Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast dected virus( Win32:Adloader-AC [Trj] ) in C:/hiberfil.sys


  • This topic is locked This topic is locked
14 replies to this topic

#1 nadbulat

nadbulat

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 03 July 2012 - 07:08 PM

Hi Tech support,

my laptop is infected by the virus Win32:Adloader-AC and when i boot scan it with avast, avast could not find the file, so...the infected file is still somewhere in this laptop. please help me get rid of this..lead me how.. :(



EDIT
Fixed avast in title

Edited by boopme, 03 July 2012 - 08:09 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:11 PM

Posted 03 July 2012 - 07:22 PM

Hello nadbulat


I moved this to the Am I Infected forum so we can do some scans and that forum requires specific logs.
Let me know how it is afterward.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.

Edited by boopme, 04 July 2012 - 02:42 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 nadbulat

nadbulat
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 04 July 2012 - 02:26 AM

morning! ive scanned my laptop with all the three softwares.
here's the result!

1.result from minitoolbox


MiniToolBox by Farbar Version: 25-06-2012
Ran by Nadia (administrator) on 04-07-2012 at 02:52:27
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)
Intel® WiFi Link 5100 AGN = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled taskoffload=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Nadia-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-22-FA-C0-FE-75
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-23-5A-BC-42-14
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::249a:abd9:5fa5:84c3%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.23.151(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Mittwoch, 4. Juli 2012 02:48:38
Lease Expires . . . . . . . . . . : Mittwoch, 4. Juli 2012 02:58:38
Default Gateway . . . . . . . . . : 192.168.23.254
DHCP Server . . . . . . . . . . . : 192.168.23.254
DHCPv6 IAID . . . . . . . . . . . : 268444506
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-DE-E2-B1-00-23-5A-46-68-78
DNS Servers . . . . . . . . . . . : 192.168.23.254
Primary WINS Server . . . . . . . : 192.168.23.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hs-offenburg.de
Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-22-FA-C0-FE-74
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F894D83F-187A-4C0C-B61F-966567E8A50A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.HPINTERN:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.wh-greifengasse:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{645BCA1F-1BB1-44FC-A05A-CA73CE5EB915}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.23.254

Name: google.com
Addresses: 2a00:1450:4001:c01::64
209.85.148.100
209.85.148.101
209.85.148.102
209.85.148.113
209.85.148.138
209.85.148.139


Pinging google.com [209.85.148.139] with 32 bytes of data:
Reply from 209.85.148.139: bytes=32 time=14ms TTL=55
Reply from 209.85.148.139: bytes=32 time=13ms TTL=55

Ping statistics for 209.85.148.139:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 14ms, Average = 13ms
Server: UnKnown
Address: 192.168.23.254

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=184ms TTL=52
Reply from 209.191.122.70: bytes=32 time=179ms TTL=52

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 179ms, Maximum = 184ms, Average = 181ms
Server: UnKnown
Address: 192.168.23.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...00 22 fa c0 fe 75 ......Microsoft Virtual WiFi Miniport Adapter
11...00 23 5a bc 42 14 ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
10...00 22 fa c0 fe 74 ......Intel® WiFi Link 5100 AGN
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.23.254 192.168.23.151 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.23.0 255.255.255.0 On-link 192.168.23.151 276
192.168.23.151 255.255.255.255 On-link 192.168.23.151 276
192.168.23.255 255.255.255.255 On-link 192.168.23.151 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.23.151 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.23.151 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::249a:abd9:5fa5:84c3/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/17/2012 09:41:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORD.EXE, version: 12.0.6661.5000, time stamp: 0x4f7cd9da
Faulting module name: wwlib.dll, version: 12.0.6661.5000, time stamp: 0x4f7cdad7
Exception code: 0xc00000fd
Fault offset: 0x00007166
Faulting process id: 0xd20
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3

Error: (06/17/2012 03:33:45 PM) (Source: Application Hang) (User: )
Description: The program YahooMessenger.exe version 10.0.0.1270 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1628

Start Time: 01cd4c89d7132da9

Termination Time: 160

Application Path: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

Report Id: 0c485a2f-b881-11e1-986d-00235abc4214

Error: (06/15/2012 11:45:47 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {051252a5-7bef-47f3-a286-e366375365a2}

Error: (06/10/2012 09:41:50 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/10/2012 09:41:50 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/10/2012 09:41:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: AvastSvc.exe, version: 6.0.1289.0, time stamp: 0x4e6684a2
Faulting module name: aswScan.dll, version: 7.0.1441.0, time stamp: 0x4fd2240b
Exception code: 0xc0000005
Fault offset: 0x00007a93
Faulting process id: 0x5bc
Faulting application start time: 0xAvastSvc.exe0
Faulting application path: AvastSvc.exe1
Faulting module path: AvastSvc.exe2
Report Id: AvastSvc.exe3

Error: (05/28/2012 10:38:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: msi.dll, version: 5.0.7601.17514, time stamp: 0x4ce7b902
Exception code: 0xc0000005
Fault offset: 0x00029936
Faulting process id: 0xd9c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (05/26/2012 02:10:06 AM) (Source: Application Hang) (User: )
Description: The program LowRateVoip.exe version 4.8.645.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4d8

Start Time: 01cd3ad3ace654f5

Termination Time: 67

Application Path: C:\Program Files\LowRateVoip.com\LowRateVoip\LowRateVoip.exe

Report Id: 22a3163b-a6c7-11e1-959b-00235abc4214

Error: (05/26/2012 02:08:19 AM) (Source: Application Error) (User: )
Description: Faulting application name: LowRateVoip.exe, version: 4.8.645.0, time stamp: 0x4e4557ee
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xac0fc000
Faulting process id: 0x130c
Faulting application start time: 0xLowRateVoip.exe0
Faulting application path: LowRateVoip.exe1
Faulting module path: LowRateVoip.exe2
Report Id: LowRateVoip.exe3

Error: (05/26/2012 00:42:10 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (07/04/2012 02:50:39 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070422

Error: (07/04/2012 02:50:39 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070422

Error: (07/04/2012 02:47:52 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (07/04/2012 02:47:43 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (07/04/2012 01:36:21 AM) (Source: Service Control Manager) (User: )
Description: The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/04/2012 01:36:20 AM) (Source: Service Control Manager) (User: )
Description: The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/04/2012 00:49:20 AM) (Source: Service Control Manager) (User: )
Description: The Hotspot Shield Service service depends the following service: taphss. This service might not be installed.

Error: (07/04/2012 00:49:19 AM) (Source: Service Control Manager) (User: )
Description: The Hotspot Shield Service service depends the following service: taphss. This service might not be installed.

Error: (07/04/2012 00:49:17 AM) (Source: Service Control Manager) (User: )
Description: The Hotspot Shield Service service depends the following service: taphss. This service might not be installed.

Error: (07/04/2012 00:49:16 AM) (Source: Service Control Manager) (User: )
Description: The Hotspot Shield Service service depends the following service: taphss. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (06/17/2012 09:41:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5908 seconds with 5100 seconds of active time. This session ended with a crash.

Error: (04/10/2012 07:19:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 27038 seconds with 12960 seconds of active time. This session ended with a crash.

Error: (10/11/2011 03:34:17 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8120 seconds with 6000 seconds of active time. This session ended with a crash.

Error: (10/06/2011 09:36:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29638 seconds with 10860 seconds of active time. This session ended with a crash.

Error: (07/18/2011 06:07:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3456 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Reader X (10.1.3) - Deutsch (Version: 10.1.3)
Advanced SystemCare 3 (Version: 3.3.1)
avast! Free Antivirus (Version: 6.0.1289.0)
BlackBerry App World Browser Plugin (Version: 3.0.3.2)
BlackBerry Desktop Software 6.0 (Version: 6.0.0.40)
BlackBerry Device Software Updater (Version: 6.0.1.37)
Canon Easy-PhotoPrint EX
Canon iP2600 series Benutzerregistrierung
Canon My Printer
Canon Utilities Solution Menu
DivX Setup (Version: 2.6.1.3)
ENE CIR Receiver Driver (Version: 2.7.3.519)
GOM Player (Version: 2.1.28.5039)
Google Chrome (Version: 20.0.1132.47)
HP MediaSmart Webcam (Version: 4.1.3130)
HP Wireless Assistant (Version: 3.50.12.1)
IDT Audio (Version: 1.0.6225.0)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
LightScribe System Software (Version: 1.18.15.1)
LowRateVoip (Version: 4.07 build 629)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
NVIDIA Drivers (Version: 1.10)
PVSonyDll (Version: 1.00.0001)
Realtek USB 2.0 Card Reader (Version: 6.1.7100.30094)
Salaat Time 2.1 (Version: 2.1)
Skype™ 5.5 (Version: 5.5.124)
Smart Defrag 2 (Version: Beta 1.21)
Solid Edge V20 (Version: 20.00.1202)
Synaptics Pointing Device Driver (Version: 15.0.17.4)
Uninstall 1.0.0.1
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VoipBuster (Version: 4.07 build 629)
Yahoo! Messenger
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 2044.96 MB
Available physical RAM: 1281.19 MB
Total Pagefile: 4089.92 MB
Available Pagefile: 3156.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.82 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:227.4 GB) (Free:170.19 GB) NTFS
2 Drive d: (Nadia's Stuff) (Fixed) (Total:58.9 GB) (Free:38.56 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:11.78 GB) (Free:1.85 GB) NTFS

========================= Users: ========================================

User accounts for \\NADIA-PC

Administrator Guest Nadia


**** End of log ****



2. result from malwarebytes

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.04.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Nadia :: NADIA-PC [administrator]

Protection: Disabled

04.07.2012 02:57:46
mbam-log-2012-07-04 (02-57-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199478
Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



3. result from ESETscan


C:\$Recycle.Bin\S-1-5-21-990703012-3677673030-544339573-1000\$R4JR1T3.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-990703012-3677673030-544339573-1000\$R9TZ0AQ.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Nadia\AppData\Local\Temp\ICReinstall\cnet2_ComboFix_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Nadia\AppData\Local\Temp\ICReinstall\cnet2_rt60ln90_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Nadia\AppData\Local\Temp\is1598539481\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Nadia\Desktop\cnet2_rt60ln90_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

#4 nadbulat

nadbulat
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 04 July 2012 - 08:21 AM

what should i do next dear super tech guy?

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:11 PM

Posted 04 July 2012 - 02:48 PM

Hello again

When did you run ComboFix,before or after posting?

Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Lets see if you ahave any rootkits.
Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the [COLOR="Red"]save log button, save it to your desktop and post it in your next reply.


How is it running now?

Edited by boopme, 04 July 2012 - 02:49 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 nadbulat

nadbulat
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 04 July 2012 - 02:54 PM

hello! :)

before i started this topic, i googled my case, n my solutions. some said that combofix can get rid of the trojan.
but unfortunately, or,luckily..hehe, the combofix is not compatible with my OS i think. so i couldnt run it actually.so i just deleted that.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:11 PM

Posted 04 July 2012 - 03:00 PM

Ok,as ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. had you run it we would need to see the changes it made.

Lets see how it is after the other 2 logs.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 nadbulat

nadbulat
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 04 July 2012 - 03:27 PM

so ive run the 3 softwares uve asked me to.
here's the result.

1. TFC


Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nadia
->Temp folder emptied: 30148975 bytes
->Temporary Internet Files folder emptied: 797812 bytes
->Java cache emptied: 1 bytes
->Google Chrome cache emptied: 9321336 bytes
->Flash cache emptied: 446 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 817878 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 6298483 bytes
Process complete!

Total Files Cleaned = 45.00 mb





2. TDSS (no, it didnt ask for any reboot)


22:11:08.0373 2504 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
22:11:08.0623 2504 ============================================================
22:11:08.0623 2504 Current date / time: 2012/07/04 22:11:08.0623
22:11:08.0623 2504 SystemInfo:
22:11:08.0623 2504
22:11:08.0623 2504 OS Version: 6.1.7601 ServicePack: 1.0
22:11:08.0623 2504 Product type: Workstation
22:11:08.0623 2504 ComputerName: NADIA-PC
22:11:08.0623 2504 UserName: Nadia
22:11:08.0623 2504 Windows directory: C:\Windows
22:11:08.0623 2504 System windows directory: C:\Windows
22:11:08.0623 2504 Processor architecture: Intel x86
22:11:08.0623 2504 Number of processors: 2
22:11:08.0623 2504 Page size: 0x1000
22:11:08.0623 2504 Boot type: Normal boot
22:11:08.0623 2504 ============================================================
22:11:09.0543 2504 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:11:09.0559 2504 ============================================================
22:11:09.0559 2504 \Device\Harddisk0\DR0:
22:11:09.0559 2504 MBR partitions:
22:11:09.0559 2504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1C6CB9B5
22:11:09.0559 2504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C6CC1B5, BlocksNum 0x75CD2C9
22:11:09.0559 2504 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23C9D000, BlocksNum 0x17906C1
22:11:09.0559 2504 ============================================================
22:11:09.0575 2504 C: <-> \Device\Harddisk0\DR0\Partition0
22:11:09.0606 2504 D: <-> \Device\Harddisk0\DR0\Partition1
22:11:09.0653 2504 E: <-> \Device\Harddisk0\DR0\Partition2
22:11:09.0653 2504 ============================================================
22:11:09.0653 2504 Initialize success
22:11:09.0653 2504 ============================================================
22:11:28.0139 2916 ============================================================
22:11:28.0139 2916 Scan started
22:11:28.0139 2916 Mode: Manual;
22:11:28.0139 2916 ============================================================
22:11:28.0685 2916 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:11:28.0685 2916 1394ohci - ok
22:11:28.0731 2916 Accelerometer (24eeafef2f3031ffe8e4e01b37eaa0b5) C:\Windows\system32\DRIVERS\Accelerometer.sys
22:11:28.0731 2916 Accelerometer - ok
22:11:28.0794 2916 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:11:28.0809 2916 ACPI - ok
22:11:28.0825 2916 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:11:28.0841 2916 AcpiPmi - ok
22:11:28.0950 2916 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:11:28.0965 2916 AdobeARMservice - ok
22:11:29.0043 2916 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:11:29.0043 2916 adp94xx - ok
22:11:29.0106 2916 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:11:29.0106 2916 adpahci - ok
22:11:29.0137 2916 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:11:29.0153 2916 adpu320 - ok
22:11:29.0184 2916 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
22:11:29.0184 2916 AeLookupSvc - ok
22:11:29.0324 2916 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
22:11:29.0340 2916 AESTFilters - ok
22:11:29.0418 2916 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:11:29.0418 2916 AFD - ok
22:11:29.0449 2916 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:11:29.0449 2916 agp440 - ok
22:11:29.0496 2916 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:11:29.0496 2916 aic78xx - ok
22:11:29.0558 2916 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
22:11:29.0558 2916 ALG - ok
22:11:29.0589 2916 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:11:29.0589 2916 aliide - ok
22:11:29.0605 2916 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:11:29.0605 2916 amdagp - ok
22:11:29.0621 2916 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:11:29.0621 2916 amdide - ok
22:11:29.0683 2916 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:11:29.0683 2916 AmdK8 - ok
22:11:29.0699 2916 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:11:29.0699 2916 AmdPPM - ok
22:11:29.0730 2916 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:11:29.0745 2916 amdsata - ok
22:11:29.0777 2916 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:11:29.0777 2916 amdsbs - ok
22:11:29.0792 2916 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:11:29.0792 2916 amdxata - ok
22:11:29.0839 2916 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:11:29.0839 2916 AppID - ok
22:11:29.0886 2916 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
22:11:29.0886 2916 AppIDSvc - ok
22:11:29.0917 2916 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
22:11:29.0917 2916 Appinfo - ok
22:11:29.0979 2916 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
22:11:29.0979 2916 AppMgmt - ok
22:11:30.0026 2916 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:11:30.0026 2916 arc - ok
22:11:30.0057 2916 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:11:30.0057 2916 arcsas - ok
22:11:30.0104 2916 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys
22:11:30.0104 2916 aswFsBlk - ok
22:11:30.0135 2916 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys
22:11:30.0135 2916 aswMonFlt - ok
22:11:30.0167 2916 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys
22:11:30.0167 2916 aswRdr - ok
22:11:30.0245 2916 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys
22:11:30.0260 2916 aswSnx - ok
22:11:30.0323 2916 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys
22:11:30.0338 2916 aswSP - ok
22:11:30.0369 2916 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys
22:11:30.0369 2916 aswTdi - ok
22:11:30.0401 2916 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:11:30.0401 2916 AsyncMac - ok
22:11:30.0447 2916 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:11:30.0447 2916 atapi - ok
22:11:30.0510 2916 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:11:30.0525 2916 AudioEndpointBuilder - ok
22:11:30.0541 2916 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:11:30.0557 2916 Audiosrv - ok
22:11:30.0619 2916 avast! Antivirus (c76769f246250edad34a5581419e9d60) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
22:11:30.0635 2916 avast! Antivirus - ok
22:11:30.0681 2916 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
22:11:30.0681 2916 AxInstSV - ok
22:11:30.0775 2916 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:11:30.0775 2916 b06bdrv - ok
22:11:30.0822 2916 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:11:30.0822 2916 b57nd60x - ok
22:11:30.0884 2916 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
22:11:30.0884 2916 BDESVC - ok
22:11:30.0900 2916 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:11:30.0900 2916 Beep - ok
22:11:30.0993 2916 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
22:11:31.0009 2916 BFE - ok
22:11:31.0087 2916 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
22:11:31.0103 2916 BITS - ok
22:11:31.0134 2916 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:11:31.0134 2916 blbdrive - ok
22:11:31.0181 2916 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:11:31.0181 2916 bowser - ok
22:11:31.0196 2916 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:11:31.0196 2916 BrFiltLo - ok
22:11:31.0227 2916 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:11:31.0227 2916 BrFiltUp - ok
22:11:31.0274 2916 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
22:11:31.0274 2916 Browser - ok
22:11:31.0337 2916 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:11:31.0337 2916 Brserid - ok
22:11:31.0383 2916 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:11:31.0383 2916 BrSerWdm - ok
22:11:31.0399 2916 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:11:31.0399 2916 BrUsbMdm - ok
22:11:31.0415 2916 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:11:31.0415 2916 BrUsbSer - ok
22:11:31.0446 2916 btaudio - ok
22:11:31.0477 2916 BTDriver - ok
22:11:31.0508 2916 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
22:11:31.0508 2916 BthEnum - ok
22:11:31.0539 2916 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:11:31.0539 2916 BTHMODEM - ok
22:11:31.0571 2916 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
22:11:31.0571 2916 BthPan - ok
22:11:31.0633 2916 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
22:11:31.0649 2916 BTHPORT - ok
22:11:31.0695 2916 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
22:11:31.0695 2916 bthserv - ok
22:11:31.0711 2916 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
22:11:31.0711 2916 BTHUSB - ok
22:11:31.0742 2916 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
22:11:31.0742 2916 btusbflt - ok
22:11:31.0758 2916 BTWDNDIS - ok
22:11:31.0789 2916 btwhid - ok
22:11:31.0805 2916 BTWUSB - ok
22:11:31.0836 2916 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:11:31.0836 2916 cdfs - ok
22:11:31.0883 2916 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
22:11:31.0898 2916 cdrom - ok
22:11:31.0945 2916 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:11:31.0945 2916 CertPropSvc - ok
22:11:31.0976 2916 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:11:31.0976 2916 circlass - ok
22:11:32.0039 2916 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:11:32.0039 2916 CLFS - ok
22:11:32.0148 2916 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:11:32.0148 2916 clr_optimization_v2.0.50727_32 - ok
22:11:32.0241 2916 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:11:32.0241 2916 clr_optimization_v4.0.30319_32 - ok
22:11:32.0288 2916 clwvd (fa930a2f1425f6407e1fa9a3eab43d0d) C:\Windows\system32\DRIVERS\clwvd.sys
22:11:32.0288 2916 clwvd - ok
22:11:32.0319 2916 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:11:32.0319 2916 CmBatt - ok
22:11:32.0351 2916 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:11:32.0351 2916 cmdide - ok
22:11:32.0429 2916 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
22:11:32.0444 2916 CNG - ok
22:11:32.0460 2916 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:11:32.0460 2916 Compbatt - ok
22:11:32.0507 2916 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:11:32.0507 2916 CompositeBus - ok
22:11:32.0522 2916 COMSysApp - ok
22:11:32.0553 2916 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:11:32.0553 2916 crcdisk - ok
22:11:32.0741 2916 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
22:11:32.0741 2916 CryptSvc - ok
22:11:32.0819 2916 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
22:11:32.0819 2916 CSC - ok
22:11:32.0897 2916 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
22:11:32.0912 2916 CscService - ok
22:11:32.0990 2916 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:11:33.0006 2916 DcomLaunch - ok
22:11:33.0053 2916 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
22:11:33.0053 2916 defragsvc - ok
22:11:33.0177 2916 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:11:33.0177 2916 DfsC - ok
22:11:33.0255 2916 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
22:11:33.0271 2916 Dhcp - ok
22:11:33.0287 2916 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:11:33.0302 2916 discache - ok
22:11:33.0349 2916 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:11:33.0365 2916 Disk - ok
22:11:33.0443 2916 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
22:11:33.0443 2916 Dnscache - ok
22:11:33.0505 2916 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
22:11:33.0521 2916 dot3svc - ok
22:11:33.0567 2916 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
22:11:33.0567 2916 DPS - ok
22:11:33.0614 2916 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:11:33.0614 2916 drmkaud - ok
22:11:33.0723 2916 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:11:33.0739 2916 DXGKrnl - ok
22:11:33.0786 2916 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
22:11:33.0786 2916 EapHost - ok
22:11:34.0223 2916 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:11:34.0269 2916 ebdrv - ok
22:11:34.0441 2916 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
22:11:34.0457 2916 EFS - ok
22:11:34.0581 2916 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
22:11:34.0597 2916 ehRecvr - ok
22:11:34.0628 2916 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
22:11:34.0628 2916 ehSched - ok
22:11:34.0737 2916 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:11:34.0737 2916 elxstor - ok
22:11:34.0800 2916 enecir (70c764bfe0ec4b1b242e9626d3564443) C:\Windows\system32\DRIVERS\enecir.sys
22:11:34.0800 2916 enecir - ok
22:11:34.0831 2916 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:11:34.0831 2916 ErrDev - ok
22:11:34.0940 2916 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
22:11:34.0956 2916 EventSystem - ok
22:11:35.0003 2916 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:11:35.0003 2916 exfat - ok
22:11:35.0049 2916 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:11:35.0049 2916 fastfat - ok
22:11:35.0159 2916 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
22:11:35.0174 2916 Fax - ok
22:11:35.0190 2916 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:11:35.0190 2916 fdc - ok
22:11:35.0221 2916 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
22:11:35.0237 2916 fdPHost - ok
22:11:35.0252 2916 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
22:11:35.0268 2916 FDResPub - ok
22:11:35.0283 2916 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:11:35.0283 2916 FileInfo - ok
22:11:35.0315 2916 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:11:35.0315 2916 Filetrace - ok
22:11:35.0330 2916 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:11:35.0330 2916 flpydisk - ok
22:11:35.0393 2916 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:11:35.0408 2916 FltMgr - ok
22:11:35.0533 2916 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
22:11:35.0549 2916 FontCache - ok
22:11:35.0658 2916 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:11:35.0658 2916 FontCache3.0.0.0 - ok
22:11:35.0689 2916 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:11:35.0689 2916 FsDepends - ok
22:11:35.0720 2916 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
22:11:35.0720 2916 Fs_Rec - ok
22:11:35.0798 2916 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:11:35.0798 2916 fvevol - ok
22:11:35.0814 2916 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:11:35.0829 2916 gagp30kx - ok
22:11:35.0923 2916 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
22:11:35.0939 2916 gpsvc - ok
22:11:35.0970 2916 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:11:35.0985 2916 hcw85cir - ok
22:11:36.0048 2916 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
22:11:36.0063 2916 HdAudAddService - ok
22:11:36.0095 2916 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:11:36.0095 2916 HDAudBus - ok
22:11:36.0110 2916 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:11:36.0110 2916 HidBatt - ok
22:11:36.0141 2916 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:11:36.0157 2916 HidBth - ok
22:11:36.0204 2916 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:11:36.0204 2916 HidIr - ok
22:11:36.0235 2916 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
22:11:36.0251 2916 hidserv - ok
22:11:36.0297 2916 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
22:11:36.0297 2916 HidUsb - ok
22:11:36.0329 2916 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
22:11:36.0344 2916 hkmsvc - ok
22:11:36.0391 2916 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
22:11:36.0407 2916 HomeGroupListener - ok
22:11:36.0453 2916 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
22:11:36.0469 2916 HomeGroupProvider - ok
22:11:36.0500 2916 hpdskflt (548e6d7d723829998408a9a18a11aa8b) C:\Windows\system32\DRIVERS\hpdskflt.sys
22:11:36.0500 2916 hpdskflt - ok
22:11:36.0609 2916 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
22:11:36.0609 2916 hpqwmiex - ok
22:11:36.0656 2916 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:11:36.0656 2916 HpSAMD - ok
22:11:36.0687 2916 hpsrv (53639b0ad214690f3aa6db11dab07d88) C:\Windows\system32\Hpservice.exe
22:11:36.0687 2916 hpsrv - ok
22:11:36.0797 2916 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:11:36.0797 2916 HTTP - ok
22:11:36.0828 2916 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:11:36.0828 2916 hwpolicy - ok
22:11:36.0890 2916 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
22:11:36.0906 2916 i8042prt - ok
22:11:36.0953 2916 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:11:36.0968 2916 iaStorV - ok
22:11:37.0077 2916 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
22:11:37.0093 2916 IDriverT - ok
22:11:37.0311 2916 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:11:37.0327 2916 idsvc - ok
22:11:37.0499 2916 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:11:37.0499 2916 iirsp - ok
22:11:37.0639 2916 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
22:11:37.0639 2916 IKEEXT - ok
22:11:37.0670 2916 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:11:37.0686 2916 intelide - ok
22:11:37.0717 2916 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:11:37.0717 2916 intelppm - ok
22:11:37.0764 2916 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
22:11:37.0764 2916 IPBusEnum - ok
22:11:37.0811 2916 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:11:37.0811 2916 IpFilterDriver - ok
22:11:37.0904 2916 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
22:11:37.0935 2916 iphlpsvc - ok
22:11:37.0967 2916 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:11:37.0982 2916 IPMIDRV - ok
22:11:38.0013 2916 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:11:38.0013 2916 IPNAT - ok
22:11:38.0029 2916 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:11:38.0029 2916 IRENUM - ok
22:11:38.0060 2916 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:11:38.0060 2916 isapnp - ok
22:11:38.0107 2916 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:11:38.0107 2916 iScsiPrt - ok
22:11:38.0154 2916 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
22:11:38.0154 2916 kbdclass - ok
22:11:38.0201 2916 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
22:11:38.0201 2916 kbdhid - ok
22:11:38.0232 2916 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:11:38.0247 2916 KeyIso - ok
22:11:38.0263 2916 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
22:11:38.0263 2916 KSecDD - ok
22:11:38.0294 2916 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
22:11:38.0310 2916 KSecPkg - ok
22:11:38.0372 2916 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
22:11:38.0388 2916 KtmRm - ok
22:11:38.0466 2916 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
22:11:38.0481 2916 LanmanServer - ok
22:11:38.0528 2916 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
22:11:38.0544 2916 LanmanWorkstation - ok
22:11:38.0669 2916 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:11:38.0669 2916 LightScribeService - ok
22:11:38.0700 2916 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:11:38.0700 2916 lltdio - ok
22:11:38.0762 2916 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
22:11:38.0778 2916 lltdsvc - ok
22:11:38.0793 2916 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
22:11:38.0809 2916 lmhosts - ok
22:11:38.0840 2916 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:11:38.0856 2916 LSI_FC - ok
22:11:38.0887 2916 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:11:38.0887 2916 LSI_SAS - ok
22:11:38.0903 2916 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:11:38.0903 2916 LSI_SAS2 - ok
22:11:38.0934 2916 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:11:38.0934 2916 LSI_SCSI - ok
22:11:38.0965 2916 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:11:38.0981 2916 luafv - ok
22:11:39.0043 2916 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
22:11:39.0043 2916 MBAMProtector - ok
22:11:39.0199 2916 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:11:39.0215 2916 MBAMService - ok
22:11:39.0246 2916 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
22:11:39.0261 2916 Mcx2Svc - ok
22:11:39.0293 2916 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:11:39.0293 2916 megasas - ok
22:11:39.0355 2916 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:11:39.0371 2916 MegaSR - ok
22:11:39.0449 2916 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:11:39.0449 2916 Microsoft Office Groove Audit Service - ok
22:11:39.0495 2916 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:11:39.0495 2916 MMCSS - ok
22:11:39.0511 2916 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:11:39.0527 2916 Modem - ok
22:11:39.0573 2916 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:11:39.0573 2916 monitor - ok
22:11:39.0620 2916 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:11:39.0620 2916 mouclass - ok
22:11:39.0636 2916 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:11:39.0651 2916 mouhid - ok
22:11:39.0698 2916 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:11:39.0698 2916 mountmgr - ok
22:11:39.0745 2916 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:11:39.0745 2916 mpio - ok
22:11:39.0776 2916 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:11:39.0776 2916 mpsdrv - ok
22:11:39.0885 2916 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
22:11:39.0901 2916 MpsSvc - ok
22:11:39.0948 2916 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:11:39.0948 2916 MRxDAV - ok
22:11:39.0995 2916 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:11:39.0995 2916 mrxsmb - ok
22:11:40.0057 2916 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:11:40.0057 2916 mrxsmb10 - ok
22:11:40.0104 2916 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:11:40.0104 2916 mrxsmb20 - ok
22:11:40.0135 2916 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:11:40.0135 2916 msahci - ok
22:11:40.0182 2916 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:11:40.0182 2916 msdsm - ok
22:11:40.0213 2916 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
22:11:40.0229 2916 MSDTC - ok
22:11:40.0260 2916 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:11:40.0260 2916 Msfs - ok
22:11:40.0275 2916 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:11:40.0275 2916 mshidkmdf - ok
22:11:40.0307 2916 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:11:40.0307 2916 msisadrv - ok
22:11:40.0369 2916 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
22:11:40.0369 2916 MSiSCSI - ok
22:11:40.0385 2916 msiserver - ok
22:11:40.0416 2916 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:11:40.0416 2916 MSKSSRV - ok
22:11:40.0431 2916 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:11:40.0431 2916 MSPCLOCK - ok
22:11:40.0463 2916 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:11:40.0463 2916 MSPQM - ok
22:11:40.0494 2916 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:11:40.0509 2916 MsRPC - ok
22:11:40.0541 2916 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:11:40.0541 2916 mssmbios - ok
22:11:40.0572 2916 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:11:40.0587 2916 MSTEE - ok
22:11:40.0603 2916 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:11:40.0603 2916 MTConfig - ok
22:11:40.0619 2916 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:11:40.0619 2916 Mup - ok
22:11:40.0697 2916 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
22:11:40.0712 2916 napagent - ok
22:11:40.0790 2916 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:11:40.0790 2916 NativeWifiP - ok
22:11:40.0899 2916 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:11:40.0915 2916 NDIS - ok
22:11:40.0946 2916 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:11:40.0946 2916 NdisCap - ok
22:11:40.0977 2916 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:11:40.0977 2916 NdisTapi - ok
22:11:41.0009 2916 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:11:41.0009 2916 Ndisuio - ok
22:11:41.0055 2916 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:11:41.0071 2916 NdisWan - ok
22:11:41.0118 2916 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:11:41.0118 2916 NDProxy - ok
22:11:41.0211 2916 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:11:41.0227 2916 NetBIOS - ok
22:11:41.0274 2916 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
22:11:41.0274 2916 NetBT - ok
22:11:41.0321 2916 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:11:41.0336 2916 Netlogon - ok
22:11:41.0430 2916 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
22:11:41.0430 2916 Netman - ok
22:11:41.0492 2916 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
22:11:41.0508 2916 netprofm - ok
22:11:41.0601 2916 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:11:41.0601 2916 NetTcpPortSharing - ok
22:11:42.0522 2916 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
22:11:42.0662 2916 NETw5s32 - ok
22:11:43.0411 2916 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
22:11:43.0458 2916 netw5v32 - ok
22:11:43.0661 2916 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:11:43.0661 2916 nfrd960 - ok
22:11:43.0723 2916 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
22:11:43.0739 2916 NlaSvc - ok
22:11:43.0754 2916 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:11:43.0754 2916 Npfs - ok
22:11:43.0785 2916 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
22:11:43.0801 2916 nsi - ok
22:11:43.0817 2916 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:11:43.0817 2916 nsiproxy - ok
22:11:44.0004 2916 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:11:44.0035 2916 Ntfs - ok
22:11:44.0066 2916 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:11:44.0082 2916 Null - ok
22:11:45.0345 2916 nvlddmkm (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:11:45.0657 2916 nvlddmkm - ok
22:11:45.0845 2916 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:11:45.0860 2916 nvraid - ok
22:11:45.0891 2916 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:11:45.0891 2916 nvstor - ok
22:11:45.0969 2916 nvsvc (c4d17f11526f87bc762f31da5bd2580b) C:\Windows\system32\nvvsvc.exe
22:11:45.0985 2916 nvsvc - ok
22:11:46.0001 2916 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:11:46.0016 2916 nv_agp - ok
22:11:46.0157 2916 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:11:46.0172 2916 odserv - ok
22:11:46.0203 2916 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:11:46.0203 2916 ohci1394 - ok
22:11:46.0266 2916 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:11:46.0281 2916 ose - ok
22:11:46.0344 2916 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:11:46.0359 2916 p2pimsvc - ok
22:11:46.0406 2916 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
22:11:46.0437 2916 p2psvc - ok
22:11:46.0484 2916 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:11:46.0484 2916 Parport - ok
22:11:46.0515 2916 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
22:11:46.0515 2916 partmgr - ok
22:11:46.0531 2916 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:11:46.0531 2916 Parvdm - ok
22:11:46.0578 2916 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
22:11:46.0593 2916 PcaSvc - ok
22:11:46.0640 2916 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:11:46.0640 2916 pci - ok
22:11:46.0671 2916 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:11:46.0671 2916 pciide - ok
22:11:46.0703 2916 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:11:46.0703 2916 pcmcia - ok
22:11:46.0749 2916 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:11:46.0749 2916 pcw - ok
22:11:46.0827 2916 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:11:46.0843 2916 PEAUTH - ok
22:11:46.0983 2916 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
22:11:47.0015 2916 PeerDistSvc - ok
22:11:47.0249 2916 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
22:11:47.0295 2916 pla - ok
22:11:47.0498 2916 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
22:11:47.0514 2916 PlugPlay - ok
22:11:47.0529 2916 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
22:11:47.0545 2916 PNRPAutoReg - ok
22:11:47.0592 2916 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:11:47.0607 2916 PNRPsvc - ok
22:11:47.0685 2916 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
22:11:47.0701 2916 PolicyAgent - ok
22:11:47.0748 2916 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
22:11:47.0763 2916 Power - ok
22:11:47.0841 2916 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:11:47.0841 2916 PptpMiniport - ok
22:11:47.0873 2916 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:11:47.0873 2916 Processor - ok
22:11:47.0919 2916 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
22:11:47.0935 2916 ProfSvc - ok
22:11:47.0966 2916 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:11:47.0982 2916 ProtectedStorage - ok
22:11:48.0029 2916 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:11:48.0029 2916 Psched - ok
22:11:48.0216 2916 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:11:48.0247 2916 ql2300 - ok
22:11:48.0434 2916 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:11:48.0434 2916 ql40xx - ok
22:11:48.0481 2916 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
22:11:48.0497 2916 QWAVE - ok
22:11:48.0512 2916 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:11:48.0528 2916 QWAVEdrv - ok
22:11:48.0543 2916 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:11:48.0543 2916 RasAcd - ok
22:11:48.0590 2916 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:11:48.0590 2916 RasAgileVpn - ok
22:11:48.0621 2916 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
22:11:48.0621 2916 RasAuto - ok
22:11:48.0653 2916 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:11:48.0668 2916 Rasl2tp - ok
22:11:48.0731 2916 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
22:11:48.0746 2916 RasMan - ok
22:11:48.0777 2916 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:11:48.0777 2916 RasPppoe - ok
22:11:48.0809 2916 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:11:48.0809 2916 RasSstp - ok
22:11:48.0840 2916 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:11:48.0855 2916 rdbss - ok
22:11:48.0871 2916 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:11:48.0871 2916 rdpbus - ok
22:11:48.0902 2916 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:11:48.0902 2916 RDPCDD - ok
22:11:48.0949 2916 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
22:11:48.0949 2916 RDPDR - ok
22:11:48.0980 2916 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:11:48.0980 2916 RDPENCDD - ok
22:11:49.0011 2916 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:11:49.0011 2916 RDPREFMP - ok
22:11:49.0074 2916 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
22:11:49.0074 2916 RDPWD - ok
22:11:49.0136 2916 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:11:49.0152 2916 rdyboost - ok
22:11:49.0183 2916 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
22:11:49.0183 2916 RemoteAccess - ok
22:11:49.0277 2916 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
22:11:49.0292 2916 RemoteRegistry - ok
22:11:49.0339 2916 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
22:11:49.0339 2916 RFCOMM - ok
22:11:49.0401 2916 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
22:11:49.0401 2916 RimUsb - ok
22:11:49.0433 2916 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
22:11:49.0433 2916 RimVSerPort - ok
22:11:49.0464 2916 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
22:11:49.0464 2916 ROOTMODEM - ok
22:11:49.0495 2916 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
22:11:49.0511 2916 RpcEptMapper - ok
22:11:49.0542 2916 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
22:11:49.0542 2916 RpcLocator - ok
22:11:49.0620 2916 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:11:49.0635 2916 RpcSs - ok
22:11:49.0667 2916 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:11:49.0667 2916 rspndr - ok
22:11:49.0745 2916 RSUSBSTOR (96f8dd546677aa5102150acc140377b3) C:\Windows\system32\Drivers\RtsUStor.sys
22:11:49.0745 2916 RSUSBSTOR - ok
22:11:49.0807 2916 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
22:11:49.0807 2916 RTL8167 - ok
22:11:49.0823 2916 RtsUIR - ok
22:11:49.0869 2916 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
22:11:49.0869 2916 s3cap - ok
22:11:49.0901 2916 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:11:49.0916 2916 SamSs - ok
22:11:49.0963 2916 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:11:49.0963 2916 sbp2port - ok
22:11:50.0010 2916 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
22:11:50.0025 2916 SCardSvr - ok
22:11:50.0057 2916 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:11:50.0057 2916 scfilter - ok
22:11:50.0181 2916 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
22:11:50.0213 2916 Schedule - ok
22:11:50.0244 2916 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:11:50.0244 2916 SCPolicySvc - ok
22:11:50.0291 2916 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
22:11:50.0306 2916 SDRSVC - ok
22:11:50.0337 2916 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:11:50.0353 2916 secdrv - ok
22:11:50.0369 2916 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
22:11:50.0384 2916 seclogon - ok
22:11:50.0400 2916 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
22:11:50.0415 2916 SENS - ok
22:11:50.0447 2916 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
22:11:50.0462 2916 SensrSvc - ok
22:11:50.0478 2916 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:11:50.0493 2916 Serenum - ok
22:11:50.0525 2916 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:11:50.0525 2916 Serial - ok
22:11:50.0556 2916 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:11:50.0571 2916 sermouse - ok
22:11:50.0634 2916 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
22:11:50.0649 2916 SessionEnv - ok
22:11:50.0665 2916 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:11:50.0681 2916 sffdisk - ok
22:11:50.0696 2916 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:11:50.0696 2916 sffp_mmc - ok
22:11:50.0727 2916 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:11:50.0727 2916 sffp_sd - ok
22:11:50.0759 2916 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:11:50.0759 2916 sfloppy - ok
22:11:50.0837 2916 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
22:11:50.0852 2916 SharedAccess - ok
22:11:50.0930 2916 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
22:11:50.0946 2916 ShellHWDetection - ok
22:11:50.0977 2916 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:11:50.0993 2916 sisagp - ok
22:11:51.0039 2916 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:11:51.0039 2916 SiSRaid2 - ok
22:11:51.0086 2916 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:11:51.0086 2916 SiSRaid4 - ok
22:11:51.0164 2916 SmartDefragDriver (bf302072dc8374cf4e118fd88aa817a2) C:\Windows\system32\Drivers\SmartDefragDriver.sys
22:11:51.0164 2916 SmartDefragDriver - ok
22:11:51.0211 2916 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:11:51.0211 2916 Smb - ok
22:11:51.0273 2916 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
22:11:51.0289 2916 SNMPTRAP - ok
22:11:51.0305 2916 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:11:51.0320 2916 spldr - ok
22:11:51.0383 2916 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
22:11:51.0414 2916 Spooler - ok
22:11:51.0835 2916 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
22:11:51.0897 2916 sppsvc - ok
22:11:52.0069 2916 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
22:11:52.0085 2916 sppuinotify - ok
22:11:52.0178 2916 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:11:52.0178 2916 srv - ok
22:11:52.0256 2916 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:11:52.0256 2916 srv2 - ok
22:11:52.0319 2916 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:11:52.0319 2916 srvnet - ok
22:11:52.0365 2916 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
22:11:52.0381 2916 SSDPSRV - ok
22:11:52.0412 2916 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
22:11:52.0428 2916 SstpSvc - ok
22:11:52.0584 2916 STacSV (fe7f776f2590c8331123bda3a3a21de6) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
22:11:52.0599 2916 STacSV - ok
22:11:52.0631 2916 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:11:52.0631 2916 stexstor - ok
22:11:52.0693 2916 STHDA (dadb74bf26766757dbba9c5912969ebf) C:\Windows\system32\DRIVERS\stwrt.sys
22:11:52.0709 2916 STHDA - ok
22:11:52.0787 2916 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
22:11:52.0818 2916 StiSvc - ok
22:11:52.0849 2916 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
22:11:52.0849 2916 storflt - ok
22:11:52.0880 2916 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
22:11:52.0896 2916 StorSvc - ok
22:11:52.0927 2916 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
22:11:52.0927 2916 storvsc - ok
22:11:52.0943 2916 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:11:52.0943 2916 swenum - ok
22:11:53.0021 2916 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
22:11:53.0036 2916 swprv - ok
22:11:53.0114 2916 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
22:11:53.0114 2916 SynTP - ok
22:11:53.0301 2916 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
22:11:53.0333 2916 SysMain - ok
22:11:53.0379 2916 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
22:11:53.0395 2916 TabletInputService - ok
22:11:53.0442 2916 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
22:11:53.0473 2916 TapiSrv - ok
22:11:53.0504 2916 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
22:11:53.0520 2916 TBS - ok
22:11:53.0738 2916 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
22:11:53.0769 2916 Tcpip - ok
22:11:54.0128 2916 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
22:11:54.0144 2916 TCPIP6 - ok
22:11:54.0284 2916 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:11:54.0284 2916 tcpipreg - ok
22:11:54.0331 2916 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:11:54.0331 2916 TDPIPE - ok
22:11:54.0347 2916 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
22:11:54.0362 2916 TDTCP - ok
22:11:54.0409 2916 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:11:54.0409 2916 tdx - ok
22:11:54.0440 2916 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:11:54.0440 2916 TermDD - ok
22:11:54.0534 2916 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
22:11:54.0565 2916 TermService - ok
22:11:54.0581 2916 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
22:11:54.0596 2916 Themes - ok
22:11:54.0643 2916 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:11:54.0643 2916 THREADORDER - ok
22:11:54.0674 2916 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
22:11:54.0690 2916 TrkWks - ok
22:11:54.0752 2916 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
22:11:54.0752 2916 TrustedInstaller - ok
22:11:54.0783 2916 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:11:54.0783 2916 tssecsrv - ok
22:11:54.0830 2916 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:11:54.0830 2916 TsUsbFlt - ok
22:11:54.0893 2916 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:11:54.0908 2916 tunnel - ok
22:11:54.0939 2916 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:11:54.0939 2916 uagp35 - ok
22:11:55.0002 2916 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:11:55.0017 2916 udfs - ok
22:11:55.0064 2916 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
22:11:55.0080 2916 UI0Detect - ok
22:11:55.0111 2916 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:11:55.0111 2916 uliagpkx - ok
22:11:55.0142 2916 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
22:11:55.0142 2916 umbus - ok
22:11:55.0173 2916 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:11:55.0173 2916 UmPass - ok
22:11:55.0220 2916 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
22:11:55.0236 2916 UmRdpService - ok
22:11:55.0298 2916 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
22:11:55.0329 2916 upnphost - ok
22:11:55.0345 2916 upperdev - ok
22:11:55.0392 2916 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:11:55.0392 2916 usbccgp - ok
22:11:55.0407 2916 USBCCID - ok
22:11:55.0454 2916 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:11:55.0454 2916 usbcir - ok
22:11:55.0501 2916 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:11:55.0501 2916 usbehci - ok
22:11:55.0548 2916 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:11:55.0548 2916 usbhub - ok
22:11:55.0579 2916 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
22:11:55.0579 2916 usbohci - ok
22:11:55.0610 2916 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:11:55.0610 2916 usbprint - ok
22:11:55.0641 2916 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
22:11:55.0657 2916 usbscan - ok
22:11:55.0673 2916 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:11:55.0688 2916 USBSTOR - ok
22:11:55.0704 2916 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:11:55.0704 2916 usbuhci - ok
22:11:55.0766 2916 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
22:11:55.0782 2916 usbvideo - ok
22:11:55.0797 2916 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
22:11:55.0813 2916 UxSms - ok
22:11:55.0844 2916 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:11:55.0860 2916 VaultSvc - ok
22:11:55.0891 2916 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:11:55.0891 2916 vdrvroot - ok
22:11:55.0969 2916 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
22:11:55.0985 2916 vds - ok
22:11:56.0016 2916 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:11:56.0016 2916 vga - ok
22:11:56.0047 2916 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:11:56.0047 2916 VgaSave - ok
22:11:56.0094 2916 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:11:56.0109 2916 vhdmp - ok
22:11:56.0141 2916 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:11:56.0141 2916 viaagp - ok
22:11:56.0172 2916 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:11:56.0172 2916 ViaC7 - ok
22:11:56.0187 2916 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:11:56.0187 2916 viaide - ok
22:11:56.0234 2916 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
22:11:56.0250 2916 vmbus - ok
22:11:56.0265 2916 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
22:11:56.0281 2916 VMBusHID - ok
22:11:56.0312 2916 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:11:56.0312 2916 volmgr - ok
22:11:56.0375 2916 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:11:56.0390 2916 volmgrx - ok
22:11:56.0437 2916 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:11:56.0453 2916 volsnap - ok
22:11:56.0499 2916 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:11:56.0499 2916 vsmraid - ok
22:11:56.0655 2916 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
22:11:56.0687 2916 VSS - ok
22:11:56.0733 2916 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
22:11:56.0733 2916 vwifibus - ok
22:11:56.0765 2916 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
22:11:56.0765 2916 vwififlt - ok
22:11:56.0796 2916 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
22:11:56.0811 2916 vwifimp - ok
22:11:56.0874 2916 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
22:11:56.0889 2916 W32Time - ok
22:11:56.0921 2916 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:11:56.0921 2916 WacomPen - ok
22:11:56.0967 2916 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:11:56.0967 2916 WANARP - ok
22:11:56.0983 2916 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:11:56.0983 2916 Wanarpv6 - ok
22:11:57.0201 2916 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
22:11:57.0233 2916 WatAdminSvc - ok
22:11:57.0576 2916 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
22:11:57.0623 2916 wbengine - ok
22:11:57.0685 2916 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
22:11:57.0701 2916 WbioSrvc - ok
22:11:57.0763 2916 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
22:11:57.0779 2916 wcncsvc - ok
22:11:57.0794 2916 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
22:11:57.0810 2916 WcsPlugInService - ok
22:11:57.0872 2916 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:11:57.0888 2916 Wd - ok
22:11:57.0950 2916 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:11:57.0966 2916 Wdf01000 - ok
22:11:57.0997 2916 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:11:58.0013 2916 WdiServiceHost - ok
22:11:58.0028 2916 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:11:58.0044 2916 WdiSystemHost - ok
22:11:58.0091 2916 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
22:11:58.0106 2916 WebClient - ok
22:11:58.0153 2916 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
22:11:58.0169 2916 Wecsvc - ok
22:11:58.0200 2916 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
22:11:58.0215 2916 wercplsupport - ok
22:11:58.0247 2916 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
22:11:58.0262 2916 WerSvc - ok
22:11:58.0293 2916 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:11:58.0309 2916 WfpLwf - ok
22:11:58.0325 2916 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:11:58.0325 2916 WIMMount - ok
22:11:58.0481 2916 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
22:11:58.0496 2916 WinDefend - ok
22:11:58.0512 2916 WinHttpAutoProxySvc - ok
22:11:58.0590 2916 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
22:11:58.0590 2916 Winmgmt - ok
22:11:58.0902 2916 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
22:11:58.0933 2916 WinRM - ok
22:11:59.0027 2916 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
22:11:59.0027 2916 WinUsb - ok
22:11:59.0167 2916 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
22:11:59.0183 2916 Wlansvc - ok
22:11:59.0245 2916 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:11:59.0245 2916 WmiAcpi - ok
22:11:59.0323 2916 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
22:11:59.0323 2916 wmiApSrv - ok
22:11:59.0541 2916 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:11:59.0557 2916 WMPNetworkSvc - ok
22:11:59.0713 2916 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
22:11:59.0729 2916 WPCSvc - ok
22:11:59.0775 2916 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
22:11:59.0791 2916 WPDBusEnum - ok
22:11:59.0838 2916 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:11:59.0838 2916 ws2ifsl - ok
22:11:59.0869 2916 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
22:11:59.0885 2916 wscsvc - ok
22:11:59.0885 2916 WSearch - ok
22:12:00.0181 2916 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
22:12:00.0228 2916 wuauserv - ok
22:12:00.0446 2916 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:12:00.0446 2916 WudfPf - ok
22:12:00.0493 2916 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:12:00.0493 2916 WUDFRd - ok
22:12:00.0540 2916 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
22:12:00.0555 2916 wudfsvc - ok
22:12:00.0602 2916 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
22:12:00.0618 2916 WwanSvc - ok
22:12:00.0680 2916 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
22:12:00.0836 2916 \Device\Harddisk0\DR0 - ok
22:12:00.0836 2916 Boot (0x1200) (f447cc5f4ba338bf66666f10e77c7d8d) \Device\Harddisk0\DR0\Partition0
22:12:00.0852 2916 \Device\Harddisk0\DR0\Partition0 - ok
22:12:00.0852 2916 Boot (0x1200) (b410bfd1dceb5d000bf99af1e6fd3fd2) \Device\Harddisk0\DR0\Partition1
22:12:00.0852 2916 \Device\Harddisk0\DR0\Partition1 - ok
22:12:00.0867 2916 Boot (0x1200) (f7f97823bb64dd665d8e81d3a871f499) \Device\Harddisk0\DR0\Partition2
22:12:00.0867 2916 \Device\Harddisk0\DR0\Partition2 - ok
22:12:00.0867 2916 ============================================================
22:12:00.0867 2916 Scan finished
22:12:00.0867 2916 ============================================================
22:12:00.0883 2608 Detected object count: 0
22:12:00.0883 2608 Actual detected object count: 0



3. aswMBR



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-04 22:13:17
-----------------------------
22:13:17.428 OS Version: Windows 6.1.7601 Service Pack 1
22:13:17.428 Number of processors: 2 586 0x170A
22:13:17.444 ComputerName: NADIA-PC UserName: Nadia
22:13:50.006 Initialize success
22:13:50.677 AVAST engine defs: 12070400
22:15:07.913 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:15:07.913 Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40J Size: 305245MB BusType: 11
22:15:07.944 Disk 0 MBR read successfully
22:15:07.960 Disk 0 MBR scan
22:15:07.960 Disk 0 unknown MBR code
22:15:07.975 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 232855 MB offset 2048
22:15:08.007 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 60314 MB offset 476889525
22:15:08.038 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12064 MB offset 600428544
22:15:08.085 Disk 0 scanning sectors +625137345
22:15:08.163 Disk 0 scanning C:\Windows\system32\drivers
22:15:22.203 Service scanning
22:15:49.643 Modules scanning
22:16:04.447 Disk 0 trace - called modules:
22:16:05.009 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys ataport.SYS PCIIDEX.SYS msahci.sys
22:16:05.025 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c803d8]
22:16:05.040 3 CLASSPNP.SYS[88e0459e] -> nt!IofCallDriver -> [0x85c809f8]
22:16:05.056 5 hpdskflt.sys[89219f8a] -> nt!IofCallDriver -> [0x85b848c8]
22:16:05.071 7 ACPI.sys[88cb03d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85b82030]
22:16:06.538 AVAST engine scan C:\Windows
22:16:09.034 AVAST engine scan C:\Windows\system32
22:18:40.027 AVAST engine scan C:\Windows\system32\drivers
22:18:53.224 AVAST engine scan C:\Users\Nadia
22:21:21.097 AVAST engine scan C:\ProgramData
22:22:14.152 Scan finished successfully
22:24:52.430 Disk 0 MBR has been saved successfully to "C:\Users\Nadia\Desktop\MBR.dat"
22:24:52.446 The log file has been saved successfully to "C:\Users\Nadia\Desktop\aswMBR.txt"

#9 nadbulat

nadbulat
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 04 July 2012 - 03:30 PM

so, is everything ok?
oh by the way, this morning, when i was surfing.
suddenly avast detected a virus again, i dont remember which, but, i think it must have been pretty malicious because
avast asked to do immediate bootscan.
so i did. and, there was no threat.

what's going on?

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:11 PM

Posted 04 July 2012 - 03:42 PM

Hello, there is a possibility of a hidden roootkit. So lets get a deeper look and be certain.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 nadbulat

nadbulat
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 04 July 2012 - 03:59 PM

what are script blocking programs?

#12 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:11:11 AM

Posted 04 July 2012 - 04:31 PM

They are applications usually associated with antimalware tools and anti-viruses that block malicious scripts from loading. You don't want them running because they will often give you a false positive when trying to run the tools to generate your malware logs.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#13 nadbulat

nadbulat
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 04 July 2012 - 05:17 PM

thank youuu! :)

#14 nadbulat

nadbulat
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 04 July 2012 - 05:34 PM

ive posted the new topic! um, would you (boopme) still be helping me?

#15 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:11:11 AM

Posted 05 July 2012 - 08:33 AM

You're quite welcome. Boopme will not be assisting you in the next phase, but a highly trained Malware Removal Team member will be.

Now that your log is properly posted here, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the logs you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users