416.VBN//CryptZ High
6/15/2012 10:07:04 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540010\4FD7851F.VBN High
6/15/2012 10:07:04 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540010\4FD7851F.VBN//CryptZ High
6/15/2012 10:07:08 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540011\4FD786D9.VBN High
6/15/2012 10:07:08 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540011\4FD786D9.VBN//CryptZ High
6/15/2012 10:07:12 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540012\4FD78850.VBN High
6/15/2012 10:07:12 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540012\4FD78850.VBN//CryptZ High
6/15/2012 10:07:16 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540013\4FD7894C.VBN High
6/15/2012 10:07:16 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540013\4FD7894C.VBN//CryptZ High
6/15/2012 10:07:21 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540014\4FD78A1F.VBN High
6/15/2012 10:07:21 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540014\4FD78A1F.VBN//CryptZ High
6/15/2012 10:07:25 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540015\4FD78AFC.VBN High
6/15/2012 10:07:25 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540015\4FD78AFC.VBN//CryptZ High
6/15/2012 10:07:29 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540016\4FD78B74.VBN High
6/15/2012 10:07:29 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540016\4FD78B74.VBN//CryptZ High
6/15/2012 10:08:29 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540017\4FD78CA5.VBN High
6/15/2012 10:08:29 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540017\4FD78CA5.VBN//CryptZ High
6/15/2012 10:08:37 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540018\4FD78D79.VBN High
6/15/2012 10:08:37 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08540018\4FD78D79.VBN//CryptZ High
6/15/2012 10:08:47 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08980000\4FDF652F.VBN High
6/15/2012 10:08:47 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08980000\4FDF652F.VBN//CryptZ High
6/15/2012 10:08:42 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40000\4FDCEA4E.VBN High
6/15/2012 10:08:42 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40000\4FDCEA4E.VBN//CryptZ High
6/15/2012 10:08:51 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40001\4FDCEC52.VBN High
6/15/2012 10:08:51 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40001\4FDCEC52.VBN//CryptZ High
6/15/2012 10:08:55 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40002\4FDCEE04.VBN High
6/15/2012 10:08:55 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40002\4FDCEE04.VBN//CryptZ High
6/15/2012 10:08:59 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40003\4FDCEECE.VBN High
6/15/2012 10:08:59 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40003\4FDCEECE.VBN//CryptZ High
6/15/2012 10:09:03 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40004\4FDCEF54.VBN High
6/15/2012 10:09:03 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40004\4FDCEF54.VBN//CryptZ High
6/15/2012 10:09:07 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40005\4FDCEF99.VBN High
6/15/2012 10:09:07 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40005\4FDCEF99.VBN//CryptZ High
6/15/2012 10:09:11 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40006\4FDCF2B3.VBN High
6/15/2012 10:09:11 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40006\4FDCF2B3.VBN//CryptZ High
6/15/2012 10:09:15 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40007\4FDCF38A.VBN High
6/15/2012 10:09:15 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40007\4FDCF38A.VBN//CryptZ High
6/15/2012 10:09:19 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40008\4FDCF410.VBN High
6/15/2012 10:09:19 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40008\4FDCF410.VBN//CryptZ High
6/15/2012 10:09:24 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40009\4FDCF4BB.VBN High
6/15/2012 10:09:24 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40009\4FDCF4BB.VBN//CryptZ High
6/15/2012 10:09:28 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4000A\4FDCF5F9.VBN High
6/15/2012 10:09:28 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4000A\4FDCF5F9.VBN//CryptZ High
6/15/2012 10:09:32 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4000B\4FDCF6EC.VBN High
6/15/2012 10:09:32 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4000B\4FDCF6EC.VBN//CryptZ High
6/15/2012 10:10:34 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4000C\4FDCF7B3.VBN High
6/15/2012 10:10:34 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4000C\4FDCF7B3.VBN//CryptZ High
6/15/2012 10:10:39 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4000D\4FDCF8FE.VBN High
6/15/2012 10:10:39 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4000D\4FDCF8FE.VBN//CryptZ High
6/15/2012 10:10:43 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4000E\4FDCFA1D.VBN High
6/15/2012 10:10:43 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4000E\4FDCFA1D.VBN//CryptZ High
6/15/2012 10:10:47 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4000F\4FDCFACD.VBN High
6/15/2012 10:10:47 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4000F\4FDCFACD.VBN//CryptZ High
6/15/2012 10:10:51 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40010\4FDCFC0A.VBN High
6/15/2012 10:10:51 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40010\4FDCFC0A.VBN//CryptZ High
6/15/2012 10:10:55 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40011\4FDCFD10.VBN High
6/15/2012 10:10:55 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40011\4FDCFD10.VBN//CryptZ High
6/15/2012 10:10:59 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40012\4FDCFE12.VBN High
6/15/2012 10:10:59 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40012\4FDCFE12.VBN//CryptZ High
6/15/2012 10:11:04 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40013\4FDCFEBF.VBN High
6/15/2012 10:11:04 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40013\4FDCFEBF.VBN//CryptZ High
6/15/2012 10:11:08 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40014\4FDCFFE9.VBN High
6/15/2012 10:11:08 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40014\4FDCFFE9.VBN//CryptZ High
6/15/2012 10:11:12 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40015\4FDD00AE.VBN High
6/15/2012 10:11:12 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40015\4FDD00AE.VBN//CryptZ High
6/15/2012 10:11:15 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40016\4FDD01DB.VBN High
6/15/2012 10:11:15 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40016\4FDD01DB.VBN//CryptZ High
6/15/2012 10:11:19 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40017\4FDD02E7.VBN High
6/15/2012 10:11:19 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40017\4FDD02E7.VBN//CryptZ High
6/15/2012 10:11:23 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40018\4FDD03EC.VBN High
6/15/2012 10:11:23 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40018\4FDD03EC.VBN//CryptZ High
6/15/2012 10:11:28 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40019\4FDD04FC.VBN High
6/15/2012 10:11:28 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40019\4FDD04FC.VBN//CryptZ High
6/15/2012 10:11:32 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4001A\4FDD05E7.VBN High
6/15/2012 10:11:32 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4001A\4FDD05E7.VBN//CryptZ High
6/15/2012 10:11:43 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4001B\4FDD06E7.VBN High
6/15/2012 10:11:43 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4001B\4FDD06E7.VBN//CryptZ High
6/15/2012 10:13:09 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4001C\4FDD07F0.VBN High
6/15/2012 10:13:09 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4001C\4FDD07F0.VBN//CryptZ High
6/15/2012 10:13:18 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4001D\4FDD0902.VBN High
6/15/2012 10:13:18 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4001D\4FDD0902.VBN//CryptZ High
6/15/2012 10:13:14 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4001E\4FDD09D6.VBN High
6/15/2012 10:13:14 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4001E\4FDD09D6.VBN//CryptZ High
6/15/2012 10:13:22 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4001F\4FDD0AF1.VBN High
6/15/2012 10:13:22 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D4001F\4FDD0AF1.VBN//CryptZ High
6/15/2012 10:13:26 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40020\4FDD207F.VBN High
6/15/2012 10:13:26 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40020\4FDD207F.VBN//CryptZ High
6/15/2012 10:13:30 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40021\4FDD218E.VBN High
6/15/2012 10:13:30 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40021\4FDD218E.VBN//CryptZ High
6/15/2012 10:13:34 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40022\4FDD2261.VBN High
6/15/2012 10:13:34 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40022\4FDD2261.VBN//CryptZ High
6/15/2012 10:13:38 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40023\4FDD230F.VBN High
6/15/2012 10:13:38 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40023\4FDD230F.VBN//CryptZ High
6/15/2012 10:13:43 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40024\4FDD2404.VBN High
6/15/2012 10:13:43 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40024\4FDD2404.VBN//CryptZ High
6/15/2012 10:14:06 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40025\4FDDDF55.VBN High
6/15/2012 10:14:06 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08D40025\4FDDDF55.VBN//CryptZ High
6/15/2012 10:14:08 AM Deleted Trojan program Backdoor.Win32.ZAccess.tgz C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\090C0001\4FDE1820.VBN High
6/15/2012 10:14:08 AM Deleted Trojan program Backdoor.Win32.ZAccess.tgz C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\090C0001\4FDE1820.VBN//CryptZ High
6/15/2012 10:14:11 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\090C0035\4FDE3615.VBN High
6/15/2012 10:14:11 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\090C0035\4FDE3615.VBN//CryptZ High
6/15/2012 10:15:23 AM Deleted Trojan program Backdoor.Win32.ZAccess.tgz C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\090C0066\4FDE4C77.VBN High
6/15/2012 10:15:23 AM Deleted Trojan program Backdoor.Win32.ZAccess.tgz C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\090C0066\4FDE4C77.VBN//CryptZ High
6/15/2012 10:15:30 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\090C0071\4FDE511A.VBN High
6/15/2012 10:15:30 AM Deleted Trojan program HEUR:Trojan.Script.Generic C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\090C0071\4FDE511A.VBN//CryptZ High
6/15/2012 10:15:34 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00000\4FF6BEAA.VBN High
6/15/2012 10:15:34 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00000\4FF6BEAA.VBN//CryptZ High
6/15/2012 10:15:38 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00001\4FF7280D.VBN High
6/15/2012 10:15:38 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00001\4FF7280D.VBN//CryptZ High
6/15/2012 10:15:42 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00002\4FF72A7A.VBN High
6/15/2012 10:15:42 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00002\4FF72A7A.VBN//CryptZ High
6/15/2012 10:15:46 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00003\4FF735BD.VBN High
6/15/2012 10:15:46 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00003\4FF735BD.VBN//CryptZ High
6/15/2012 10:15:53 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00004\4FF75BF3.VBN High
6/15/2012 10:15:53 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00004\4FF75BF3.VBN//CryptZ High
6/15/2012 10:15:57 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00006\4FF75E32.VBN High
6/15/2012 10:15:57 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00006\4FF75E32.VBN//CryptZ High
6/15/2012 10:16:02 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00005\4FF75D0D.VBN High
6/15/2012 10:16:02 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00005\4FF75D0D.VBN//CryptZ High
6/15/2012 10:16:06 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00007\4FF75F0B.VBN High
6/15/2012 10:16:06 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00007\4FF75F0B.VBN//CryptZ High
6/15/2012 10:16:10 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00008\4FF75FD1.VBN High
6/15/2012 10:16:10 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00008\4FF75FD1.VBN//CryptZ High
6/15/2012 10:16:15 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00009\4FF760A3.VBN High
6/15/2012 10:16:15 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00009\4FF760A3.VBN//CryptZ High
6/15/2012 10:16:20 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB0000A\4FF76176.VBN High
6/15/2012 10:16:20 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB0000A\4FF76176.VBN//CryptZ High
6/15/2012 10:16:24 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B700000\4FF8A64A.VBN High
6/15/2012 10:16:24 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B700000\4FF8A64A.VBN//CryptZ High
6/15/2012 10:17:24 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B700001\4FF8A74C.VBN High
6/15/2012 10:17:24 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B700001\4FF8A74C.VBN//CryptZ High
6/15/2012 10:17:35 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B700002\4FF8A7CA.VBN High
6/15/2012 10:17:35 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B700002\4FF8A7CA.VBN//CryptZ High
6/15/2012 10:17:43 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B700003\4FF8ADAA.VBN High
6/15/2012 10:17:43 AM Deleted Trojan program Trojan.Win32.Zapchast.acao C:\Documents and Settings\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B700003\4FF8ADAA.VBN//CryptZ High
6/15/2012 1:00:07 PM Deleted Trojan program Rootkit.Win32.Agent.bpti C:\TDSSKiller_Quarantine\11.06.2012_20.57.36\tdlfs0000\tsk0006.dta High
6/15/2012 1:00:16 PM Deleted Trojan program Rootkit.Win32.TDSS.gq C:\TDSSKiller_Quarantine\13.06.2012_14.06.19\tdlfs0000\tsk0004.dta High
6/15/2012 1:00:35 PM Deleted Trojan program Rootkit.Win32.TDSS.gq C:\TDSSKiller_Quarantine\11.06.2012_20.57.36\tdlfs0000\tsk0005.dta High
6/15/2012 1:00:27 PM Deleted Trojan program Rootkit.Win32.Agent.bpti C:\TDSSKiller_Quarantine\13.06.2012_14.06.19\tdlfs0000\tsk0005.dta High
6/15/2012 2:56:08 PM Deleted Trojan program HEUR:Trojan.Script.Iframer C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLGSSOVJ\enterpoint[2].htm High
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
VRT did good job. How is your system now? Any problems?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP