Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse Agent_r.AWW in C:\Windows\System32\drivers\netbt.sysAn


  • This topic is locked This topic is locked
51 replies to this topic

#1 KevinRt66

KevinRt66

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 01 May 2012 - 10:39 AM

An AVG scan in safe mode is showing a Trojan horse Agent_r.AWW in C:\Windows\System32\drivers\netbt.sys

Other scans showed more concerns, See Attached DDS, GMER & TDDSSKIller scan results

Thanks much in advance!

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 PM

Posted 02 May 2012 - 01:00 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 PM

Posted 05 May 2012 - 12:28 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 KevinRt66

KevinRt66
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 06 May 2012 - 02:33 PM

Sorry I didn't get an email that there was a reply. I should be able to get on the computer & reply in the next couple of days, please keep this ticket open. thanks

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 PM

Posted 06 May 2012 - 03:24 PM

OK no problem I will check on you in a couple of days


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 KevinRt66

KevinRt66
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 08 May 2012 - 10:19 AM

combofix is indicating a rootkit but no log is opening after & I can't find one? advise?

*** checkup log

Results of screen317's Security Check version 0.99.32
Windows Vista x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
AVG 2012
AVG PC Tuneup
AVG 2012
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.2
SpywareBlaster 4.2 Out of Date!
McAfee SiteAdvisor
AVG PC Tuneup
Java™ 6 Update 31
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

computer is in safe mode, won't start in regular mode

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 PM

Posted 08 May 2012 - 12:02 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 KevinRt66

KevinRt66
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 08 May 2012 - 09:17 PM

The TDD log is in my initial post & no cleanup changes were done yet, though I'll run it again & the new thing

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 PM

Posted 08 May 2012 - 09:23 PM

go ahead and remove the one you have and download it again


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 PM

Posted 11 May 2012 - 01:39 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 KevinRt66

KevinRt66
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 11 May 2012 - 09:45 AM

Sorry & thanks for being patient. I don't have easy access to the computer & getting online

tdsskiller reports nothing found, no log opened. I found it & put it at the end since it's likely not needed

*** aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-11 09:29:15
-----------------------------
09:29:15.366 OS Version: Windows 6.0.6000
09:29:15.366 Number of processors: 2 586 0xE0C
09:29:15.366 ComputerName: MIKE-PC UserName: Mike
09:29:34.569 Initialize success
09:35:44.383 AVAST engine defs: 12051100
09:36:08.594 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:36:08.594 Disk 0 Vendor: ST9120822AS 3.CDD Size: 114473MB BusType: 3
09:36:08.688 Disk 0 MBR read successfully
09:36:08.688 Disk 0 MBR scan
09:36:08.688 Disk 0 Windows VISTA default MBR code
09:36:08.703 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
09:36:08.719 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304
09:36:08.750 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 104184 MB offset 21069824
09:36:08.750 Disk 0 scanning sectors +234438656
09:36:08.875 Disk 0 scanning C:\Windows\system32\drivers
09:36:14.538 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Aluroot-B [Rtk]
09:36:20.107 Disk 0 trace - called modules:
09:36:20.122 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
09:36:20.122 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x850db030]
09:36:20.138 3 ntkrnlpa.exe[81cb07e2] -> nt!IofCallDriver -> [0x850e1850]
09:36:20.154 5 acpi.sys[8046932a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84313bb0]
09:36:20.965 AVAST engine scan C:\Windows
09:36:24.787 AVAST engine scan C:\Windows\system32
09:39:25.731 AVAST engine scan C:\Windows\system32\drivers
09:39:33.734 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Aluroot-B [Rtk]
09:39:40.567 AVAST engine scan C:\Users\Mike
09:44:16.656 Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat"
09:44:16.656 The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt"

*** TDSSKiller log

09:24:17.0983 1476 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
09:24:18.0295 1476 ============================================================
09:24:18.0295 1476 Current date / time: 2012/05/11 09:24:18.0295
09:24:18.0295 1476 SystemInfo:
09:24:18.0295 1476
09:24:18.0295 1476 OS Version: 6.0.6000 ServicePack: 0.0
09:24:18.0295 1476 Product type: Workstation
09:24:18.0295 1476 ComputerName: MIKE-PC
09:24:18.0295 1476 UserName: Mike
09:24:18.0295 1476 Windows directory: C:\Windows
09:24:18.0295 1476 System windows directory: C:\Windows
09:24:18.0295 1476 Processor architecture: Intel x86
09:24:18.0295 1476 Number of processors: 2
09:24:18.0295 1476 Page size: 0x1000
09:24:18.0295 1476 Boot type: Safe boot with network
09:24:18.0295 1476 ============================================================
09:24:19.0527 1476 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:24:19.0527 1476 ============================================================
09:24:19.0527 1476 \Device\Harddisk0\DR0:
09:24:19.0527 1476 MBR partitions:
09:24:19.0527 1476 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1400000
09:24:19.0527 1476 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1418000, BlocksNum 0xCB7C000
09:24:19.0527 1476 ============================================================
09:24:19.0558 1476 C: <-> \Device\Harddisk0\DR0\Partition1
09:24:19.0605 1476 D: <-> \Device\Harddisk0\DR0\Partition0
09:24:19.0605 1476 ============================================================
09:24:19.0605 1476 Initialize success
09:24:19.0605 1476 ============================================================
09:24:28.0294 1316 ============================================================
09:24:28.0294 1316 Scan started
09:24:28.0294 1316 Mode: Manual;
09:24:28.0294 1316 ============================================================
09:24:29.0823 1316 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
09:24:29.0839 1316 ACPI - ok
09:24:29.0932 1316 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:24:29.0932 1316 AdobeARMservice - ok
09:24:30.0026 1316 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
09:24:30.0057 1316 adp94xx - ok
09:24:30.0104 1316 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
09:24:30.0135 1316 adpahci - ok
09:24:30.0166 1316 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
09:24:30.0182 1316 adpu160m - ok
09:24:30.0213 1316 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
09:24:30.0229 1316 adpu320 - ok
09:24:30.0291 1316 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
09:24:30.0307 1316 AeLookupSvc - ok
09:24:30.0354 1316 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
09:24:30.0369 1316 AFD - ok
09:24:30.0416 1316 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
09:24:30.0416 1316 agp440 - ok
09:24:30.0447 1316 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:24:30.0447 1316 aic78xx - ok
09:24:30.0478 1316 ALG (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe
09:24:30.0478 1316 ALG - ok
09:24:30.0510 1316 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
09:24:30.0510 1316 aliide - ok
09:24:30.0541 1316 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
09:24:30.0541 1316 amdagp - ok
09:24:30.0556 1316 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
09:24:30.0556 1316 amdide - ok
09:24:30.0603 1316 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
09:24:30.0603 1316 AmdK7 - ok
09:24:30.0619 1316 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
09:24:30.0619 1316 AmdK8 - ok
09:24:30.0681 1316 Appinfo (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll
09:24:30.0681 1316 Appinfo - ok
09:24:30.0790 1316 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:24:30.0790 1316 Apple Mobile Device - ok
09:24:30.0837 1316 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
09:24:30.0837 1316 arc - ok
09:24:30.0884 1316 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
09:24:30.0900 1316 arcsas - ok
09:24:30.0915 1316 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
09:24:30.0915 1316 AsyncMac - ok
09:24:30.0946 1316 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
09:24:30.0962 1316 atapi - ok
09:24:31.0009 1316 AudioEndpointBuilder (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
09:24:31.0040 1316 AudioEndpointBuilder - ok
09:24:31.0040 1316 Audiosrv (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
09:24:31.0040 1316 Audiosrv - ok
09:24:31.0274 1316 AVG Security Toolbar Service (3a457c2f798cad79cd30224e723e01fb) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
09:24:31.0414 1316 AVG Security Toolbar Service - ok
09:24:31.0664 1316 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
09:24:31.0804 1316 AVGIDSAgent - ok
09:24:31.0960 1316 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
09:24:31.0960 1316 AVGIDSDriver - ok
09:24:31.0992 1316 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
09:24:32.0007 1316 AVGIDSEH - ok
09:24:32.0023 1316 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
09:24:32.0023 1316 AVGIDSFilter - ok
09:24:32.0054 1316 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
09:24:32.0101 1316 AVGIDSShim - ok
09:24:32.0163 1316 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
09:24:32.0210 1316 Avgldx86 - ok
09:24:32.0241 1316 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
09:24:32.0241 1316 Avgmfx86 - ok
09:24:32.0272 1316 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
09:24:32.0272 1316 Avgrkx86 - ok
09:24:32.0304 1316 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
09:24:32.0304 1316 Avgtdix - ok
09:24:32.0460 1316 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
09:24:32.0475 1316 avgwd - ok
09:24:32.0538 1316 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
09:24:32.0553 1316 BCM43XV - ok
09:24:32.0584 1316 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
09:24:32.0584 1316 bcm4sbxp - ok
09:24:32.0631 1316 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
09:24:32.0631 1316 Beep - ok
09:24:32.0725 1316 BITS (da551697e34d2b9943c8b1c8eaffe89a) C:\Windows\System32\qmgr.dll
09:24:32.0818 1316 BITS - ok
09:24:32.0834 1316 blbdrive - ok
09:24:32.0928 1316 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
09:24:32.0959 1316 Bonjour Service - ok
09:24:32.0990 1316 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
09:24:33.0006 1316 bowser - ok
09:24:33.0052 1316 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:24:33.0052 1316 BrFiltLo - ok
09:24:33.0099 1316 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:24:33.0099 1316 BrFiltUp - ok
09:24:33.0411 1316 Browser (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll
09:24:33.0411 1316 Browser - ok
09:24:33.0442 1316 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:24:33.0458 1316 Brserid - ok
09:24:33.0489 1316 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:24:33.0489 1316 BrSerWdm - ok
09:24:33.0505 1316 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:24:33.0505 1316 BrUsbMdm - ok
09:24:33.0520 1316 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:24:33.0520 1316 BrUsbSer - ok
09:24:33.0583 1316 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:24:33.0583 1316 BTHMODEM - ok
09:24:33.0708 1316 catchme - ok
09:24:33.0739 1316 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
09:24:33.0739 1316 cdfs - ok
09:24:33.0786 1316 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
09:24:33.0786 1316 cdrom - ok
09:24:33.0848 1316 CertPropSvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
09:24:33.0848 1316 CertPropSvc - ok
09:24:33.0864 1316 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
09:24:33.0864 1316 circlass - ok
09:24:33.0910 1316 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
09:24:33.0926 1316 CLFS - ok
09:24:34.0004 1316 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:24:34.0020 1316 clr_optimization_v2.0.50727_32 - ok
09:24:34.0066 1316 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
09:24:34.0066 1316 CmBatt - ok
09:24:34.0144 1316 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
09:24:34.0144 1316 cmdide - ok
09:24:34.0191 1316 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
09:24:34.0191 1316 Compbatt - ok
09:24:34.0207 1316 COMSysApp - ok
09:24:34.0238 1316 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
09:24:34.0238 1316 crcdisk - ok
09:24:34.0269 1316 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
09:24:34.0269 1316 Crusoe - ok
09:24:34.0347 1316 CryptSvc (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll
09:24:34.0347 1316 CryptSvc - ok
09:24:34.0410 1316 DcomLaunch (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
09:24:34.0441 1316 DcomLaunch - ok
09:24:34.0472 1316 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
09:24:34.0472 1316 DfsC - ok
09:24:34.0597 1316 DFSR (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe
09:24:34.0659 1316 DFSR - ok
09:24:34.0800 1316 Dhcp (dc45739bc22d528d2b3e50d3f6761750) C:\Windows\System32\dhcpcsvc.dll
09:24:34.0800 1316 Dhcp - ok
09:24:34.0878 1316 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
09:24:34.0878 1316 disk - ok
09:24:34.0956 1316 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\Windows\system32\DLA\DLABMFSM.SYS
09:24:34.0956 1316 DLABMFSM - ok
09:24:34.0987 1316 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\Windows\system32\DLA\DLABOIOM.SYS
09:24:34.0987 1316 DLABOIOM - ok
09:24:35.0002 1316 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\Windows\system32\Drivers\DLACDBHM.SYS
09:24:35.0002 1316 DLACDBHM - ok
09:24:35.0049 1316 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\Windows\system32\DLA\DLADResM.SYS
09:24:35.0049 1316 DLADResM - ok
09:24:35.0112 1316 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\Windows\system32\DLA\DLAIFS_M.SYS
09:24:35.0127 1316 DLAIFS_M - ok
09:24:35.0143 1316 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\Windows\system32\DLA\DLAOPIOM.SYS
09:24:35.0143 1316 DLAOPIOM - ok
09:24:35.0158 1316 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\Windows\system32\DLA\DLAPoolM.SYS
09:24:35.0158 1316 DLAPoolM - ok
09:24:35.0190 1316 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\Windows\system32\Drivers\DLARTL_M.SYS
09:24:35.0190 1316 DLARTL_M - ok
09:24:35.0221 1316 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\Windows\system32\DLA\DLAUDFAM.SYS
09:24:35.0236 1316 DLAUDFAM - ok
09:24:35.0252 1316 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\Windows\system32\DLA\DLAUDF_M.SYS
09:24:35.0268 1316 DLAUDF_M - ok
09:24:35.0299 1316 Dnscache (eecba1dd142bf8693c476be8f32fe253) C:\Windows\System32\dnsrslvr.dll
09:24:35.0314 1316 Dnscache - ok
09:24:35.0346 1316 dot3svc (1f795d214820e496bf1124434a6db546) C:\Windows\System32\dot3svc.dll
09:24:35.0361 1316 dot3svc - ok
09:24:35.0408 1316 DPS (032c90ad677bf7b7a8013d6087c7a921) C:\Windows\system32\dps.dll
09:24:35.0424 1316 DPS - ok
09:24:35.0455 1316 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
09:24:35.0455 1316 drmkaud - ok
09:24:35.0486 1316 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
09:24:35.0486 1316 DRVMCDB - ok
09:24:35.0502 1316 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\Windows\system32\Drivers\DRVNDDM.SYS
09:24:35.0502 1316 DRVNDDM - ok
09:24:35.0548 1316 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
09:24:35.0580 1316 DXGKrnl - ok
09:24:35.0642 1316 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:24:35.0658 1316 E1G60 - ok
09:24:35.0689 1316 EapHost (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll
09:24:35.0689 1316 EapHost - ok
09:24:35.0720 1316 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
09:24:35.0736 1316 Ecache - ok
09:24:35.0798 1316 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
09:24:35.0814 1316 elxstor - ok
09:24:35.0876 1316 EMDMgmt (3226fda08988526e819e364e8cce4cee) C:\Windows\system32\emdmgmt.dll
09:24:35.0907 1316 EMDMgmt - ok
09:24:35.0970 1316 EventSystem (7b4971c3d43525175a4ea0d143e0412e) C:\Windows\system32\es.dll
09:24:35.0985 1316 EventSystem - ok
09:24:36.0032 1316 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
09:24:36.0032 1316 fastfat - ok
09:24:36.0079 1316 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
09:24:36.0079 1316 fdc - ok
09:24:36.0110 1316 fdPHost (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll
09:24:36.0110 1316 fdPHost - ok
09:24:36.0141 1316 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
09:24:36.0141 1316 FDResPub - ok
09:24:36.0157 1316 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
09:24:36.0157 1316 FileInfo - ok
09:24:36.0157 1316 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
09:24:36.0172 1316 Filetrace - ok
09:24:36.0172 1316 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
09:24:36.0172 1316 flpydisk - ok
09:24:36.0219 1316 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
09:24:36.0219 1316 FltMgr - ok
09:24:36.0297 1316 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:24:36.0297 1316 FontCache3.0.0.0 - ok
09:24:36.0344 1316 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
09:24:36.0344 1316 Fs_Rec - ok
09:24:36.0360 1316 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
09:24:36.0375 1316 gagp30kx - ok
09:24:36.0422 1316 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:24:36.0422 1316 GEARAspiWDM - ok
09:24:36.0484 1316 gpsvc (bcf6589c42d8f6a20f33ef133ffe0524) C:\Windows\System32\gpsvc.dll
09:24:36.0516 1316 gpsvc - ok
09:24:36.0656 1316 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
09:24:36.0656 1316 gupdate - ok
09:24:36.0703 1316 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
09:24:36.0703 1316 gupdatem - ok
09:24:36.0750 1316 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:24:36.0765 1316 gusvc - ok
09:24:36.0812 1316 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
09:24:36.0828 1316 HdAudAddService - ok
09:24:36.0859 1316 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:24:36.0859 1316 HDAudBus - ok
09:24:36.0890 1316 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:24:36.0906 1316 HidBth - ok
09:24:36.0937 1316 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:24:36.0937 1316 HidIr - ok
09:24:37.0030 1316 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
09:24:37.0030 1316 hidserv - ok
09:24:37.0046 1316 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
09:24:37.0046 1316 HidUsb - ok
09:24:37.0093 1316 hkmsvc (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll
09:24:37.0093 1316 hkmsvc - ok
09:24:37.0140 1316 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
09:24:37.0140 1316 HpCISSs - ok
09:24:37.0186 1316 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
09:24:37.0218 1316 HSFHWAZL - ok
09:24:37.0280 1316 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
09:24:37.0311 1316 HSF_DPV - ok
09:24:37.0374 1316 HTTP (3c3cba3ce1a66439a960d4531a167c39) C:\Windows\system32\drivers\HTTP.sys
09:24:37.0389 1316 HTTP - ok
09:24:37.0405 1316 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
09:24:37.0405 1316 i2omp - ok
09:24:37.0467 1316 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
09:24:37.0467 1316 i8042prt - ok
09:24:37.0561 1316 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:24:37.0608 1316 ialm - ok
09:24:37.0639 1316 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
09:24:37.0654 1316 iaStorV - ok
09:24:37.0764 1316 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:24:37.0764 1316 IDriverT - ok
09:24:37.0873 1316 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:24:37.0920 1316 idsvc - ok
09:24:37.0951 1316 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:24:37.0951 1316 iirsp - ok
09:24:38.0044 1316 IKEEXT (35662fe4d8622f667aa5a5568f7f1b40) C:\Windows\System32\ikeext.dll
09:24:38.0060 1316 IKEEXT - ok
09:24:38.0154 1316 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys
09:24:38.0154 1316 intelide - ok
09:24:38.0169 1316 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
09:24:38.0169 1316 intelppm - ok
09:24:38.0200 1316 IPBusEnum (88cf5281ed9880d74dc9011cf8b5262d) C:\Windows\system32\ipbusenum.dll
09:24:38.0216 1316 IPBusEnum - ok
09:24:38.0232 1316 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:24:38.0232 1316 IpFilterDriver - ok
09:24:38.0278 1316 iphlpsvc (ecc9ad72cfc4ab41cf6a9bcc11f9fef6) C:\Windows\System32\iphlpsvc.dll
09:24:38.0294 1316 iphlpsvc - ok
09:24:38.0294 1316 IpInIp - ok
09:24:38.0356 1316 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
09:24:38.0356 1316 IPMIDRV - ok
09:24:38.0434 1316 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
09:24:38.0434 1316 IPNAT - ok
09:24:38.0544 1316 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe
09:24:38.0575 1316 iPod Service - ok
09:24:38.0622 1316 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
09:24:38.0622 1316 IRENUM - ok
09:24:38.0668 1316 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
09:24:38.0668 1316 isapnp - ok
09:24:38.0715 1316 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
09:24:38.0715 1316 iScsiPrt - ok
09:24:38.0762 1316 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:24:38.0762 1316 iteatapi - ok
09:24:38.0778 1316 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:24:38.0793 1316 iteraid - ok
09:24:38.0793 1316 jllwdb - ok
09:24:38.0840 1316 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
09:24:38.0840 1316 kbdclass - ok
09:24:38.0887 1316 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
09:24:38.0887 1316 kbdhid - ok
09:24:38.0918 1316 KeyIso (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
09:24:38.0934 1316 KeyIso - ok
09:24:38.0980 1316 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
09:24:38.0996 1316 KSecDD - ok
09:24:39.0058 1316 KtmRm (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll
09:24:39.0074 1316 KtmRm - ok
09:24:39.0121 1316 LanmanServer (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\System32\srvsvc.dll
09:24:39.0152 1316 LanmanServer - ok
09:24:39.0183 1316 LanmanWorkstation (435f0f6dc87a4b5da78f1fa309884189) C:\Windows\System32\wkssvc.dll
09:24:39.0230 1316 LanmanWorkstation - ok
09:24:39.0277 1316 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
09:24:39.0277 1316 lltdio - ok
09:24:39.0292 1316 lltdsvc (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll
09:24:39.0308 1316 lltdsvc - ok
09:24:39.0324 1316 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
09:24:39.0339 1316 lmhosts - ok
09:24:39.0386 1316 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
09:24:39.0386 1316 LSI_FC - ok
09:24:39.0402 1316 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
09:24:39.0402 1316 LSI_SAS - ok
09:24:39.0417 1316 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
09:24:39.0417 1316 LSI_SCSI - ok
09:24:39.0480 1316 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
09:24:39.0480 1316 luafv - ok
09:24:39.0589 1316 McAfee SiteAdvisor Service (6c3d154fff0a97a6c3d9f78d60c41655) c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
09:24:39.0589 1316 McAfee SiteAdvisor Service - ok
09:24:39.0667 1316 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
09:24:39.0682 1316 McComponentHostService - ok
09:24:39.0714 1316 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
09:24:39.0714 1316 megasas - ok
09:24:39.0792 1316 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:24:39.0807 1316 Microsoft Office Groove Audit Service - ok
09:24:39.0854 1316 MMCSS (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
09:24:39.0854 1316 MMCSS - ok
09:24:39.0854 1316 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
09:24:39.0854 1316 Modem - ok
09:24:39.0901 1316 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
09:24:39.0901 1316 monitor - ok
09:24:39.0916 1316 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
09:24:39.0916 1316 mouclass - ok
09:24:39.0948 1316 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
09:24:39.0948 1316 mouhid - ok
09:24:39.0963 1316 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
09:24:39.0963 1316 MountMgr - ok
09:24:40.0010 1316 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
09:24:40.0010 1316 mpio - ok
09:24:40.0057 1316 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
09:24:40.0057 1316 mpsdrv - ok
09:24:40.0088 1316 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:24:40.0088 1316 Mraid35x - ok
09:24:40.0119 1316 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
09:24:40.0135 1316 MRxDAV - ok
09:24:40.0166 1316 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:24:40.0166 1316 mrxsmb - ok
09:24:40.0213 1316 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:24:40.0213 1316 mrxsmb10 - ok
09:24:40.0244 1316 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:24:40.0244 1316 mrxsmb20 - ok
09:24:40.0291 1316 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
09:24:40.0291 1316 msahci - ok
09:24:40.0369 1316 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
09:24:40.0369 1316 msdsm - ok
09:24:40.0431 1316 MSDTC (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe
09:24:40.0431 1316 MSDTC - ok
09:24:40.0462 1316 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
09:24:40.0462 1316 Msfs - ok
09:24:40.0509 1316 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
09:24:40.0525 1316 msisadrv - ok
09:24:40.0572 1316 MSiSCSI (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll
09:24:40.0587 1316 MSiSCSI - ok
09:24:40.0587 1316 msiserver - ok
09:24:40.0634 1316 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
09:24:40.0634 1316 MSKSSRV - ok
09:24:40.0650 1316 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
09:24:40.0650 1316 MSPCLOCK - ok
09:24:40.0696 1316 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
09:24:40.0696 1316 MSPQM - ok
09:24:40.0728 1316 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
09:24:40.0743 1316 MsRPC - ok
09:24:40.0759 1316 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
09:24:40.0759 1316 mssmbios - ok
09:24:40.0774 1316 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
09:24:40.0774 1316 MSTEE - ok
09:24:40.0806 1316 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
09:24:40.0806 1316 Mup - ok
09:24:40.0868 1316 napagent (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll
09:24:40.0884 1316 napagent - ok
09:24:40.0915 1316 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
09:24:40.0930 1316 NativeWifiP - ok
09:24:40.0977 1316 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
09:24:40.0993 1316 NDIS - ok
09:24:41.0040 1316 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
09:24:41.0040 1316 NdisTapi - ok
09:24:41.0055 1316 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
09:24:41.0055 1316 Ndisuio - ok
09:24:41.0086 1316 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
09:24:41.0086 1316 NdisWan - ok
09:24:41.0102 1316 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
09:24:41.0102 1316 NDProxy - ok
09:24:41.0118 1316 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
09:24:41.0118 1316 NetBIOS - ok
09:24:41.0164 1316 Netlogon (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
09:24:41.0164 1316 Netlogon - ok
09:24:41.0211 1316 Netman (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32\netman.dll
09:24:41.0227 1316 Netman - ok
09:24:41.0242 1316 netprofm (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32\netprofm.dll
09:24:41.0258 1316 netprofm - ok
09:24:41.0320 1316 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:24:41.0336 1316 NetTcpPortSharing - ok
09:24:41.0398 1316 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:24:41.0398 1316 nfrd960 - ok
09:24:41.0430 1316 NlaSvc (c424117a562f2de37a42266894c79aeb) C:\Windows\System32\nlasvc.dll
09:24:41.0430 1316 NlaSvc - ok
09:24:41.0445 1316 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
09:24:41.0445 1316 Npfs - ok
09:24:41.0476 1316 nsi (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32\nsisvc.dll
09:24:41.0476 1316 nsi - ok
09:24:41.0508 1316 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
09:24:41.0508 1316 nsiproxy - ok
09:24:41.0586 1316 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
09:24:41.0632 1316 Ntfs - ok
09:24:41.0679 1316 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:24:41.0679 1316 ntrigdigi - ok
09:24:41.0710 1316 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
09:24:41.0710 1316 Null - ok
09:24:41.0773 1316 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
09:24:41.0788 1316 nvraid - ok
09:24:41.0804 1316 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
09:24:41.0804 1316 nvstor - ok
09:24:41.0882 1316 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
09:24:41.0944 1316 nv_agp - ok
09:24:41.0944 1316 NwlnkFlt - ok
09:24:41.0960 1316 NwlnkFwd - ok
09:24:42.0085 1316 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:24:42.0100 1316 odserv - ok
09:24:42.0132 1316 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
09:24:42.0132 1316 ohci1394 - ok
09:24:42.0178 1316 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:24:42.0210 1316 ose - ok
09:24:42.0303 1316 p2pimsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
09:24:42.0334 1316 p2pimsvc - ok
09:24:42.0366 1316 p2psvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
09:24:42.0366 1316 p2psvc - ok
09:24:42.0397 1316 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:24:42.0412 1316 Parport - ok
09:24:42.0428 1316 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
09:24:42.0428 1316 partmgr - ok
09:24:42.0459 1316 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:24:42.0475 1316 Parvdm - ok
09:24:42.0490 1316 PcaSvc (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll
09:24:42.0490 1316 PcaSvc - ok
09:24:42.0506 1316 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
09:24:42.0522 1316 pci - ok
09:24:42.0568 1316 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
09:24:42.0584 1316 pciide - ok
09:24:42.0615 1316 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:24:42.0615 1316 pcmcia - ok
09:24:42.0693 1316 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:24:42.0724 1316 PEAUTH - ok
09:24:42.0849 1316 pla (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll
09:24:42.0896 1316 pla - ok
09:24:42.0943 1316 PlugPlay (747bb4c31f3b6e8d1b5ed0ad61518cb5) C:\Windows\system32\umpnpmgr.dll
09:24:42.0958 1316 PlugPlay - ok
09:24:43.0005 1316 PNRPAutoReg (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
09:24:43.0021 1316 PNRPAutoReg - ok
09:24:43.0021 1316 PNRPsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
09:24:43.0036 1316 PNRPsvc - ok
09:24:43.0099 1316 PolicyAgent (5ebdec613bd377ce9a85382be5c6b83b) C:\Windows\System32\ipsecsvc.dll
09:24:43.0114 1316 PolicyAgent - ok
09:24:43.0208 1316 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
09:24:43.0208 1316 PptpMiniport - ok
09:24:43.0224 1316 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
09:24:43.0239 1316 Processor - ok
09:24:43.0270 1316 ProfSvc (213112e152e68f0e4705e36f052a2880) C:\Windows\system32\profsvc.dll
09:24:43.0286 1316 ProfSvc - ok
09:24:43.0302 1316 ProtectedStorage (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
09:24:43.0302 1316 ProtectedStorage - ok
09:24:43.0348 1316 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
09:24:43.0348 1316 PSched - ok
09:24:43.0380 1316 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
09:24:43.0395 1316 PxHelp20 - ok
09:24:43.0504 1316 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
09:24:43.0536 1316 ql2300 - ok
09:24:43.0567 1316 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:24:43.0582 1316 ql40xx - ok
09:24:43.0645 1316 QWAVE (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll
09:24:43.0660 1316 QWAVE - ok
09:24:43.0692 1316 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
09:24:43.0692 1316 QWAVEdrv - ok
09:24:43.0707 1316 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
09:24:43.0707 1316 RasAcd - ok
09:24:43.0723 1316 RasAuto (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32\rasauto.dll
09:24:43.0723 1316 RasAuto - ok
09:24:43.0754 1316 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:24:43.0770 1316 Rasl2tp - ok
09:24:43.0785 1316 RasMan (11d65e29bc9d1e4114d18fe68194394c) C:\Windows\System32\rasmans.dll
09:24:43.0816 1316 RasMan - ok
09:24:43.0832 1316 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
09:24:43.0832 1316 RasPppoe - ok
09:24:43.0863 1316 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
09:24:43.0863 1316 rdbss - ok
09:24:43.0894 1316 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:24:43.0894 1316 RDPCDD - ok
09:24:43.0957 1316 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
09:24:43.0957 1316 rdpdr - ok
09:24:43.0972 1316 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
09:24:43.0972 1316 RDPENCDD - ok
09:24:44.0035 1316 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
09:24:44.0050 1316 RDPWD - ok
09:24:44.0082 1316 RemoteAccess (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll
09:24:44.0097 1316 RemoteAccess - ok
09:24:44.0128 1316 RemoteRegistry (9a043808667c8c1893da7275af373f0e) C:\Windows\system32\regsvc.dll
09:24:44.0144 1316 RemoteRegistry - ok
09:24:44.0175 1316 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
09:24:44.0175 1316 rimmptsk - ok
09:24:44.0222 1316 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
09:24:44.0222 1316 rimsptsk - ok
09:24:44.0253 1316 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
09:24:44.0253 1316 rismxdp - ok
09:24:44.0378 1316 RoxMediaDB9 (ebcde8b48fadc6479d96a56d0a432160) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
09:24:44.0409 1316 RoxMediaDB9 - ok
09:24:44.0456 1316 RoxWatch9 (ab2b1de1c8f31efce2384b14b3dc4260) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
09:24:44.0472 1316 RoxWatch9 - ok
09:24:44.0503 1316 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
09:24:44.0503 1316 RpcLocator - ok
09:24:44.0565 1316 RpcSs (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
09:24:44.0565 1316 RpcSs - ok
09:24:44.0659 1316 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
09:24:44.0659 1316 rspndr - ok
09:24:44.0690 1316 SamSs (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
09:24:44.0690 1316 SamSs - ok
09:24:44.0721 1316 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:24:44.0737 1316 sbp2port - ok
09:24:44.0799 1316 SCardSvr (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll
09:24:44.0799 1316 SCardSvr - ok
09:24:44.0862 1316 Schedule (886cec884b5be29ab9828b8ab46b11f7) C:\Windows\system32\schedsvc.dll
09:24:44.0893 1316 Schedule - ok
09:24:44.0940 1316 SCPolicySvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
09:24:44.0940 1316 SCPolicySvc - ok
09:24:44.0971 1316 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
09:24:44.0986 1316 sdbus - ok
09:24:45.0018 1316 SDRSVC (f7b6bf02240d0a764adf8c8966735552) C:\Windows\System32\SDRSVC.dll
09:24:45.0033 1316 SDRSVC - ok
09:24:45.0064 1316 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:24:45.0064 1316 secdrv - ok
09:24:45.0080 1316 seclogon (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll
09:24:45.0080 1316 seclogon - ok
09:24:45.0096 1316 SENS (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\System32\sens.dll
09:24:45.0096 1316 SENS - ok
09:24:45.0142 1316 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:24:45.0142 1316 Serenum - ok
09:24:45.0174 1316 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:24:45.0189 1316 Serial - ok
09:24:45.0236 1316 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
09:24:45.0236 1316 sermouse - ok
09:24:45.0283 1316 SessionEnv (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll
09:24:45.0298 1316 SessionEnv - ok
09:24:45.0345 1316 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
09:24:45.0345 1316 sffdisk - ok
09:24:45.0423 1316 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
09:24:45.0454 1316 sffp_mmc - ok
09:24:45.0486 1316 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
09:24:45.0486 1316 sffp_sd - ok
09:24:45.0548 1316 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:24:45.0579 1316 sfloppy - ok
09:24:45.0610 1316 SharedAccess (9a82bf4c90b00a63150a606a1e2fd82b) C:\Windows\System32\ipnathlp.dll
09:24:45.0626 1316 SharedAccess - ok
09:24:45.0673 1316 ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll
09:24:45.0688 1316 ShellHWDetection - ok
09:24:45.0720 1316 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
09:24:45.0720 1316 sisagp - ok
09:24:45.0751 1316 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
09:24:45.0751 1316 SiSRaid2 - ok
09:24:45.0766 1316 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
09:24:45.0766 1316 SiSRaid4 - ok
09:24:45.0922 1316 slsvc (a1dcd30534835cb67733ad00175125a6) C:\Windows\system32\SLsvc.exe
09:24:46.0000 1316 slsvc - ok
09:24:46.0078 1316 SLUINotify (56da296e7b376a727e7bdc5ac7fbee02) C:\Windows\system32\SLUINotify.dll
09:24:46.0078 1316 SLUINotify - ok
09:24:46.0156 1316 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
09:24:46.0172 1316 Smb - ok
09:24:46.0219 1316 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
09:24:46.0219 1316 SNMPTRAP - ok
09:24:46.0250 1316 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
09:24:46.0266 1316 spldr - ok
09:24:46.0281 1316 Spooler (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe
09:24:46.0281 1316 Spooler - ok
09:24:46.0344 1316 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
09:24:46.0390 1316 srv - ok
09:24:46.0422 1316 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
09:24:46.0437 1316 srv2 - ok
09:24:46.0453 1316 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
09:24:46.0468 1316 srvnet - ok
09:24:46.0484 1316 SSDPSRV (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll
09:24:46.0515 1316 SSDPSRV - ok
09:24:46.0562 1316 stisvc (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll
09:24:46.0578 1316 stisvc - ok
09:24:46.0609 1316 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
09:24:46.0609 1316 swenum - ok
09:24:46.0656 1316 swprv (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll
09:24:46.0671 1316 swprv - ok
09:24:46.0702 1316 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:24:46.0718 1316 Symc8xx - ok
09:24:46.0749 1316 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:24:46.0749 1316 Sym_hi - ok
09:24:46.0765 1316 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:24:46.0765 1316 Sym_u3 - ok
09:24:46.0812 1316 SysMain (8f2b5fede18bd3c4c926cbf88e6f1264) C:\Windows\system32\sysmain.dll
09:24:46.0843 1316 SysMain - ok
09:24:46.0858 1316 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
09:24:46.0858 1316 TabletInputService - ok
09:24:46.0890 1316 TapiSrv (ef3dd33c740fc2f82e7e4622f1c49289) C:\Windows\System32\tapisrv.dll
09:24:46.0921 1316 TapiSrv - ok
09:24:46.0936 1316 TBS (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32\tbssvc.dll
09:24:46.0952 1316 TBS - ok
09:24:47.0014 1316 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
09:24:47.0061 1316 Tcpip - ok
09:24:47.0061 1316 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
09:24:47.0077 1316 Tcpip6 - ok
09:24:47.0108 1316 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
09:24:47.0108 1316 tcpipreg - ok
09:24:47.0139 1316 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
09:24:47.0139 1316 TDPIPE - ok
09:24:47.0170 1316 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
09:24:47.0170 1316 TDTCP - ok
09:24:47.0186 1316 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
09:24:47.0202 1316 tdx - ok
09:24:47.0202 1316 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
09:24:47.0217 1316 TermDD - ok
09:24:47.0280 1316 TermService (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32\termsrv.dll
09:24:47.0295 1316 TermService - ok
09:24:47.0326 1316 Themes (b264dfa21677728613267fe63802b332) C:\Windows\system32\shsvcs.dll
09:24:47.0326 1316 Themes - ok
09:24:47.0358 1316 THREADORDER (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
09:24:47.0358 1316 THREADORDER - ok
09:24:47.0373 1316 TrkWks (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32\trkwks.dll
09:24:47.0389 1316 TrkWks - ok
09:24:47.0436 1316 TrustedInstaller (34e388a395fedba1d0511ed39bbf4074) C:\Windows\servicing\TrustedInstaller.exe
09:24:47.0436 1316 TrustedInstaller - ok
09:24:47.0482 1316 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:24:47.0482 1316 tssecsrv - ok
09:24:47.0529 1316 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
09:24:47.0529 1316 tunmp - ok
09:24:47.0576 1316 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
09:24:47.0592 1316 tunnel - ok
09:24:47.0638 1316 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
09:24:47.0670 1316 uagp35 - ok
09:24:47.0701 1316 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
09:24:47.0716 1316 udfs - ok
09:24:47.0748 1316 UI0Detect (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe
09:24:47.0748 1316 UI0Detect - ok
09:24:47.0779 1316 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
09:24:47.0779 1316 uliagpkx - ok
09:24:47.0810 1316 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
09:24:47.0841 1316 uliahci - ok
09:24:47.0872 1316 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:24:47.0872 1316 UlSata - ok
09:24:47.0904 1316 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:24:47.0919 1316 ulsata2 - ok
09:24:47.0966 1316 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
09:24:47.0966 1316 umbus - ok
09:24:47.0997 1316 upnphost (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll
09:24:48.0013 1316 upnphost - ok
09:24:48.0044 1316 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
09:24:48.0044 1316 usbccgp - ok
09:24:48.0075 1316 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:24:48.0075 1316 usbcir - ok
09:24:48.0138 1316 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
09:24:48.0153 1316 usbehci - ok
09:24:48.0169 1316 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
09:24:48.0184 1316 usbhub - ok
09:24:48.0200 1316 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
09:24:48.0200 1316 usbohci - ok
09:24:48.0231 1316 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
09:24:48.0231 1316 usbprint - ok
09:24:48.0294 1316 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:24:48.0309 1316 USBSTOR - ok
09:24:48.0340 1316 usbuhci (d864735b0bfcb65440960a0b7cc1a38d) C:\Windows\system32\DRIVERS\usbuhci.sys
09:24:48.0340 1316 usbuhci - ok
09:24:48.0387 1316 UxSms (f79d0d7c9004474cb42746d9b2c30a2b) C:\Windows\System32\uxsms.dll
09:24:48.0387 1316 UxSms - ok
09:24:48.0434 1316 vds (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe
09:24:48.0450 1316 vds - ok
09:24:48.0481 1316 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
09:24:48.0496 1316 vga - ok
09:24:48.0528 1316 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
09:24:48.0528 1316 VgaSave - ok
09:24:48.0559 1316 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
09:24:48.0559 1316 viaagp - ok
09:24:48.0590 1316 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
09:24:48.0590 1316 ViaC7 - ok
09:24:48.0621 1316 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
09:24:48.0621 1316 viaide - ok
09:24:48.0637 1316 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
09:24:48.0637 1316 volmgr - ok
09:24:48.0668 1316 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
09:24:48.0684 1316 volmgrx - ok
09:24:48.0715 1316 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
09:24:48.0746 1316 volsnap - ok
09:24:48.0762 1316 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
09:24:48.0777 1316 vsmraid - ok
09:24:48.0840 1316 VSS (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe
09:24:48.0886 1316 VSS - ok
09:24:49.0027 1316 vToolbarUpdater (980e45498392e6659d2e7c44e7de2336) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
09:24:49.0058 1316 vToolbarUpdater - ok
09:24:49.0167 1316 W32Time (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll
09:24:49.0183 1316 W32Time - ok
09:24:49.0261 1316 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:24:49.0261 1316 WacomPen - ok
09:24:49.0308 1316 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
09:24:49.0308 1316 Wanarp - ok
09:24:49.0323 1316 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
09:24:49.0323 1316 Wanarpv6 - ok
09:24:49.0354 1316 wcncsvc (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll
09:24:49.0370 1316 wcncsvc - ok
09:24:49.0386 1316 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
09:24:49.0386 1316 WcsPlugInService - ok
09:24:49.0401 1316 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
09:24:49.0401 1316 Wd - ok
09:24:49.0464 1316 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
09:24:49.0495 1316 Wdf01000 - ok
09:24:49.0510 1316 WdiServiceHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
09:24:49.0510 1316 WdiServiceHost - ok
09:24:49.0526 1316 WdiSystemHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
09:24:49.0526 1316 WdiSystemHost - ok
09:24:49.0573 1316 WebClient (01e41c264eedcb827820a1909162579f) C:\Windows\System32\webclnt.dll
09:24:49.0604 1316 WebClient - ok
09:24:49.0620 1316 Wecsvc (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll
09:24:49.0635 1316 Wecsvc - ok
09:24:49.0651 1316 wercplsupport (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll
09:24:49.0666 1316 wercplsupport - ok
09:24:49.0682 1316 WerSvc (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll
09:24:49.0698 1316 WerSvc - ok
09:24:49.0760 1316 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
09:24:49.0791 1316 winachsf - ok
09:24:49.0900 1316 WinDefend (0d5ad0e71ff5ddac5dd2f443b499abd0) C:\Program Files\Windows Defender\mpsvc.dll
09:24:49.0932 1316 WinDefend - ok
09:24:49.0932 1316 WinHttpAutoProxySvc - ok
09:24:50.0010 1316 Winmgmt (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll
09:24:50.0025 1316 Winmgmt - ok
09:24:50.0072 1316 WinRM (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll
09:24:50.0103 1316 WinRM - ok
09:24:50.0181 1316 Wlansvc (7640acea41348bfef34b76e245501261) C:\Windows\System32\wlansvc.dll
09:24:50.0197 1316 Wlansvc - ok
09:24:50.0259 1316 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:24:50.0259 1316 WmiAcpi - ok
09:24:50.0290 1316 wmiApSrv (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe
09:24:50.0290 1316 wmiApSrv - ok
09:24:50.0446 1316 WMPNetworkSvc (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:24:50.0478 1316 WMPNetworkSvc - ok
09:24:50.0509 1316 WPCSvc (3d3b3b80c12abe506f56930c46422c28) C:\Windows\System32\wpcsvc.dll
09:24:50.0524 1316 WPCSvc - ok
09:24:50.0571 1316 WPDBusEnum (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll
09:24:50.0587 1316 WPDBusEnum - ok
09:24:50.0618 1316 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
09:24:50.0618 1316 ws2ifsl - ok
09:24:50.0649 1316 wscsvc (f97cbb919af6d0a6643d1a59c15014d1) C:\Windows\system32\wscsvc.dll
09:24:50.0649 1316 wscsvc - ok
09:24:50.0649 1316 WSearch - ok
09:24:50.0790 1316 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
09:24:50.0852 1316 wuauserv - ok
09:24:50.0992 1316 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:24:51.0008 1316 WUDFRd - ok
09:24:51.0039 1316 wudfsvc (db5bf5aab72b1b99b5331231d09ebb26) C:\Windows\System32\WUDFSvc.dll
09:24:51.0055 1316 wudfsvc - ok
09:24:51.0102 1316 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:24:51.0226 1316 \Device\Harddisk0\DR0 - ok
09:24:51.0242 1316 Boot (0x1200) (3d4e746db8adf4e4c32b249bffe717d3) \Device\Harddisk0\DR0\Partition0
09:24:51.0242 1316 \Device\Harddisk0\DR0\Partition0 - ok
09:24:51.0242 1316 Boot (0x1200) (380cfb84d0cac24bdca19adb8de4cdd1) \Device\Harddisk0\DR0\Partition1
09:24:51.0242 1316 \Device\Harddisk0\DR0\Partition1 - ok
09:24:51.0258 1316 ============================================================
09:24:51.0258 1316 Scan finished
09:24:51.0258 1316 ============================================================
09:24:51.0273 1976 Detected object count: 0
09:24:51.0273 1976 Actual detected object count: 0
09:25:39.0321 1744 Deinitialize success

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 PM

Posted 11 May 2012 - 01:14 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
netbt.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 PM

Posted 13 May 2012 - 11:42 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 KevinRt66

KevinRt66
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 14 May 2012 - 11:37 AM

Sorry, i should be able to get back to you in the next 2-3 days. Thanks

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:19 PM

Posted 14 May 2012 - 12:36 PM

No problem and I will check on you in a couple of days if I have not heard from you



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users