Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Process keeps reappearing


  • Please log in to reply
8 replies to this topic

#1 xFoeHammer

xFoeHammer

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 04 April 2012 - 04:56 AM

A process called svchost.exe *32 has been using a lot of memory (700k or higher) and whenever I end the process it reappears a few minutes later. The process description is winrscmde. My computer has blue screened twice since this started happening, so I ran a system restore back a few days, which seemed to fix the blue screens. This process is still there, however. I am running Windows 7 64 bit.

I scanned with Malwarebytes but it didn't find anything. SuperAntiSpyware found nothing, too. Any help would be appreciated, thanks.

Edited by xFoeHammer, 04 April 2012 - 05:33 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:04 PM

Posted 04 April 2012 - 11:22 AM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 xFoeHammer

xFoeHammer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 04 April 2012 - 06:10 PM

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 30
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````

Farbar Service Scanner Version: 01-03-2012
Ran by Collin1 (administrator) on 04-04-2012 at 15:36:55
Running from "C:\Users\Collin1\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

MiniToolBox by Farbar Version: 18-01-2012
Ran by Collin1 (administrator) on 04-04-2012 at 15:40:17
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

Bigfoot Networks Killer Ethernet Controller = Local Area Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=5.0.0.1 publish=Yes
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Collin-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Bigfoot Networks Killer Ethernet Controller
Physical Address. . . . . . . . . : 00-19-03-05-7E-71
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5183:7037:bf0f:ee7a%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.84(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, April 04, 2012 3:28:38 PM
Lease Expires . . . . . . . . . . : Thursday, April 05, 2012 3:28:38 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 234887427
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-79-89-34-00-19-03-05-7E-71
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-05-E1-D2-5D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::5e1:d25d(Preferred)
Link-local IPv6 Address . . . . . : fe80::da0:8c95:7de8:31ba%15(Preferred)
IPv4 Address. . . . . . . . . . . : 5.225.210.93(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Wednesday, April 04, 2012 3:28:38 PM
Lease Expires . . . . . . . . . . : Thursday, April 04, 2013 3:30:45 PM
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 343570891
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-79-89-34-00-19-03-05-7E-71
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{63182C96-81A5-4AE6-9724-42523E4CB2F7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:80f:77a:3f57:feab(Preferred)
Link-local IPv6 Address . . . . . : fe80::80f:77a:3f57:feab%14(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.224.230
74.125.224.231
74.125.224.232
74.125.224.233
74.125.224.238
74.125.224.224
74.125.224.225
74.125.224.226
74.125.224.227
74.125.224.228
74.125.224.229


Pinging google.com [74.125.239.4] with 32 bytes of data:
Reply from 74.125.239.4: bytes=32 time=24ms TTL=54
Reply from 74.125.239.4: bytes=32 time=22ms TTL=54

Ping statistics for 74.125.239.4:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 22ms, Maximum = 24ms, Average = 23ms
Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=146ms TTL=43
Reply from 98.139.183.24: bytes=32 time=116ms TTL=43

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 116ms, Maximum = 146ms, Average = 131ms
Server: home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 19 03 05 7e 71 ......Bigfoot Networks Killer Ethernet Controller
15...7a 79 05 e1 d2 5d ......Hamachi Network Interface
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.225.210.93 9256
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.84 20
5.0.0.0 255.0.0.0 On-link 5.225.210.93 9256
5.225.210.93 255.255.255.255 On-link 5.225.210.93 9256
5.255.255.255 255.255.255.255 On-link 5.225.210.93 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.84 276
192.168.1.84 255.255.255.255 On-link 192.168.1.84 276
192.168.1.255 255.255.255.255 On-link 192.168.1.84 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 5.225.210.93 9256
224.0.0.0 240.0.0.0 On-link 192.168.1.84 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 5.225.210.93 9256
255.255.255.255 255.255.255.255 On-link 192.168.1.84 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:5ef5:79fb:80f:77a:3f57:feab/128
On-link
15 276 2620:9b::/64 On-link
15 276 2620:9b::/96 On-link
15 276 2620:9b::5e1:d25d/128 On-link
15 276 fe80::/64 On-link
11 276 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::80f:77a:3f57:feab/128
On-link
15 276 fe80::da0:8c95:7de8:31ba/128
On-link
11 276 fe80::5183:7037:bf0f:ee7a/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
15 276 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [174592] (Bigfoot Networks, Inc.)
Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [174592] (Bigfoot Networks, Inc.)
Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [174592] (Bigfoot Networks, Inc.)
Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [174592] (Bigfoot Networks, Inc.)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\BfLLR.dll [174592] (Bigfoot Networks, Inc.)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\BfLLR.dll [189952] (Bigfoot Networks, Inc.)
x64-Catalog9 02 C:\Windows\System32\BfLLR.dll [189952] (Bigfoot Networks, Inc.)
x64-Catalog9 03 C:\Windows\System32\BfLLR.dll [189952] (Bigfoot Networks, Inc.)
x64-Catalog9 04 C:\Windows\System32\BfLLR.dll [189952] (Bigfoot Networks, Inc.)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\BfLLR.dll [189952] (Bigfoot Networks, Inc.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/04/2012 03:30:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2012 03:19:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2012 02:23:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2012 02:09:29 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2012 02:03:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2012 01:59:23 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2012 01:54:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2012 01:43:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2012 01:29:01 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2012 02:28:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/04/2012 03:30:53 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (04/04/2012 03:30:13 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter

Error: (04/04/2012 03:29:55 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (04/04/2012 03:29:51 PM) (Source: Service Control Manager) (User: )
Description: The LMIGuardianSvc service failed to start due to the following error:
%%1053

Error: (04/04/2012 03:29:51 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LMIGuardianSvc service to connect.

Error: (04/04/2012 03:19:10 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (04/04/2012 03:18:30 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter

Error: (04/04/2012 03:18:23 AM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (04/04/2012 02:25:08 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (04/04/2012 02:23:23 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter


Microsoft Office Sessions:
=========================
Error: (04/04/2012 03:30:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2012 03:19:40 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2012 02:23:35 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2012 02:09:29 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2012 02:03:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2012 01:59:23 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2012 01:54:18 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2012 01:43:44 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2012 01:29:01 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2012 02:28:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

Ace of Spades (Version: 0.75.015)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.62)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Audacity 2.0
AutoGreen B10.1021.1 (Version: 1.00.0000)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2409)
AVG 2012 (Version: 2012.0.1913)
Bigfoot Networks Killer Network Manager (Version: 6.1.0.310)
Bunch Of Heroes
Call of Duty 4: Modern Warfare
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Multiplayer
CraftBukkit
Creative Audio Control Panel (Version: 2.56)
Creative MediaSource 5 (Version: 5.00)
Creative Sound Blaster Properties x64 Edition
D3DX10 (Version: 15.4.2368.0902)
Deus Ex: Human Revolution
DirectXInstallService (Version: 9.0.0)
Easy Tune 6 B11.0110.1 (Version: 1.00.0000)
EMC 10 Content (Version: 1.0.015)
EMCGadgets64 (Version: 1.0.020)
Fraps (remove only)
Freemake Video Converter version 3.0.1 (Version: 3.0.1)
Google Chrome (Version: 18.0.1025.142)
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)
Hoyle Board Games 2005 (Version: 1.0.0.0)
Hoyle Puzzle Games 2005 (Version: 1.0.0.0)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Java™ 7 Update 2 (64-bit) (Version: 7.0.20)
KAG 0.95A
LAME v3.99.3 (for Windows)
LogMeIn (Version: 4.1.2126)
LogMeIn Hamachi (Version: 2.1.0.166)
Magicka
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Mass Effect™ 3 (Version: 1.0.0.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mumble 1.2.3 (Version: 1.2.3)
Notepad++ (Version: 5.9.8)
NVIDIA 3D Vision Controller Driver 285.62 (Version: 285.62)
NVIDIA 3D Vision Driver 285.62 (Version: 285.62)
NVIDIA Control Panel 285.62 (Version: 285.62)
NVIDIA Graphics Driver 285.62 (Version: 285.62)
NVIDIA HD Audio Driver 1.2.24.0 (Version: 1.2.24.0)
NVIDIA Install Application (Version: 2.1002.46.235)
NVIDIA PhysX (Version: 9.11.1107)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.8562)
NVIDIA Update 1.5.20 (Version: 1.5.20)
NVIDIA Update Components (Version: 1.5.20)
Origin (Version: 8.5.0.4554)
Paint.NET v3.5.10 (Version: 3.60.0)
Portal
Portal 2
Project64 1.6 (Version: 1.6)
Quake Live Mozilla Plugin (Version: 1.0.491)
Realtek High Definition Audio Driver (Version: 6.0.1.6282)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.34.0)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.1.0)
Roxio Central Audio (Version: 3.6.0)
Roxio Central Copy (Version: 3.6.0)
Roxio Central Core (Version: 3.6.0)
Roxio Central Data (Version: 3.6.0)
Roxio Central Tools (Version: 3.6.0)
Roxio CinePlayer (Version: 3.9)
Roxio CinePlayer Decoder Pack (Version: 4.3.0)
Roxio Disc Gallery (Version: 3.1)
Roxio Easy Media Creator 10 Suite (Version: 1.0.044)
Roxio File Backup (Version: 1.1.0)
Roxio MediaShare (Version: 1.0.0)
Roxio Update Manager (Version: 6.0.0)
Skype™ 5.5 (Version: 5.5.124)
Sound Blaster X-Fi MB 2 (Version: 1.0)
Sound Blaster X-Fi Xtreme Audio (Version: 1.0)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.0.1146)
TeamSpeak 3 Client
Terrafirma (Version: 1.9.8)
Terraria
Tribes Ascend Open Beta (Version: 0.1.865.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR 4.01 (32-bit) (Version: 4.01.0)

========================= Devices: ================================

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 6142.43 MB
Available physical RAM: 3489.5 MB
Total Pagefile: 12283.05 MB
Available Pagefile: 8940.32 MB
Total Virtual: 4095.88 MB
Available Virtual: 3949.91 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:742.65 GB) NTFS
2 Drive d: (MassEffect3_DVD2) (CDROM) (Total:6.08 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\COLLIN-PC

Administrator ASPNET Collin
Collin1 Guest LogMeInRemoteUser
UpdatusUser


**** End of log ****

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.04.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Collin1 :: COLLIN-PC [administrator]

4/4/2012 3:43:43 PM
mbam-log-2012-04-04 (15-43-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239235
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3852 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-04 15:56:30
-----------------------------
15:56:30.617 OS Version: Windows x64 6.1.7601 Service Pack 1
15:56:30.617 Number of processors: 8 586 0x1A05
15:56:30.617 ComputerName: COLLIN-PC UserName: Collin1
15:56:32.552 Initialize success
15:57:22.877 AVAST engine defs: 12040401
15:57:33.595 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
15:57:33.595 Disk 0 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 11
15:57:33.626 Device \Driver\atapi -> MajorFunction fffffa800685d5c4
15:57:33.626 Disk 0 MBR read successfully
15:57:33.626 Disk 0 MBR scan
15:57:33.626 Disk 0 MBR:Alureon-M [Rtk]
15:57:33.626 Disk 0 TDL4@MBR code has been found
15:57:33.626 Disk 0 Windows 7 default MBR code found via API
15:57:33.626 Disk 0 MBR hidden
15:57:33.641 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:57:33.657 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
15:57:33.657 Disk 0 MBR [TDL4] **ROOTKIT**
15:57:33.657 Disk 0 trace - called modules:
15:57:33.657 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800685d5c4]<<
15:57:33.657 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f8e790]
15:57:33.657 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8005d4d060]
15:57:33.673 \Driver\atapi[0xfffffa8004e88440] -> IRP_MJ_CREATE -> 0xfffffa800685d5c4
15:57:47.744 AVAST engine scan C:\Windows
15:57:50.848 AVAST engine scan C:\Windows\system32
16:01:25.801 AVAST engine scan C:\Windows\system32\drivers
16:01:38.261 AVAST engine scan C:\Users\Collin1
16:06:12.195 AVAST engine scan C:\ProgramData
16:06:58.183 Scan finished successfully
16:07:06.888 Disk 0 MBR has been saved successfully to "C:\Users\Collin1\Desktop\MBR.dat"
16:07:06.888 The log file has been saved successfully to "C:\Users\Collin1\Desktop\aswMBR.txt"


After restarting my computer the process was still there, even though I pressed 'remove selected' on malwarebytes.

Also, the blue screens are happening again when I start my computer, so I'm kinda stuck in safe mode right now.
Actually, it seems that opening firefox causes me to blue screen. Also, on startup, it says that 'cleanup.dll' for malwarebytes failed to start (Or something like that).

Edited by xFoeHammer, 04 April 2012 - 06:33 PM.


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:04 PM

Posted 04 April 2012 - 06:45 PM

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 xFoeHammer

xFoeHammer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 04 April 2012 - 07:01 PM

It looks like the cure worked, I think! The process hasn't started, firefox works again, google is no longer redirecting, and there seem to be no problems.
I can't thank you enough.

If the problem comes back, I'll return, but for now, it looks like I'm fine.
I'll go ahead and post the report just in case

16:47:54.0116 7468 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
16:47:54.0662 7468 ============================================================
16:47:54.0662 7468 Current date / time: 2012/04/04 16:47:54.0662
16:47:54.0662 7468 SystemInfo:
16:47:54.0662 7468
16:47:54.0662 7468 OS Version: 6.1.7601 ServicePack: 1.0
16:47:54.0662 7468 Product type: Workstation
16:47:54.0662 7468 ComputerName: COLLIN-PC
16:47:54.0662 7468 UserName: Collin1
16:47:54.0662 7468 Windows directory: C:\Windows
16:47:54.0662 7468 System windows directory: C:\Windows
16:47:54.0662 7468 Running under WOW64
16:47:54.0662 7468 Processor architecture: Intel x64
16:47:54.0662 7468 Number of processors: 8
16:47:54.0662 7468 Page size: 0x1000
16:47:54.0662 7468 Boot type: Normal boot
16:47:54.0662 7468 ============================================================
16:47:56.0253 7468 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
16:47:56.0269 7468 \Device\Harddisk0\DR0:
16:47:56.0269 7468 MBR used
16:47:56.0269 7468 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:47:56.0269 7468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
16:47:56.0300 7468 Initialize success
16:47:56.0300 7468 ============================================================
16:48:02.0400 2652 ============================================================
16:48:02.0400 2652 Scan started
16:48:02.0400 2652 Mode: Manual;
16:48:02.0400 2652 ============================================================
16:48:04.0459 2652 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
16:48:04.0475 2652 !SASCORE - ok
16:48:04.0584 2652 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:48:04.0584 2652 1394ohci - ok
16:48:04.0631 2652 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:48:04.0631 2652 ACPI - ok
16:48:04.0646 2652 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:48:04.0646 2652 AcpiPmi - ok
16:48:04.0693 2652 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:48:04.0693 2652 AdobeARMservice - ok
16:48:04.0755 2652 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:48:04.0755 2652 adp94xx - ok
16:48:04.0787 2652 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:48:04.0787 2652 adpahci - ok
16:48:04.0818 2652 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:48:04.0818 2652 adpu320 - ok
16:48:04.0849 2652 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:48:04.0849 2652 AeLookupSvc - ok
16:48:04.0927 2652 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:48:04.0927 2652 AFD - ok
16:48:04.0943 2652 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:48:04.0943 2652 agp440 - ok
16:48:04.0958 2652 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:48:04.0958 2652 ALG - ok
16:48:04.0989 2652 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:48:04.0989 2652 aliide - ok
16:48:04.0989 2652 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:48:04.0989 2652 amdide - ok
16:48:05.0005 2652 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:48:05.0005 2652 AmdK8 - ok
16:48:05.0052 2652 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
16:48:05.0052 2652 AmdPPM - ok
16:48:05.0083 2652 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:48:05.0083 2652 amdsata - ok
16:48:05.0114 2652 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:48:05.0114 2652 amdsbs - ok
16:48:05.0130 2652 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:48:05.0130 2652 amdxata - ok
16:48:05.0145 2652 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:48:05.0145 2652 AppID - ok
16:48:05.0161 2652 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:48:05.0161 2652 AppIDSvc - ok
16:48:05.0177 2652 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:48:05.0177 2652 Appinfo - ok
16:48:05.0192 2652 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:48:05.0192 2652 arc - ok
16:48:05.0208 2652 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:48:05.0208 2652 arcsas - ok
16:48:05.0317 2652 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:48:05.0317 2652 aspnet_state - ok
16:48:05.0395 2652 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:48:05.0395 2652 AsyncMac - ok
16:48:05.0411 2652 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:48:05.0411 2652 atapi - ok
16:48:05.0473 2652 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:48:05.0473 2652 AudioEndpointBuilder - ok
16:48:05.0489 2652 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:48:05.0489 2652 AudioSrv - ok
16:48:05.0660 2652 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
16:48:05.0676 2652 AVGIDSAgent - ok
16:48:05.0723 2652 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
16:48:05.0723 2652 AVGIDSDriver - ok
16:48:05.0738 2652 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
16:48:05.0738 2652 AVGIDSEH - ok
16:48:05.0769 2652 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
16:48:05.0769 2652 AVGIDSFilter - ok
16:48:05.0785 2652 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
16:48:05.0785 2652 Avgldx64 - ok
16:48:05.0801 2652 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
16:48:05.0801 2652 Avgmfx64 - ok
16:48:05.0832 2652 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
16:48:05.0832 2652 Avgrkx64 - ok
16:48:05.0863 2652 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
16:48:05.0863 2652 Avgtdia - ok
16:48:05.0879 2652 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
16:48:05.0879 2652 avgwd - ok
16:48:05.0941 2652 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:48:05.0957 2652 AxInstSV - ok
16:48:05.0972 2652 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:48:05.0972 2652 b06bdrv - ok
16:48:06.0035 2652 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:48:06.0035 2652 b57nd60a - ok
16:48:06.0066 2652 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:48:06.0081 2652 BDESVC - ok
16:48:06.0097 2652 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:48:06.0097 2652 Beep - ok
16:48:06.0144 2652 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:48:06.0144 2652 BFE - ok
16:48:06.0175 2652 BfEdge7x64 (07132255adcb05cd7078b6c7b7215058) C:\Windows\system32\DRIVERS\Edge7x64.sys
16:48:06.0175 2652 BfEdge7x64 - ok
16:48:06.0222 2652 BFN7x64 (33b114fc0394358db521828b6f6acc54) C:\Windows\system32\DRIVERS\Xeno7x64.sys
16:48:06.0222 2652 BFN7x64 - ok
16:48:06.0331 2652 Bigfoot Networks Killer Service (877058de48038fd7ec50744455b8e76f) C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
16:48:06.0331 2652 Bigfoot Networks Killer Service - ok
16:48:06.0362 2652 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:48:06.0378 2652 BITS - ok
16:48:06.0409 2652 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:48:06.0409 2652 blbdrive - ok
16:48:06.0440 2652 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:48:06.0440 2652 bowser - ok
16:48:06.0456 2652 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:48:06.0456 2652 BrFiltLo - ok
16:48:06.0471 2652 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:48:06.0471 2652 BrFiltUp - ok
16:48:06.0503 2652 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:48:06.0503 2652 Browser - ok
16:48:06.0503 2652 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:48:06.0503 2652 Brserid - ok
16:48:06.0534 2652 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:48:06.0534 2652 BrSerWdm - ok
16:48:06.0549 2652 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:48:06.0549 2652 BrUsbMdm - ok
16:48:06.0549 2652 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:48:06.0549 2652 BrUsbSer - ok
16:48:06.0565 2652 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
16:48:06.0565 2652 BTHMODEM - ok
16:48:06.0643 2652 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:48:06.0643 2652 bthserv - ok
16:48:06.0659 2652 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:48:06.0659 2652 cdfs - ok
16:48:06.0705 2652 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:48:06.0705 2652 cdrom - ok
16:48:06.0737 2652 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:48:06.0737 2652 CertPropSvc - ok
16:48:06.0752 2652 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
16:48:06.0752 2652 circlass - ok
16:48:06.0799 2652 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:48:06.0799 2652 CLFS - ok
16:48:06.0830 2652 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:48:06.0830 2652 clr_optimization_v2.0.50727_32 - ok
16:48:06.0861 2652 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:48:06.0861 2652 clr_optimization_v2.0.50727_64 - ok
16:48:06.0939 2652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:48:06.0939 2652 clr_optimization_v4.0.30319_32 - ok
16:48:07.0002 2652 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:48:07.0002 2652 clr_optimization_v4.0.30319_64 - ok
16:48:07.0002 2652 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
16:48:07.0017 2652 CmBatt - ok
16:48:07.0017 2652 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:48:07.0017 2652 cmdide - ok
16:48:07.0064 2652 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:48:07.0064 2652 CNG - ok
16:48:07.0080 2652 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
16:48:07.0080 2652 Compbatt - ok
16:48:07.0095 2652 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:48:07.0095 2652 CompositeBus - ok
16:48:07.0111 2652 COMSysApp - ok
16:48:07.0142 2652 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
16:48:07.0142 2652 crcdisk - ok
16:48:07.0189 2652 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
16:48:07.0205 2652 Creative ALchemy AL6 Licensing Service - ok
16:48:07.0220 2652 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
16:48:07.0236 2652 Creative Audio Engine Licensing Service - ok
16:48:07.0283 2652 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:48:07.0283 2652 CryptSvc - ok
16:48:07.0345 2652 CTAudSvcService (7daa33aaee034ae62ef631a3f13a027b) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
16:48:07.0345 2652 CTAudSvcService - ok
16:48:07.0376 2652 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:48:07.0376 2652 DcomLaunch - ok
16:48:07.0454 2652 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:48:07.0454 2652 defragsvc - ok
16:48:07.0470 2652 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:48:07.0470 2652 DfsC - ok
16:48:07.0517 2652 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:48:07.0517 2652 Dhcp - ok
16:48:07.0532 2652 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:48:07.0532 2652 discache - ok
16:48:07.0579 2652 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
16:48:07.0579 2652 Disk - ok
16:48:07.0626 2652 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:48:07.0626 2652 Dnscache - ok
16:48:07.0657 2652 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:48:07.0657 2652 dot3svc - ok
16:48:07.0673 2652 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:48:07.0673 2652 DPS - ok
16:48:07.0719 2652 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:48:07.0719 2652 drmkaud - ok
16:48:07.0751 2652 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:48:07.0751 2652 DXGKrnl - ok
16:48:07.0766 2652 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:48:07.0766 2652 EapHost - ok
16:48:07.0844 2652 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
16:48:07.0860 2652 ebdrv - ok
16:48:07.0907 2652 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:48:07.0907 2652 EFS - ok
16:48:07.0938 2652 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:48:07.0938 2652 ehRecvr - ok
16:48:07.0953 2652 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:48:07.0953 2652 ehSched - ok
16:48:07.0969 2652 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
16:48:07.0969 2652 elxstor - ok
16:48:08.0000 2652 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:48:08.0000 2652 ErrDev - ok
16:48:08.0047 2652 etdrv (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
16:48:08.0047 2652 etdrv - ok
16:48:08.0078 2652 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:48:08.0078 2652 EventSystem - ok
16:48:08.0109 2652 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:48:08.0109 2652 exfat - ok
16:48:08.0125 2652 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:48:08.0125 2652 fastfat - ok
16:48:08.0156 2652 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:48:08.0172 2652 Fax - ok
16:48:08.0187 2652 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
16:48:08.0187 2652 fdc - ok
16:48:08.0203 2652 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:48:08.0203 2652 fdPHost - ok
16:48:08.0219 2652 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:48:08.0219 2652 FDResPub - ok
16:48:08.0234 2652 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:48:08.0234 2652 FileInfo - ok
16:48:08.0265 2652 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:48:08.0265 2652 Filetrace - ok
16:48:08.0359 2652 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:48:08.0359 2652 FLEXnet Licensing Service - ok
16:48:08.0406 2652 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
16:48:08.0406 2652 flpydisk - ok
16:48:08.0421 2652 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:48:08.0421 2652 FltMgr - ok
16:48:08.0468 2652 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:48:08.0499 2652 FontCache - ok
16:48:08.0562 2652 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:48:08.0562 2652 FontCache3.0.0.0 - ok
16:48:08.0577 2652 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:48:08.0577 2652 FsDepends - ok
16:48:08.0577 2652 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:48:08.0577 2652 Fs_Rec - ok
16:48:08.0624 2652 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:48:08.0640 2652 fvevol - ok
16:48:08.0687 2652 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
16:48:08.0687 2652 gagp30kx - ok
16:48:08.0733 2652 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
16:48:08.0733 2652 gdrv - ok
16:48:08.0765 2652 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:48:08.0780 2652 gpsvc - ok
16:48:08.0811 2652 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
16:48:08.0811 2652 GVTDrv64 - ok
16:48:08.0858 2652 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
16:48:08.0858 2652 hamachi - ok
16:48:08.0967 2652 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
16:48:08.0999 2652 Hamachi2Svc - ok
16:48:09.0030 2652 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:48:09.0030 2652 hcw85cir - ok
16:48:09.0077 2652 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:48:09.0092 2652 HdAudAddService - ok
16:48:09.0108 2652 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:48:09.0108 2652 HDAudBus - ok
16:48:09.0123 2652 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
16:48:09.0123 2652 HidBatt - ok
16:48:09.0139 2652 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
16:48:09.0139 2652 HidBth - ok
16:48:09.0155 2652 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
16:48:09.0155 2652 HidIr - ok
16:48:09.0201 2652 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:48:09.0201 2652 hidserv - ok
16:48:09.0248 2652 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:48:09.0248 2652 HidUsb - ok
16:48:09.0342 2652 HiPatchService (d61f8e72032bdc43157f2b8aea32b529) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
16:48:09.0342 2652 HiPatchService - ok
16:48:09.0357 2652 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:48:09.0373 2652 hkmsvc - ok
16:48:09.0435 2652 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:48:09.0435 2652 HomeGroupListener - ok
16:48:09.0467 2652 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:48:09.0467 2652 HomeGroupProvider - ok
16:48:09.0482 2652 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:48:09.0482 2652 HpSAMD - ok
16:48:09.0545 2652 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:48:09.0545 2652 HTTP - ok
16:48:09.0560 2652 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:48:09.0560 2652 hwpolicy - ok
16:48:09.0607 2652 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:48:09.0607 2652 i8042prt - ok
16:48:09.0654 2652 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:48:09.0654 2652 iaStorV - ok
16:48:09.0747 2652 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:48:09.0763 2652 IDriverT - ok
16:48:09.0810 2652 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:48:09.0810 2652 idsvc - ok
16:48:09.0872 2652 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
16:48:09.0872 2652 iirsp - ok
16:48:09.0903 2652 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:48:09.0903 2652 IKEEXT - ok
16:48:09.0997 2652 IntcAzAudAddService (03076f51af9f78a272cccde03e9340ce) C:\Windows\system32\drivers\RTKVHD64.sys
16:48:10.0013 2652 IntcAzAudAddService - ok
16:48:10.0028 2652 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:48:10.0028 2652 intelide - ok
16:48:10.0059 2652 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:48:10.0059 2652 intelppm - ok
16:48:10.0075 2652 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:48:10.0075 2652 IPBusEnum - ok
16:48:10.0106 2652 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:48:10.0106 2652 IpFilterDriver - ok
16:48:10.0137 2652 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:48:10.0137 2652 iphlpsvc - ok
16:48:10.0153 2652 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:48:10.0153 2652 IPMIDRV - ok
16:48:10.0184 2652 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:48:10.0184 2652 IPNAT - ok
16:48:10.0200 2652 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:48:10.0200 2652 IRENUM - ok
16:48:10.0215 2652 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:48:10.0215 2652 isapnp - ok
16:48:10.0231 2652 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:48:10.0231 2652 iScsiPrt - ok
16:48:10.0278 2652 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:48:10.0278 2652 kbdclass - ok
16:48:10.0293 2652 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:48:10.0293 2652 kbdhid - ok
16:48:10.0309 2652 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:48:10.0309 2652 KeyIso - ok
16:48:10.0340 2652 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:48:10.0340 2652 KSecDD - ok
16:48:10.0371 2652 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:48:10.0371 2652 KSecPkg - ok
16:48:10.0387 2652 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:48:10.0387 2652 ksthunk - ok
16:48:10.0403 2652 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:48:10.0418 2652 KtmRm - ok
16:48:10.0434 2652 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:48:10.0434 2652 LanmanServer - ok
16:48:10.0465 2652 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:48:10.0465 2652 LanmanWorkstation - ok
16:48:10.0512 2652 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:48:10.0512 2652 lltdio - ok
16:48:10.0527 2652 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:48:10.0527 2652 lltdsvc - ok
16:48:10.0559 2652 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:48:10.0559 2652 lmhosts - ok
16:48:10.0637 2652 LMIGuardianSvc (ad988709675d9e35a60b2616bef108e9) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
16:48:10.0637 2652 LMIGuardianSvc - ok
16:48:10.0683 2652 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
16:48:10.0683 2652 LMIInfo - ok
16:48:10.0730 2652 LMIMaint (bd043199fc0bf5f2810f54c8b374590b) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
16:48:10.0730 2652 LMIMaint - ok
16:48:10.0761 2652 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
16:48:10.0761 2652 lmimirr - ok
16:48:10.0808 2652 LMIRfsClientNP - ok
16:48:10.0855 2652 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
16:48:10.0855 2652 LMIRfsDriver - ok
16:48:10.0871 2652 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
16:48:10.0871 2652 LogMeIn - ok
16:48:10.0917 2652 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
16:48:10.0917 2652 LSI_FC - ok
16:48:10.0933 2652 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
16:48:10.0933 2652 LSI_SAS - ok
16:48:10.0949 2652 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
16:48:10.0949 2652 LSI_SAS2 - ok
16:48:10.0949 2652 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
16:48:10.0949 2652 LSI_SCSI - ok
16:48:10.0995 2652 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:48:11.0011 2652 luafv - ok
16:48:11.0027 2652 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
16:48:11.0027 2652 MBfilt - ok
16:48:11.0042 2652 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:48:11.0058 2652 Mcx2Svc - ok
16:48:11.0136 2652 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:48:11.0136 2652 MDM - ok
16:48:11.0151 2652 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
16:48:11.0151 2652 megasas - ok
16:48:11.0167 2652 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
16:48:11.0183 2652 MegaSR - ok
16:48:11.0214 2652 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:48:11.0214 2652 MMCSS - ok
16:48:11.0229 2652 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:48:11.0229 2652 Modem - ok
16:48:11.0261 2652 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:48:11.0276 2652 monitor - ok
16:48:11.0276 2652 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:48:11.0276 2652 mouclass - ok
16:48:11.0323 2652 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:48:11.0323 2652 mouhid - ok
16:48:11.0339 2652 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:48:11.0339 2652 mountmgr - ok
16:48:11.0354 2652 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:48:11.0354 2652 mpio - ok
16:48:11.0370 2652 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:48:11.0370 2652 mpsdrv - ok
16:48:11.0401 2652 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:48:11.0417 2652 MpsSvc - ok
16:48:11.0432 2652 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:48:11.0432 2652 MRxDAV - ok
16:48:11.0495 2652 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:48:11.0495 2652 mrxsmb - ok
16:48:11.0510 2652 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:48:11.0510 2652 mrxsmb10 - ok
16:48:11.0526 2652 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:48:11.0526 2652 mrxsmb20 - ok
16:48:11.0541 2652 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:48:11.0541 2652 msahci - ok
16:48:11.0557 2652 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:48:11.0557 2652 msdsm - ok
16:48:11.0588 2652 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:48:11.0588 2652 MSDTC - ok
16:48:11.0619 2652 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:48:11.0635 2652 Msfs - ok
16:48:11.0635 2652 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:48:11.0635 2652 mshidkmdf - ok
16:48:11.0651 2652 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:48:11.0651 2652 msisadrv - ok
16:48:11.0713 2652 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:48:11.0713 2652 MSiSCSI - ok
16:48:11.0729 2652 msiserver - ok
16:48:11.0775 2652 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:48:11.0775 2652 MSKSSRV - ok
16:48:11.0807 2652 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:48:11.0807 2652 MSPCLOCK - ok
16:48:11.0822 2652 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:48:11.0822 2652 MSPQM - ok
16:48:11.0838 2652 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:48:11.0853 2652 MsRPC - ok
16:48:11.0853 2652 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:48:11.0869 2652 mssmbios - ok
16:48:11.0869 2652 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:48:11.0869 2652 MSTEE - ok
16:48:11.0885 2652 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
16:48:11.0885 2652 MTConfig - ok
16:48:11.0916 2652 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:48:11.0916 2652 Mup - ok
16:48:11.0947 2652 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:48:11.0947 2652 napagent - ok
16:48:11.0994 2652 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:48:11.0994 2652 NativeWifiP - ok
16:48:12.0056 2652 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:48:12.0056 2652 NDIS - ok
16:48:12.0103 2652 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:48:12.0103 2652 NdisCap - ok
16:48:12.0134 2652 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:48:12.0134 2652 NdisTapi - ok
16:48:12.0181 2652 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:48:12.0181 2652 Ndisuio - ok
16:48:12.0197 2652 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:48:12.0197 2652 NdisWan - ok
16:48:12.0212 2652 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:48:12.0212 2652 NDProxy - ok
16:48:12.0228 2652 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:48:12.0228 2652 NetBIOS - ok
16:48:12.0243 2652 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:48:12.0243 2652 NetBT - ok
16:48:12.0275 2652 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:48:12.0275 2652 Netlogon - ok
16:48:12.0321 2652 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:48:12.0321 2652 Netman - ok
16:48:12.0431 2652 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:48:12.0431 2652 NetMsmqActivator - ok
16:48:12.0431 2652 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:48:12.0431 2652 NetPipeActivator - ok
16:48:12.0540 2652 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:48:12.0540 2652 netprofm - ok
16:48:12.0540 2652 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:48:12.0540 2652 NetTcpActivator - ok
16:48:12.0555 2652 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:48:12.0555 2652 NetTcpPortSharing - ok
16:48:12.0633 2652 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
16:48:12.0633 2652 nfrd960 - ok
16:48:12.0821 2652 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:48:12.0867 2652 NlaSvc - ok
16:48:12.0914 2652 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:48:12.0930 2652 Npfs - ok
16:48:13.0023 2652 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:48:13.0023 2652 nsi - ok
16:48:13.0070 2652 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:48:13.0070 2652 nsiproxy - ok
16:48:13.0226 2652 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:48:13.0257 2652 Ntfs - ok
16:48:13.0304 2652 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:48:13.0304 2652 Null - ok
16:48:13.0398 2652 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
16:48:13.0398 2652 nusb3hub - ok
16:48:13.0429 2652 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
16:48:13.0445 2652 nusb3xhc - ok
16:48:13.0476 2652 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
16:48:13.0476 2652 NVHDA - ok
16:48:13.0679 2652 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:48:13.0725 2652 nvlddmkm - ok
16:48:13.0803 2652 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:48:13.0803 2652 nvraid - ok
16:48:13.0819 2652 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:48:13.0819 2652 nvstor - ok
16:48:13.0881 2652 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
16:48:13.0913 2652 nvsvc - ok
16:48:14.0022 2652 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
16:48:14.0069 2652 nvUpdatusService - ok
16:48:14.0084 2652 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:48:14.0084 2652 nv_agp - ok
16:48:14.0115 2652 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:48:14.0115 2652 ohci1394 - ok
16:48:14.0209 2652 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:48:14.0209 2652 ose - ok
16:48:14.0271 2652 P17 (634347adebc790b8f07654a3ea8034fd) C:\Windows\system32\drivers\P17.sys
16:48:14.0318 2652 P17 - ok
16:48:14.0349 2652 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:48:14.0349 2652 p2pimsvc - ok
16:48:14.0365 2652 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:48:14.0365 2652 p2psvc - ok
16:48:14.0381 2652 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
16:48:14.0381 2652 Parport - ok
16:48:14.0396 2652 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:48:14.0396 2652 partmgr - ok
16:48:14.0412 2652 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:48:14.0412 2652 PcaSvc - ok
16:48:14.0443 2652 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:48:14.0443 2652 pci - ok
16:48:14.0443 2652 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:48:14.0443 2652 pciide - ok
16:48:14.0474 2652 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
16:48:14.0474 2652 pcmcia - ok
16:48:14.0490 2652 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:48:14.0490 2652 pcw - ok
16:48:14.0505 2652 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:48:14.0521 2652 PEAUTH - ok
16:48:14.0552 2652 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:48:14.0552 2652 PerfHost - ok
16:48:14.0583 2652 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:48:14.0615 2652 pla - ok
16:48:14.0661 2652 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:48:14.0677 2652 PlugPlay - ok
16:48:14.0693 2652 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:48:14.0693 2652 PNRPAutoReg - ok
16:48:14.0708 2652 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:48:14.0708 2652 PNRPsvc - ok
16:48:14.0739 2652 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:48:14.0739 2652 PolicyAgent - ok
16:48:14.0771 2652 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:48:14.0771 2652 Power - ok
16:48:14.0817 2652 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:48:14.0817 2652 PptpMiniport - ok
16:48:14.0833 2652 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
16:48:14.0849 2652 Processor - ok
16:48:14.0895 2652 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:48:14.0895 2652 ProfSvc - ok
16:48:14.0927 2652 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:48:14.0927 2652 ProtectedStorage - ok
16:48:14.0942 2652 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:48:14.0942 2652 Psched - ok
16:48:14.0989 2652 PxHlpa64 (05f46042208e515b9c240aafc54e7aa2) C:\Windows\system32\Drivers\PxHlpa64.sys
16:48:14.0989 2652 PxHlpa64 - ok
16:48:15.0020 2652 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
16:48:15.0036 2652 ql2300 - ok
16:48:15.0067 2652 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
16:48:15.0067 2652 ql40xx - ok
16:48:15.0083 2652 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:48:15.0083 2652 QWAVE - ok
16:48:15.0098 2652 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:48:15.0098 2652 QWAVEdrv - ok
16:48:15.0114 2652 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:48:15.0129 2652 RasAcd - ok
16:48:15.0161 2652 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:48:15.0161 2652 RasAgileVpn - ok
16:48:15.0176 2652 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:48:15.0176 2652 RasAuto - ok
16:48:15.0192 2652 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:48:15.0192 2652 Rasl2tp - ok
16:48:15.0223 2652 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:48:15.0223 2652 RasMan - ok
16:48:15.0239 2652 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:48:15.0239 2652 RasPppoe - ok
16:48:15.0301 2652 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:48:15.0301 2652 RasSstp - ok
16:48:15.0332 2652 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:48:15.0332 2652 rdbss - ok
16:48:15.0348 2652 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
16:48:15.0348 2652 rdpbus - ok
16:48:15.0363 2652 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:48:15.0363 2652 RDPCDD - ok
16:48:15.0410 2652 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:48:15.0410 2652 RDPENCDD - ok
16:48:15.0441 2652 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:48:15.0441 2652 RDPREFMP - ok
16:48:15.0473 2652 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:48:15.0488 2652 RDPWD - ok
16:48:15.0519 2652 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:48:15.0519 2652 rdyboost - ok
16:48:15.0535 2652 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:48:15.0535 2652 RemoteAccess - ok
16:48:15.0551 2652 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:48:15.0551 2652 RemoteRegistry - ok
16:48:15.0629 2652 Roxio UPnP Renderer 10 (85b5159d86ac06ad744ee9d3c288aeee) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
16:48:15.0629 2652 Roxio UPnP Renderer 10 - ok
16:48:15.0644 2652 Roxio Upnp Server 10 (0db43caf2d77b809a86e9d7e1bcc6d76) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
16:48:15.0660 2652 Roxio Upnp Server 10 - ok
16:48:15.0769 2652 RoxLiveShare10 (7958affc64e4f284068eb6575cc64dcf) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
16:48:15.0769 2652 RoxLiveShare10 - ok
16:48:15.0816 2652 RoxMediaDB10 (ed69cd4ab4be607abf768a60e4ac79da) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
16:48:15.0816 2652 RoxMediaDB10 - ok
16:48:15.0894 2652 RoxWatch10 (0da14ee2c0e274fea5a6545181851c16) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
16:48:15.0894 2652 RoxWatch10 - ok
16:48:15.0925 2652 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:48:15.0925 2652 RpcEptMapper - ok
16:48:15.0941 2652 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:48:15.0941 2652 RpcLocator - ok
16:48:15.0956 2652 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:48:15.0972 2652 RpcSs - ok
16:48:15.0987 2652 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:48:15.0987 2652 rspndr - ok
16:48:15.0987 2652 RxFilter - ok
16:48:16.0019 2652 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:48:16.0019 2652 SamSs - ok
16:48:16.0097 2652 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
16:48:16.0097 2652 SASDIFSV - ok
16:48:16.0143 2652 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
16:48:16.0143 2652 SASKUTIL - ok
16:48:16.0175 2652 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:48:16.0175 2652 sbp2port - ok
16:48:16.0206 2652 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:48:16.0206 2652 SCardSvr - ok
16:48:16.0221 2652 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:48:16.0221 2652 scfilter - ok
16:48:16.0237 2652 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:48:16.0268 2652 Schedule - ok
16:48:16.0284 2652 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:48:16.0284 2652 SCPolicySvc - ok
16:48:16.0315 2652 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:48:16.0315 2652 SDRSVC - ok
16:48:16.0331 2652 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:48:16.0331 2652 secdrv - ok
16:48:16.0377 2652 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:48:16.0393 2652 seclogon - ok
16:48:16.0424 2652 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:48:16.0440 2652 SENS - ok
16:48:16.0471 2652 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:48:16.0471 2652 SensrSvc - ok
16:48:16.0533 2652 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
16:48:16.0533 2652 Serenum - ok
16:48:16.0643 2652 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
16:48:16.0643 2652 Serial - ok
16:48:16.0658 2652 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
16:48:16.0658 2652 sermouse - ok
16:48:16.0689 2652 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:48:16.0689 2652 SessionEnv - ok
16:48:16.0752 2652 SessionLauncher - ok
16:48:16.0767 2652 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:48:16.0767 2652 sffdisk - ok
16:48:16.0783 2652 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:48:16.0783 2652 sffp_mmc - ok
16:48:16.0799 2652 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:48:16.0799 2652 sffp_sd - ok
16:48:16.0845 2652 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
16:48:16.0845 2652 sfloppy - ok
16:48:16.0877 2652 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:48:16.0877 2652 SharedAccess - ok
16:48:16.0908 2652 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:48:16.0908 2652 ShellHWDetection - ok
16:48:16.0939 2652 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
16:48:16.0939 2652 SiSRaid2 - ok
16:48:16.0955 2652 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
16:48:16.0955 2652 SiSRaid4 - ok
16:48:16.0986 2652 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:48:16.0986 2652 Smb - ok
16:48:17.0017 2652 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:48:17.0017 2652 SNMPTRAP - ok
16:48:17.0033 2652 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:48:17.0033 2652 spldr - ok
16:48:17.0064 2652 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:48:17.0064 2652 Spooler - ok
16:48:17.0142 2652 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:48:17.0204 2652 sppsvc - ok
16:48:17.0251 2652 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:48:17.0251 2652 sppuinotify - ok
16:48:17.0282 2652 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:48:17.0298 2652 srv - ok
16:48:17.0313 2652 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:48:17.0313 2652 srv2 - ok
16:48:17.0329 2652 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:48:17.0329 2652 srvnet - ok
16:48:17.0391 2652 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:48:17.0391 2652 SSDPSRV - ok
16:48:17.0407 2652 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:48:17.0407 2652 SstpSvc - ok
16:48:17.0454 2652 Steam Client Service - ok
16:48:17.0532 2652 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:48:17.0532 2652 Stereo Service - ok
16:48:17.0563 2652 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
16:48:17.0563 2652 stexstor - ok
16:48:17.0594 2652 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:48:17.0594 2652 stisvc - ok
16:48:17.0610 2652 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:48:17.0610 2652 swenum - ok
16:48:17.0641 2652 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:48:17.0641 2652 swprv - ok
16:48:17.0688 2652 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:48:17.0735 2652 SysMain - ok
16:48:17.0750 2652 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:48:17.0750 2652 TabletInputService - ok
16:48:17.0766 2652 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:48:17.0766 2652 TapiSrv - ok
16:48:17.0781 2652 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:48:17.0781 2652 TBS - ok
16:48:17.0844 2652 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:48:17.0859 2652 Tcpip - ok
16:48:17.0922 2652 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:48:17.0937 2652 TCPIP6 - ok
16:48:17.0984 2652 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:48:17.0984 2652 tcpipreg - ok
16:48:18.0000 2652 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:48:18.0000 2652 TDPIPE - ok
16:48:18.0031 2652 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:48:18.0031 2652 TDTCP - ok
16:48:18.0078 2652 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:48:18.0078 2652 tdx - ok
16:48:18.0093 2652 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
16:48:18.0093 2652 TermDD - ok
16:48:18.0125 2652 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:48:18.0140 2652 TermService - ok
16:48:18.0156 2652 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:48:18.0156 2652 Themes - ok
16:48:18.0171 2652 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:48:18.0171 2652 THREADORDER - ok
16:48:18.0203 2652 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:48:18.0203 2652 TrkWks - ok
16:48:18.0234 2652 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:48:18.0234 2652 TrustedInstaller - ok
16:48:18.0249 2652 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:48:18.0249 2652 tssecsrv - ok
16:48:18.0296 2652 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:48:18.0296 2652 TsUsbFlt - ok
16:48:18.0312 2652 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
16:48:18.0312 2652 TsUsbGD - ok
16:48:18.0359 2652 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:48:18.0374 2652 tunnel - ok
16:48:18.0421 2652 t_mouse.sys (f4ef9498a073122d6139cb2a19554e08) C:\Windows\system32\DRIVERS\t_mouse.sys
16:48:18.0437 2652 t_mouse.sys - ok
16:48:18.0452 2652 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
16:48:18.0452 2652 uagp35 - ok
16:48:18.0468 2652 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:48:18.0468 2652 udfs - ok
16:48:18.0483 2652 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:48:18.0483 2652 UI0Detect - ok
16:48:18.0515 2652 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:48:18.0515 2652 uliagpkx - ok
16:48:18.0561 2652 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:48:18.0561 2652 umbus - ok
16:48:18.0577 2652 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
16:48:18.0577 2652 UmPass - ok
16:48:18.0608 2652 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:48:18.0608 2652 upnphost - ok
16:48:18.0639 2652 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:48:18.0639 2652 usbccgp - ok
16:48:18.0655 2652 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:48:18.0655 2652 usbcir - ok
16:48:18.0671 2652 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:48:18.0671 2652 usbehci - ok
16:48:18.0702 2652 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:48:18.0702 2652 usbhub - ok
16:48:18.0717 2652 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:48:18.0717 2652 usbohci - ok
16:48:18.0749 2652 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:48:18.0749 2652 usbprint - ok
16:48:18.0780 2652 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
16:48:18.0780 2652 USBSTOR - ok
16:48:18.0795 2652 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:48:18.0811 2652 usbuhci - ok
16:48:18.0827 2652 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:48:18.0827 2652 UxSms - ok
16:48:18.0858 2652 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:48:18.0858 2652 VaultSvc - ok
16:48:18.0873 2652 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:48:18.0873 2652 vdrvroot - ok
16:48:18.0889 2652 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:48:18.0905 2652 vds - ok
16:48:18.0920 2652 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:48:18.0920 2652 vga - ok
16:48:18.0936 2652 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:48:18.0936 2652 VgaSave - ok
16:48:18.0967 2652 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:48:18.0983 2652 vhdmp - ok
16:48:18.0983 2652 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:48:18.0983 2652 viaide - ok
16:48:18.0998 2652 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:48:18.0998 2652 volmgr - ok
16:48:19.0014 2652 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:48:19.0029 2652 volmgrx - ok
16:48:19.0029 2652 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:48:19.0045 2652 volsnap - ok
16:48:19.0076 2652 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
16:48:19.0076 2652 vsmraid - ok
16:48:19.0123 2652 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:48:19.0185 2652 VSS - ok
16:48:19.0201 2652 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:48:19.0201 2652 vwifibus - ok
16:48:19.0217 2652 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:48:19.0232 2652 W32Time - ok
16:48:19.0248 2652 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
16:48:19.0248 2652 WacomPen - ok
16:48:19.0295 2652 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:48:19.0295 2652 WANARP - ok
16:48:19.0310 2652 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:48:19.0310 2652 Wanarpv6 - ok
16:48:19.0373 2652 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:48:19.0388 2652 WatAdminSvc - ok
16:48:19.0419 2652 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:48:19.0466 2652 wbengine - ok
16:48:19.0482 2652 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:48:19.0482 2652 WbioSrvc - ok
16:48:19.0513 2652 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:48:19.0513 2652 wcncsvc - ok
16:48:19.0529 2652 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:48:19.0529 2652 WcsPlugInService - ok
16:48:19.0544 2652 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
16:48:19.0544 2652 Wd - ok
16:48:19.0560 2652 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:48:19.0575 2652 Wdf01000 - ok
16:48:19.0575 2652 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:48:19.0591 2652 WdiServiceHost - ok
16:48:19.0591 2652 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:48:19.0591 2652 WdiSystemHost - ok
16:48:19.0622 2652 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:48:19.0622 2652 WebClient - ok
16:48:19.0669 2652 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:48:19.0669 2652 Wecsvc - ok
16:48:19.0700 2652 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:48:19.0700 2652 wercplsupport - ok
16:48:19.0747 2652 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:48:19.0747 2652 WerSvc - ok
16:48:19.0763 2652 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:48:19.0763 2652 WfpLwf - ok
16:48:19.0778 2652 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:48:19.0778 2652 WIMMount - ok
16:48:19.0794 2652 WinDefend - ok
16:48:19.0794 2652 WinHttpAutoProxySvc - ok
16:48:19.0841 2652 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:48:19.0841 2652 Winmgmt - ok
16:48:19.0872 2652 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:48:19.0903 2652 WinRM - ok
16:48:20.0075 2652 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:48:20.0137 2652 Wlansvc - ok
16:48:20.0387 2652 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:48:20.0433 2652 wlidsvc - ok
16:48:20.0465 2652 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:48:20.0465 2652 WmiAcpi - ok
16:48:20.0496 2652 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:48:20.0511 2652 wmiApSrv - ok
16:48:20.0543 2652 WMPNetworkSvc - ok
16:48:20.0543 2652 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:48:20.0543 2652 WPCSvc - ok
16:48:20.0558 2652 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:48:20.0558 2652 WPDBusEnum - ok
16:48:20.0574 2652 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:48:20.0574 2652 ws2ifsl - ok
16:48:20.0589 2652 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:48:20.0589 2652 wscsvc - ok
16:48:20.0605 2652 WSearch - ok
16:48:20.0652 2652 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:48:20.0699 2652 wuauserv - ok
16:48:20.0714 2652 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:48:20.0714 2652 WudfPf - ok
16:48:20.0761 2652 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:48:20.0761 2652 WUDFRd - ok
16:48:20.0777 2652 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:48:20.0808 2652 wudfsvc - ok
16:48:20.0823 2652 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:48:20.0839 2652 WwanSvc - ok
16:48:20.0886 2652 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
16:48:20.0886 2652 xusb21 - ok
16:48:20.0933 2652 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
16:48:20.0948 2652 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:48:20.0948 2652 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:48:20.0979 2652 Boot (0x1200) (1b09c0f9ef8f0a105c90221d0233834f) \Device\Harddisk0\DR0\Partition0
16:48:20.0979 2652 \Device\Harddisk0\DR0\Partition0 - ok
16:48:20.0995 2652 Boot (0x1200) (64538a85723c7714dce598a2de903c6b) \Device\Harddisk0\DR0\Partition1
16:48:20.0995 2652 \Device\Harddisk0\DR0\Partition1 - ok
16:48:20.0995 2652 ============================================================
16:48:20.0995 2652 Scan finished
16:48:20.0995 2652 ============================================================
16:48:20.0995 8684 Detected object count: 1
16:48:20.0995 8684 Actual detected object count: 1
16:48:40.0277 8684 \Device\Harddisk0\DR0\# - copied to quarantine
16:48:40.0277 8684 \Device\Harddisk0\DR0 - copied to quarantine
16:48:40.0323 8684 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
16:48:40.0323 8684 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
16:48:40.0323 8684 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
16:48:40.0323 8684 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
16:48:40.0355 8684 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
16:48:40.0355 8684 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
16:48:40.0355 8684 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
16:48:40.0355 8684 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
16:48:40.0355 8684 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
16:48:40.0355 8684 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
16:48:40.0370 8684 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
16:48:40.0370 8684 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
16:48:40.0370 8684 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
16:48:40.0370 8684 \Device\Harddisk0\DR0 - ok
16:48:40.0386 8684 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
16:48:43.0194 7348 Deinitialize success


Thanks again. :thumbup2:

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:04 PM

Posted 04 April 2012 - 07:07 PM

Very well :)

Re-run aswMBR and post new log.
Update MBAM, re-run it and post new log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 xFoeHammer

xFoeHammer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 04 April 2012 - 07:35 PM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.04.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Collin1 :: COLLIN-PC [administrator]

4/4/2012 5:09:44 PM
mbam-log-2012-04-04 (17-09-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239457
Time elapsed: 5 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-04 17:09:50
-----------------------------
17:09:50.999 OS Version: Windows x64 6.1.7601 Service Pack 1
17:09:50.999 Number of processors: 8 586 0x1A05
17:09:51.000 ComputerName: COLLIN-PC UserName: Collin1
17:09:59.745 Initialize success
17:10:03.995 AVAST engine defs: 12040401
17:11:39.809 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:11:39.809 Disk 0 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 11
17:11:39.841 Disk 0 MBR read successfully
17:11:39.841 Disk 0 MBR scan
17:11:39.841 Disk 0 Windows 7 default MBR code
17:11:39.872 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:11:39.872 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
17:11:39.903 Disk 0 scanning C:\Windows\system32\drivers
17:11:54.957 Service scanning
17:12:17.515 Modules scanning
17:12:17.515 Disk 0 trace - called modules:
17:12:17.546 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:12:17.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fe5790]
17:12:18.045 3 CLASSPNP.SYS[fffff8800199d43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8005d1e680]
17:12:25.351 AVAST engine scan C:\Windows
17:12:37.977 AVAST engine scan C:\Windows\system32
17:19:12.657 AVAST engine scan C:\Windows\system32\drivers
17:19:28.986 AVAST engine scan C:\Users\Collin1
17:24:13.495 AVAST engine scan C:\ProgramData
17:24:49.575 Scan finished successfully
17:25:45.968 Disk 0 MBR has been saved successfully to "C:\Users\Collin1\Desktop\MBR.dat"
17:25:45.971 The log file has been saved successfully to "C:\Users\Collin1\Desktop\aswMBR.txt"

Scanned again with malwarebytes after restarting and found nothing, so it must've deleted it successfully.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:04 PM

Posted 04 April 2012 - 07:46 PM

You're still infected but more advanced tools will be needed to deal with it.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 xFoeHammer

xFoeHammer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 04 April 2012 - 08:31 PM

I have followed the steps and created a thread: http://www.bleepingcomputer.com/forums/topic448905.html

Edited by xFoeHammer, 04 April 2012 - 08:31 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users