Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Alureon.a and Rootkit.Boot.Pihar.c


  • This topic is locked This topic is locked
51 replies to this topic

#1 mnorm757

mnorm757

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 21 April 2012 - 11:11 AM

Hello everyone,
Out of nowhere, two days ago, my computer simply shut down by itself (Windows 7). When I restarted it I got the BSOD with a Page Fault in NonPaged Area...and it tried to reboot again. This loop would keep repeating itself over and over. I was able to boot into Safe mode with Networking but it hangs on CLASSPNP.SYS for a longer period of time (not sure if this is important or not). I ran Microsoft Security Essentials and it revealed an Alureon.a trojan. I tried to remove it but MSE said that it couldn't.

I then read on these forums to try running Kapersky TDSSKILLER and see if it could remove it. I followed the instructions and it found Rootkit.boot.Pihar.c malware in my physical C: drive. I chose "CURE" per the forum intructions but I get a message saying that it "Can't cure MBR. Write standard boot code? I made the mistake of hitting "YES" last night and it took me 2 hours to get my computer to boot correctly again.

So, now I'm not sure what to do next. I can boot into Safe Mode with Networking but get the BSOD if I try and boot normally. Something has definitely planted itself into my HD and is wreaking havoc. I have the following programs downloaded and ready to run;
MSE
Combofix
Kapersky TDSSKILLER
MalWarebytes Antimalware

Thanks for any help provided!!

Markus

BC AdBot (Login to Remove)

 


m

#2 mnorm757

mnorm757
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 21 April 2012 - 11:19 AM

I failed to mention...
I have a Dell Studio XPS running Windows 7 64bit.

Thanks again for any help!
Markus

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:14 AM

Posted 21 April 2012 - 02:28 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 mnorm757

mnorm757
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 21 April 2012 - 07:38 PM

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Java™ 6 Update 21
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

#5 mnorm757

mnorm757
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 21 April 2012 - 07:49 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by Mark at 20:38:43 on 2012-04-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.6605 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [IObitBar Browser Plugin Loader] C:\PROGRA~2\IObitBar\toolbar\1.bin\i0brmon.exe
mRun: [IMBooster] C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe /warmup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [combofix] C:\ComboFix\CF4569.3XE /c C:\ComboFix\Combobatch.bat
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce: [combofix] C:\ComboFix\CF4569.3XE /c C:\ComboFixCombobatch.bat
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{14AE99F9-359E-4EDA-AC61-4FEE428C0596} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{14AE99F9-359E-4EDA-AC61-4FEE428C0596}\2456C6B696E6E233243364 : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll
BHO-X64: IMinent WebBooster - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [IObitBar Browser Plugin Loader] C:\PROGRA~2\IObitBar\toolbar\1.bin\i0brmon.exe
mRun-x64: [IMBooster] C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe /warmup
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [combofix] C:\ComboFix\CF4569.3XE /c C:\ComboFix\Combobatch.bat
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce-x64: [combofix] C:\ComboFix\CF4569.3XE /c C:\ComboFixCombobatch.bat
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\nym8b5c4.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://results.myway.com/GGmain.jhtml?id=YH&ptb=884C8360-4544-4088-8A3D-6D2B603A79B4&ind=2010073101&ptnrS=YH&si=&n=&psa=&st=kwd&searchfor=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\IObitBar\toolbar\1.bin\NPi0Stub.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-25 135664]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-16 13336]
S2 IObitBarService;IObit Toolbar Service;C:\PROGRA~2\IObitBar\toolbar\1.bin\i0barsvc.exe [2010-7-31 28766]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-21 654408]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-16 658656]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-11 253088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-25 135664]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-9-14 24176]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-04-21 15:56:15 20480 ----a-w- C:\Windows\svchost.exe
2012-04-21 04:34:04 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-21 04:27:56 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{27586C0C-4FB7-4B3D-8B64-88E7A26CD4C0}\mpengine.dll
2012-04-21 00:52:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-21 00:43:44 -------- d-----w- C:\Users\Mark\AppData\Roaming\Malwarebytes
2012-04-21 00:43:40 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-21 00:43:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-21 00:28:50 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-20 17:25:05 -------- d-s---w- C:\ComboFix
2012-04-20 12:09:00 98816 ----a-w- C:\Windows\sed.exe
2012-04-20 12:09:00 518144 ----a-w- C:\Windows\SWREG.exe
2012-04-20 12:09:00 256000 ----a-w- C:\Windows\PEV.exe
2012-04-20 12:09:00 208896 ----a-w- C:\Windows\MBR.exe
2012-04-18 01:43:25 -------- d-----w- C:\Users\Mark\AppData\Roaming\BluePrint Simulations
2012-04-16 11:10:17 94857 ----a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\Uninstall KSJC.exe
2012-04-16 03:21:01 94751 ----a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\Uninstall VHHH.exe
2012-04-15 15:36:00 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-04-15 15:34:14 -------- d-----w- C:\Users\Mark\AppData\Roaming\uTorrent
2012-04-11 23:00:04 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 22:31:18 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-11 17:00:13 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 17:00:13 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 17:00:13 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 17:00:12 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 17:00:11 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 17:00:11 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 17:00:11 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-08 02:57:35 -------- d-----w- C:\Program Files\iPod
2012-04-08 02:57:34 -------- d-----w- C:\Program Files\iTunes
2012-04-08 02:57:34 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-26 03:03:40 -------- d-----w- C:\Users\Mark\AppData\Local\{EF894708-A03F-4FA8-884D-C4C3E04C0932}
2012-03-26 03:03:27 -------- d-----w- C:\Users\Mark\AppData\Local\{52BD3E9F-4663-4867-A8DD-90DA3AD0DFBE}
2012-03-24 23:11:53 65452 ----a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\FFBM_Remove.exe
2012-03-24 01:50:46 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-24 01:50:46 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-04-14 03:00:27 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-09 20:01:29 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 12:44:20 279656 ----a-w- C:\Windows\System32\MpSigStub.exe
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 20:42:43.72 ===============

#6 mnorm757

mnorm757
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 21 April 2012 - 07:52 PM

I'm getting an error message stating that I "do not have permission to post on this topic" when I attempt to copy and paste the "Attach" info.
Did you need me to post it as an attachment?
Thanks Gringo!

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:14 AM

Posted 21 April 2012 - 08:01 PM

Hello

we will get it later

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 mnorm757

mnorm757
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 22 April 2012 - 06:29 AM

Can't run Combofix for some reason. The program gets about 15 seconds in and I get the BSOD. I'm running in Safe Mode with Networking.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:14 AM

Posted 22 April 2012 - 08:45 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 mnorm757

mnorm757
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 22 April 2012 - 08:52 AM

Before you were able to post I uninstalled and reinstalled Combofix and it is running now.

Would you like me to post the log after it completes and hold off on running TDSSKILLER?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:14 AM

Posted 22 April 2012 - 08:58 AM

if it is running let it run

we will get to the others later


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 mnorm757

mnorm757
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 22 April 2012 - 09:29 AM

Here is the log. When the computer rebooted I chose Safe Mode with networking.


ComboFix 12-04-22.01 - Mark 04/22/2012 9:53.5.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8119.7128 [GMT -4:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-22 to 2012-04-22 )))))))))))))))))))))))))))))))
.
.
2012-04-22 14:06 . 2012-04-22 14:06 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-22 14:06 . 2012-04-22 14:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-22 14:06 . 2012-04-22 14:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-21 04:34 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-21 04:27 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27586C0C-4FB7-4B3D-8B64-88E7A26CD4C0}\mpengine.dll
2012-04-21 00:52 . 2012-04-21 16:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-21 00:43 . 2012-04-21 00:43 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes
2012-04-21 00:43 . 2012-04-21 04:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-21 00:43 . 2012-04-21 00:43 -------- d-----w- c:\programdata\Malwarebytes
2012-04-18 01:43 . 2012-04-18 01:43 -------- d-----w- c:\users\Mark\AppData\Roaming\BluePrint Simulations
2012-04-16 11:10 . 2012-04-16 11:10 94857 ----a-w- c:\program files (x86)\Microsoft Games\Flight Simulator 9\Uninstall KSJC.exe
2012-04-16 03:21 . 2012-04-16 03:21 94751 ----a-w- c:\program files (x86)\Microsoft Games\Flight Simulator 9\Uninstall VHHH.exe
2012-04-15 15:36 . 2012-04-19 13:11 -------- d-----w- c:\program files (x86)\uTorrent
2012-04-15 15:34 . 2012-04-19 13:11 -------- d-----w- c:\users\Mark\AppData\Roaming\uTorrent
2012-04-11 23:00 . 2012-04-14 03:00 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 22:31 . 2012-04-14 03:00 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-11 17:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 17:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 17:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 17:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 17:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 17:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 17:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-08 02:57 . 2012-04-08 02:57 -------- d-----w- c:\program files\iPod
2012-04-08 02:57 . 2012-04-08 02:57 -------- d-----w- c:\program files\iTunes
2012-04-08 02:57 . 2012-04-08 02:57 -------- d-----w- c:\program files (x86)\iTunes
2012-03-24 23:11 . 2012-03-24 23:11 65452 ----a-w- c:\program files (x86)\Microsoft Games\Flight Simulator 9\FFBM_Remove.exe
2012-03-24 01:50 . 2012-03-24 01:50 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-24 01:50 . 2012-03-24 01:50 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 03:00 . 2011-08-21 01:02 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 03:27 . 2011-12-20 04:31 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-29 01:55 . 2012-02-29 01:55 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-17 06:38 . 2012-03-13 17:46 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 17:46 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 17:46 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 17:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 20:09 . 2012-02-10 20:09 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0E0FE602-F91D-4271-B135-F83ED78E99FD}\gapaengine.dll
2012-02-10 06:36 . 2012-03-13 17:47 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 17:47 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-09 20:01 . 2012-02-09 20:01 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-13 17:47 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-08-27 23:31 279656 ----a-w- c:\windows\system32\MpSigStub.exe
2012-01-25 06:38 . 2012-03-13 17:46 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 17:46 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 17:46 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"IObitBar Browser Plugin Loader"="c:\progra~2\IObitBar\toolbar\1.bin\i0brmon.exe" [2010-07-31 20480]
"IMBooster"="c:\program files (x86)\Iminent\IMBooster\imbooster.exe" [2011-03-30 1324008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-02-11 165184]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-25 135664]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
R2 IObitBarService;IObit Toolbar Service;c:\progra~2\IObitBar\toolbar\1.bin\i0barsvc.exe [2010-07-31 28766]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-03-04 658656]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-25 135664]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 03:00]
.
2012-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-25 18:21]
.
2012-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-25 18:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\nym8b5c4.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://results.myway.com/GGmain.jhtml?id=YH&ptb=884C8360-4544-4088-8A3D-6D2B603A79B4&ind=2010073101&ptnrS=YH&si=&n=&psa=&st=kwd&searchfor=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-RunOnce-Malwarebytes Anti-Malware (cleanup) - c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1657984165-3373467887-2477547519-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1657984165-3373467887-2477547519-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-04-22 10:26:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-22 14:26
.
Pre-Run: 765,181,059,072 bytes free
Post-Run: 765,105,659,904 bytes free
.
- - End Of File - - 8B2430C71F2F77A33206DEEA4858824B

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:14 AM

Posted 22 April 2012 - 09:32 AM

Hello


Very good - now lets run these


tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 mnorm757

mnorm757
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 22 April 2012 - 09:51 AM

TDSSKILLER found Rootkit.boot.Pihar.c malware in my physical C: drive. It was unable to CURE.

Would you like me to go ahead and run aswMBR next?

#15 mnorm757

mnorm757
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 22 April 2012 - 10:01 AM

10:43:45.0068 2372 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
10:43:45.0364 2372 ============================================================
10:43:45.0364 2372 Current date / time: 2012/04/22 10:43:45.0364
10:43:45.0364 2372 SystemInfo:
10:43:45.0364 2372
10:43:45.0364 2372 OS Version: 6.1.7601 ServicePack: 1.0
10:43:45.0364 2372 Product type: Workstation
10:43:45.0364 2372 ComputerName: MARK-PC
10:43:45.0364 2372 UserName: Mark
10:43:45.0364 2372 Windows directory: C:\Windows
10:43:45.0364 2372 System windows directory: C:\Windows
10:43:45.0364 2372 Running under WOW64
10:43:45.0364 2372 Processor architecture: Intel x64
10:43:45.0364 2372 Number of processors: 4
10:43:45.0364 2372 Page size: 0x1000
10:43:45.0364 2372 Boot type: Safe boot with network
10:43:45.0364 2372 ============================================================
10:43:45.0660 2372 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:43:45.0660 2372 \Device\Harddisk0\DR0:
10:43:45.0660 2372 MBR partitions:
10:43:45.0660 2372 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1A0F000
10:43:45.0660 2372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A23000, BlocksNum 0x72CE3000
10:43:45.0692 2372 C: <-> \Device\Harddisk0\DR0\Partition1
10:43:45.0692 2372 Initialize success
10:43:45.0692 2372 ============================================================
10:43:47.0548 1172 ============================================================
10:43:47.0548 1172 Scan started
10:43:47.0548 1172 Mode: Manual;
10:43:47.0548 1172 ============================================================
10:43:48.0063 1172 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:43:48.0063 1172 1394ohci - ok
10:43:48.0188 1172 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:43:48.0188 1172 ACPI - ok
10:43:48.0266 1172 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:43:48.0266 1172 AcpiPmi - ok
10:43:48.0390 1172 AdobeActiveFileMonitor8.0 (765fe0463e711e5a68ac7b69538ed922) c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
10:43:48.0390 1172 AdobeActiveFileMonitor8.0 - ok
10:43:48.0546 1172 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:43:48.0562 1172 AdobeFlashPlayerUpdateSvc - ok
10:43:48.0624 1172 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:43:48.0624 1172 adp94xx - ok
10:43:48.0734 1172 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:43:48.0734 1172 adpahci - ok
10:43:48.0812 1172 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:43:48.0812 1172 adpu320 - ok
10:43:48.0890 1172 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:43:48.0890 1172 AeLookupSvc - ok
10:43:49.0046 1172 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:43:49.0046 1172 AFD - ok
10:43:49.0124 1172 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:43:49.0124 1172 agp440 - ok
10:43:49.0186 1172 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:43:49.0186 1172 ALG - ok
10:43:49.0264 1172 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:43:49.0264 1172 aliide - ok
10:43:49.0358 1172 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:43:49.0358 1172 amdide - ok
10:43:49.0420 1172 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:43:49.0420 1172 AmdK8 - ok
10:43:49.0482 1172 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:43:49.0482 1172 AmdPPM - ok
10:43:49.0592 1172 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:43:49.0592 1172 amdsata - ok
10:43:49.0670 1172 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:43:49.0670 1172 amdsbs - ok
10:43:49.0748 1172 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:43:49.0748 1172 amdxata - ok
10:43:49.0950 1172 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:43:49.0950 1172 AppID - ok
10:43:50.0013 1172 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:43:50.0013 1172 AppIDSvc - ok
10:43:50.0091 1172 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:43:50.0091 1172 Appinfo - ok
10:43:50.0216 1172 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:43:50.0216 1172 Apple Mobile Device - ok
10:43:50.0340 1172 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:43:50.0340 1172 arc - ok
10:43:50.0418 1172 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:43:50.0418 1172 arcsas - ok
10:43:50.0559 1172 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:43:50.0559 1172 aspnet_state - ok
10:43:50.0637 1172 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:43:50.0637 1172 AsyncMac - ok
10:43:50.0715 1172 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:43:50.0715 1172 atapi - ok
10:43:50.0840 1172 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys
10:43:50.0855 1172 athr - ok
10:43:50.0949 1172 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:43:50.0964 1172 AudioEndpointBuilder - ok
10:43:50.0964 1172 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:43:50.0964 1172 AudioSrv - ok
10:43:51.0011 1172 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:43:51.0011 1172 AxInstSV - ok
10:43:51.0042 1172 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:43:51.0042 1172 b06bdrv - ok
10:43:51.0074 1172 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:43:51.0074 1172 b57nd60a - ok
10:43:51.0105 1172 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:43:51.0105 1172 BDESVC - ok
10:43:51.0167 1172 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:43:51.0167 1172 Beep - ok
10:43:51.0214 1172 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:43:51.0214 1172 BFE - ok
10:43:51.0292 1172 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
10:43:51.0292 1172 BITS - ok
10:43:51.0354 1172 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:43:51.0354 1172 blbdrive - ok
10:43:51.0448 1172 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:43:51.0448 1172 Bonjour Service - ok
10:43:51.0510 1172 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:43:51.0510 1172 bowser - ok
10:43:51.0526 1172 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:43:51.0526 1172 BrFiltLo - ok
10:43:51.0542 1172 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:43:51.0542 1172 BrFiltUp - ok
10:43:51.0573 1172 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:43:51.0573 1172 BridgeMP - ok
10:43:51.0635 1172 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:43:51.0635 1172 Browser - ok
10:43:51.0651 1172 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:43:51.0651 1172 Brserid - ok
10:43:51.0666 1172 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:43:51.0666 1172 BrSerWdm - ok
10:43:51.0682 1172 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:43:51.0682 1172 BrUsbMdm - ok
10:43:51.0698 1172 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:43:51.0698 1172 BrUsbSer - ok
10:43:51.0713 1172 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:43:51.0713 1172 BTHMODEM - ok
10:43:51.0729 1172 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:43:51.0729 1172 bthserv - ok
10:43:51.0760 1172 catchme - ok
10:43:51.0791 1172 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:43:51.0807 1172 cdfs - ok
10:43:51.0854 1172 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:43:51.0854 1172 cdrom - ok
10:43:51.0885 1172 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:43:51.0885 1172 CertPropSvc - ok
10:43:51.0900 1172 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:43:51.0900 1172 circlass - ok
10:43:51.0947 1172 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:43:51.0963 1172 CLFS - ok
10:43:52.0010 1172 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:43:52.0010 1172 clr_optimization_v2.0.50727_32 - ok
10:43:52.0041 1172 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:43:52.0041 1172 clr_optimization_v2.0.50727_64 - ok
10:43:52.0119 1172 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:43:52.0119 1172 clr_optimization_v4.0.30319_32 - ok
10:43:52.0181 1172 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:43:52.0181 1172 clr_optimization_v4.0.30319_64 - ok
10:43:52.0197 1172 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:43:52.0197 1172 CmBatt - ok
10:43:52.0259 1172 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:43:52.0259 1172 cmdide - ok
10:43:52.0337 1172 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:43:52.0337 1172 CNG - ok
10:43:52.0353 1172 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:43:52.0353 1172 Compbatt - ok
10:43:52.0384 1172 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:43:52.0384 1172 CompositeBus - ok
10:43:52.0384 1172 COMSysApp - ok
10:43:52.0493 1172 cpuz132 - ok
10:43:52.0524 1172 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:43:52.0524 1172 crcdisk - ok
10:43:52.0556 1172 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:43:52.0571 1172 CryptSvc - ok
10:43:52.0618 1172 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:43:52.0618 1172 DcomLaunch - ok
10:43:52.0649 1172 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:43:52.0649 1172 defragsvc - ok
10:43:52.0712 1172 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:43:52.0712 1172 DfsC - ok
10:43:52.0758 1172 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:43:52.0758 1172 Dhcp - ok
10:43:52.0805 1172 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:43:52.0805 1172 discache - ok
10:43:52.0821 1172 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:43:52.0821 1172 Disk - ok
10:43:52.0852 1172 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:43:52.0852 1172 Dnscache - ok
10:43:52.0899 1172 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
10:43:52.0899 1172 DockLoginService - ok
10:43:52.0930 1172 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:43:52.0930 1172 dot3svc - ok
10:43:53.0008 1172 dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
10:43:53.0008 1172 dot4 - ok
10:43:53.0070 1172 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
10:43:53.0070 1172 Dot4Print - ok
10:43:53.0133 1172 Dot4Scan (488669cd1cd3bdcfdd9a5fda72209069) C:\Windows\system32\DRIVERS\Dot4Scan.sys
10:43:53.0133 1172 Dot4Scan - ok
10:43:53.0180 1172 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
10:43:53.0180 1172 dot4usb - ok
10:43:53.0211 1172 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:43:53.0226 1172 DPS - ok
10:43:53.0242 1172 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:43:53.0242 1172 drmkaud - ok
10:43:53.0289 1172 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:43:53.0304 1172 DXGKrnl - ok
10:43:53.0336 1172 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:43:53.0336 1172 EapHost - ok
10:43:53.0398 1172 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:43:53.0429 1172 ebdrv - ok
10:43:53.0460 1172 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:43:53.0476 1172 EFS - ok
10:43:53.0507 1172 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:43:53.0507 1172 ehRecvr - ok
10:43:53.0538 1172 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:43:53.0538 1172 ehSched - ok
10:43:53.0554 1172 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:43:53.0570 1172 elxstor - ok
10:43:53.0616 1172 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:43:53.0616 1172 ErrDev - ok
10:43:53.0663 1172 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:43:53.0663 1172 EventSystem - ok
10:43:53.0679 1172 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:43:53.0694 1172 exfat - ok
10:43:53.0741 1172 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:43:53.0741 1172 fastfat - ok
10:43:53.0788 1172 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:43:53.0788 1172 Fax - ok
10:43:53.0804 1172 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:43:53.0804 1172 fdc - ok
10:43:53.0819 1172 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:43:53.0819 1172 fdPHost - ok
10:43:53.0835 1172 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:43:53.0835 1172 FDResPub - ok
10:43:53.0882 1172 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:43:53.0882 1172 FileInfo - ok
10:43:53.0897 1172 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:43:53.0897 1172 Filetrace - ok
10:43:53.0975 1172 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:43:53.0991 1172 FLEXnet Licensing Service - ok
10:43:54.0006 1172 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:43:54.0006 1172 flpydisk - ok
10:43:54.0069 1172 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:43:54.0069 1172 FltMgr - ok
10:43:54.0116 1172 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:43:54.0131 1172 FontCache - ok
10:43:54.0178 1172 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:43:54.0178 1172 FontCache3.0.0.0 - ok
10:43:54.0209 1172 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:43:54.0209 1172 FsDepends - ok
10:43:54.0256 1172 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:43:54.0256 1172 Fs_Rec - ok
10:43:54.0287 1172 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:43:54.0303 1172 fvevol - ok
10:43:54.0318 1172 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:43:54.0318 1172 gagp30kx - ok
10:43:54.0365 1172 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:43:54.0365 1172 GEARAspiWDM - ok
10:43:54.0396 1172 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
10:43:54.0396 1172 GoToAssist - ok
10:43:54.0443 1172 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:43:54.0443 1172 gpsvc - ok
10:43:54.0537 1172 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:43:54.0537 1172 gupdate - ok
10:43:54.0568 1172 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:43:54.0568 1172 gupdatem - ok
10:43:54.0615 1172 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:43:54.0615 1172 gusvc - ok
10:43:54.0646 1172 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:43:54.0646 1172 hcw85cir - ok
10:43:54.0677 1172 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:43:54.0677 1172 HDAudBus - ok
10:43:54.0724 1172 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
10:43:54.0724 1172 HECIx64 - ok
10:43:54.0755 1172 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:43:54.0755 1172 HidBatt - ok
10:43:54.0786 1172 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:43:54.0786 1172 HidBth - ok
10:43:54.0818 1172 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:43:54.0818 1172 HidIr - ok
10:43:54.0880 1172 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:43:54.0880 1172 hidserv - ok
10:43:54.0911 1172 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:43:54.0911 1172 HidUsb - ok
10:43:54.0958 1172 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:43:54.0958 1172 hkmsvc - ok
10:43:55.0020 1172 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:43:55.0020 1172 HomeGroupListener - ok
10:43:55.0052 1172 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:43:55.0052 1172 HomeGroupProvider - ok
10:43:55.0067 1172 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:43:55.0067 1172 HpSAMD - ok
10:43:55.0130 1172 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:43:55.0130 1172 HTTP - ok
10:43:55.0192 1172 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:43:55.0192 1172 hwpolicy - ok
10:43:55.0223 1172 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:43:55.0239 1172 i8042prt - ok
10:43:55.0254 1172 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
10:43:55.0270 1172 iaStor - ok
10:43:55.0301 1172 IAStorDataMgrSvc (7493ea4de41348f7d3edbf9db298f56a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
10:43:55.0301 1172 IAStorDataMgrSvc - ok
10:43:55.0317 1172 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:43:55.0332 1172 iaStorV - ok
10:43:55.0379 1172 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:43:55.0395 1172 idsvc - ok
10:43:55.0426 1172 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:43:55.0426 1172 iirsp - ok
10:43:55.0473 1172 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:43:55.0473 1172 IKEEXT - ok
10:43:55.0551 1172 IntcAzAudAddService (ee64207f2f5c20bfe5f73db2566c4601) C:\Windows\system32\drivers\RTKVHD64.sys
10:43:55.0582 1172 IntcAzAudAddService - ok
10:43:55.0598 1172 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
10:43:55.0598 1172 IntcDAud - ok
10:43:55.0629 1172 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:43:55.0629 1172 intelide - ok
10:43:55.0660 1172 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:43:55.0660 1172 intelppm - ok
10:43:55.0707 1172 IObitBarService (a7230c095e646fd97c52d094be07467b) C:\PROGRA~2\IObitBar\toolbar\1.bin\i0barsvc.exe
10:43:55.0722 1172 IObitBarService - ok
10:43:55.0738 1172 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:43:55.0738 1172 IPBusEnum - ok
10:43:55.0769 1172 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:43:55.0769 1172 IpFilterDriver - ok
10:43:55.0800 1172 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:43:55.0800 1172 iphlpsvc - ok
10:43:55.0832 1172 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:43:55.0832 1172 IPMIDRV - ok
10:43:55.0847 1172 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:43:55.0847 1172 IPNAT - ok
10:43:55.0925 1172 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
10:43:55.0941 1172 iPod Service - ok
10:43:55.0956 1172 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:43:55.0956 1172 IRENUM - ok
10:43:55.0972 1172 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:43:55.0972 1172 isapnp - ok
10:43:56.0003 1172 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:43:56.0003 1172 iScsiPrt - ok
10:43:56.0097 1172 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
10:43:56.0097 1172 k57nd60a - ok
10:43:56.0112 1172 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:43:56.0112 1172 kbdclass - ok
10:43:56.0128 1172 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:43:56.0128 1172 kbdhid - ok
10:43:56.0175 1172 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:43:56.0175 1172 KeyIso - ok
10:43:56.0175 1172 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:43:56.0175 1172 KSecDD - ok
10:43:56.0222 1172 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:43:56.0222 1172 KSecPkg - ok
10:43:56.0268 1172 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:43:56.0268 1172 ksthunk - ok
10:43:56.0300 1172 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:43:56.0300 1172 KtmRm - ok
10:43:56.0331 1172 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
10:43:56.0331 1172 LanmanServer - ok
10:43:56.0393 1172 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:43:56.0393 1172 LanmanWorkstation - ok
10:43:56.0440 1172 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:43:56.0440 1172 lltdio - ok
10:43:56.0471 1172 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:43:56.0471 1172 lltdsvc - ok
10:43:56.0471 1172 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:43:56.0471 1172 lmhosts - ok
10:43:56.0502 1172 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:43:56.0502 1172 LSI_FC - ok
10:43:56.0518 1172 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:43:56.0518 1172 LSI_SAS - ok
10:43:56.0534 1172 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:43:56.0549 1172 LSI_SAS2 - ok
10:43:56.0565 1172 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:43:56.0565 1172 LSI_SCSI - ok
10:43:56.0612 1172 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:43:56.0612 1172 luafv - ok
10:43:56.0674 1172 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
10:43:56.0674 1172 MBAMProtector - ok
10:43:56.0768 1172 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:43:56.0783 1172 MBAMService - ok
10:43:56.0814 1172 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:43:56.0814 1172 Mcx2Svc - ok
10:43:56.0830 1172 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:43:56.0830 1172 megasas - ok
10:43:56.0861 1172 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:43:56.0861 1172 MegaSR - ok
10:43:56.0877 1172 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:43:56.0877 1172 MMCSS - ok
10:43:56.0908 1172 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:43:56.0908 1172 Modem - ok
10:43:56.0955 1172 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:43:56.0955 1172 monitor - ok
10:43:56.0970 1172 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:43:56.0970 1172 mouclass - ok
10:43:56.0970 1172 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:43:56.0986 1172 mouhid - ok
10:43:57.0017 1172 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:43:57.0017 1172 mountmgr - ok
10:43:57.0080 1172 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
10:43:57.0080 1172 MpFilter - ok
10:43:57.0126 1172 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:43:57.0126 1172 mpio - ok
10:43:57.0142 1172 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
10:43:57.0142 1172 MpNWMon - ok
10:43:57.0158 1172 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:43:57.0158 1172 mpsdrv - ok
10:43:57.0220 1172 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:43:57.0220 1172 MpsSvc - ok
10:43:57.0251 1172 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:43:57.0251 1172 MRxDAV - ok
10:43:57.0298 1172 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:43:57.0298 1172 mrxsmb - ok
10:43:57.0345 1172 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:43:57.0360 1172 mrxsmb10 - ok
10:43:57.0360 1172 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:43:57.0360 1172 mrxsmb20 - ok
10:43:57.0407 1172 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:43:57.0407 1172 msahci - ok
10:43:57.0423 1172 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:43:57.0423 1172 msdsm - ok
10:43:57.0438 1172 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:43:57.0438 1172 MSDTC - ok
10:43:57.0470 1172 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:43:57.0470 1172 Msfs - ok
10:43:57.0470 1172 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:43:57.0470 1172 mshidkmdf - ok
10:43:57.0485 1172 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:43:57.0485 1172 msisadrv - ok
10:43:57.0501 1172 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:43:57.0501 1172 MSiSCSI - ok
10:43:57.0516 1172 msiserver - ok
10:43:57.0532 1172 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:43:57.0532 1172 MSKSSRV - ok
10:43:57.0657 1172 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
10:43:57.0657 1172 MsMpSvc - ok
10:43:57.0672 1172 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:43:57.0672 1172 MSPCLOCK - ok
10:43:57.0704 1172 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:43:57.0704 1172 MSPQM - ok
10:43:57.0735 1172 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:43:57.0735 1172 MsRPC - ok
10:43:57.0766 1172 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:43:57.0766 1172 mssmbios - ok
10:43:57.0797 1172 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:43:57.0797 1172 MSTEE - ok
10:43:57.0813 1172 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:43:57.0813 1172 MTConfig - ok
10:43:57.0828 1172 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:43:57.0828 1172 Mup - ok
10:43:57.0875 1172 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:43:57.0891 1172 napagent - ok
10:43:57.0938 1172 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:43:57.0938 1172 NativeWifiP - ok
10:43:57.0969 1172 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:43:57.0969 1172 NDIS - ok
10:43:57.0984 1172 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:43:57.0984 1172 NdisCap - ok
10:43:58.0000 1172 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:43:58.0000 1172 NdisTapi - ok
10:43:58.0047 1172 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:43:58.0047 1172 Ndisuio - ok
10:43:58.0109 1172 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:43:58.0109 1172 NdisWan - ok
10:43:58.0140 1172 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:43:58.0140 1172 NDProxy - ok
10:43:58.0156 1172 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:43:58.0156 1172 NetBIOS - ok
10:43:58.0203 1172 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:43:58.0203 1172 NetBT - ok
10:43:58.0265 1172 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:43:58.0265 1172 Netlogon - ok
10:43:58.0281 1172 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:43:58.0281 1172 Netman - ok
10:43:58.0390 1172 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:43:58.0390 1172 NetMsmqActivator - ok
10:43:58.0390 1172 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:43:58.0390 1172 NetPipeActivator - ok
10:43:58.0421 1172 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:43:58.0437 1172 netprofm - ok
10:43:58.0452 1172 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:43:58.0452 1172 NetTcpActivator - ok
10:43:58.0452 1172 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:43:58.0452 1172 NetTcpPortSharing - ok
10:43:58.0515 1172 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:43:58.0515 1172 nfrd960 - ok
10:43:58.0577 1172 nHancer (473ab3856ca286a616998cb34762eb6d) C:\Program Files\nHancer\nHancerService.exe
10:43:58.0577 1172 nHancer - ok
10:43:58.0608 1172 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:43:58.0608 1172 NisDrv - ok
10:43:58.0655 1172 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
10:43:58.0655 1172 NisSrv - ok
10:43:58.0702 1172 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:43:58.0702 1172 NlaSvc - ok
10:43:58.0718 1172 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:43:58.0718 1172 Npfs - ok
10:43:58.0749 1172 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:43:58.0749 1172 nsi - ok
10:43:58.0780 1172 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:43:58.0780 1172 nsiproxy - ok
10:43:58.0858 1172 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:43:58.0858 1172 Ntfs - ok
10:43:58.0905 1172 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:43:58.0905 1172 Null - ok
10:43:58.0936 1172 NVHDA (181e7fe39211e04128a30708906627d8) C:\Windows\system32\drivers\nvhda64v.sys
10:43:58.0936 1172 NVHDA - ok
10:43:59.0139 1172 nvlddmkm (325520227cc568052ae1d7ad49d90951) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:43:59.0326 1172 nvlddmkm - ok
10:43:59.0357 1172 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:43:59.0357 1172 nvraid - ok
10:43:59.0388 1172 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:43:59.0388 1172 nvstor - ok
10:43:59.0451 1172 nvsvc (4dffb8ddba4a0e8222e0e8d2cd590803) C:\Windows\system32\nvvsvc.exe
10:43:59.0451 1172 nvsvc - ok
10:43:59.0466 1172 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:43:59.0466 1172 nv_agp - ok
10:43:59.0560 1172 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:43:59.0560 1172 odserv - ok
10:43:59.0591 1172 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:43:59.0591 1172 ohci1394 - ok
10:43:59.0622 1172 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:43:59.0622 1172 ose - ok
10:43:59.0654 1172 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:43:59.0669 1172 p2pimsvc - ok
10:43:59.0685 1172 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:43:59.0685 1172 p2psvc - ok
10:43:59.0716 1172 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:43:59.0716 1172 Parport - ok
10:43:59.0747 1172 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:43:59.0747 1172 partmgr - ok
10:43:59.0763 1172 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:43:59.0763 1172 PcaSvc - ok
10:43:59.0825 1172 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:43:59.0825 1172 pci - ok
10:43:59.0841 1172 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:43:59.0841 1172 pciide - ok
10:43:59.0856 1172 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:43:59.0856 1172 pcmcia - ok
10:43:59.0888 1172 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:43:59.0888 1172 pcw - ok
10:43:59.0903 1172 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:43:59.0903 1172 PEAUTH - ok
10:43:59.0966 1172 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:43:59.0966 1172 PerfHost - ok
10:44:00.0059 1172 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:44:00.0075 1172 pla - ok
10:44:00.0122 1172 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:44:00.0122 1172 PlugPlay - ok
10:44:00.0153 1172 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:44:00.0153 1172 PNRPAutoReg - ok
10:44:00.0168 1172 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:44:00.0168 1172 PNRPsvc - ok
10:44:00.0184 1172 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:44:00.0184 1172 PolicyAgent - ok
10:44:00.0231 1172 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:44:00.0231 1172 Power - ok
10:44:00.0262 1172 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:44:00.0262 1172 PptpMiniport - ok
10:44:00.0278 1172 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:44:00.0278 1172 Processor - ok
10:44:00.0309 1172 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
10:44:00.0309 1172 ProfSvc - ok
10:44:00.0340 1172 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:44:00.0340 1172 ProtectedStorage - ok
10:44:00.0387 1172 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:44:00.0387 1172 Psched - ok
10:44:00.0434 1172 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:44:00.0434 1172 PxHlpa64 - ok
10:44:00.0465 1172 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:44:00.0480 1172 ql2300 - ok
10:44:00.0512 1172 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:44:00.0512 1172 ql40xx - ok
10:44:00.0527 1172 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:44:00.0543 1172 QWAVE - ok
10:44:00.0543 1172 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:44:00.0543 1172 QWAVEdrv - ok
10:44:00.0558 1172 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:44:00.0558 1172 RasAcd - ok
10:44:00.0574 1172 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:44:00.0574 1172 RasAgileVpn - ok
10:44:00.0605 1172 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:44:00.0605 1172 RasAuto - ok
10:44:00.0652 1172 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:44:00.0652 1172 Rasl2tp - ok
10:44:00.0668 1172 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:44:00.0668 1172 RasMan - ok
10:44:00.0730 1172 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:44:00.0730 1172 RasPppoe - ok
10:44:00.0730 1172 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:44:00.0746 1172 RasSstp - ok
10:44:00.0792 1172 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:44:00.0792 1172 rdbss - ok
10:44:00.0824 1172 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:44:00.0824 1172 rdpbus - ok
10:44:00.0855 1172 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:44:00.0855 1172 RDPCDD - ok
10:44:00.0870 1172 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:44:00.0870 1172 RDPENCDD - ok
10:44:00.0870 1172 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:44:00.0870 1172 RDPREFMP - ok
10:44:00.0917 1172 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
10:44:00.0917 1172 RDPWD - ok
10:44:00.0948 1172 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:44:00.0948 1172 rdyboost - ok
10:44:00.0964 1172 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:44:00.0964 1172 RemoteAccess - ok
10:44:00.0964 1172 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:44:00.0964 1172 RemoteRegistry - ok
10:44:01.0136 1172 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
10:44:01.0136 1172 RoxMediaDB10 - ok
10:44:01.0167 1172 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:44:01.0167 1172 RpcEptMapper - ok
10:44:01.0182 1172 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:44:01.0182 1172 RpcLocator - ok
10:44:01.0229 1172 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:44:01.0229 1172 RpcSs - ok
10:44:01.0229 1172 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:44:01.0245 1172 rspndr - ok
10:44:01.0245 1172 RxFilter - ok
10:44:01.0245 1172 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:44:01.0245 1172 SamSs - ok
10:44:01.0292 1172 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:44:01.0292 1172 sbp2port - ok
10:44:01.0292 1172 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:44:01.0292 1172 SCardSvr - ok
10:44:01.0307 1172 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:44:01.0307 1172 scfilter - ok
10:44:01.0354 1172 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:44:01.0354 1172 Schedule - ok
10:44:01.0401 1172 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:44:01.0401 1172 SCPolicySvc - ok
10:44:01.0416 1172 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:44:01.0416 1172 SDRSVC - ok
10:44:01.0432 1172 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:44:01.0432 1172 secdrv - ok
10:44:01.0448 1172 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:44:01.0448 1172 seclogon - ok
10:44:01.0479 1172 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
10:44:01.0479 1172 SENS - ok
10:44:01.0479 1172 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:44:01.0479 1172 SensrSvc - ok
10:44:01.0494 1172 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:44:01.0494 1172 Serenum - ok
10:44:01.0526 1172 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:44:01.0526 1172 Serial - ok
10:44:01.0557 1172 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:44:01.0557 1172 sermouse - ok
10:44:01.0588 1172 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:44:01.0604 1172 SessionEnv - ok
10:44:01.0604 1172 SessionLauncher - ok
10:44:01.0635 1172 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:44:01.0635 1172 sffdisk - ok
10:44:01.0650 1172 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:44:01.0650 1172 sffp_mmc - ok
10:44:01.0666 1172 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:44:01.0666 1172 sffp_sd - ok
10:44:01.0697 1172 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:44:01.0697 1172 sfloppy - ok
10:44:01.0728 1172 SftService (21d48d7c9bdef13af16fdcbc5719fc3b) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
10:44:01.0744 1172 SftService - ok
10:44:01.0760 1172 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:44:01.0775 1172 SharedAccess - ok
10:44:01.0838 1172 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:44:01.0838 1172 ShellHWDetection - ok
10:44:01.0853 1172 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:44:01.0853 1172 SiSRaid2 - ok
10:44:01.0884 1172 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:44:01.0884 1172 SiSRaid4 - ok
10:44:01.0900 1172 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:44:01.0900 1172 Smb - ok
10:44:01.0916 1172 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:44:01.0916 1172 SNMPTRAP - ok
10:44:01.0931 1172 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:44:01.0931 1172 spldr - ok
10:44:01.0978 1172 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:44:01.0978 1172 Spooler - ok
10:44:02.0072 1172 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:44:02.0118 1172 sppsvc - ok
10:44:02.0150 1172 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:44:02.0150 1172 sppuinotify - ok
10:44:02.0212 1172 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
10:44:02.0212 1172 sprtsvc_DellSupportCenter - ok
10:44:02.0290 1172 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:44:02.0290 1172 srv - ok
10:44:02.0352 1172 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:44:02.0352 1172 srv2 - ok
10:44:02.0399 1172 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:44:02.0399 1172 srvnet - ok
10:44:02.0415 1172 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:44:02.0415 1172 SSDPSRV - ok
10:44:02.0430 1172 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:44:02.0430 1172 SstpSvc - ok
10:44:02.0508 1172 Stereo Service (7c28d81fc104d0dea13ce1c54280feb5) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:44:02.0508 1172 Stereo Service - ok
10:44:02.0524 1172 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:44:02.0524 1172 stexstor - ok
10:44:02.0555 1172 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:44:02.0555 1172 stisvc - ok
10:44:02.0602 1172 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
10:44:02.0602 1172 stllssvr - ok
10:44:02.0649 1172 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:44:02.0649 1172 swenum - ok
10:44:02.0664 1172 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:44:02.0664 1172 swprv - ok
10:44:02.0711 1172 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:44:02.0742 1172 SysMain - ok
10:44:02.0774 1172 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:44:02.0774 1172 TabletInputService - ok
10:44:02.0789 1172 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:44:02.0789 1172 TapiSrv - ok
10:44:02.0805 1172 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:44:02.0805 1172 TBS - ok
10:44:02.0883 1172 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:44:02.0883 1172 Tcpip - ok
10:44:02.0914 1172 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:44:02.0930 1172 TCPIP6 - ok
10:44:02.0976 1172 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:44:02.0976 1172 tcpipreg - ok
10:44:02.0992 1172 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:44:02.0992 1172 TDPIPE - ok
10:44:03.0023 1172 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:44:03.0023 1172 TDTCP - ok
10:44:03.0070 1172 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:44:03.0070 1172 tdx - ok
10:44:03.0086 1172 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:44:03.0086 1172 TermDD - ok
10:44:03.0101 1172 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:44:03.0117 1172 TermService - ok
10:44:03.0132 1172 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:44:03.0132 1172 Themes - ok
10:44:03.0148 1172 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:44:03.0148 1172 THREADORDER - ok
10:44:03.0164 1172 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:44:03.0164 1172 TrkWks - ok
10:44:03.0195 1172 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:44:03.0210 1172 TrustedInstaller - ok
10:44:03.0242 1172 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:44:03.0242 1172 tssecsrv - ok
10:44:03.0304 1172 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:44:03.0304 1172 TsUsbFlt - ok
10:44:03.0335 1172 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:44:03.0335 1172 tunnel - ok
10:44:03.0351 1172 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:44:03.0351 1172 uagp35 - ok
10:44:03.0366 1172 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:44:03.0382 1172 udfs - ok
10:44:03.0413 1172 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:44:03.0413 1172 UI0Detect - ok
10:44:03.0444 1172 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:44:03.0444 1172 uliagpkx - ok
10:44:03.0491 1172 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:44:03.0491 1172 umbus - ok
10:44:03.0507 1172 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:44:03.0507 1172 UmPass - ok
10:44:03.0522 1172 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:44:03.0538 1172 upnphost - ok
10:44:03.0569 1172 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
10:44:03.0569 1172 USBAAPL64 - ok
10:44:03.0600 1172 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:44:03.0616 1172 usbccgp - ok
10:44:03.0632 1172 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:44:03.0632 1172 usbcir - ok
10:44:03.0647 1172 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:44:03.0647 1172 usbehci - ok
10:44:03.0663 1172 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:44:03.0663 1172 usbhub - ok
10:44:03.0710 1172 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:44:03.0710 1172 usbohci - ok
10:44:03.0741 1172 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:44:03.0741 1172 usbprint - ok
10:44:03.0756 1172 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
10:44:03.0756 1172 USBSTOR - ok
10:44:03.0772 1172 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:44:03.0772 1172 usbuhci - ok
10:44:03.0788 1172 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:44:03.0788 1172 UxSms - ok
10:44:03.0819 1172 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:44:03.0819 1172 VaultSvc - ok
10:44:03.0834 1172 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:44:03.0834 1172 vdrvroot - ok
10:44:03.0850 1172 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:44:03.0866 1172 vds - ok
10:44:03.0881 1172 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:44:03.0881 1172 vga - ok
10:44:03.0897 1172 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:44:03.0897 1172 VgaSave - ok
10:44:03.0928 1172 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:44:03.0928 1172 vhdmp - ok
10:44:03.0959 1172 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:44:03.0959 1172 viaide - ok
10:44:03.0959 1172 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:44:03.0959 1172 volmgr - ok
10:44:03.0990 1172 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:44:03.0990 1172 volmgrx - ok
10:44:04.0006 1172 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:44:04.0006 1172 volsnap - ok
10:44:04.0037 1172 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:44:04.0037 1172 vsmraid - ok
10:44:04.0084 1172 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:44:04.0100 1172 VSS - ok
10:44:04.0146 1172 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:44:04.0146 1172 vwifibus - ok
10:44:04.0162 1172 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:44:04.0162 1172 vwififlt - ok
10:44:04.0178 1172 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:44:04.0193 1172 W32Time - ok
10:44:04.0209 1172 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:44:04.0209 1172 WacomPen - ok
10:44:04.0240 1172 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:44:04.0240 1172 WANARP - ok
10:44:04.0240 1172 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:44:04.0240 1172 Wanarpv6 - ok
10:44:04.0318 1172 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:44:04.0318 1172 WatAdminSvc - ok
10:44:04.0380 1172 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:44:04.0380 1172 wbengine - ok
10:44:04.0396 1172 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:44:04.0396 1172 WbioSrvc - ok
10:44:04.0412 1172 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:44:04.0427 1172 wcncsvc - ok
10:44:04.0443 1172 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:44:04.0443 1172 WcsPlugInService - ok
10:44:04.0458 1172 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:44:04.0458 1172 Wd - ok
10:44:04.0490 1172 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:44:04.0505 1172 Wdf01000 - ok
10:44:04.0536 1172 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:44:04.0536 1172 WdiServiceHost - ok
10:44:04.0536 1172 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:44:04.0536 1172 WdiSystemHost - ok
10:44:04.0568 1172 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:44:04.0568 1172 WebClient - ok
10:44:04.0614 1172 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:44:04.0614 1172 Wecsvc - ok
10:44:04.0630 1172 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:44:04.0630 1172 wercplsupport - ok
10:44:04.0646 1172 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:44:04.0646 1172 WerSvc - ok
10:44:04.0661 1172 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:44:04.0661 1172 WfpLwf - ok
10:44:04.0708 1172 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
10:44:04.0708 1172 WimFltr - ok
10:44:04.0724 1172 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:44:04.0724 1172 WIMMount - ok
10:44:04.0755 1172 WinDefend - ok
10:44:04.0755 1172 WinHttpAutoProxySvc - ok
10:44:04.0833 1172 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:44:04.0833 1172 Winmgmt - ok
10:44:04.0864 1172 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:44:04.0895 1172 WinRM - ok
10:44:04.0942 1172 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:44:04.0942 1172 Wlansvc - ok
10:44:05.0020 1172 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:44:05.0051 1172 wlidsvc - ok
10:44:05.0082 1172 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:44:05.0082 1172 WmiAcpi - ok
10:44:05.0098 1172 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:44:05.0114 1172 wmiApSrv - ok
10:44:05.0114 1172 WMPNetworkSvc - ok
10:44:05.0145 1172 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:44:05.0145 1172 WPCSvc - ok
10:44:05.0160 1172 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:44:05.0160 1172 WPDBusEnum - ok
10:44:05.0176 1172 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:44:05.0176 1172 ws2ifsl - ok
10:44:05.0207 1172 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
10:44:05.0207 1172 wscsvc - ok
10:44:05.0207 1172 WSearch - ok
10:44:05.0270 1172 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
10:44:05.0301 1172 wuauserv - ok
10:44:05.0332 1172 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:44:05.0348 1172 WudfPf - ok
10:44:05.0379 1172 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:44:05.0379 1172 WUDFRd - ok
10:44:05.0394 1172 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:44:05.0394 1172 wudfsvc - ok
10:44:05.0410 1172 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:44:05.0426 1172 WwanSvc - ok
10:44:05.0504 1172 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:44:05.0504 1172 YahooAUService - ok
10:44:05.0535 1172 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:44:05.0550 1172 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
10:44:05.0550 1172 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
10:44:05.0582 1172 Boot (0x1200) (f69620d8691777f34feaa44704c60700) \Device\Harddisk0\DR0\Partition0
10:44:05.0582 1172 \Device\Harddisk0\DR0\Partition0 - ok
10:44:05.0582 1172 Boot (0x1200) (abfcc93d26b9fec2e1ad5e1cc2afdfe1) \Device\Harddisk0\DR0\Partition1
10:44:05.0582 1172 \Device\Harddisk0\DR0\Partition1 - ok
10:44:05.0582 1172 ============================================================
10:44:05.0582 1172 Scan finished
10:44:05.0582 1172 ============================================================
10:44:05.0597 1972 Detected object count: 1
10:44:05.0597 1972 Actual detected object count: 1
10:44:10.0652 1972 \Device\Harddisk0\DR0\# - copied to quarantine
10:44:10.0652 1972 \Device\Harddisk0\DR0 - copied to quarantine
10:44:10.0714 1972 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
10:44:10.0745 1972 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
10:44:10.0745 1972 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:44:10.0761 1972 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:44:10.0761 1972 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
10:44:10.0761 1972 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
10:44:10.0761 1972 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
10:44:10.0761 1972 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:44:10.0792 1972 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:44:10.0823 1972 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
10:44:10.0823 1972 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
10:44:10.0823 1972 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
10:44:10.0823 1972 \Device\Harddisk0\DR0 - processing error
10:51:47.0412 1972 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users