Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Live security Platinum (one more)


  • This topic is locked This topic is locked
3 replies to this topic

#1 jwh Bob

jwh Bob

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Luxembourg
  • Local time:08:13 AM

Posted 29 June 2012 - 08:27 AM

Hi,

Someone here managed to get this trojan, the usual "I didn't do nothing, it just blew up..."

So fare I followed some of the instructions I found in another Topic:

in safe mode:

TDSSkiller


aswMBR


ESET online scanner

As far as I understand the logs hereafter neither TDSSkiller nor aswMBR found something, but ESET did: found 71 infections, could clean 70 of them.
Unfortunately I didn't save that log (yes, you're right, blame me).

Then I did ESET in "normal mode. Got 2more files and cleaned them and this time I saved the log too.

Went to get: http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Malwarebytes found each time, but, as fare as I understand, wan't able to delete.

Did malwarebytes several times, alway with the same result. After re-booting announces that there is some more and tries to quarantine.

At this level I stopped, hoping you could guide me further.

Many thanks for your time

Bob


Here come the logs:

16:11:52.0669 1680 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
16:11:52.0731 1680 ============================================================
16:11:52.0731 1680 Current date / time: 2012/06/28 16:11:52.0731
16:11:52.0731 1680 SystemInfo:
16:11:52.0731 1680
16:11:52.0731 1680 OS Version: 6.1.7601 ServicePack: 1.0
16:11:52.0731 1680 Product type: Workstation
16:11:52.0731 1680 ComputerName: S26
16:11:52.0731 1680 UserName: sabre
16:11:52.0731 1680 Windows directory: C:\Windows
16:11:52.0731 1680 System windows directory: C:\Windows
16:11:52.0731 1680 Processor architecture: Intel x86
16:11:52.0731 1680 Number of processors: 2
16:11:52.0731 1680 Page size: 0x1000
16:11:52.0731 1680 Boot type: Safe boot with network
16:11:52.0731 1680 ============================================================
16:11:53.0449 1680 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:11:53.0449 1680 ============================================================
16:11:53.0449 1680 \Device\Harddisk0\DR0:
16:11:53.0449 1680 MBR partitions:
16:11:53.0449 1680 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1FF800
16:11:53.0449 1680 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x200000, BlocksNum 0x12190800
16:11:53.0449 1680 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12390800, BlocksNum 0x684000
16:11:53.0449 1680 ============================================================
16:11:53.0464 1680 C: <-> \Device\Harddisk0\DR0\Partition1
16:11:53.0495 1680 D: <-> \Device\Harddisk0\DR0\Partition2
16:11:53.0495 1680 ============================================================
16:11:53.0495 1680 Initialize success
16:11:53.0495 1680 ============================================================
16:12:36.0208 0676 ============================================================
16:12:36.0208 0676 Scan started
16:12:36.0208 0676 Mode: Manual; TDLFS;
16:12:36.0208 0676 ============================================================
16:12:36.0520 0676 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
16:12:36.0520 0676 1394ohci - ok
16:12:36.0583 0676 ac.sharedstore (00659e56339389469473aec41587e706) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
16:12:36.0583 0676 ac.sharedstore - ok
16:12:36.0630 0676 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
16:12:36.0630 0676 ACPI - ok
16:12:36.0661 0676 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
16:12:36.0661 0676 AcpiPmi - ok
16:12:36.0739 0676 ADIHdAudAddService (6c61bceb60c2c187e6f96001fd69493e) C:\Windows\system32\drivers\ADIHdAud.sys
16:12:36.0739 0676 ADIHdAudAddService - ok
16:12:36.0770 0676 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:12:36.0786 0676 adp94xx - ok
16:12:36.0801 0676 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:12:36.0801 0676 adpahci - ok
16:12:36.0817 0676 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:12:36.0817 0676 adpu320 - ok
16:12:36.0864 0676 AEADIFilters (4dc6b0772d1698f04fc79053a21c8260) C:\Windows\system32\AEADISRV.EXE
16:12:36.0864 0676 AEADIFilters - ok
16:12:36.0879 0676 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
16:12:36.0879 0676 AeLookupSvc - ok
16:12:36.0942 0676 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
16:12:36.0942 0676 AFD - ok
16:12:36.0973 0676 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
16:12:36.0973 0676 agp440 - ok
16:12:37.0004 0676 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:12:37.0004 0676 aic78xx - ok
16:12:37.0035 0676 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
16:12:37.0035 0676 ALG - ok
16:12:37.0051 0676 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
16:12:37.0066 0676 aliide - ok
16:12:37.0066 0676 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
16:12:37.0082 0676 amdagp - ok
16:12:37.0082 0676 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
16:12:37.0082 0676 amdide - ok
16:12:37.0113 0676 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:12:37.0113 0676 AmdK8 - ok
16:12:37.0129 0676 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:12:37.0129 0676 AmdPPM - ok
16:12:37.0144 0676 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
16:12:37.0144 0676 amdsata - ok
16:12:37.0160 0676 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:12:37.0160 0676 amdsbs - ok
16:12:37.0176 0676 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
16:12:37.0176 0676 amdxata - ok
16:12:37.0207 0676 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
16:12:37.0207 0676 AppID - ok
16:12:37.0238 0676 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
16:12:37.0238 0676 AppIDSvc - ok
16:12:37.0269 0676 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
16:12:37.0269 0676 Appinfo - ok
16:12:37.0363 0676 Application Updater (592f7ae254995274e166eec95c28f551) C:\Program Files\Application Updater\ApplicationUpdater.exe
16:12:37.0378 0676 Application Updater - ok
16:12:37.0425 0676 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
16:12:37.0425 0676 AppMgmt - ok
16:12:37.0441 0676 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:12:37.0456 0676 arc - ok
16:12:37.0456 0676 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:12:37.0472 0676 arcsas - ok
16:12:37.0488 0676 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:12:37.0488 0676 AsyncMac - ok
16:12:37.0566 0676 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
16:12:37.0566 0676 atapi - ok
16:12:37.0612 0676 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:12:37.0612 0676 AudioEndpointBuilder - ok
16:12:37.0612 0676 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:12:37.0612 0676 Audiosrv - ok
16:12:37.0722 0676 AVP (5e3f0aaea4642bf184deea311c7201de) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
16:12:37.0722 0676 AVP - ok
16:12:37.0753 0676 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
16:12:37.0753 0676 AxInstSV - ok
16:12:37.0784 0676 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:12:37.0800 0676 b06bdrv - ok
16:12:37.0831 0676 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:12:37.0831 0676 b57nd60x - ok
16:12:37.0878 0676 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
16:12:37.0878 0676 BDESVC - ok
16:12:37.0909 0676 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:12:37.0909 0676 Beep - ok
16:12:37.0940 0676 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
16:12:37.0956 0676 BITS - ok
16:12:37.0971 0676 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:12:37.0971 0676 blbdrive - ok
16:12:37.0987 0676 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
16:12:37.0987 0676 bowser - ok
16:12:38.0018 0676 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:12:38.0018 0676 BrFiltLo - ok
16:12:38.0034 0676 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:12:38.0034 0676 BrFiltUp - ok
16:12:38.0065 0676 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
16:12:38.0065 0676 Browser - ok
16:12:38.0080 0676 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:12:38.0080 0676 Brserid - ok
16:12:38.0096 0676 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:12:38.0096 0676 BrSerWdm - ok
16:12:38.0096 0676 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:12:38.0096 0676 BrUsbMdm - ok
16:12:38.0112 0676 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:12:38.0112 0676 BrUsbSer - ok
16:12:38.0127 0676 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:12:38.0127 0676 BTHMODEM - ok
16:12:38.0158 0676 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
16:12:38.0158 0676 bthserv - ok
16:12:38.0190 0676 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:12:38.0190 0676 cdfs - ok
16:12:38.0221 0676 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
16:12:38.0221 0676 cdrom - ok
16:12:38.0268 0676 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:12:38.0268 0676 CertPropSvc - ok
16:12:38.0283 0676 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:12:38.0283 0676 circlass - ok
16:12:38.0314 0676 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:12:38.0314 0676 CLFS - ok
16:12:38.0377 0676 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:12:38.0377 0676 clr_optimization_v2.0.50727_32 - ok
16:12:38.0455 0676 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:12:38.0470 0676 clr_optimization_v4.0.30319_32 - ok
16:12:38.0486 0676 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:12:38.0502 0676 CmBatt - ok
16:12:38.0517 0676 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
16:12:38.0517 0676 cmdide - ok
16:12:38.0533 0676 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
16:12:38.0533 0676 CNG - ok
16:12:38.0548 0676 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:12:38.0548 0676 Compbatt - ok
16:12:38.0595 0676 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
16:12:38.0595 0676 CompositeBus - ok
16:12:38.0611 0676 COMSysApp - ok
16:12:38.0611 0676 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:12:38.0626 0676 crcdisk - ok
16:12:38.0658 0676 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
16:12:38.0658 0676 CryptSvc - ok
16:12:38.0720 0676 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
16:12:38.0720 0676 CSC - ok
16:12:38.0736 0676 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
16:12:38.0767 0676 CscService - ok
16:12:38.0782 0676 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
16:12:38.0782 0676 DcomLaunch - ok
16:12:38.0798 0676 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
16:12:38.0814 0676 defragsvc - ok
16:12:38.0876 0676 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
16:12:38.0876 0676 DfsC - ok
16:12:38.0907 0676 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
16:12:38.0923 0676 Dhcp - ok
16:12:38.0938 0676 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:12:38.0938 0676 discache - ok
16:12:38.0970 0676 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:12:38.0970 0676 Disk - ok
16:12:39.0001 0676 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
16:12:39.0001 0676 Dnscache - ok
16:12:39.0032 0676 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
16:12:39.0032 0676 dot3svc - ok
16:12:39.0048 0676 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
16:12:39.0048 0676 DPS - ok
16:12:39.0079 0676 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:12:39.0079 0676 drmkaud - ok
16:12:39.0126 0676 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
16:12:39.0126 0676 DXGKrnl - ok
16:12:39.0157 0676 e1kexpress (d92c55f009673aa3fb5469cb3586fd96) C:\Windows\system32\DRIVERS\e1k6232.sys
16:12:39.0157 0676 e1kexpress - ok
16:12:39.0188 0676 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
16:12:39.0188 0676 EapHost - ok
16:12:39.0282 0676 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:12:39.0391 0676 ebdrv - ok
16:12:39.0469 0676 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
16:12:39.0469 0676 EFS - ok
16:12:39.0516 0676 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
16:12:39.0516 0676 ehRecvr - ok
16:12:39.0531 0676 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
16:12:39.0547 0676 ehSched - ok
16:12:39.0594 0676 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:12:39.0594 0676 elxstor - ok
16:12:39.0625 0676 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
16:12:39.0625 0676 ErrDev - ok
16:12:39.0656 0676 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
16:12:39.0656 0676 EventSystem - ok
16:12:39.0687 0676 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:12:39.0687 0676 exfat - ok
16:12:39.0703 0676 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:12:39.0703 0676 fastfat - ok
16:12:39.0750 0676 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
16:12:39.0765 0676 Fax - ok
16:12:39.0781 0676 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:12:39.0781 0676 fdc - ok
16:12:39.0796 0676 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
16:12:39.0796 0676 fdPHost - ok
16:12:39.0812 0676 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
16:12:39.0812 0676 FDResPub - ok
16:12:39.0828 0676 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:12:39.0828 0676 FileInfo - ok
16:12:39.0828 0676 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:12:39.0828 0676 Filetrace - ok
16:12:39.0859 0676 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:12:39.0859 0676 flpydisk - ok
16:12:39.0874 0676 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:12:39.0874 0676 FltMgr - ok
16:12:39.0921 0676 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
16:12:39.0937 0676 FontCache - ok
16:12:39.0999 0676 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:12:39.0999 0676 FontCache3.0.0.0 - ok
16:12:40.0030 0676 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:12:40.0030 0676 FsDepends - ok
16:12:40.0046 0676 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
16:12:40.0046 0676 Fs_Rec - ok
16:12:40.0093 0676 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
16:12:40.0093 0676 fvevol - ok
16:12:40.0108 0676 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:12:40.0124 0676 gagp30kx - ok
16:12:40.0155 0676 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
16:12:40.0186 0676 gpsvc - ok
16:12:40.0249 0676 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:12:40.0264 0676 gusvc - ok
16:12:40.0280 0676 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:12:40.0280 0676 hcw85cir - ok
16:12:40.0327 0676 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
16:12:40.0327 0676 HdAudAddService - ok
16:12:40.0358 0676 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
16:12:40.0358 0676 HDAudBus - ok
16:12:40.0389 0676 HECI (88a67c34e37186665e916fd347b50d19) C:\Windows\system32\DRIVERS\HECI.sys
16:12:40.0389 0676 HECI - ok
16:12:40.0405 0676 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:12:40.0405 0676 HidBatt - ok
16:12:40.0420 0676 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:12:40.0420 0676 HidBth - ok
16:12:40.0436 0676 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:12:40.0436 0676 HidIr - ok
16:12:40.0483 0676 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
16:12:40.0483 0676 hidserv - ok
16:12:40.0530 0676 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
16:12:40.0530 0676 HidUsb - ok
16:12:40.0561 0676 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
16:12:40.0561 0676 hkmsvc - ok
16:12:40.0576 0676 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
16:12:40.0576 0676 HomeGroupListener - ok
16:12:40.0608 0676 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
16:12:40.0608 0676 HomeGroupProvider - ok
16:12:40.0701 0676 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
16:12:40.0701 0676 HpSAMD - ok
16:12:40.0795 0676 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
16:12:40.0810 0676 HTTP - ok
16:12:40.0842 0676 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
16:12:40.0842 0676 hwpolicy - ok
16:12:40.0873 0676 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
16:12:40.0888 0676 i8042prt - ok
16:12:40.0904 0676 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\drivers\iastor.sys
16:12:40.0920 0676 iaStor - ok
16:12:40.0951 0676 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
16:12:40.0951 0676 iaStorV - ok
16:12:41.0029 0676 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:12:41.0044 0676 idsvc - ok
16:12:41.0294 0676 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:12:41.0434 0676 igfx - ok
16:12:41.0575 0676 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:12:41.0590 0676 iirsp - ok
16:12:41.0622 0676 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
16:12:41.0637 0676 IKEEXT - ok
16:12:41.0668 0676 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
16:12:41.0668 0676 intelide - ok
16:12:41.0700 0676 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:12:41.0700 0676 intelppm - ok
16:12:41.0731 0676 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
16:12:41.0731 0676 IPBusEnum - ok
16:12:41.0746 0676 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:12:41.0746 0676 IpFilterDriver - ok
16:12:41.0762 0676 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
16:12:41.0778 0676 IPMIDRV - ok
16:12:41.0793 0676 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:12:41.0793 0676 IPNAT - ok
16:12:41.0824 0676 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:12:41.0824 0676 IRENUM - ok
16:12:41.0840 0676 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
16:12:41.0840 0676 isapnp - ok
16:12:41.0856 0676 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
16:12:41.0856 0676 iScsiPrt - ok
16:12:41.0887 0676 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
16:12:41.0887 0676 kbdclass - ok
16:12:41.0902 0676 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
16:12:41.0902 0676 kbdhid - ok
16:12:41.0918 0676 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:12:41.0918 0676 KeyIso - ok
16:12:41.0949 0676 kl1 (a884729b0e98cd93d6511de6d58cdc98) C:\Windows\system32\DRIVERS\kl1.sys
16:12:41.0949 0676 kl1 - ok
16:12:41.0949 0676 KLFLTDEV (adda474c9b18fd829a6c8351485c4842) C:\Windows\system32\DRIVERS\klfltdev.sys
16:12:41.0949 0676 KLFLTDEV - ok
16:12:41.0980 0676 KLIF (9d51d6f7845f0248c67a8a36cd7cdf05) C:\Windows\system32\DRIVERS\klif.sys
16:12:41.0980 0676 KLIF - ok
16:12:42.0012 0676 KLIM6 (00dc8637480a8a26df1407d8207781c8) C:\Windows\system32\DRIVERS\klim6.sys
16:12:42.0012 0676 KLIM6 - ok
16:12:42.0074 0676 klnagent (b86a7b6a99ae9738abc299bb4e8d26d7) C:\Program Files\Kaspersky Lab\NetworkAgent 8\klnagent.exe
16:12:42.0074 0676 klnagent - ok
16:12:42.0105 0676 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
16:12:42.0105 0676 KSecDD - ok
16:12:42.0121 0676 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
16:12:42.0121 0676 KSecPkg - ok
16:12:42.0152 0676 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
16:12:42.0152 0676 KtmRm - ok
16:12:42.0199 0676 L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\Windows\system32\DRIVERS\L8042Kbd.sys
16:12:42.0199 0676 L8042Kbd - ok
16:12:42.0199 0676 L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\Windows\system32\DRIVERS\L8042mou.Sys
16:12:42.0199 0676 L8042mou - ok
16:12:42.0246 0676 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
16:12:42.0246 0676 LanmanServer - ok
16:12:42.0261 0676 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
16:12:42.0261 0676 LanmanWorkstation - ok
16:12:42.0324 0676 LBTServ (a0f7dc0080e4f97dc97de08b699e231b) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
16:12:42.0324 0676 LBTServ - ok
16:12:42.0355 0676 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:12:42.0355 0676 LHidFilt - ok
16:12:42.0386 0676 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:12:42.0386 0676 lltdio - ok
16:12:42.0417 0676 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
16:12:42.0417 0676 lltdsvc - ok
16:12:42.0433 0676 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
16:12:42.0433 0676 lmhosts - ok
16:12:42.0464 0676 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:12:42.0464 0676 LMouFilt - ok
16:12:42.0464 0676 LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\Windows\system32\DRIVERS\LMouKE.Sys
16:12:42.0464 0676 LMouKE - ok
16:12:42.0480 0676 LMS (2763a02188ffb04287f5034ec5b6b451) C:\Program Files\Intel\AMT\LMS.exe
16:12:42.0480 0676 LMS - ok
16:12:42.0526 0676 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:12:42.0526 0676 LSI_FC - ok
16:12:42.0542 0676 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:12:42.0542 0676 LSI_SAS - ok
16:12:42.0542 0676 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:12:42.0542 0676 LSI_SAS2 - ok
16:12:42.0558 0676 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:12:42.0558 0676 LSI_SCSI - ok
16:12:42.0573 0676 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:12:42.0573 0676 luafv - ok
16:12:42.0604 0676 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
16:12:42.0604 0676 Mcx2Svc - ok
16:12:42.0620 0676 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:12:42.0636 0676 megasas - ok
16:12:42.0651 0676 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:12:42.0667 0676 MegaSR - ok
16:12:42.0682 0676 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:12:42.0682 0676 MMCSS - ok
16:12:42.0698 0676 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:12:42.0698 0676 Modem - ok
16:12:42.0729 0676 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:12:42.0729 0676 monitor - ok
16:12:42.0760 0676 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
16:12:42.0760 0676 mouclass - ok
16:12:42.0792 0676 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:12:42.0792 0676 mouhid - ok
16:12:42.0823 0676 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
16:12:42.0823 0676 mountmgr - ok
16:12:42.0854 0676 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
16:12:42.0854 0676 mpio - ok
16:12:42.0885 0676 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:12:42.0885 0676 mpsdrv - ok
16:12:42.0901 0676 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
16:12:42.0901 0676 MRxDAV - ok
16:12:42.0932 0676 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:12:42.0932 0676 mrxsmb - ok
16:12:42.0963 0676 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:12:42.0963 0676 mrxsmb10 - ok
16:12:42.0979 0676 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:12:42.0979 0676 mrxsmb20 - ok
16:12:42.0994 0676 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
16:12:42.0994 0676 msahci - ok
16:12:43.0010 0676 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
16:12:43.0026 0676 msdsm - ok
16:12:43.0041 0676 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
16:12:43.0041 0676 MSDTC - ok
16:12:43.0088 0676 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:12:43.0088 0676 Msfs - ok
16:12:43.0088 0676 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:12:43.0088 0676 mshidkmdf - ok
16:12:43.0119 0676 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
16:12:43.0119 0676 msisadrv - ok
16:12:43.0150 0676 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
16:12:43.0150 0676 MSiSCSI - ok
16:12:43.0150 0676 msiserver - ok
16:12:43.0197 0676 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:12:43.0197 0676 MSKSSRV - ok
16:12:43.0213 0676 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:12:43.0213 0676 MSPCLOCK - ok
16:12:43.0213 0676 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:12:43.0213 0676 MSPQM - ok
16:12:43.0228 0676 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:12:43.0228 0676 MsRPC - ok
16:12:43.0260 0676 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
16:12:43.0260 0676 mssmbios - ok
16:12:43.0275 0676 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:12:43.0275 0676 MSTEE - ok
16:12:43.0291 0676 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:12:43.0291 0676 MTConfig - ok
16:12:43.0306 0676 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:12:43.0306 0676 Mup - ok
16:12:43.0338 0676 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
16:12:43.0338 0676 napagent - ok
16:12:43.0369 0676 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:12:43.0369 0676 NativeWifiP - ok
16:12:43.0400 0676 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
16:12:43.0416 0676 NDIS - ok
16:12:43.0447 0676 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:12:43.0447 0676 NdisCap - ok
16:12:43.0462 0676 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:12:43.0462 0676 NdisTapi - ok
16:12:43.0478 0676 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
16:12:43.0478 0676 Ndisuio - ok
16:12:43.0509 0676 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
16:12:43.0509 0676 NdisWan - ok
16:12:43.0525 0676 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
16:12:43.0525 0676 NDProxy - ok
16:12:43.0556 0676 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:12:43.0556 0676 NetBIOS - ok
16:12:43.0603 0676 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
16:12:43.0603 0676 NetBT - ok
16:12:43.0634 0676 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:12:43.0634 0676 Netlogon - ok
16:12:43.0665 0676 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
16:12:43.0665 0676 Netman - ok
16:12:43.0681 0676 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
16:12:43.0696 0676 netprofm - ok
16:12:43.0759 0676 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:12:43.0759 0676 NetTcpPortSharing - ok
16:12:43.0790 0676 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:12:43.0790 0676 nfrd960 - ok
16:12:43.0837 0676 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
16:12:43.0837 0676 NlaSvc - ok
16:12:43.0837 0676 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:12:43.0837 0676 Npfs - ok
16:12:43.0868 0676 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
16:12:43.0868 0676 nsi - ok
16:12:43.0884 0676 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:12:43.0884 0676 nsiproxy - ok
16:12:43.0930 0676 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
16:12:43.0962 0676 Ntfs - ok
16:12:43.0962 0676 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:12:43.0977 0676 Null - ok
16:12:43.0993 0676 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
16:12:43.0993 0676 nvraid - ok
16:12:44.0008 0676 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
16:12:44.0008 0676 nvstor - ok
16:12:44.0024 0676 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
16:12:44.0024 0676 nv_agp - ok
16:12:44.0040 0676 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
16:12:44.0040 0676 ohci1394 - ok
16:12:44.0071 0676 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:12:44.0071 0676 p2pimsvc - ok
16:12:44.0086 0676 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
16:12:44.0102 0676 p2psvc - ok
16:12:44.0133 0676 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:12:44.0133 0676 Parport - ok
16:12:44.0164 0676 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
16:12:44.0164 0676 partmgr - ok
16:12:44.0180 0676 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:12:44.0180 0676 Parvdm - ok
16:12:44.0211 0676 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
16:12:44.0211 0676 PcaSvc - ok
16:12:44.0242 0676 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
16:12:44.0242 0676 pci - ok
16:12:44.0242 0676 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
16:12:44.0258 0676 pciide - ok
16:12:44.0274 0676 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:12:44.0274 0676 pcmcia - ok
16:12:44.0289 0676 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:12:44.0289 0676 pcw - ok
16:12:44.0305 0676 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:12:44.0320 0676 PEAUTH - ok
16:12:44.0352 0676 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
16:12:44.0367 0676 PeerDistSvc - ok
16:12:44.0430 0676 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
16:12:44.0461 0676 pla - ok
16:12:44.0554 0676 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
16:12:44.0554 0676 PlugPlay - ok
16:12:44.0570 0676 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
16:12:44.0586 0676 PNRPAutoReg - ok
16:12:44.0601 0676 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:12:44.0601 0676 PNRPsvc - ok
16:12:44.0632 0676 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
16:12:44.0632 0676 PolicyAgent - ok
16:12:44.0664 0676 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
16:12:44.0664 0676 Power - ok
16:12:44.0695 0676 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:12:44.0710 0676 PptpMiniport - ok
16:12:44.0710 0676 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:12:44.0726 0676 Processor - ok
16:12:44.0757 0676 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
16:12:44.0757 0676 ProfSvc - ok
16:12:44.0788 0676 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:12:44.0788 0676 ProtectedStorage - ok
16:12:44.0820 0676 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:12:44.0820 0676 Psched - ok
16:12:44.0851 0676 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:12:44.0882 0676 ql2300 - ok
16:12:44.0944 0676 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:12:44.0944 0676 ql40xx - ok
16:12:44.0976 0676 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
16:12:44.0991 0676 QWAVE - ok
16:12:45.0007 0676 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:12:45.0007 0676 QWAVEdrv - ok
16:12:45.0022 0676 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:12:45.0022 0676 RasAcd - ok
16:12:45.0038 0676 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:12:45.0038 0676 RasAgileVpn - ok
16:12:45.0069 0676 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
16:12:45.0069 0676 RasAuto - ok
16:12:45.0085 0676 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:12:45.0085 0676 Rasl2tp - ok
16:12:45.0116 0676 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
16:12:45.0116 0676 RasMan - ok
16:12:45.0147 0676 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:12:45.0147 0676 RasPppoe - ok
16:12:45.0147 0676 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:12:45.0147 0676 RasSstp - ok
16:12:45.0163 0676 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
16:12:45.0163 0676 rdbss - ok
16:12:45.0163 0676 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:12:45.0163 0676 rdpbus - ok
16:12:45.0194 0676 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:12:45.0194 0676 RDPCDD - ok
16:12:45.0225 0676 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
16:12:45.0225 0676 RDPDR - ok
16:12:45.0272 0676 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:12:45.0272 0676 RDPENCDD - ok
16:12:45.0272 0676 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:12:45.0272 0676 RDPREFMP - ok
16:12:45.0319 0676 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
16:12:45.0319 0676 RDPWD - ok
16:12:45.0350 0676 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
16:12:45.0366 0676 rdyboost - ok
16:12:45.0381 0676 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
16:12:45.0381 0676 RemoteAccess - ok
16:12:45.0412 0676 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
16:12:45.0412 0676 RemoteRegistry - ok
16:12:45.0428 0676 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
16:12:45.0428 0676 RpcEptMapper - ok
16:12:45.0444 0676 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
16:12:45.0444 0676 RpcLocator - ok
16:12:45.0475 0676 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
16:12:45.0475 0676 RpcSs - ok
16:12:45.0506 0676 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:12:45.0506 0676 rspndr - ok
16:12:45.0537 0676 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
16:12:45.0537 0676 s3cap - ok
16:12:45.0553 0676 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:12:45.0553 0676 SamSs - ok
16:12:45.0568 0676 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
16:12:45.0568 0676 sbp2port - ok
16:12:45.0600 0676 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
16:12:45.0600 0676 SCardSvr - ok
16:12:45.0615 0676 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
16:12:45.0631 0676 scfilter - ok
16:12:45.0662 0676 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
16:12:45.0693 0676 Schedule - ok
16:12:45.0709 0676 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:12:45.0709 0676 SCPolicySvc - ok
16:12:45.0724 0676 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
16:12:45.0740 0676 SDRSVC - ok
16:12:45.0771 0676 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:12:45.0771 0676 secdrv - ok
16:12:45.0802 0676 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
16:12:45.0802 0676 seclogon - ok
16:12:45.0818 0676 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
16:12:45.0818 0676 SENS - ok
16:12:45.0834 0676 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
16:12:45.0834 0676 SensrSvc - ok
16:12:45.0865 0676 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:12:45.0865 0676 Serenum - ok
16:12:45.0865 0676 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:12:45.0865 0676 Serial - ok
16:12:45.0896 0676 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:12:45.0896 0676 sermouse - ok
16:12:45.0927 0676 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
16:12:45.0927 0676 SessionEnv - ok
16:12:45.0943 0676 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
16:12:45.0943 0676 sffdisk - ok
16:12:45.0943 0676 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
16:12:45.0943 0676 sffp_mmc - ok
16:12:45.0958 0676 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
16:12:45.0958 0676 sffp_sd - ok
16:12:45.0974 0676 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:12:45.0974 0676 sfloppy - ok
16:12:46.0005 0676 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
16:12:46.0021 0676 ShellHWDetection - ok
16:12:46.0036 0676 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
16:12:46.0052 0676 sisagp - ok
16:12:46.0083 0676 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:12:46.0083 0676 SiSRaid2 - ok
16:12:46.0099 0676 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:12:46.0099 0676 SiSRaid4 - ok
16:12:46.0130 0676 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:12:46.0130 0676 Smb - ok
16:12:46.0146 0676 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
16:12:46.0146 0676 SNMPTRAP - ok
16:12:46.0161 0676 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:12:46.0161 0676 spldr - ok
16:12:46.0192 0676 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
16:12:46.0208 0676 Spooler - ok
16:12:46.0286 0676 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
16:12:46.0348 0676 sppsvc - ok
16:12:46.0411 0676 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
16:12:46.0411 0676 sppuinotify - ok
16:12:46.0442 0676 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
16:12:46.0442 0676 srv - ok
16:12:46.0458 0676 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
16:12:46.0473 0676 srv2 - ok
16:12:46.0473 0676 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
16:12:46.0473 0676 srvnet - ok
16:12:46.0504 0676 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
16:12:46.0504 0676 SSDPSRV - ok
16:12:46.0520 0676 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
16:12:46.0520 0676 SstpSvc - ok
16:12:46.0536 0676 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:12:46.0536 0676 stexstor - ok
16:12:46.0567 0676 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
16:12:46.0582 0676 StiSvc - ok
16:12:46.0598 0676 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
16:12:46.0598 0676 storflt - ok
16:12:46.0629 0676 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
16:12:46.0629 0676 StorSvc - ok
16:12:46.0645 0676 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
16:12:46.0645 0676 storvsc - ok
16:12:46.0645 0676 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
16:12:46.0645 0676 swenum - ok
16:12:46.0660 0676 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
16:12:46.0676 0676 swprv - ok
16:12:46.0723 0676 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
16:12:46.0738 0676 SysMain - ok
16:12:46.0770 0676 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
16:12:46.0785 0676 TabletInputService - ok
16:12:46.0801 0676 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
16:12:46.0801 0676 TapiSrv - ok
16:12:46.0816 0676 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
16:12:46.0832 0676 TBS - ok
16:12:46.0910 0676 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
16:12:46.0941 0676 Tcpip - ok
16:12:46.0972 0676 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
16:12:46.0972 0676 TCPIP6 - ok
16:12:47.0019 0676 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
16:12:47.0019 0676 tcpipreg - ok
16:12:47.0050 0676 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
16:12:47.0050 0676 TDPIPE - ok
16:12:47.0082 0676 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
16:12:47.0082 0676 TDTCP - ok
16:12:47.0128 0676 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
16:12:47.0128 0676 tdx - ok
16:12:47.0144 0676 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
16:12:47.0144 0676 TermDD - ok
16:12:47.0191 0676 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
16:12:47.0206 0676 TermService - ok
16:12:47.0222 0676 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
16:12:47.0222 0676 Themes - ok
16:12:47.0253 0676 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:12:47.0253 0676 THREADORDER - ok
16:12:47.0284 0676 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
16:12:47.0284 0676 TPM - ok
16:12:47.0316 0676 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
16:12:47.0316 0676 TrkWks - ok
16:12:47.0362 0676 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
16:12:47.0362 0676 TrustedInstaller - ok
16:12:47.0378 0676 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:12:47.0378 0676 tssecsrv - ok
16:12:47.0425 0676 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
16:12:47.0425 0676 TsUsbFlt - ok
16:12:47.0472 0676 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
16:12:47.0472 0676 tunnel - ok
16:12:47.0487 0676 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:12:47.0487 0676 uagp35 - ok
16:12:47.0518 0676 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
16:12:47.0518 0676 udfs - ok
16:12:47.0550 0676 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
16:12:47.0550 0676 UI0Detect - ok
16:12:47.0581 0676 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
16:12:47.0581 0676 uliagpkx - ok
16:12:47.0612 0676 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
16:12:47.0612 0676 umbus - ok
16:12:47.0628 0676 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:12:47.0643 0676 UmPass - ok
16:12:47.0674 0676 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
16:12:47.0674 0676 UmRdpService - ok
16:12:47.0752 0676 UNS (d47e82866a6ff02dae9cedf127c4bee0) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
16:12:47.0830 0676 UNS - ok
16:12:47.0908 0676 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
16:12:47.0908 0676 upnphost - ok
16:12:47.0940 0676 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
16:12:47.0940 0676 usbccgp - ok
16:12:47.0955 0676 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
16:12:47.0955 0676 usbcir - ok
16:12:47.0971 0676 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
16:12:47.0971 0676 usbehci - ok
16:12:48.0002 0676 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
16:12:48.0002 0676 usbhub - ok
16:12:48.0033 0676 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
16:12:48.0033 0676 usbohci - ok
16:12:48.0049 0676 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:12:48.0049 0676 usbprint - ok
16:12:48.0064 0676 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:12:48.0064 0676 USBSTOR - ok
16:12:48.0064 0676 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:12:48.0064 0676 usbuhci - ok
16:12:48.0080 0676 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
16:12:48.0080 0676 UxSms - ok
16:12:48.0096 0676 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:12:48.0096 0676 VaultSvc - ok
16:12:48.0127 0676 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
16:12:48.0127 0676 vdrvroot - ok
16:12:48.0142 0676 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
16:12:48.0158 0676 vds - ok
16:12:48.0174 0676 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:12:48.0189 0676 vga - ok
16:12:48.0205 0676 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:12:48.0205 0676 VgaSave - ok
16:12:48.0220 0676 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
16:12:48.0220 0676 vhdmp - ok
16:12:48.0252 0676 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
16:12:48.0252 0676 viaagp - ok
16:12:48.0267 0676 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:12:48.0267 0676 ViaC7 - ok
16:12:48.0283 0676 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
16:12:48.0283 0676 viaide - ok
16:12:48.0314 0676 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
16:12:48.0314 0676 vmbus - ok
16:12:48.0330 0676 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
16:12:48.0330 0676 VMBusHID - ok
16:12:48.0345 0676 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
16:12:48.0345 0676 volmgr - ok
16:12:48.0376 0676 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:12:48.0376 0676 volmgrx - ok
16:12:48.0423 0676 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
16:12:48.0423 0676 volsnap - ok
16:12:48.0454 0676 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:12:48.0454 0676 vsmraid - ok
16:12:48.0501 0676 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
16:12:48.0517 0676 VSS - ok
16:12:48.0532 0676 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
16:12:48.0532 0676 vwifibus - ok
16:12:48.0564 0676 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
16:12:48.0564 0676 W32Time - ok
16:12:48.0579 0676 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:12:48.0579 0676 WacomPen - ok
16:12:48.0610 0676 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:12:48.0610 0676 WANARP - ok
16:12:48.0610 0676 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:12:48.0610 0676 Wanarpv6 - ok
16:12:48.0688 0676 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
16:12:48.0735 0676 WatAdminSvc - ok
16:12:48.0782 0676 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
16:12:48.0813 0676 wbengine - ok
16:12:48.0844 0676 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
16:12:48.0844 0676 WbioSrvc - ok
16:12:48.0907 0676 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
16:12:48.0907 0676 wcncsvc - ok
16:12:48.0938 0676 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
16:12:48.0938 0676 WcsPlugInService - ok
16:12:49.0000 0676 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:12:49.0000 0676 Wd - ok
16:12:49.0016 0676 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:12:49.0032 0676 Wdf01000 - ok
16:12:49.0032 0676 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:12:49.0032 0676 WdiServiceHost - ok
16:12:49.0032 0676 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:12:49.0047 0676 WdiSystemHost - ok
16:12:49.0063 0676 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
16:12:49.0063 0676 WebClient - ok
16:12:49.0094 0676 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
16:12:49.0094 0676 Wecsvc - ok
16:12:49.0110 0676 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
16:12:49.0110 0676 wercplsupport - ok
16:12:49.0125 0676 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
16:12:49.0125 0676 WerSvc - ok
16:12:49.0156 0676 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:12:49.0156 0676 WfpLwf - ok
16:12:49.0156 0676 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:12:49.0156 0676 WIMMount - ok
16:12:49.0156 0676 WinHttpAutoProxySvc - ok
16:12:49.0219 0676 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
16:12:49.0219 0676 Winmgmt - ok
16:12:49.0266 0676 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
16:12:49.0281 0676 WinRM - ok
16:12:49.0328 0676 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
16:12:49.0344 0676 Wlansvc - ok
16:12:49.0406 0676 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
16:12:49.0406 0676 WmiAcpi - ok
16:12:49.0453 0676 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
16:12:49.0453 0676 wmiApSrv - ok
16:12:49.0531 0676 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:12:49.0546 0676 WMPNetworkSvc - ok
16:12:49.0562 0676 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
16:12:49.0578 0676 WPCSvc - ok
16:12:49.0593 0676 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
16:12:49.0593 0676 WPDBusEnum - ok
16:12:49.0624 0676 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:12:49.0624 0676 ws2ifsl - ok
16:12:49.0624 0676 WSearch - ok
16:12:49.0687 0676 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
16:12:49.0718 0676 wuauserv - ok
16:12:49.0796 0676 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
16:12:49.0812 0676 WudfPf - ok
16:12:49.0843 0676 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:12:49.0843 0676 WUDFRd - ok
16:12:49.0890 0676 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
16:12:49.0890 0676 wudfsvc - ok
16:12:49.0905 0676 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
16:12:49.0921 0676 WwanSvc - ok
16:12:49.0936 0676 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:12:50.0217 0676 \Device\Harddisk0\DR0 - ok
16:12:50.0264 0676 Boot (0x1200) (59072999f9d8546d9962d5c1d4bd89f7) \Device\Harddisk0\DR0\Partition0
16:12:50.0264 0676 \Device\Harddisk0\DR0\Partition0 - ok
16:12:50.0264 0676 Boot (0x1200) (a5e7ffb36c83fcd89cf93e5b2fc55c6a) \Device\Harddisk0\DR0\Partition1
16:12:50.0264 0676 \Device\Harddisk0\DR0\Partition1 - ok
16:12:50.0295 0676 Boot (0x1200) (c99ee472b61100017298154de1733902) \Device\Harddisk0\DR0\Partition2
16:12:50.0295 0676 \Device\Harddisk0\DR0\Partition2 - ok
16:12:50.0295 0676 ============================================================
16:12:50.0295 0676 Scan finished
16:12:50.0295 0676 ============================================================
16:12:50.0311 0640 Detected object count: 0
16:12:50.0311 0640 Actual detected object count: 0
16:15:06.0655 2032 Deinitialize success



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-28 16:14:39
-----------------------------
16:14:39.854 OS Version: Windows 6.1.7601 Service Pack 1
16:14:39.854 Number of processors: 2 586 0x170A
16:14:39.854 ComputerName: S26 UserName:
16:15:02.537 Initialize success
16:16:39.772 AVAST engine defs: 12062800
16:17:03.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:17:03.203 Disk 0 Vendor: ST316031 HP34 Size: 152627MB BusType: 3
16:17:03.203 Disk 0 MBR read successfully
16:17:03.203 Disk 0 MBR scan
16:17:03.203 Disk 0 Windows 7 default MBR code
16:17:03.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1023 MB offset 2048
16:17:03.234 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 148257 MB offset 2097152
16:17:03.265 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 3336 MB offset 305727488
16:17:03.296 Disk 0 scanning sectors +312559616
16:17:03.359 Disk 0 scanning C:\Windows\system32\drivers
16:17:12.282 Service scanning
16:17:28.194 Modules scanning
16:17:33.779 Disk 0 trace - called modules:
16:17:33.810 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iastor.sys
16:17:33.810 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85537568]
16:17:33.810 3 CLASSPNP.SYS[881ab59e] -> nt!IofCallDriver -> [0x8473c900]
16:17:33.826 5 ACPI.sys[87a203d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x83e19028]
16:17:35.682 AVAST engine scan C:\Windows
16:17:37.133 AVAST engine scan C:\Windows\system32
16:19:41.200 AVAST engine scan C:\Windows\system32\drivers
16:19:51.293 AVAST engine scan C:\Users\sabre
16:27:57.123 AVAST engine scan C:\ProgramData
16:30:44.308 Scan finished successfully
16:50:06.354 Disk 0 MBR has been saved successfully to "C:\Users\sabre\Documents\MBR.dat"
16:50:06.354 The log file has been saved successfully to "C:\Users\sabre\Documents\aswMBR.txt"



The second ESET:
C:\Windows\Installer\{58a5fa40-1f89-a3f0-5a7c-fbfe742ecbda}\U\80000000.@ a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{58a5fa40-1f89-a3f0-5a7c-fbfe742ecbda}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan cleaned by deleting - quarantined



Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.28.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
sabre :: S26 [administrator]

Protection: Enabled

28/06/2012 18:58:44
mbam-log-2012-06-28 (19-59-40).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 355319
Time elapsed: 57 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> No action taken.
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\sabre\AppData\Local\{58a5fa40-1f89-a3f0-5a7c-fbfe742ecbda}\n. -> No action taken.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Windows\Installer\{58a5fa40-1f89-a3f0-5a7c-fbfe742ecbda}\U\00000001.@ (Trojan.Small) -> No action taken.
C:\Windows\Installer\{58a5fa40-1f89-a3f0-5a7c-fbfe742ecbda}\U\80000000.@ (Trojan.Sirefef) -> No action taken.
C:\Windows\Installer\{58a5fa40-1f89-a3f0-5a7c-fbfe742ecbda}\U\800000cb.@ (Rootkit.0Access) -> No action taken.

(end)

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:13 AM

Posted 29 June 2012 - 09:45 AM

Hello, due to this item in the ESET log, \U\80000000.@ a variant of Win32/Sirefef.

We need to get a deeper look.

We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jwh Bob

jwh Bob
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Luxembourg
  • Local time:08:13 AM

Posted 29 June 2012 - 10:50 AM

Ooops, my lucky day. Looks like if my plans for the weekend will have to be changed...

Many thanks for your fast reaction.

Have a nice day

Bob

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:13 AM

Posted 29 June 2012 - 08:07 PM

Thank you. This one of those "don't fool around and be sure it's gone"

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 3 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users