Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

c\windows\syswow64\rundll32.exe


  • This topic is locked This topic is locked
12 replies to this topic

#1 milot

milot

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 30 April 2012 - 02:07 PM

Hi,
I have been recently infect with Data Recovery, I followed the guide How to remove it on Bleepingcomputer.com. I think i got rid of it but I still have a alert message from my antivirus, Avira(free edtion), when I completed a full scan. I get this message: Avira detects 'hidden objects', needs rescue CD to repair.
So i did the rescue cd, i boot the pc with it, update the rescue scan, with a ethernet cable because the wireles is disabled while in recue cd mode, started the scan but the scan always froze around 85 objects scanned. I tried other diagnostics program and I couldn't find anything, but only rkill giving me a lead on what can be the problems, because he always kill the same hidden process: c\windows\syswow64\rundll32.exe.

I tried to disable it from the msconfig executable, but i can't find it because it is a hidden one.
Here's my latest log from everything i did to try to get the problem fixed by myself.

Some files could be in french because the pc is installed in french, i can translate it if you need some clarification on some terms in the logs.

Thank you if someone can help me with this.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 20,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:01 PM

Posted 04 May 2012 - 10:10 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

The TDSSKILLER log you attached is not complete.
Please run the tool again and post the complete text. Do not attach it.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 milot

milot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 04 May 2012 - 10:38 AM

TDSS log: 11:33:36.0201 5056 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
11:33:37.0012 5056 ============================================================
11:33:37.0012 5056 Current date / time: 2012/05/04 11:33:37.0012
11:33:37.0012 5056 SystemInfo:
11:33:37.0012 5056
11:33:37.0012 5056 OS Version: 6.1.7601 ServicePack: 1.0
11:33:37.0012 5056 Product type: Workstation
11:33:37.0012 5056 ComputerName: PORTABLE
11:33:37.0012 5056 UserName: Milot
11:33:37.0012 5056 Windows directory: C:\Windows
11:33:37.0012 5056 System windows directory: C:\Windows
11:33:37.0012 5056 Running under WOW64
11:33:37.0012 5056 Processor architecture: Intel x64
11:33:37.0012 5056 Number of processors: 2
11:33:37.0012 5056 Page size: 0x1000
11:33:37.0012 5056 Boot type: Normal boot
11:33:37.0012 5056 ============================================================
11:33:41.0115 5056 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:33:41.0161 5056 ============================================================
11:33:41.0161 5056 \Device\Harddisk0\DR0:
11:33:41.0224 5056 MBR partitions:
11:33:41.0224 5056 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
11:33:41.0224 5056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
11:33:41.0224 5056 ============================================================
11:33:41.0302 5056 C: <-> \Device\Harddisk0\DR0\Partition1
11:33:41.0302 5056 ============================================================
11:33:41.0302 5056 Initialize success
11:33:41.0302 5056 ============================================================
11:34:09.0460 4520 ============================================================
11:34:09.0460 4520 Scan started
11:34:09.0460 4520 Mode: Manual; SigCheck; TDLFS;
11:34:09.0460 4520 ============================================================
11:34:16.0027 4520 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:34:16.0308 4520 1394ohci - ok
11:34:16.0386 4520 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:34:16.0402 4520 ACPI - ok
11:34:16.0761 4520 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:34:16.0885 4520 AcpiPmi - ok
11:34:17.0010 4520 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:34:17.0041 4520 AdobeFlashPlayerUpdateSvc - ok
11:34:17.0182 4520 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:34:17.0229 4520 adp94xx - ok
11:34:17.0322 4520 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:34:17.0369 4520 adpahci - ok
11:34:17.0431 4520 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:34:17.0447 4520 adpu320 - ok
11:34:17.0509 4520 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:34:17.0743 4520 AeLookupSvc - ok
11:34:18.0056 4520 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
11:34:18.0321 4520 AESTFilters - ok
11:34:19.0522 4520 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:34:19.0678 4520 AFD - ok
11:34:19.0787 4520 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:34:19.0850 4520 agp440 - ok
11:34:19.0912 4520 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:34:20.0037 4520 ALG - ok
11:34:20.0130 4520 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:34:20.0162 4520 aliide - ok
11:34:20.0208 4520 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:34:20.0271 4520 amdide - ok
11:34:20.0364 4520 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:34:20.0598 4520 AmdK8 - ok
11:34:20.0926 4520 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:34:20.0988 4520 AmdPPM - ok
11:34:21.0082 4520 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:34:21.0160 4520 amdsata - ok
11:34:21.0222 4520 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:34:21.0269 4520 amdsbs - ok
11:34:21.0363 4520 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:34:21.0410 4520 amdxata - ok
11:34:21.0846 4520 AntiVirSchedulerService (27c9a4e1ef31c7a64de8fbc0aa568503) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:34:21.0862 4520 AntiVirSchedulerService - ok
11:34:21.0971 4520 AntiVirService (e491888d529410d7bd8fbbad825795c8) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:34:21.0987 4520 AntiVirService - ok
11:34:22.0049 4520 ApfiltrService (98449a2957778a6f025c418438a380f4) C:\Windows\system32\DRIVERS\Apfiltr.sys
11:34:22.0361 4520 ApfiltrService - ok
11:34:22.0923 4520 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:34:24.0327 4520 AppID - ok
11:34:24.0389 4520 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:34:24.0514 4520 AppIDSvc - ok
11:34:24.0748 4520 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:34:24.0857 4520 Appinfo - ok
11:34:25.0029 4520 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:34:25.0044 4520 Apple Mobile Device - ok
11:34:25.0138 4520 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:34:25.0169 4520 arc - ok
11:34:25.0247 4520 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:34:25.0294 4520 arcsas - ok
11:34:25.0356 4520 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:34:25.0466 4520 AsyncMac - ok
11:34:25.0512 4520 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:34:25.0528 4520 atapi - ok
11:34:25.0731 4520 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:34:25.0871 4520 AudioEndpointBuilder - ok
11:34:25.0887 4520 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:34:25.0934 4520 AudioSrv - ok
11:34:26.0027 4520 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
11:34:26.0043 4520 avgntflt - ok
11:34:26.0136 4520 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
11:34:26.0152 4520 avipbb - ok
11:34:26.0214 4520 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
11:34:26.0230 4520 avkmgr - ok
11:34:26.0292 4520 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:34:26.0370 4520 AxInstSV - ok
11:34:26.0480 4520 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:34:26.0526 4520 b06bdrv - ok
11:34:26.0573 4520 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:34:26.0636 4520 b57nd60a - ok
11:34:26.0745 4520 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
11:34:26.0760 4520 BCM42RLY - ok
11:34:27.0104 4520 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
11:34:27.0166 4520 BCM43XX - ok
11:34:27.0291 4520 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:34:27.0338 4520 BDESVC - ok
11:34:27.0431 4520 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:34:27.0509 4520 Beep - ok
11:34:27.0743 4520 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:34:27.0821 4520 BFE - ok
11:34:29.0163 4520 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
11:34:29.0272 4520 BITS - ok
11:34:29.0428 4520 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:34:29.0490 4520 blbdrive - ok
11:34:29.0646 4520 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:34:29.0662 4520 Bonjour Service - ok
11:34:29.0693 4520 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:34:29.0787 4520 bowser - ok
11:34:29.0834 4520 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:34:29.0896 4520 BrFiltLo - ok
11:34:29.0896 4520 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:34:29.0927 4520 BrFiltUp - ok
11:34:29.0974 4520 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:34:30.0068 4520 BridgeMP - ok
11:34:30.0161 4520 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:34:30.0286 4520 Browser - ok
11:34:30.0395 4520 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:34:30.0582 4520 Brserid - ok
11:34:31.0035 4520 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:34:31.0113 4520 BrSerWdm - ok
11:34:31.0128 4520 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:34:31.0222 4520 BrUsbMdm - ok
11:34:31.0284 4520 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:34:31.0331 4520 BrUsbSer - ok
11:34:31.0768 4520 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:34:31.0877 4520 BTHMODEM - ok
11:34:32.0080 4520 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:34:32.0174 4520 bthserv - ok
11:34:32.0252 4520 catchme - ok
11:34:32.0345 4520 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:34:32.0423 4520 cdfs - ok
11:34:32.0938 4520 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:34:32.0985 4520 cdrom - ok
11:34:33.0063 4520 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:34:33.0141 4520 CertPropSvc - ok
11:34:33.0234 4520 cfwids (676535b3156fecf7133cf80b4d2f6cf7) C:\Windows\system32\drivers\cfwids.sys
11:34:33.0250 4520 cfwids - ok
11:34:33.0390 4520 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:34:33.0422 4520 circlass - ok
11:34:33.0500 4520 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:34:33.0531 4520 CLFS - ok
11:34:33.0671 4520 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:34:33.0702 4520 clr_optimization_v2.0.50727_32 - ok
11:34:33.0843 4520 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:34:33.0858 4520 clr_optimization_v2.0.50727_64 - ok
11:34:33.0952 4520 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:34:33.0983 4520 clr_optimization_v4.0.30319_32 - ok
11:34:34.0217 4520 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:34:34.0233 4520 clr_optimization_v4.0.30319_64 - ok
11:34:34.0326 4520 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:34:34.0404 4520 CmBatt - ok
11:34:34.0467 4520 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:34:34.0482 4520 cmdide - ok
11:34:35.0356 4520 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:34:35.0512 4520 CNG - ok
11:34:35.0808 4520 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:34:35.0902 4520 Compbatt - ok
11:34:35.0980 4520 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:34:36.0011 4520 CompositeBus - ok
11:34:36.0027 4520 COMSysApp - ok
11:34:36.0089 4520 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:34:36.0105 4520 crcdisk - ok
11:34:36.0245 4520 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:34:36.0292 4520 CryptSvc - ok
11:34:36.0354 4520 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
11:34:36.0557 4520 CtClsFlt - ok
11:34:37.0774 4520 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:34:37.0805 4520 cvhsvc - ok
11:34:37.0930 4520 DarkSpy - ok
11:34:38.0117 4520 dc3d (26c9db5fb11aa1c90ca4b7a986cca4f3) C:\Windows\system32\DRIVERS\dc3d.sys
11:34:38.0195 4520 dc3d - ok
11:34:39.0693 4520 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:34:39.0802 4520 DcomLaunch - ok
11:34:39.0974 4520 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:34:40.0114 4520 defragsvc - ok
11:34:40.0286 4520 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:34:40.0364 4520 DfsC - ok
11:34:41.0019 4520 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:34:41.0128 4520 Dhcp - ok
11:34:41.0206 4520 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:34:41.0284 4520 discache - ok
11:34:41.0315 4520 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:34:41.0456 4520 Disk - ok
11:34:41.0752 4520 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:34:41.0814 4520 Dnscache - ok
11:34:42.0002 4520 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
11:34:42.0048 4520 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
11:34:42.0048 4520 DockLoginService - detected UnsignedFile.Multi.Generic (1)
11:34:42.0282 4520 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:34:42.0454 4520 dot3svc - ok
11:34:42.0719 4520 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:34:42.0813 4520 DPS - ok
11:34:43.0312 4520 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:34:43.0562 4520 drmkaud - ok
11:34:48.0772 4520 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:34:48.0803 4520 DXGKrnl - ok
11:34:49.0302 4520 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:34:49.0380 4520 EapHost - ok
11:34:51.0377 4520 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:34:51.0642 4520 ebdrv - ok
11:34:52.0001 4520 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:34:52.0048 4520 EFS - ok
11:34:52.0563 4520 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:34:52.0906 4520 ehRecvr - ok
11:34:53.0483 4520 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:34:53.0530 4520 ehSched - ok
11:34:54.0372 4520 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:34:54.0716 4520 elxstor - ok
11:34:54.0794 4520 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:34:54.0856 4520 ErrDev - ok
11:34:55.0215 4520 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:34:55.0277 4520 EventSystem - ok
11:34:55.0402 4520 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:34:55.0480 4520 exfat - ok
11:34:55.0558 4520 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:34:55.0636 4520 fastfat - ok
11:34:56.0042 4520 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:34:56.0104 4520 Fax - ok
11:34:56.0198 4520 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:34:56.0229 4520 fdc - ok
11:34:56.0307 4520 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:34:56.0385 4520 fdPHost - ok
11:34:56.0525 4520 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:34:56.0619 4520 FDResPub - ok
11:34:56.0775 4520 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:34:56.0806 4520 FileInfo - ok
11:34:56.0853 4520 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:34:56.0962 4520 Filetrace - ok
11:34:57.0087 4520 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:34:57.0149 4520 flpydisk - ok
11:34:57.0555 4520 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:34:57.0695 4520 FltMgr - ok
11:34:59.0240 4520 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:34:59.0302 4520 FontCache - ok
11:34:59.0583 4520 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:34:59.0661 4520 FontCache3.0.0.0 - ok
11:34:59.0848 4520 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:34:59.0879 4520 FsDepends - ok
11:34:59.0973 4520 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:34:59.0988 4520 Fs_Rec - ok
11:35:00.0144 4520 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:35:00.0176 4520 fvevol - ok
11:35:00.0285 4520 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:35:00.0316 4520 gagp30kx - ok
11:35:00.0690 4520 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
11:35:00.0862 4520 GameConsoleService - ok
11:35:00.0971 4520 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:35:01.0002 4520 GEARAspiWDM - ok
11:35:01.0143 4520 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
11:35:01.0190 4520 GoToAssist - ok
11:35:02.0016 4520 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:35:02.0235 4520 gpsvc - ok
11:35:02.0344 4520 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:35:02.0375 4520 hcw85cir - ok
11:35:02.0765 4520 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:35:02.0812 4520 HDAudBus - ok
11:35:02.0952 4520 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:35:03.0015 4520 HidBatt - ok
11:35:03.0264 4520 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:35:03.0327 4520 HidBth - ok
11:35:03.0405 4520 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:35:03.0498 4520 HidIr - ok
11:35:03.0576 4520 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:35:03.0639 4520 hidserv - ok
11:35:03.0748 4520 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:35:03.0779 4520 HidUsb - ok
11:35:03.0842 4520 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:35:03.0920 4520 hkmsvc - ok
11:35:04.0044 4520 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:35:04.0091 4520 HomeGroupListener - ok
11:35:04.0216 4520 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:35:04.0247 4520 HomeGroupProvider - ok
11:35:04.0388 4520 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:35:04.0419 4520 HpSAMD - ok
11:35:05.0152 4520 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:35:05.0261 4520 HTTP - ok
11:35:05.0339 4520 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:35:05.0370 4520 hwpolicy - ok
11:35:05.0573 4520 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:35:05.0651 4520 i8042prt - ok
11:35:06.0416 4520 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:35:06.0431 4520 IAANTMON - ok
11:35:07.0242 4520 iaStor (4f6fb2cdbdeefc47e7d2066e78254580) C:\Windows\system32\DRIVERS\iaStor.sys
11:35:07.0258 4520 iaStor - ok
11:35:07.0461 4520 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:35:07.0586 4520 iaStorV - ok
11:35:08.0116 4520 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:35:08.0490 4520 idsvc - ok
11:35:13.0779 4520 igfx (44a4cfdf95dec95cfe8a5c111a2cbf71) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:35:14.0762 4520 igfx - ok
11:35:15.0027 4520 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:35:15.0042 4520 iirsp - ok
11:35:15.0198 4520 IJPLMSVC (78df31cdd3a380e7f9cfcc8b4e24813c) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
11:35:15.0214 4520 IJPLMSVC - ok
11:35:15.0448 4520 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:35:15.0542 4520 IKEEXT - ok
11:35:15.0682 4520 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:35:15.0729 4520 intelide - ok
11:35:15.0807 4520 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:35:15.0869 4520 intelppm - ok
11:35:15.0900 4520 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:35:15.0994 4520 IPBusEnum - ok
11:35:16.0088 4520 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:35:16.0181 4520 IpFilterDriver - ok
11:35:16.0337 4520 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:35:16.0400 4520 iphlpsvc - ok
11:35:16.0571 4520 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:35:16.0618 4520 IPMIDRV - ok
11:35:16.0790 4520 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:35:16.0899 4520 IPNAT - ok
11:35:17.0694 4520 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
11:35:17.0726 4520 iPod Service - ok
11:35:17.0804 4520 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:35:17.0866 4520 IRENUM - ok
11:35:18.0084 4520 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:35:18.0147 4520 isapnp - ok
11:35:18.0334 4520 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:35:18.0428 4520 iScsiPrt - ok
11:35:18.0552 4520 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:35:18.0584 4520 kbdclass - ok
11:35:18.0693 4520 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:35:18.0771 4520 kbdhid - ok
11:35:18.0802 4520 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:35:18.0818 4520 KeyIso - ok
11:35:18.0849 4520 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:35:18.0864 4520 KSecDD - ok
11:35:18.0942 4520 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:35:18.0958 4520 KSecPkg - ok
11:35:18.0989 4520 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:35:19.0052 4520 ksthunk - ok
11:35:19.0098 4520 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:35:19.0192 4520 KtmRm - ok
11:35:19.0301 4520 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:35:19.0364 4520 LanmanServer - ok
11:35:19.0442 4520 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:35:19.0504 4520 LanmanWorkstation - ok
11:35:19.0582 4520 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:35:19.0660 4520 lltdio - ok
11:35:19.0707 4520 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:35:19.0785 4520 lltdsvc - ok
11:35:19.0816 4520 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:35:19.0863 4520 lmhosts - ok
11:35:19.0941 4520 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:35:19.0988 4520 LSI_FC - ok
11:35:20.0066 4520 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:35:20.0081 4520 LSI_SAS - ok
11:35:20.0128 4520 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:35:20.0144 4520 LSI_SAS2 - ok
11:35:20.0159 4520 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:35:20.0190 4520 LSI_SCSI - ok
11:35:20.0284 4520 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:35:20.0362 4520 luafv - ok
11:35:20.0440 4520 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
11:35:20.0456 4520 MBAMProtector - ok
11:35:20.0783 4520 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:35:20.0799 4520 MBAMService - ok
11:35:21.0002 4520 McShield (87cc32f90123313a3febe6a71fc62dad) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
11:35:21.0034 4520 McShield - ok
11:35:21.0081 4520 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:35:21.0174 4520 Mcx2Svc - ok
11:35:21.0205 4520 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:35:21.0221 4520 megasas - ok
11:35:21.0283 4520 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:35:21.0299 4520 MegaSR - ok
11:35:21.0439 4520 mfeapfk (31338e489314ae2a29534fbaa7ad2f1b) C:\Windows\system32\drivers\mfeapfk.sys
11:35:21.0533 4520 mfeapfk - ok
11:35:21.0549 4520 mfeavfk (5822e70233218bcf22a65fcea74d012d) C:\Windows\system32\drivers\mfeavfk.sys
11:35:21.0580 4520 mfeavfk - ok
11:35:21.0829 4520 mfefire (ad2b622b46b78f212eb82330073b79e0) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
11:35:21.0845 4520 mfefire - ok
11:35:21.0970 4520 mfefirek (5a24e7c834576313d8c5eaf0825da844) C:\Windows\system32\drivers\mfefirek.sys
11:35:21.0985 4520 mfefirek - ok
11:35:22.0064 4520 mfehidk (a2607740bb18d631da01e01dcb81843b) C:\Windows\system32\drivers\mfehidk.sys
11:35:22.0111 4520 mfehidk - ok
11:35:22.0127 4520 mfenlfk (50c3a9d7465d385061c0601deefb5a8e) C:\Windows\system32\DRIVERS\mfenlfk.sys
11:35:22.0142 4520 mfenlfk - ok
11:35:22.0267 4520 mferkdet (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\Windows\system32\drivers\mferkdet.sys
11:35:22.0283 4520 mferkdet - ok
11:35:22.0704 4520 mfevtp (39e1dfb1700294e6c829465bd39e58b2) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
11:35:22.0720 4520 mfevtp - ok
11:35:23.0094 4520 mfewfpk (9182faf9addd5ea6308d155ceb502c6f) C:\Windows\system32\drivers\mfewfpk.sys
11:35:23.0110 4520 mfewfpk - ok
11:35:23.0344 4520 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:35:23.0375 4520 MMCSS - ok
11:35:23.0531 4520 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:35:23.0624 4520 Modem - ok
11:35:23.0734 4520 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:35:23.0812 4520 monitor - ok
11:35:23.0874 4520 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:35:23.0890 4520 mouclass - ok
11:35:24.0061 4520 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:35:24.0124 4520 mouhid - ok
11:35:24.0186 4520 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:35:24.0202 4520 mountmgr - ok
11:35:24.0467 4520 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:35:24.0482 4520 MozillaMaintenance - ok
11:35:24.0576 4520 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:35:24.0592 4520 mpio - ok
11:35:24.0810 4520 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:35:24.0857 4520 mpsdrv - ok
11:35:24.0919 4520 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:35:24.0997 4520 MpsSvc - ok
11:35:25.0122 4520 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:35:25.0153 4520 MRxDAV - ok
11:35:25.0200 4520 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:35:25.0278 4520 mrxsmb - ok
11:35:25.0325 4520 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:35:25.0450 4520 mrxsmb10 - ok
11:35:25.0528 4520 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:35:25.0543 4520 mrxsmb20 - ok
11:35:25.0652 4520 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:35:25.0668 4520 msahci - ok
11:35:25.0762 4520 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:35:25.0777 4520 msdsm - ok
11:35:25.0824 4520 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:35:25.0855 4520 MSDTC - ok
11:35:25.0902 4520 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:35:25.0949 4520 Msfs - ok
11:35:25.0980 4520 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:35:26.0042 4520 mshidkmdf - ok
11:35:26.0074 4520 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:35:26.0105 4520 msisadrv - ok
11:35:26.0136 4520 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:35:26.0198 4520 MSiSCSI - ok
11:35:26.0214 4520 msiserver - ok
11:35:26.0292 4520 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:35:26.0370 4520 MSKSSRV - ok
11:35:26.0386 4520 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:35:26.0432 4520 MSPCLOCK - ok
11:35:26.0495 4520 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:35:26.0557 4520 MSPQM - ok
11:35:26.0698 4520 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:35:26.0729 4520 MsRPC - ok
11:35:26.0791 4520 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:35:26.0807 4520 mssmbios - ok
11:35:26.0869 4520 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:35:26.0932 4520 MSTEE - ok
11:35:26.0932 4520 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:35:26.0963 4520 MTConfig - ok
11:35:26.0978 4520 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:35:27.0010 4520 Mup - ok
11:35:27.0056 4520 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:35:27.0150 4520 napagent - ok
11:35:27.0228 4520 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:35:27.0290 4520 NativeWifiP - ok
11:35:27.0400 4520 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:35:27.0431 4520 NDIS - ok
11:35:27.0462 4520 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:35:27.0524 4520 NdisCap - ok
11:35:27.0556 4520 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:35:27.0618 4520 NdisTapi - ok
11:35:27.0712 4520 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:35:27.0774 4520 Ndisuio - ok
11:35:27.0883 4520 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:35:27.0977 4520 NdisWan - ok
11:35:28.0055 4520 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:35:28.0102 4520 NDProxy - ok
11:35:28.0148 4520 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:35:28.0226 4520 NetBIOS - ok
11:35:28.0273 4520 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:35:28.0336 4520 NetBT - ok
11:35:28.0367 4520 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:35:28.0398 4520 Netlogon - ok
11:35:28.0507 4520 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:35:28.0616 4520 Netman - ok
11:35:28.0772 4520 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:35:28.0850 4520 netprofm - ok
11:35:28.0975 4520 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:35:29.0006 4520 NetTcpPortSharing - ok
11:35:29.0084 4520 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:35:29.0100 4520 nfrd960 - ok
11:35:29.0225 4520 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:35:29.0350 4520 NlaSvc - ok
11:35:29.0396 4520 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:35:29.0474 4520 Npfs - ok
11:35:29.0521 4520 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:35:29.0599 4520 nsi - ok
11:35:29.0662 4520 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:35:29.0740 4520 nsiproxy - ok
11:35:30.0270 4520 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:35:30.0410 4520 Ntfs - ok
11:35:30.0660 4520 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:35:30.0738 4520 Null - ok
11:35:30.0847 4520 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:35:30.0878 4520 nvraid - ok
11:35:30.0956 4520 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:35:30.0988 4520 nvstor - ok
11:35:31.0081 4520 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:35:31.0097 4520 nv_agp - ok
11:35:31.0128 4520 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:35:31.0190 4520 ohci1394 - ok
11:35:31.0346 4520 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:35:31.0424 4520 ose - ok
11:35:35.0402 4520 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:35:39.0365 4520 osppsvc - ok
11:35:41.0830 4520 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:35:41.0939 4520 p2pimsvc - ok
11:35:42.0656 4520 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:35:42.0734 4520 p2psvc - ok
11:35:42.0984 4520 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:35:43.0280 4520 Parport - ok
11:35:43.0327 4520 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:35:43.0405 4520 partmgr - ok
11:35:43.0561 4520 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:35:43.0608 4520 PcaSvc - ok
11:35:43.0748 4520 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:35:43.0811 4520 pci - ok
11:35:43.0920 4520 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:35:43.0951 4520 pciide - ok
11:35:44.0107 4520 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:35:44.0154 4520 pcmcia - ok
11:35:44.0185 4520 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:35:44.0201 4520 pcw - ok
11:35:44.0341 4520 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:35:44.0513 4520 PEAUTH - ok
11:35:44.0653 4520 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:35:44.0700 4520 PerfHost - ok
11:35:45.0698 4520 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:35:45.0917 4520 pla - ok
11:35:46.0073 4520 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:35:46.0120 4520 PlugPlay - ok
11:35:46.0166 4520 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:35:46.0213 4520 PNRPAutoReg - ok
11:35:46.0244 4520 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:35:46.0260 4520 PNRPsvc - ok
11:35:46.0744 4520 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
11:35:46.0759 4520 Point64 - ok
11:35:47.0227 4520 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:35:47.0368 4520 PolicyAgent - ok
11:35:47.0414 4520 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:35:47.0508 4520 Power - ok
11:35:47.0633 4520 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:35:47.0695 4520 PptpMiniport - ok
11:35:47.0945 4520 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:35:48.0023 4520 Processor - ok
11:35:48.0179 4520 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:35:48.0272 4520 ProfSvc - ok
11:35:48.0382 4520 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:35:48.0413 4520 ProtectedStorage - ok
11:35:48.0787 4520 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:35:48.0896 4520 Psched - ok
11:35:48.0943 4520 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
11:35:48.0959 4520 PSI - ok
11:35:49.0115 4520 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:35:49.0130 4520 PxHlpa64 - ok
11:35:50.0269 4520 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:35:50.0425 4520 ql2300 - ok
11:35:51.0486 4520 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:35:51.0658 4520 ql40xx - ok
11:35:51.0736 4520 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:35:51.0798 4520 QWAVE - ok
11:35:51.0814 4520 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:35:51.0876 4520 QWAVEdrv - ok
11:35:51.0892 4520 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:35:51.0954 4520 RasAcd - ok
11:35:52.0016 4520 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:35:52.0079 4520 RasAgileVpn - ok
11:35:52.0157 4520 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:35:52.0235 4520 RasAuto - ok
11:35:52.0328 4520 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:35:52.0391 4520 Rasl2tp - ok
11:35:52.0718 4520 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:35:52.0796 4520 RasMan - ok
11:35:52.0906 4520 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:35:52.0968 4520 RasPppoe - ok
11:35:53.0062 4520 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:35:53.0124 4520 RasSstp - ok
11:35:53.0218 4520 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:35:53.0311 4520 rdbss - ok
11:35:53.0358 4520 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:35:53.0420 4520 rdpbus - ok
11:35:53.0452 4520 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:35:53.0498 4520 RDPCDD - ok
11:35:53.0592 4520 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:35:53.0654 4520 RDPENCDD - ok
11:35:53.0717 4520 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:35:53.0748 4520 RDPREFMP - ok
11:35:53.0966 4520 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:35:54.0013 4520 RDPWD - ok
11:35:54.0107 4520 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:35:54.0138 4520 rdyboost - ok
11:35:54.0185 4520 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:35:54.0247 4520 RemoteAccess - ok
11:35:54.0341 4520 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:35:54.0434 4520 RemoteRegistry - ok
11:35:54.0512 4520 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:35:54.0606 4520 RpcEptMapper - ok
11:35:54.0653 4520 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:35:54.0668 4520 RpcLocator - ok
11:35:54.0887 4520 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:35:54.0918 4520 RpcSs - ok
11:35:54.0980 4520 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:35:55.0043 4520 rspndr - ok
11:35:55.0152 4520 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
11:35:55.0214 4520 RSUSBSTOR - ok
11:35:55.0292 4520 RtsUIR - ok
11:35:55.0339 4520 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:35:55.0370 4520 SamSs - ok
11:35:55.0495 4520 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:35:55.0636 4520 sbp2port - ok
11:35:57.0539 4520 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:35:57.0773 4520 SCardSvr - ok
11:35:57.0866 4520 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:35:57.0960 4520 scfilter - ok
11:35:58.0256 4520 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:35:58.0568 4520 Schedule - ok
11:35:58.0600 4520 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:35:58.0678 4520 SCPolicySvc - ok
11:35:58.0756 4520 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:35:58.0880 4520 SDRSVC - ok
11:35:59.0208 4520 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
11:35:59.0224 4520 SeaPort - ok
11:35:59.0286 4520 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:35:59.0364 4520 secdrv - ok
11:35:59.0426 4520 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:35:59.0489 4520 seclogon - ok
11:36:00.0005 4520 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
11:36:00.0036 4520 Secunia PSI Agent - ok
11:36:00.0285 4520 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\Secunia\PSI\sua.exe
11:36:00.0317 4520 Secunia Update Agent - ok
11:36:00.0675 4520 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:36:00.0738 4520 SENS - ok
11:36:00.0956 4520 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:36:01.0003 4520 SensrSvc - ok
11:36:01.0143 4520 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:36:01.0190 4520 Serenum - ok
11:36:01.0253 4520 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:36:01.0284 4520 Serial - ok
11:36:01.0315 4520 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:36:01.0346 4520 sermouse - ok
11:36:01.0487 4520 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:36:01.0580 4520 SessionEnv - ok
11:36:01.0627 4520 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:36:01.0689 4520 sffdisk - ok
11:36:01.0705 4520 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:36:01.0752 4520 sffp_mmc - ok
11:36:01.0752 4520 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:36:01.0799 4520 sffp_sd - ok
11:36:01.0877 4520 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:36:01.0955 4520 sfloppy - ok
11:36:02.0064 4520 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
11:36:02.0095 4520 Sftfs - ok
11:36:02.0220 4520 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
11:36:02.0235 4520 sftlist - ok
11:36:02.0282 4520 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:36:02.0298 4520 Sftplay - ok
11:36:02.0345 4520 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:36:02.0360 4520 Sftredir - ok
11:36:02.0969 4520 SftService (21d48d7c9bdef13af16fdcbc5719fc3b) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
11:36:03.0062 4520 SftService ( UnsignedFile.Multi.Generic ) - warning
11:36:03.0062 4520 SftService - detected UnsignedFile.Multi.Generic (1)
11:36:03.0093 4520 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
11:36:03.0109 4520 Sftvol - ok
11:36:03.0187 4520 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
11:36:03.0203 4520 sftvsa - ok
11:36:03.0359 4520 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:36:03.0405 4520 SharedAccess - ok
11:36:03.0468 4520 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:36:03.0546 4520 ShellHWDetection - ok
11:36:03.0577 4520 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:36:03.0608 4520 SiSRaid2 - ok
11:36:03.0608 4520 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:36:03.0639 4520 SiSRaid4 - ok
11:36:03.0749 4520 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe
11:36:03.0764 4520 SkypeUpdate - ok
11:36:03.0827 4520 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:36:03.0905 4520 Smb - ok
11:36:03.0967 4520 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:36:03.0998 4520 SNMPTRAP - ok
11:36:04.0014 4520 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:36:04.0029 4520 spldr - ok
11:36:04.0092 4520 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:36:04.0154 4520 Spooler - ok
11:36:04.0575 4520 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:36:04.0669 4520 sppsvc - ok
11:36:04.0887 4520 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:36:05.0043 4520 sppuinotify - ok
11:36:05.0106 4520 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:36:05.0168 4520 srv - ok
11:36:05.0262 4520 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:36:05.0387 4520 srv2 - ok
11:36:05.0433 4520 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:36:05.0511 4520 srvnet - ok
11:36:05.0605 4520 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:36:05.0684 4520 SSDPSRV - ok
11:36:05.0715 4520 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:36:05.0762 4520 SstpSvc - ok
11:36:05.0980 4520 STacSV (5697fb5dcf36ada09c153378e88ae6ad) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
11:36:06.0058 4520 STacSV - ok
11:36:06.0105 4520 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:36:06.0121 4520 stexstor - ok
11:36:06.0230 4520 STHDA (f3f6c17f70eba268cdbe4f9704e3eac5) C:\Windows\system32\DRIVERS\stwrt64.sys
11:36:06.0308 4520 STHDA - ok
11:36:06.0370 4520 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:36:06.0542 4520 stisvc - ok
11:36:06.0636 4520 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:36:06.0651 4520 swenum - ok
11:36:06.0729 4520 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:36:06.0792 4520 swprv - ok
11:36:07.0010 4520 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:36:07.0119 4520 SysMain - ok
11:36:07.0462 4520 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:36:07.0525 4520 TabletInputService - ok
11:36:07.0603 4520 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:36:07.0728 4520 TapiSrv - ok
11:36:07.0759 4520 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:36:07.0806 4520 TBS - ok
11:36:07.0946 4520 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:36:08.0024 4520 Tcpip - ok
11:36:09.0553 4520 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:36:09.0600 4520 TCPIP6 - ok
11:36:09.0802 4520 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:36:09.0880 4520 tcpipreg - ok
11:36:09.0958 4520 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:36:09.0990 4520 TDPIPE - ok
11:36:10.0036 4520 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:36:10.0052 4520 TDTCP - ok
11:36:10.0099 4520 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:36:10.0161 4520 tdx - ok
11:36:10.0239 4520 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:36:10.0255 4520 TermDD - ok
11:36:10.0395 4520 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:36:11.0050 4520 TermService - ok
11:36:11.0082 4520 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:36:11.0113 4520 Themes - ok
11:36:11.0160 4520 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:36:11.0206 4520 THREADORDER - ok
11:36:11.0238 4520 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:36:11.0284 4520 TrkWks - ok
11:36:11.0362 4520 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:36:11.0440 4520 TrustedInstaller - ok
11:36:11.0518 4520 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:36:11.0675 4520 tssecsrv - ok
11:36:11.0768 4520 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:36:11.0815 4520 TsUsbFlt - ok
11:36:11.0909 4520 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:36:11.0971 4520 tunnel - ok
11:36:12.0080 4520 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:36:12.0111 4520 uagp35 - ok
11:36:12.0189 4520 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:36:12.0252 4520 udfs - ok
11:36:12.0283 4520 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:36:12.0299 4520 UI0Detect - ok
11:36:12.0345 4520 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:36:12.0361 4520 uliagpkx - ok
11:36:12.0470 4520 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:36:12.0533 4520 umbus - ok
11:36:12.0579 4520 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:36:12.0626 4520 UmPass - ok
11:36:12.0657 4520 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:36:12.0735 4520 upnphost - ok
11:36:12.0829 4520 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
11:36:12.0845 4520 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
11:36:12.0845 4520 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
11:36:12.0891 4520 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:36:12.0907 4520 usbccgp - ok
11:36:12.0954 4520 USBCCID - ok
11:36:13.0063 4520 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:36:13.0094 4520 usbcir - ok
11:36:13.0157 4520 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:36:13.0219 4520 usbehci - ok
11:36:13.0266 4520 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:36:13.0313 4520 usbhub - ok
11:36:13.0344 4520 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
11:36:13.0359 4520 usbohci - ok
11:36:13.0375 4520 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:36:13.0406 4520 usbprint - ok
11:36:13.0515 4520 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:36:13.0578 4520 USBSTOR - ok
11:36:13.0671 4520 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
11:36:13.0687 4520 usbuhci - ok
11:36:13.0749 4520 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
11:36:13.0812 4520 usbvideo - ok
11:36:13.0859 4520 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:36:13.0921 4520 UxSms - ok
11:36:13.0999 4520 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:36:14.0015 4520 VaultSvc - ok
11:36:14.0061 4520 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:36:14.0093 4520 vdrvroot - ok
11:36:14.0186 4520 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:36:14.0280 4520 vds - ok
11:36:14.0327 4520 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:36:14.0358 4520 vga - ok
11:36:14.0373 4520 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:36:14.0420 4520 VgaSave - ok
11:36:14.0623 4520 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:36:14.0639 4520 vhdmp - ok
11:36:14.0685 4520 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:36:14.0701 4520 viaide - ok
11:36:14.0732 4520 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:36:14.0748 4520 volmgr - ok
11:36:14.0857 4520 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:36:14.0888 4520 volmgrx - ok
11:36:15.0029 4520 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:36:15.0060 4520 volsnap - ok
11:36:15.0075 4520 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:36:15.0107 4520 vsmraid - ok
11:36:15.0216 4520 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:36:15.0278 4520 VSS - ok
11:36:15.0419 4520 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:36:15.0465 4520 vwifibus - ok
11:36:15.0481 4520 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:36:15.0512 4520 vwififlt - ok
11:36:15.0590 4520 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:36:15.0668 4520 W32Time - ok
11:36:15.0715 4520 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:36:15.0746 4520 WacomPen - ok
11:36:15.0809 4520 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:36:15.0871 4520 WANARP - ok
11:36:15.0902 4520 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:36:15.0949 4520 Wanarpv6 - ok
11:36:16.0043 4520 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:36:16.0089 4520 WatAdminSvc - ok
11:36:16.0167 4520 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:36:16.0230 4520 wbengine - ok
11:36:16.0323 4520 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:36:16.0355 4520 WbioSrvc - ok
11:36:16.0526 4520 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:36:16.0589 4520 wcncsvc - ok
11:36:16.0635 4520 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:36:16.0682 4520 WcsPlugInService - ok
11:36:16.0729 4520 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:36:16.0745 4520 Wd - ok
11:36:16.0885 4520 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:36:16.0916 4520 Wdf01000 - ok
11:36:16.0932 4520 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:36:16.0994 4520 WdiServiceHost - ok
11:36:16.0994 4520 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:36:17.0010 4520 WdiSystemHost - ok
11:36:17.0072 4520 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:36:17.0150 4520 WebClient - ok
11:36:17.0197 4520 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:36:17.0275 4520 Wecsvc - ok
11:36:17.0353 4520 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:36:17.0431 4520 wercplsupport - ok
11:36:17.0509 4520 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:36:17.0556 4520 WerSvc - ok
11:36:17.0618 4520 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:36:17.0649 4520 WfpLwf - ok
11:36:17.0696 4520 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
11:36:17.0712 4520 WimFltr - ok
11:36:17.0727 4520 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:36:17.0743 4520 WIMMount - ok
11:36:17.0790 4520 WinDefend - ok
11:36:17.0790 4520 WinHttpAutoProxySvc - ok
11:36:17.0915 4520 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:36:17.0977 4520 Winmgmt - ok
11:36:18.0164 4520 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:36:18.0242 4520 WinRM - ok
11:36:19.0428 4520 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:36:19.0537 4520 Wlansvc - ok
11:36:19.0755 4520 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:36:19.0802 4520 wlidsvc - ok
11:36:19.0865 4520 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
11:36:19.0896 4520 wltrysvc ( UnsignedFile.Multi.Generic ) - warning
11:36:19.0896 4520 wltrysvc - detected UnsignedFile.Multi.Generic (1)
11:36:20.0021 4520 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:36:20.0036 4520 WmiAcpi - ok
11:36:20.0099 4520 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:36:20.0145 4520 wmiApSrv - ok
11:36:20.0177 4520 WMPNetworkSvc - ok
11:36:20.0223 4520 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:36:20.0239 4520 WPCSvc - ok
11:36:20.0301 4520 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:36:20.0317 4520 WPDBusEnum - ok
11:36:20.0379 4520 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:36:20.0457 4520 ws2ifsl - ok
11:36:20.0504 4520 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:36:20.0551 4520 wscsvc - ok
11:36:20.0567 4520 WSearch - ok
11:36:21.0472 4520 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:36:21.0660 4520 wuauserv - ok
11:36:21.0972 4520 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:36:22.0112 4520 WudfPf - ok
11:36:22.0237 4520 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:36:22.0299 4520 WUDFRd - ok
11:36:22.0362 4520 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:36:22.0393 4520 wudfsvc - ok
11:36:22.0455 4520 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:36:22.0596 4520 WwanSvc - ok
11:36:22.0720 4520 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
11:36:22.0767 4520 yukonw7 - ok
11:36:22.0798 4520 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:36:23.0157 4520 \Device\Harddisk0\DR0 - ok
11:36:23.0204 4520 Boot (0x1200) (85ee6ca7a589616c7d715a0d5ba7570d) \Device\Harddisk0\DR0\Partition0
11:36:23.0204 4520 \Device\Harddisk0\DR0\Partition0 - ok
11:36:23.0235 4520 Boot (0x1200) (75dc919d20f203ea413f6ed5d8bffbe5) \Device\Harddisk0\DR0\Partition1
11:36:23.0235 4520 \Device\Harddisk0\DR0\Partition1 - ok
11:36:23.0235 4520 ============================================================
11:36:23.0235 4520 Scan finished
11:36:23.0235 4520 ============================================================
11:36:23.0251 0504 Detected object count: 4
11:36:23.0251 0504 Actual detected object count: 4
11:36:33.0640 0504 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
11:36:33.0640 0504 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:36:33.0656 0504 SftService ( UnsignedFile.Multi.Generic ) - skipped by user
11:36:33.0656 0504 SftService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:36:33.0656 0504 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
11:36:33.0656 0504 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:36:33.0656 0504 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:36:33.0656 0504 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:36:43.0515 4112 Deinitialize success

#4 milot

milot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 04 May 2012 - 10:58 AM

I can't aatach the .dat file : Error You aren't permitted to upload this kind of file
so I switched the .dat extension to .txt, make sure you rename it after .dat afer downloading it
aswMBR log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-04 11:38:51
-----------------------------
11:38:51.059 OS Version: Windows x64 6.1.7601 Service Pack 1
11:38:51.059 Number of processors: 2 586 0x170A
11:38:51.060 ComputerName: PORTABLE UserName: Milot
11:38:52.300 Initialize success
11:42:49.948 AVAST engine defs: 12050400
11:43:05.999 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:43:06.002 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
11:43:06.020 Disk 0 MBR read successfully
11:43:06.022 Disk 0 MBR scan
11:43:06.028 Disk 0 Windows VISTA default MBR code
11:43:06.031 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:43:06.046 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
11:43:06.065 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
11:43:06.085 Disk 0 scanning C:\Windows\system32\drivers
11:43:18.654 Service scanning
11:43:52.561 Modules scanning
11:43:52.575 Disk 0 trace - called modules:
11:43:52.645 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
11:43:52.654 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004475790]
11:43:52.659 3 CLASSPNP.SYS[fffff88001a5a43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004138050]
11:43:56.797 AVAST engine scan C:\Windows
11:44:01.486 AVAST engine scan C:\Windows\system32
11:48:01.242 AVAST engine scan C:\Windows\system32\drivers
11:48:15.343 AVAST engine scan C:\Users\Milot
11:51:08.294 AVAST engine scan C:\ProgramData
11:54:32.043 Scan finished successfully
11:56:15.776 Disk 0 MBR has been saved successfully to "C:\Users\Milot\Desktop\MBR.dat"
11:56:15.782 The log file has been saved successfully to "C:\Users\Milot\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.txt   512bytes   1 downloads

Edited by milot, 04 May 2012 - 11:01 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 20,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:01 PM

Posted 04 May 2012 - 01:04 PM

Nothing suspicious was found on your logs.

Try the fix on post No 17 of this topic.

http://forum.avira.com/wbb/index.php?page=Thread&postID=1170655#post1170655

Keep me posted.

#6 milot

milot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 04 May 2012 - 07:51 PM

I uninstalled the update that you linked, and i didn't get the hidden objects warning(rescue cd boot)
here's my latest avira scan log :


Avira Free Antivirus
Date de création du fichier de rapport : 4 mai 2012 18:35

La recherche porte sur 3746077 souches de virus.

Le programme fonctionne en version intégrale illimitée.
Les services en ligne sont disponibles.

Détenteur de la licence : Avira AntiVir Personal - Free Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows 7 x64
Version de Windows : (Service Pack 1) [6.1.7601]
Mode Boot : Démarré normalement
Identifiant : Milot
Nom de l'ordinateur : PORTABLE

Informations de version :
BUILD.DAT : 12.0.0.207 41963 Bytes 2012-02-20 15:58:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 2012-02-15 19:03:39
AVSCAN.DLL : 12.1.0.19 64976 Bytes 2012-02-20 19:10:04
LUKE.DLL : 12.1.0.19 68304 Bytes 2012-02-15 19:03:46
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 2012-02-15 19:03:39
AVREG.DLL : 12.1.0.36 229128 Bytes 2012-04-27 04:11:59
VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009-11-06 13:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 2010-12-14 19:04:02
VBASE002.VDF : 7.11.19.170 14374912 Bytes 2011-12-20 19:04:09
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2012-02-01 04:11:09
VBASE004.VDF : 7.11.26.44 4329472 Bytes 2012-03-28 04:11:27
VBASE005.VDF : 7.11.26.45 2048 Bytes 2012-03-28 04:11:27
VBASE006.VDF : 7.11.26.46 2048 Bytes 2012-03-28 04:11:27
VBASE007.VDF : 7.11.26.47 2048 Bytes 2012-03-28 04:11:27
VBASE008.VDF : 7.11.26.48 2048 Bytes 2012-03-28 04:11:27
VBASE009.VDF : 7.11.26.49 2048 Bytes 2012-03-28 04:11:28
VBASE010.VDF : 7.11.26.50 2048 Bytes 2012-03-28 04:11:28
VBASE011.VDF : 7.11.26.51 2048 Bytes 2012-03-28 04:11:28
VBASE012.VDF : 7.11.26.52 2048 Bytes 2012-03-28 04:11:28
VBASE013.VDF : 7.11.26.53 2048 Bytes 2012-03-28 04:11:28
VBASE014.VDF : 7.11.26.107 221696 Bytes 2012-03-30 04:11:29
VBASE015.VDF : 7.11.26.179 224768 Bytes 2012-04-02 04:11:30
VBASE016.VDF : 7.11.26.241 142336 Bytes 2012-04-04 04:11:31
VBASE017.VDF : 7.11.27.41 247808 Bytes 2012-04-08 04:11:32
VBASE018.VDF : 7.11.27.107 161280 Bytes 2012-04-12 04:11:33
VBASE019.VDF : 7.11.27.159 148992 Bytes 2012-04-13 04:11:33
VBASE020.VDF : 7.11.27.201 207360 Bytes 2012-04-17 04:11:34
VBASE021.VDF : 7.11.28.3 237568 Bytes 2012-04-19 04:11:35
VBASE022.VDF : 7.11.28.49 193536 Bytes 2012-04-20 04:11:36
VBASE023.VDF : 7.11.28.99 195072 Bytes 2012-04-23 04:11:37
VBASE024.VDF : 7.11.28.133 247808 Bytes 2012-04-24 04:11:38
VBASE025.VDF : 7.11.28.183 186880 Bytes 2012-04-26 04:11:39
VBASE026.VDF : 7.11.28.235 166400 Bytes 2012-04-30 18:23:13
VBASE027.VDF : 7.11.29.37 290816 Bytes 2012-05-03 15:27:06
VBASE028.VDF : 7.11.29.38 2048 Bytes 2012-05-03 15:27:06
VBASE029.VDF : 7.11.29.39 2048 Bytes 2012-05-03 15:27:06
VBASE030.VDF : 7.11.29.40 2048 Bytes 2012-05-03 15:27:07
VBASE031.VDF : 7.11.29.62 62464 Bytes 2012-05-04 15:27:10
Version du moteur : 8.2.10.62
AEVDF.DLL : 8.1.2.2 106868 Bytes 2012-02-15 19:03:25
AESCRIPT.DLL : 8.1.4.18 455034 Bytes 2012-04-27 04:11:57
AESCN.DLL : 8.1.8.2 131444 Bytes 2012-04-27 04:11:56
AESBX.DLL : 8.2.5.5 606579 Bytes 2012-04-27 04:11:57
AERDL.DLL : 8.1.9.15 639348 Bytes 2012-02-15 19:03:25
AEPACK.DLL : 8.2.16.12 807287 Bytes 2012-05-04 15:29:14
AEOFFICE.DLL : 8.1.2.28 201082 Bytes 2012-04-27 04:11:52
AEHEUR.DLL : 8.1.4.23 4702582 Bytes 2012-05-04 15:28:57
AEHELP.DLL : 8.1.20.0 254326 Bytes 2012-04-27 04:11:43
AEGEN.DLL : 8.1.5.28 422260 Bytes 2012-04-27 04:11:42
AEEXP.DLL : 8.1.0.35 82291 Bytes 2012-05-04 15:29:17
AEEMU.DLL : 8.1.3.0 393589 Bytes 2012-02-15 19:03:20
AECORE.DLL : 8.1.25.6 201078 Bytes 2012-04-27 04:11:42
AEBB.DLL : 8.1.1.0 53618 Bytes 2012-02-15 19:03:20
AVWINLL.DLL : 12.1.0.17 27344 Bytes 2012-02-15 19:03:40
AVPREF.DLL : 12.1.0.17 51920 Bytes 2012-02-15 19:03:38
AVREP.DLL : 12.1.0.17 179920 Bytes 2012-02-15 19:03:38
AVARKT.DLL : 12.1.0.23 209360 Bytes 2012-02-15 19:03:34
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 2012-02-15 19:03:35
SQLITE3.DLL : 3.7.0.0 398288 Bytes 2012-02-15 19:03:52
AVSMTP.DLL : 12.1.0.17 63440 Bytes 2012-02-15 19:03:39
NETNT.DLL : 12.1.0.17 17104 Bytes 2012-02-15 19:03:47
RCIMAGE.DLL : 12.1.0.13 4449488 Bytes 2012-02-15 19:04:25
RCTEXT.DLL : 12.1.0.16 99792 Bytes 2012-02-15 19:04:25

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Documentation.................................: par défaut
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:, Q:,
Recherche dans les programmes actifs..........: marche
Programmes en cours étendus...................: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: marche
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: avancé
Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Début de la recherche : 4 mai 2012 18:35

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'Q:\'
[INFO] Aucun virus trouvé !
[INFO] Veuillez relancer la recherche avec les droits d'administrateur

La recherche d'objets cachés commence.

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '79' module(s) sont contrôlés
Processus de recherche 'mbamservice.exe' - '51' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '104' module(s) sont contrôlés
Processus de recherche 'distnoted.exe' - '33' module(s) sont contrôlés
Processus de recherche 'KMProcess.exe' - '50' module(s) sont contrôlés
Processus de recherche 'AdobeARM.exe' - '43' module(s) sont contrôlés
Processus de recherche 'iTunesHelper.exe' - '69' module(s) sont contrôlés
Processus de recherche 'mbamgui.exe' - '35' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '75' module(s) sont contrôlés
Processus de recherche 'OpWareSE4.exe' - '22' module(s) sont contrôlés
Processus de recherche 'KMConfig.exe' - '45' module(s) sont contrôlés
Processus de recherche 'RoxioBurnLauncher.exe' - '40' module(s) sont contrôlés
Processus de recherche 'StartAutorun.exe' - '27' module(s) sont contrôlés
Processus de recherche 'WebcamDell2.exe' - '45' module(s) sont contrôlés
Processus de recherche 'PDVDDXSrv.exe' - '45' module(s) sont contrôlés
Processus de recherche 'LauncherMA.exe' - '34' module(s) sont contrôlés
Processus de recherche 'psi_tray.exe' - '23' module(s) sont contrôlés
Processus de recherche 'ubd.exe' - '77' module(s) sont contrôlés
Processus de recherche 'IAAnotif.exe' - '39' module(s) sont contrôlés
Processus de recherche 'sua.exe' - '19' module(s) sont contrôlés
Processus de recherche 'CVHSVC.EXE' - '81' module(s) sont contrôlés
Processus de recherche 'sftlist.exe' - '63' module(s) sont contrôlés
Processus de recherche 'IAANTMon.exe' - '36' module(s) sont contrôlés
Processus de recherche 'sftvsa.exe' - '28' module(s) sont contrôlés
Processus de recherche 'sftservice.EXE' - '44' module(s) sont contrôlés
Processus de recherche 'PSIA.exe' - '83' module(s) sont contrôlés
Processus de recherche 'SeaPort.exe' - '50' module(s) sont contrôlés
Processus de recherche 'IJPLMSVC.EXE' - '22' module(s) sont contrôlés
Processus de recherche 'AppleMobileDeviceService.exe' - '64' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '69' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '40' module(s) sont contrôlés
Processus de recherche 'DockLogin.exe' - '23' module(s) sont contrôlés

Début du contrôle des fichiers système :
Signé -> 'C:\Windows\system32\svchost.exe'
Signé -> 'C:\Windows\system32\winlogon.exe'
Signé -> 'C:\Windows\explorer.exe'
Signé -> 'C:\Windows\system32\smss.exe'
Signé -> 'C:\Windows\system32\wininet.DLL'
Signé -> 'C:\Windows\system32\wsock32.DLL'
Signé -> 'C:\Windows\system32\ws2_32.DLL'
Signé -> 'C:\Windows\system32\services.exe'
Signé -> 'C:\Windows\system32\lsass.exe'
Signé -> 'C:\Windows\system32\csrss.exe'
Signé -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signé -> 'C:\Windows\system32\spoolsv.exe'
Signé -> 'C:\Windows\system32\alg.exe'
Signé -> 'C:\Windows\system32\wuauclt.exe'
Signé -> 'C:\Windows\system32\advapi32.DLL'
Signé -> 'C:\Windows\system32\user32.DLL'
Signé -> 'C:\Windows\system32\gdi32.DLL'
Signé -> 'C:\Windows\system32\kernel32.DLL'
Signé -> 'C:\Windows\system32\ntdll.DLL'
Signé -> 'C:\Windows\system32\ntoskrnl.exe'
Signé -> 'C:\Windows\system32\ctfmon.exe'
Les fichiers système ont été contrôlés ('21' fichiers)

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '1646' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\' <OS>
Recherche débutant dans 'Q:\'
Impossible d'ouvrir le chemin à scanner Q:\ !
Erreur système [5]: Accès refusé.


Fin de la recherche : 4 mai 2012 20:33
Temps nécessaire: 1:58:22 Heure(s)

La recherche a été effectuée intégralement

79552 Les répertoires ont été contrôlés
1049827 Des fichiers ont été contrôlés
0 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
0 Impossible de scanner des fichiers
1049827 Fichiers non infectés
5420 Les archives ont été contrôlées
0 Avertissements
0 Consignes
630689 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvé


but with rkill, i still get the terminated process c\windows\syswow64\rundll32.exe :
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 2012-05-04 at 20:50:09.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\rundll32.exe


Rkill completed on 2012-05-04 at 20:50:10.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 20,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:01 PM

Posted 05 May 2012 - 08:44 AM

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Is there any problems with this computer if you do not run Rkill?

#8 milot

milot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 05 May 2012 - 03:40 PM

Everything is fine except the rkill log, i will download your program tomorrow, i'm a bit busy today, i'll keep you update as soon as possible.
Thanks

#9 nasdaq

nasdaq

  • Malware Response Team
  • 20,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:01 PM

Posted 06 May 2012 - 08:48 AM

I have no problem with Rkill stopping the file from running.

#10 milot

milot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 06 May 2012 - 08:37 PM

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Avira Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.6
Secunia PSI (2.0.0.4003)
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

#11 nasdaq

nasdaq

  • Malware Response Team
  • 20,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:01 PM

Posted 07 May 2012 - 08:45 AM

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

===

When all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#12 milot

milot
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 07 May 2012 - 02:45 PM

I updated Adobe Reader and i uninstalled the other tools.
Thank you for your precious and greatly appreciated help.

Edited by milot, 07 May 2012 - 02:45 PM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 20,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:01 PM

Posted 14 May 2012 - 08:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users