Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer has a botnet?


  • Please log in to reply
3 replies to this topic

#1 Rewster

Rewster

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 15 July 2012 - 08:24 PM

Well, I am using PeerBlock to help block any malicious websites, and I see that it is showing logs of blocked BotNets recently in the past hour. I see four recently that are coming from my computer and going to VimpelCom(some telephone company in Russia.) I was doing a full scan earlier with Comodo and it had returned 6 infections at 63% through, but the computer basically froze during the scan and had to shut it down.

Just hoping that someone can help me solve this and make sure my computer is clean. And if it isn't, then hopefully you can help me clean it out.


Edit: I just checked my history on PeerBlock, and searched for botnet. I have 43 results of botnet attacks coming from and to my computer. I do not know much about a BotNet, except that I know they are normally bad (no idea if this is just a normal thing for a program on my computer.)

Edited by Rewster, 15 July 2012 - 08:30 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:16 AM

Posted 16 July 2012 - 09:04 AM

Welcome to BC.
A botnet refers to a type of bot running on an IRC network that has been created with a trojan. When an infected computer is on the Internet the bot can then start up an IRC client and connect to an IRC server. The Trojan will also have been coded to make the bot join a certain chat room once it has connected. Multiple bots can then join in one channels and the person who has made them can now spam IRC chat rooms, launch huge numbers of Denial of Service attacks against the IRC servers causing them to go down.
http://www.webopedia.com/TERM/B/botnet.html

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.


We need to see a few logs.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>>>>

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).


>>>>
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Rewster

Rewster
  • Topic Starter

  • Members
  • 204 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 16 July 2012 - 02:15 PM

MiniToolBox by Farbar Version: 15-07-2012
Ran by home (administrator) on 16-07-2012 at 13:46:04
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Hamachi Network Interface = Hamachi (Connected)
Linksys AE1000 = Wireless Network Connection 5 (Connected)
Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection 3" nexthop=5.0.0.1
set interface interface="Local Area Connection 3" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : home-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection 5:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Linksys AE1000 #5
Physical Address. . . . . . . . . : 68-7F-74-F7-6E-0F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1514:46db:d368:aaaf%17(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.70(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, July 15, 2012 8:48:37 PM
Lease Expires . . . . . . . . . . : Tuesday, July 17, 2012 8:48:36 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 409501556
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-5B-94-79-00-22-68-4D-1E-95
DNS Servers . . . . . . . . . . . : 8.26.56.26
156.154.70.22
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-22-68-4D-1E-95
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-61-E9-28-FA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 5.67.3.204(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Sunday, July 15, 2012 8:48:33 PM
Lease Expires . . . . . . . . . . : Monday, July 16, 2012 1:48:57 PM
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.gateway.2wire.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{456A550C-9587-4D8B-8F84-21643FF07297}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{179FCE81-4884-43FD-B64C-4DCB369DD36D}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: google.com
Addresses: 2a00:1450:8005::71
173.194.69.138
173.194.69.100
173.194.69.102
173.194.69.101
173.194.69.139
173.194.69.113



Pinging google.com [173.194.69.113] with 32 bytes of data:

Reply from 173.194.69.113: bytes=32 time=162ms TTL=37

Reply from 173.194.69.113: bytes=32 time=161ms TTL=37



Ping statistics for 173.194.69.113:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 161ms, Maximum = 162ms, Average = 161ms

Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=29ms TTL=49

Reply from 209.191.122.70: bytes=32 time=27ms TTL=49



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 27ms, Maximum = 29ms, Average = 28ms

Server: ns1.recursive.dns.com
Address: 8.26.56.26

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
17 ...68 7f 74 f7 6e 0f ...... Linksys AE1000 #5
10 ...00 22 68 4d 1e 95 ...... Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller
12 ...7a 79 61 e9 28 fa ...... Hamachi Network Interface
1 ........................... Software Loopback Interface 1
21 ...00 00 00 00 00 00 00 e0 isatap.gateway.2wire.net
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
22 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
20 ...00 00 00 00 00 00 00 e0 isatap.{456A550C-9587-4D8B-8F84-21643FF07297}
19 ...00 00 00 00 00 00 00 e0 isatap.{179FCE81-4884-43FD-B64C-4DCB369DD36D}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.67.3.204 9256
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.70 30
5.0.0.0 255.0.0.0 On-link 5.67.3.204 9256
5.67.3.204 255.255.255.255 On-link 5.67.3.204 9256
5.255.255.255 255.255.255.255 On-link 5.67.3.204 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.70 286
192.168.1.70 255.255.255.255 On-link 192.168.1.70 286
192.168.1.255 255.255.255.255 On-link 192.168.1.70 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 5.67.3.204 9256
224.0.0.0 240.0.0.0 On-link 192.168.1.70 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 5.67.3.204 9256
255.255.255.255 255.255.255.255 On-link 192.168.1.70 286
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
17 286 fe80::/64 On-link
17 286 fe80::1514:46db:d368:aaaf/128
On-link
1 306 ff00::/8 On-link
17 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/16/2012 02:40:08 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (07/15/2012 08:55:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/15/2012 08:55:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/15/2012 08:55:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/15/2012 08:55:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/15/2012 08:55:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/15/2012 08:55:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/15/2012 08:55:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/15/2012 08:49:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2012 11:52:34 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (07/16/2012 02:56:00 AM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/15/2012 08:52:06 PM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (07/15/2012 08:49:24 PM) (Source: Service Control Manager) (User: )
Description: Beep
i8042prt

Error: (07/15/2012 08:49:24 PM) (Source: Service Control Manager) (User: )
Description: int15%%31

Error: (07/15/2012 08:49:24 PM) (Source: Service Control Manager) (User: )
Description: VirtualBox Host-Only Ethernet Adapter%%1058

Error: (07/15/2012 08:49:24 PM) (Source: Service Control Manager) (User: )
Description: USB RNDIS Adapter%%1058

Error: (07/15/2012 08:49:24 PM) (Source: Service Control Manager) (User: )
Description: Anchorfree HSS Adapter%%1058

Error: (07/15/2012 08:49:24 PM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058

Error: (07/15/2012 08:49:24 PM) (Source: Service Control Manager) (User: )
Description: Comodo EasyVPN Miniport Driver%%2

Error: (07/15/2012 08:48:05 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Agere Systems PCI-SV92PP Soft Modem
Akamai NetSession Interface
AMD APP SDK Runtime (Version: 10.0.831.4)
AMD Catalyst Install Manager (Version: 8.0.873.0)
AMD Fuel (Version: 2011.1109.2212.39826)
AMD Fuel (Version: 2011.1205.2215.39827)
Apple Mobile Device Support (Version: 4.0.0.97)
Bonjour (Version: 3.0.0.10)
ccc-utility64 (Version: 2011.1109.2212.39826)
CCleaner (Version: 3.20)
COMODO Internet Security (Version: 5.10.31649.2253)
Defraggler (Version: 2.09)
Google Chrome (Version: 20.0.1132.57)
Java SE Development Kit 7 Update 5 (64-bit) (Version: 1.7.0.50)
Java™ 7 Update 5 (64-bit) (Version: 7.0.50)
Java™ SE Development Kit 7 Update 2 (64-bit) (Version: 1.7.0.20)
JavaFX 2.0.2 (64-bit) (Version: 2.0.2)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Xbox 360 Accessories 1.1 (Version: 1.10.123.0)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Move Media Player
MSVCRT Redists (Version: 1.0)
Nexus Mod Manager (Version: 0.18.8)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
RealWorld Change Cursor (Version: 2.0.0)
SUPERAntiSpyware (Version: 5.5.1006)
SwiftKit
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Language Selector (Version: 15.4.3538.0513)

========================= Memory info: ===================================

Percentage of memory in use: 55%
Total physical RAM: 3838.27 MB
Available physical RAM: 1721.44 MB
Total Pagefile: 7905.05 MB
Available Pagefile: 5142.46 MB
Total Virtual: 4095.88 MB
Available Virtual: 3996.39 MB

========================= Partitions: =====================================

1 Drive a: (Windows 7) (Fixed) (Total:111.33 GB) (Free:111.24 GB) NTFS
2 Drive c: (OS) (Fixed) (Total:475.07 GB) (Free:281.44 GB) NTFS

========================= Users: ========================================

User accounts for \\HOME-PC

Administrator Guest home
iphone Mcx1


**** End of log ****





13:47:11.0586 3936 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
13:47:12.0067 3936 ============================================================
13:47:12.0067 3936 Current date / time: 2012/07/16 13:47:12.0067
13:47:12.0067 3936 SystemInfo:
13:47:12.0067 3936
13:47:12.0067 3936 OS Version: 6.0.6002 ServicePack: 2.0
13:47:12.0067 3936 Product type: Workstation
13:47:12.0068 3936 ComputerName: HOME-PC
13:47:12.0068 3936 UserName: home
13:47:12.0068 3936 Windows directory: C:\Windows
13:47:12.0068 3936 System windows directory: C:\Windows
13:47:12.0068 3936 Running under WOW64
13:47:12.0068 3936 Processor architecture: Intel x64
13:47:12.0068 3936 Number of processors: 4
13:47:12.0068 3936 Page size: 0x1000
13:47:12.0068 3936 Boot type: Normal boot
13:47:12.0068 3936 ============================================================
13:47:13.0354 3936 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:47:13.0459 3936 ============================================================
13:47:13.0459 3936 \Device\Harddisk0\DR0:
13:47:13.0460 3936 MBR partitions:
13:47:13.0460 3936 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1389000, BlocksNum 0x3B6227F8
13:47:13.0460 3936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3C9AB800, BlocksNum 0xDEAB800
13:47:13.0460 3936 ============================================================
13:47:13.0533 3936 C: <-> \Device\Harddisk0\DR0\Partition0
13:47:13.0565 3936 A: <-> \Device\Harddisk0\DR0\Partition1
13:47:13.0565 3936 ============================================================
13:47:13.0565 3936 Initialize success
13:47:13.0565 3936 ============================================================
13:47:36.0579 4336 ============================================================
13:47:36.0579 4336 Scan started
13:47:36.0579 4336 Mode: Manual; TDLFS;
13:47:36.0579 4336 ============================================================
13:47:37.0391 4336 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
13:47:37.0393 4336 !SASCORE - ok
13:47:37.0526 4336 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
13:47:37.0539 4336 ACPI - ok
13:47:37.0630 4336 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:47:37.0631 4336 AdobeARMservice - ok
13:47:37.0797 4336 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:47:37.0800 4336 AdobeFlashPlayerUpdateSvc - ok
13:47:37.0891 4336 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
13:47:37.0927 4336 adp94xx - ok
13:47:37.0982 4336 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
13:47:37.0987 4336 adpahci - ok
13:47:38.0012 4336 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
13:47:38.0032 4336 adpu160m - ok
13:47:38.0066 4336 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
13:47:38.0089 4336 adpu320 - ok
13:47:38.0210 4336 AE1000 (852d8034ffd1a1f076318039872fc500) C:\Windows\system32\DRIVERS\ae1000va.sys
13:47:38.0232 4336 AE1000 - ok
13:47:38.0264 4336 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
13:47:38.0265 4336 AeLookupSvc - ok
13:47:38.0310 4336 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
13:47:38.0322 4336 AFD - ok
13:47:38.0355 4336 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe
13:47:38.0356 4336 AgereModemAudio - ok
13:47:38.0444 4336 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\Windows\system32\DRIVERS\agrsm64.sys
13:47:38.0474 4336 AgereSoftModem - ok
13:47:38.0491 4336 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
13:47:38.0493 4336 agp440 - ok
13:47:38.0528 4336 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
13:47:38.0530 4336 aic78xx - ok
13:47:38.0996 4336 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
13:47:38.0996 4336 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
13:47:39.0008 4336 Akamai ( HiddenFile.Multi.Generic ) - warning
13:47:39.0008 4336 Akamai - detected HiddenFile.Multi.Generic (1)
13:47:39.0133 4336 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
13:47:39.0135 4336 ALG - ok
13:47:39.0169 4336 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
13:47:39.0171 4336 aliide - ok
13:47:39.0207 4336 AMD External Events Utility (2aed9a422ea1574c7d7ef9359a417718) C:\Windows\system32\atiesrxx.exe
13:47:39.0232 4336 AMD External Events Utility - ok
13:47:39.0249 4336 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
13:47:39.0250 4336 amdide - ok
13:47:39.0286 4336 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
13:47:39.0287 4336 amdiox64 - ok
13:47:39.0298 4336 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
13:47:39.0299 4336 AmdK8 - ok
13:47:39.0887 4336 amdkmdag (bfa5e854959d5546d8834ca61f4ad075) C:\Windows\system32\DRIVERS\atikmdag.sys
13:47:40.0117 4336 amdkmdag - ok
13:47:40.0235 4336 amdkmdap (92d664fffcd9e742fb25254f7f458d88) C:\Windows\system32\DRIVERS\atikmpag.sys
13:47:40.0250 4336 amdkmdap - ok
13:47:40.0308 4336 AODDriver4.01 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
13:47:40.0309 4336 AODDriver4.01 - ok
13:47:40.0336 4336 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
13:47:40.0337 4336 Appinfo - ok
13:47:40.0447 4336 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:47:40.0449 4336 Apple Mobile Device - ok
13:47:40.0519 4336 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
13:47:40.0521 4336 arc - ok
13:47:40.0547 4336 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
13:47:40.0560 4336 arcsas - ok
13:47:40.0719 4336 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:47:40.0720 4336 aspnet_state - ok
13:47:40.0743 4336 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
13:47:40.0744 4336 AsyncMac - ok
13:47:40.0772 4336 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
13:47:40.0773 4336 atapi - ok
13:47:41.0374 4336 atikmdag (bfa5e854959d5546d8834ca61f4ad075) C:\Windows\system32\DRIVERS\atikmdag.sys
13:47:41.0453 4336 atikmdag - ok
13:47:41.0656 4336 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
13:47:41.0658 4336 AtiPcie - ok
13:47:41.0663 4336 ATP - ok
13:47:41.0744 4336 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
13:47:41.0748 4336 AudioEndpointBuilder - ok
13:47:41.0754 4336 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
13:47:41.0759 4336 AudioSrv - ok
13:47:41.0815 4336 Beep - ok
13:47:41.0858 4336 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
13:47:41.0876 4336 BFE - ok
13:47:41.0981 4336 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
13:47:41.0992 4336 BITS - ok
13:47:42.0018 4336 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
13:47:42.0019 4336 blbdrive - ok
13:47:42.0089 4336 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:47:42.0093 4336 Bonjour Service - ok
13:47:42.0137 4336 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
13:47:42.0143 4336 bowser - ok
13:47:42.0169 4336 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
13:47:42.0170 4336 BrFiltLo - ok
13:47:42.0183 4336 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
13:47:42.0184 4336 BrFiltUp - ok
13:47:42.0215 4336 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
13:47:42.0219 4336 Browser - ok
13:47:42.0252 4336 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
13:47:42.0255 4336 Brserid - ok
13:47:42.0284 4336 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
13:47:42.0286 4336 BrSerWdm - ok
13:47:42.0299 4336 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
13:47:42.0300 4336 BrUsbMdm - ok
13:47:42.0310 4336 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
13:47:42.0318 4336 BrUsbSer - ok
13:47:42.0348 4336 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
13:47:42.0350 4336 BTHMODEM - ok
13:47:42.0393 4336 catchme - ok
13:47:42.0417 4336 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
13:47:42.0422 4336 cdfs - ok
13:47:42.0469 4336 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
13:47:42.0471 4336 cdrom - ok
13:47:42.0499 4336 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
13:47:42.0501 4336 CertPropSvc - ok
13:47:42.0540 4336 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
13:47:42.0542 4336 circlass - ok
13:47:42.0615 4336 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
13:47:42.0646 4336 CLFS - ok
13:47:42.0828 4336 CLHNServiceForPowerDVD12 (549f6a1198c3120bb836f04bb1baf5b8) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
13:47:42.0830 4336 CLHNServiceForPowerDVD12 - ok
13:47:42.0980 4336 CLPSLS (882e3973505c441ce000133c821d0edd) C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
13:47:42.0989 4336 CLPSLS - ok
13:47:43.0072 4336 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:47:43.0073 4336 clr_optimization_v2.0.50727_32 - ok
13:47:43.0126 4336 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:47:43.0127 4336 clr_optimization_v2.0.50727_64 - ok
13:47:43.0179 4336 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:47:43.0181 4336 clr_optimization_v4.0.30319_32 - ok
13:47:43.0266 4336 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:47:43.0268 4336 clr_optimization_v4.0.30319_64 - ok
13:47:43.0473 4336 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
13:47:43.0494 4336 cmdAgent - ok
13:47:43.0614 4336 cmderd (980edeb98e9b8718ddee5dbbb03a2532) C:\Windows\system32\DRIVERS\cmderd.sys
13:47:43.0616 4336 cmderd - ok
13:47:43.0667 4336 cmdGuard (98e9ac5f001ab92fd05de5db04621fea) C:\Windows\system32\DRIVERS\cmdguard.sys
13:47:43.0678 4336 cmdGuard - ok
13:47:43.0715 4336 cmdHlp (ba0e1a71d4a05f5dcdbce2070b934b5a) C:\Windows\system32\DRIVERS\cmdhlp.sys
13:47:43.0716 4336 cmdHlp - ok
13:47:43.0757 4336 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
13:47:43.0758 4336 cmdide - ok
13:47:43.0772 4336 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
13:47:43.0773 4336 Compbatt - ok
13:47:43.0777 4336 COMSysApp - ok
13:47:43.0792 4336 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
13:47:43.0794 4336 crcdisk - ok
13:47:43.0828 4336 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
13:47:43.0839 4336 CryptSvc - ok
13:47:43.0971 4336 CyberLink PowerDVD 12 Media Server Monitor Service (751e67a18468adae2d6aa90f026e2dbe) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
13:47:43.0972 4336 CyberLink PowerDVD 12 Media Server Monitor Service - ok
13:47:44.0019 4336 CyberLink PowerDVD 12 Media Server Service (3de230f59c8830168eaab163b606dd37) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
13:47:44.0022 4336 CyberLink PowerDVD 12 Media Server Service - ok
13:47:44.0089 4336 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
13:47:44.0097 4336 DcomLaunch - ok
13:47:44.0157 4336 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
13:47:44.0161 4336 DfsC - ok
13:47:44.0408 4336 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
13:47:44.0479 4336 DFSR - ok
13:47:44.0579 4336 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
13:47:44.0582 4336 Dhcp - ok
13:47:44.0621 4336 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
13:47:44.0623 4336 disk - ok
13:47:44.0657 4336 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
13:47:44.0660 4336 Dnscache - ok
13:47:44.0701 4336 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
13:47:44.0728 4336 dot3svc - ok
13:47:44.0769 4336 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
13:47:44.0781 4336 DPS - ok
13:47:44.0894 4336 DragonUpdater (e23019491555978fa1e8a3f3b5ce5e50) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
13:47:44.0899 4336 DragonUpdater - ok
13:47:44.0927 4336 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
13:47:44.0928 4336 drmkaud - ok
13:47:45.0010 4336 dump_wmimmc - ok
13:47:45.0122 4336 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
13:47:45.0174 4336 DXGKrnl - ok
13:47:45.0211 4336 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
13:47:45.0222 4336 E1G60 - ok
13:47:45.0226 4336 EagleX64 - ok
13:47:45.0248 4336 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
13:47:45.0249 4336 EapHost - ok
13:47:45.0293 4336 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
13:47:45.0305 4336 Ecache - ok
13:47:45.0384 4336 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
13:47:45.0387 4336 ehRecvr - ok
13:47:45.0452 4336 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
13:47:45.0453 4336 ehSched - ok
13:47:45.0489 4336 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
13:47:45.0490 4336 ehstart - ok
13:47:45.0527 4336 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
13:47:45.0539 4336 elxstor - ok
13:47:45.0595 4336 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
13:47:45.0623 4336 EMDMgmt - ok
13:47:45.0655 4336 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
13:47:45.0656 4336 ErrDev - ok
13:47:45.0707 4336 ETService (4d06d9a26227ac485305133916888df1) C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
13:47:45.0708 4336 ETService - ok
13:47:45.0751 4336 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
13:47:45.0755 4336 EventSystem - ok
13:47:45.0792 4336 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
13:47:45.0802 4336 exfat - ok
13:47:45.0835 4336 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
13:47:45.0845 4336 fastfat - ok
13:47:45.0873 4336 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
13:47:45.0874 4336 fdc - ok
13:47:45.0911 4336 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
13:47:45.0913 4336 fdPHost - ok
13:47:45.0922 4336 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
13:47:45.0924 4336 FDResPub - ok
13:47:45.0941 4336 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
13:47:45.0943 4336 FileInfo - ok
13:47:45.0960 4336 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
13:47:45.0961 4336 Filetrace - ok
13:47:45.0976 4336 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:47:45.0977 4336 flpydisk - ok
13:47:46.0020 4336 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
13:47:46.0027 4336 FltMgr - ok
13:47:46.0153 4336 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
13:47:46.0170 4336 FontCache - ok
13:47:46.0262 4336 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:47:46.0263 4336 FontCache3.0.0.0 - ok
13:47:46.0323 4336 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
13:47:46.0324 4336 Fs_Rec - ok
13:47:46.0337 4336 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
13:47:46.0339 4336 gagp30kx - ok
13:47:46.0369 4336 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
13:47:46.0370 4336 GEARAspiWDM - ok
13:47:46.0427 4336 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
13:47:46.0433 4336 gpsvc - ok
13:47:46.0516 4336 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:47:46.0517 4336 gupdate - ok
13:47:46.0521 4336 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:47:46.0523 4336 gupdatem - ok
13:47:46.0553 4336 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
13:47:46.0555 4336 hamachi - ok
13:47:46.0591 4336 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
13:47:46.0598 4336 HdAudAddService - ok
13:47:46.0693 4336 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:47:46.0717 4336 HDAudBus - ok
13:47:46.0759 4336 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
13:47:46.0761 4336 HidBth - ok
13:47:46.0772 4336 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
13:47:46.0774 4336 HidIr - ok
13:47:46.0809 4336 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
13:47:46.0810 4336 hidserv - ok
13:47:46.0850 4336 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
13:47:46.0852 4336 HidUsb - ok
13:47:46.0882 4336 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
13:47:46.0887 4336 hkmsvc - ok
13:47:46.0915 4336 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
13:47:46.0916 4336 HpCISSs - ok
13:47:46.0958 4336 HTCAND64 (894a75a3d6bfd97d73bf60d3022b567a) C:\Windows\system32\Drivers\ANDROIDUSB.sys
13:47:46.0960 4336 HTCAND64 - ok
13:47:46.0994 4336 htcnprot (4f6c3122817049997cd696d4a38bfacb) C:\Windows\system32\DRIVERS\htcnprot.sys
13:47:46.0996 4336 htcnprot - ok
13:47:47.0082 4336 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
13:47:47.0108 4336 HTTP - ok
13:47:47.0115 4336 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
13:47:47.0117 4336 i2omp - ok
13:47:47.0147 4336 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
13:47:47.0149 4336 i8042prt - ok
13:47:47.0179 4336 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
13:47:47.0185 4336 iaStorV - ok
13:47:47.0301 4336 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:47:47.0302 4336 IDriverT - ok
13:47:47.0444 4336 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:47:47.0450 4336 idsvc - ok
13:47:47.0524 4336 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
13:47:47.0525 4336 iirsp - ok
13:47:47.0567 4336 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
13:47:47.0602 4336 IKEEXT - ok
13:47:47.0636 4336 inspect (1d942e294a72a2a9ec527b327ae4f4bd) C:\Windows\system32\DRIVERS\inspect.sys
13:47:47.0641 4336 inspect - ok
13:47:47.0726 4336 int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys
13:47:47.0727 4336 int15 - ok
13:47:47.0731 4336 IntcAzAudAddService - ok
13:47:47.0777 4336 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
13:47:47.0779 4336 intelide - ok
13:47:47.0800 4336 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
13:47:47.0802 4336 intelppm - ok
13:47:47.0847 4336 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
13:47:47.0850 4336 IPBusEnum - ok
13:47:47.0877 4336 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:47:47.0879 4336 IpFilterDriver - ok
13:47:47.0943 4336 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
13:47:47.0996 4336 iphlpsvc - ok
13:47:48.0000 4336 IpInIp - ok
13:47:48.0046 4336 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
13:47:48.0048 4336 IPMIDRV - ok
13:47:48.0064 4336 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
13:47:48.0068 4336 IPNAT - ok
13:47:48.0088 4336 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
13:47:48.0089 4336 IRENUM - ok
13:47:48.0103 4336 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
13:47:48.0105 4336 isapnp - ok
13:47:48.0147 4336 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
13:47:48.0165 4336 iScsiPrt - ok
13:47:48.0230 4336 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
13:47:48.0231 4336 iteatapi - ok
13:47:48.0239 4336 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
13:47:48.0242 4336 iteraid - ok
13:47:48.0288 4336 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
13:47:48.0289 4336 kbdclass - ok
13:47:48.0318 4336 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
13:47:48.0319 4336 kbdhid - ok
13:47:48.0348 4336 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:47:48.0350 4336 KeyIso - ok
13:47:48.0408 4336 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
13:47:48.0424 4336 KSecDD - ok
13:47:48.0447 4336 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
13:47:48.0448 4336 ksthunk - ok
13:47:48.0497 4336 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
13:47:48.0509 4336 KtmRm - ok
13:47:48.0554 4336 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
13:47:48.0581 4336 LanmanServer - ok
13:47:48.0629 4336 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
13:47:48.0633 4336 LanmanWorkstation - ok
13:47:48.0693 4336 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
13:47:48.0695 4336 lltdio - ok
13:47:48.0754 4336 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
13:47:48.0788 4336 lltdsvc - ok
13:47:48.0844 4336 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
13:47:48.0846 4336 lmhosts - ok
13:47:48.0882 4336 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
13:47:48.0894 4336 LSI_FC - ok
13:47:48.0910 4336 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
13:47:48.0915 4336 LSI_SAS - ok
13:47:48.0956 4336 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
13:47:48.0958 4336 LSI_SCSI - ok
13:47:49.0024 4336 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
13:47:49.0025 4336 luafv - ok
13:47:49.0084 4336 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
13:47:49.0086 4336 ManyCam - ok
13:47:49.0142 4336 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
13:47:49.0143 4336 MBAMProtector - ok
13:47:49.0247 4336 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:47:49.0253 4336 MBAMService - ok
13:47:49.0325 4336 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
13:47:49.0328 4336 McciCMService - ok
13:47:49.0441 4336 McciCMService64 (be3d584d7c021eb7d89166eecb83c341) C:\Program Files\Common Files\Motive\McciCMService.exe
13:47:49.0446 4336 McciCMService64 - ok
13:47:49.0570 4336 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
13:47:49.0589 4336 mcdbus - ok
13:47:49.0627 4336 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
13:47:49.0630 4336 Mcx2Svc - ok
13:47:49.0672 4336 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
13:47:49.0673 4336 megasas - ok
13:47:49.0718 4336 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
13:47:49.0733 4336 MegaSR - ok
13:47:49.0778 4336 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\Windows\system32\8A2A.tmp
13:47:49.0779 4336 MEMSWEEP2 - ok
13:47:49.0794 4336 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
13:47:49.0797 4336 MMCSS - ok
13:47:49.0810 4336 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
13:47:49.0812 4336 Modem - ok
13:47:49.0861 4336 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
13:47:49.0863 4336 monitor - ok
13:47:49.0873 4336 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
13:47:49.0874 4336 mouclass - ok
13:47:49.0886 4336 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
13:47:49.0887 4336 mouhid - ok
13:47:49.0900 4336 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
13:47:49.0911 4336 MountMgr - ok
13:47:50.0016 4336 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:47:50.0017 4336 MozillaMaintenance - ok
13:47:50.0062 4336 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
13:47:50.0067 4336 mpio - ok
13:47:50.0094 4336 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
13:47:50.0096 4336 mpsdrv - ok
13:47:50.0152 4336 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
13:47:50.0192 4336 MpsSvc - ok
13:47:50.0219 4336 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
13:47:50.0220 4336 Mraid35x - ok
13:47:50.0276 4336 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
13:47:50.0277 4336 MREMP50 - ok
13:47:50.0287 4336 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
13:47:50.0288 4336 MRESP50 - ok
13:47:50.0320 4336 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
13:47:50.0332 4336 MRxDAV - ok
13:47:50.0371 4336 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:47:50.0374 4336 mrxsmb - ok
13:47:50.0421 4336 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:47:50.0428 4336 mrxsmb10 - ok
13:47:50.0471 4336 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:47:50.0475 4336 mrxsmb20 - ok
13:47:50.0497 4336 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
13:47:50.0498 4336 msahci - ok
13:47:50.0521 4336 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
13:47:50.0534 4336 msdsm - ok
13:47:50.0579 4336 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
13:47:50.0592 4336 MSDTC - ok
13:47:50.0618 4336 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
13:47:50.0620 4336 Msfs - ok
13:47:50.0628 4336 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
13:47:50.0629 4336 msisadrv - ok
13:47:50.0677 4336 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
13:47:50.0682 4336 MSiSCSI - ok
13:47:50.0686 4336 msiserver - ok
13:47:50.0729 4336 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
13:47:50.0730 4336 MSKSSRV - ok
13:47:50.0755 4336 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
13:47:50.0756 4336 MSPCLOCK - ok
13:47:50.0765 4336 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
13:47:50.0767 4336 MSPQM - ok
13:47:50.0821 4336 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
13:47:50.0828 4336 MsRPC - ok
13:47:50.0895 4336 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
13:47:50.0897 4336 mssmbios - ok
13:47:50.0911 4336 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
13:47:50.0912 4336 MSTEE - ok
13:47:50.0961 4336 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
13:47:50.0962 4336 Mup - ok
13:47:51.0011 4336 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
13:47:51.0016 4336 napagent - ok
13:47:51.0078 4336 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
13:47:51.0088 4336 NativeWifiP - ok
13:47:51.0169 4336 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
13:47:51.0183 4336 NDIS - ok
13:47:51.0219 4336 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
13:47:51.0221 4336 NdisTapi - ok
13:47:51.0235 4336 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
13:47:51.0237 4336 Ndisuio - ok
13:47:51.0271 4336 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
13:47:51.0282 4336 NdisWan - ok
13:47:51.0316 4336 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
13:47:51.0318 4336 NDProxy - ok
13:47:51.0327 4336 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
13:47:51.0328 4336 NetBIOS - ok
13:47:51.0352 4336 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
13:47:51.0360 4336 netbt - ok
13:47:51.0389 4336 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:47:51.0391 4336 Netlogon - ok
13:47:51.0452 4336 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
13:47:51.0502 4336 Netman - ok
13:47:51.0629 4336 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:47:51.0630 4336 NetMsmqActivator - ok
13:47:51.0635 4336 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:47:51.0636 4336 NetPipeActivator - ok
13:47:51.0695 4336 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
13:47:51.0700 4336 netprofm - ok
13:47:51.0704 4336 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:47:51.0705 4336 NetTcpActivator - ok
13:47:51.0711 4336 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:47:51.0713 4336 NetTcpPortSharing - ok
13:47:51.0738 4336 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
13:47:51.0740 4336 nfrd960 - ok
13:47:51.0765 4336 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
13:47:51.0768 4336 NlaSvc - ok
13:47:51.0772 4336 Normandy - ok
13:47:51.0814 4336 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
13:47:51.0815 4336 Npfs - ok
13:47:51.0819 4336 npggsvc - ok
13:47:51.0825 4336 NPPTNT2 - ok
13:47:51.0859 4336 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
13:47:51.0862 4336 nsi - ok
13:47:51.0871 4336 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
13:47:51.0872 4336 nsiproxy - ok
13:47:51.0997 4336 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
13:47:52.0044 4336 Ntfs - ok
13:47:52.0180 4336 ntk_PowerDVD12 (eaac965642ef5f818aed508cadf83e4b) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
13:47:52.0181 4336 ntk_PowerDVD12 - ok
13:47:52.0300 4336 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
13:47:52.0302 4336 Null - ok
13:47:52.0324 4336 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
13:47:52.0336 4336 nvraid - ok
13:47:52.0353 4336 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
13:47:52.0355 4336 nvstor - ok
13:47:52.0383 4336 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
13:47:52.0395 4336 nv_agp - ok
13:47:52.0399 4336 NwlnkFlt - ok
13:47:52.0405 4336 NwlnkFwd - ok
13:47:52.0548 4336 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:47:52.0552 4336 odserv - ok
13:47:52.0598 4336 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
13:47:52.0601 4336 ohci1394 - ok
13:47:52.0630 4336 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:47:52.0632 4336 ose - ok
13:47:52.0747 4336 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:47:52.0781 4336 p2pimsvc - ok
13:47:52.0792 4336 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:47:52.0800 4336 p2psvc - ok
13:47:52.0884 4336 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
13:47:52.0888 4336 Parport - ok
13:47:52.0920 4336 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
13:47:52.0922 4336 partmgr - ok
13:47:52.0949 4336 PassThru Service (a1e779a0cf7a21b42e8fd3e8856d8481) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
13:47:52.0950 4336 PassThru Service - ok
13:47:53.0034 4336 pbfilter (7c0582921913d00180ec2b8518ba135c) C:\Program Files\PeerBlock\pbfilter.sys
13:47:53.0034 4336 pbfilter - ok
13:47:53.0058 4336 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
13:47:53.0061 4336 PcaSvc - ok
13:47:53.0101 4336 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
13:47:53.0111 4336 pci - ok
13:47:53.0147 4336 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
13:47:53.0148 4336 pciide - ok
13:47:53.0182 4336 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
13:47:53.0192 4336 pcmcia - ok
13:47:53.0255 4336 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
13:47:53.0270 4336 PEAUTH - ok
13:47:53.0399 4336 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
13:47:53.0401 4336 PerfHost - ok
13:47:53.0548 4336 PfFilter (bd14b3a76286b36fa485359067829bf0) C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys
13:47:53.0549 4336 PfFilter - ok
13:47:53.0747 4336 Ph3xIB64 (e9158fa6923e80bd57cf068ce9cddaa2) C:\Windows\system32\DRIVERS\Ph3xIB64.sys
13:47:53.0821 4336 Ph3xIB64 - ok
13:47:53.0987 4336 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
13:47:54.0029 4336 pla - ok
13:47:54.0086 4336 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
13:47:54.0090 4336 PlugPlay - ok
13:47:54.0095 4336 PnkBstrA - ok
13:47:54.0157 4336 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:47:54.0165 4336 PNRPAutoReg - ok
13:47:54.0185 4336 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:47:54.0194 4336 PNRPsvc - ok
13:47:54.0241 4336 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
13:47:54.0256 4336 PolicyAgent - ok
13:47:54.0323 4336 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
13:47:54.0335 4336 PptpMiniport - ok
13:47:54.0400 4336 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
13:47:54.0402 4336 Processor - ok
13:47:54.0462 4336 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
13:47:54.0466 4336 ProfSvc - ok
13:47:54.0523 4336 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:47:54.0524 4336 ProtectedStorage - ok
13:47:54.0558 4336 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
13:47:54.0560 4336 PSched - ok
13:47:54.0624 4336 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
13:47:54.0625 4336 PSI - ok
13:47:54.0734 4336 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
13:47:54.0752 4336 ql2300 - ok
13:47:54.0806 4336 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
13:47:54.0810 4336 ql40xx - ok
13:47:54.0857 4336 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
13:47:54.0863 4336 QWAVE - ok
13:47:54.0907 4336 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
13:47:54.0909 4336 QWAVEdrv - ok
13:47:54.0923 4336 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
13:47:54.0924 4336 RasAcd - ok
13:47:54.0939 4336 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
13:47:54.0953 4336 RasAuto - ok
13:47:54.0988 4336 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:47:54.0992 4336 Rasl2tp - ok
13:47:55.0016 4336 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
13:47:55.0021 4336 RasMan - ok
13:47:55.0056 4336 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
13:47:55.0058 4336 RasPppoe - ok
13:47:55.0093 4336 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
13:47:55.0095 4336 RasSstp - ok
13:47:55.0138 4336 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
13:47:55.0145 4336 rdbss - ok
13:47:55.0188 4336 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:47:55.0189 4336 RDPCDD - ok
13:47:55.0247 4336 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
13:47:55.0254 4336 rdpdr - ok
13:47:55.0258 4336 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
13:47:55.0260 4336 RDPENCDD - ok
13:47:55.0325 4336 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
13:47:55.0343 4336 RDPWD - ok
13:47:55.0407 4336 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
13:47:55.0413 4336 RemoteAccess - ok
13:47:55.0483 4336 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
13:47:55.0500 4336 RemoteRegistry - ok
13:47:55.0624 4336 RichVideo (d1f1d0ee50f8c070a612796676971699) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
13:47:55.0626 4336 RichVideo - ok
13:47:55.0674 4336 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
13:47:55.0676 4336 RpcLocator - ok
13:47:55.0737 4336 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\System32\rpcss.dll
13:47:55.0745 4336 RpcSs - ok
13:47:55.0801 4336 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
13:47:55.0804 4336 rspndr - ok
13:47:55.0837 4336 RTHDMIAzAudService (f8da8fc39ce5859c0d8c0fe6524ce465) C:\Windows\system32\drivers\RtHDMIVX.sys
13:47:55.0847 4336 RTHDMIAzAudService - ok
13:47:55.0889 4336 RTSTOR (b6b74a05f4da0231d5d275568a104f89) C:\Windows\system32\drivers\RTSTOR64.SYS
13:47:55.0891 4336 RTSTOR - ok
13:47:55.0914 4336 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:47:55.0916 4336 SamSs - ok
13:47:55.0989 4336 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
13:47:55.0990 4336 SASDIFSV - ok
13:47:56.0004 4336 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
13:47:56.0004 4336 SASKUTIL - ok
13:47:56.0034 4336 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
13:47:56.0039 4336 sbp2port - ok
13:47:56.0073 4336 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
13:47:56.0084 4336 SCardSvr - ok
13:47:56.0203 4336 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
13:47:56.0212 4336 Schedule - ok
13:47:56.0265 4336 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
13:47:56.0266 4336 SCPolicySvc - ok
13:47:56.0302 4336 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
13:47:56.0331 4336 SDRSVC - ok
13:47:56.0400 4336 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
13:47:56.0403 4336 SeaPort - ok
13:47:56.0468 4336 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:47:56.0470 4336 secdrv - ok
13:47:56.0485 4336 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
13:47:56.0488 4336 seclogon - ok
13:47:56.0648 4336 Secunia PSI Agent (f70a51eb03ee7046784ef62efce9528e) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
13:47:56.0658 4336 Secunia PSI Agent - ok
13:47:56.0779 4336 Secunia Update Agent (ad56ceb08eeb517332355fde9e5939c8) C:\Program Files (x86)\Secunia\PSI\sua.exe
13:47:56.0785 4336 Secunia Update Agent - ok
13:47:56.0882 4336 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
13:47:56.0885 4336 SENS - ok
13:47:56.0929 4336 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
13:47:56.0931 4336 Serenum - ok
13:47:56.0962 4336 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
13:47:56.0967 4336 Serial - ok
13:47:56.0987 4336 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
13:47:56.0989 4336 sermouse - ok
13:47:57.0064 4336 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
13:47:57.0067 4336 SessionEnv - ok
13:47:57.0080 4336 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
13:47:57.0082 4336 sffdisk - ok
13:47:57.0098 4336 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
13:47:57.0099 4336 sffp_mmc - ok
13:47:57.0120 4336 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
13:47:57.0122 4336 sffp_sd - ok
13:47:57.0129 4336 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
13:47:57.0131 4336 sfloppy - ok
13:47:57.0216 4336 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
13:47:57.0255 4336 SharedAccess - ok
13:47:57.0326 4336 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
13:47:57.0332 4336 ShellHWDetection - ok
13:47:57.0395 4336 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
13:47:57.0396 4336 SiSRaid2 - ok
13:47:57.0440 4336 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
13:47:57.0443 4336 SiSRaid4 - ok
13:47:57.0536 4336 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
13:47:57.0537 4336 SkypeUpdate - ok
13:47:57.0920 4336 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
13:47:57.0942 4336 slsvc - ok
13:47:58.0100 4336 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
13:47:58.0104 4336 SLUINotify - ok
13:47:58.0172 4336 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
13:47:58.0174 4336 Smb - ok
13:47:58.0225 4336 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
13:47:58.0228 4336 SNMPTRAP - ok
13:47:58.0269 4336 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
13:47:58.0271 4336 spldr - ok
13:47:58.0322 4336 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
13:47:58.0328 4336 Spooler - ok
13:47:58.0406 4336 sptd (d519ad2de7968cd2b47fea807c5b29b2) C:\Windows\System32\Drivers\sptd.sys
13:47:58.0406 4336 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: d519ad2de7968cd2b47fea807c5b29b2
13:47:58.0408 4336 sptd ( LockedFile.Multi.Generic ) - warning
13:47:58.0408 4336 sptd - detected LockedFile.Multi.Generic (1)
13:47:58.0473 4336 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
13:47:58.0500 4336 srv - ok
13:47:58.0557 4336 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
13:47:58.0567 4336 srv2 - ok
13:47:58.0602 4336 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
13:47:58.0614 4336 srvnet - ok
13:47:58.0653 4336 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
13:47:58.0657 4336 SSDPSRV - ok
13:47:58.0715 4336 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
13:47:58.0719 4336 SstpSvc - ok
13:47:58.0813 4336 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
13:47:58.0816 4336 StarWindServiceAE - ok
13:47:58.0859 4336 Steam Client Service - ok
13:47:58.0941 4336 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
13:47:58.0974 4336 stisvc - ok
13:47:59.0039 4336 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
13:47:59.0040 4336 swenum - ok
13:47:59.0127 4336 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
13:47:59.0146 4336 swprv - ok
13:47:59.0185 4336 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
13:47:59.0187 4336 Symc8xx - ok
13:47:59.0221 4336 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
13:47:59.0223 4336 Sym_hi - ok
13:47:59.0236 4336 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
13:47:59.0237 4336 Sym_u3 - ok
13:47:59.0324 4336 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
13:47:59.0338 4336 SysMain - ok
13:47:59.0379 4336 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
13:47:59.0383 4336 TabletInputService - ok
13:47:59.0419 4336 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
13:47:59.0420 4336 taphss - ok
13:47:59.0464 4336 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
13:47:59.0469 4336 TapiSrv - ok
13:47:59.0501 4336 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
13:47:59.0504 4336 TBS - ok
13:47:59.0605 4336 Tcpip (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\drivers\tcpip.sys
13:47:59.0662 4336 Tcpip - ok
13:47:59.0889 4336 Tcpip6 (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\DRIVERS\tcpip.sys
13:47:59.0900 4336 Tcpip6 - ok
13:48:00.0072 4336 tcpipreg (fd8fde859e38e40a20085ebb0c22b416) C:\Windows\system32\drivers\tcpipreg.sys
13:48:00.0074 4336 tcpipreg - ok
13:48:00.0117 4336 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
13:48:00.0118 4336 TDPIPE - ok
13:48:00.0131 4336 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
13:48:00.0133 4336 TDTCP - ok
13:48:00.0194 4336 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
13:48:00.0197 4336 tdx - ok
13:48:00.0254 4336 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
13:48:00.0256 4336 TermDD - ok
13:48:00.0313 4336 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
13:48:00.0320 4336 TermService - ok
13:48:00.0369 4336 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
13:48:00.0374 4336 Themes - ok
13:48:00.0410 4336 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
13:48:00.0412 4336 THREADORDER - ok
13:48:00.0446 4336 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
13:48:00.0459 4336 TrkWks - ok
13:48:00.0496 4336 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
13:48:00.0497 4336 TrustedInstaller - ok
13:48:00.0532 4336 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:48:00.0533 4336 tssecsrv - ok
13:48:00.0545 4336 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
13:48:00.0546 4336 tunmp - ok
13:48:00.0577 4336 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
13:48:00.0579 4336 tunnel - ok
13:48:00.0598 4336 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
13:48:00.0600 4336 uagp35 - ok
13:48:00.0640 4336 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
13:48:00.0647 4336 udfs - ok
13:48:00.0691 4336 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
13:48:00.0696 4336 UI0Detect - ok
13:48:00.0721 4336 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
13:48:00.0723 4336 uliagpkx - ok
13:48:00.0750 4336 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
13:48:00.0757 4336 uliahci - ok
13:48:00.0798 4336 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
13:48:00.0810 4336 UlSata - ok
13:48:00.0862 4336 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
13:48:00.0874 4336 ulsata2 - ok
13:48:00.0916 4336 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
13:48:00.0917 4336 umbus - ok
13:48:00.0929 4336 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
13:48:00.0930 4336 UMPass - ok
13:48:00.0986 4336 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
13:48:00.0991 4336 upnphost - ok
13:48:01.0043 4336 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:48:01.0044 4336 USBAAPL64 - ok
13:48:01.0082 4336 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
13:48:01.0086 4336 usbaudio - ok
13:48:01.0120 4336 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
13:48:01.0125 4336 usbccgp - ok
13:48:01.0157 4336 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
13:48:01.0160 4336 usbcir - ok
13:48:01.0188 4336 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
13:48:01.0190 4336 usbehci - ok
13:48:01.0243 4336 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
13:48:01.0260 4336 usbhub - ok
13:48:01.0287 4336 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
13:48:01.0289 4336 usbohci - ok
13:48:01.0315 4336 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
13:48:01.0317 4336 usbprint - ok
13:48:01.0344 4336 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
13:48:01.0346 4336 usbscan - ok
13:48:01.0380 4336 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:48:01.0383 4336 USBSTOR - ok
13:48:01.0392 4336 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
13:48:01.0394 4336 usbuhci - ok
13:48:01.0436 4336 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
13:48:01.0447 4336 usbvideo - ok
13:48:01.0483 4336 usb_rndisx (1e36bb1a3c5aaf2aa9fa9a126df8c16c) C:\Windows\system32\DRIVERS\usb8023x.sys
13:48:01.0485 4336 usb_rndisx - ok
13:48:01.0507 4336 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
13:48:01.0510 4336 UxSms - ok
13:48:01.0549 4336 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
13:48:01.0560 4336 VBoxNetAdp - ok
13:48:01.0573 4336 VBoxNetFlt - ok
13:48:01.0640 4336 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
13:48:01.0657 4336 vds - ok
13:48:01.0779 4336 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
13:48:01.0837 4336 vga - ok
13:48:01.0911 4336 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
13:48:01.0912 4336 VgaSave - ok
13:48:01.0938 4336 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
13:48:01.0940 4336 viaide - ok
13:48:01.0987 4336 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
13:48:01.0989 4336 volmgr - ok
13:48:02.0063 4336 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
13:48:02.0114 4336 volmgrx - ok
13:48:02.0175 4336 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
13:48:02.0179 4336 volsnap - ok
13:48:02.0221 4336 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
13:48:02.0233 4336 vsmraid - ok
13:48:02.0339 4336 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
13:48:02.0373 4336 VSS - ok
13:48:02.0489 4336 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
13:48:02.0502 4336 W32Time - ok
13:48:02.0546 4336 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
13:48:02.0548 4336 WacomPen - ok
13:48:02.0599 4336 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:48:02.0602 4336 Wanarp - ok
13:48:02.0606 4336 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:48:02.0607 4336 Wanarpv6 - ok
13:48:02.0692 4336 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
13:48:02.0720 4336 wcncsvc - ok
13:48:02.0782 4336 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
13:48:02.0786 4336 WcsPlugInService - ok
13:48:02.0826 4336 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
13:48:02.0828 4336 Wd - ok
13:48:02.0923 4336 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
13:48:02.0939 4336 Wdf01000 - ok
13:48:02.0964 4336 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
13:48:02.0977 4336 WdiServiceHost - ok
13:48:02.0981 4336 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
13:48:02.0985 4336 WdiSystemHost - ok
13:48:03.0058 4336 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
13:48:03.0063 4336 WebClient - ok
13:48:03.0123 4336 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
13:48:03.0148 4336 Wecsvc - ok
13:48:03.0187 4336 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
13:48:03.0201 4336 wercplsupport - ok
13:48:03.0216 4336 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
13:48:03.0227 4336 WerSvc - ok
13:48:03.0267 4336 WinDefend - ok
13:48:03.0278 4336 WinHttpAutoProxySvc - ok
13:48:03.0342 4336 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
13:48:03.0345 4336 Winmgmt - ok
13:48:03.0426 4336 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys
13:48:03.0427 4336 WinRing0_1_2_0 - ok
13:48:03.0616 4336 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
13:48:03.0701 4336 WinRM - ok
13:48:03.0931 4336 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
13:48:03.0939 4336 Wlansvc - ok
13:48:04.0136 4336 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:48:04.0154 4336 wlidsvc - ok
13:48:04.0291 4336 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
13:48:04.0292 4336 WmiAcpi - ok
13:48:04.0354 4336 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
13:48:04.0364 4336 wmiApSrv - ok
13:48:04.0412 4336 WMPNetworkSvc - ok
13:48:04.0512 4336 wolf (c662dc909e77f46feefd5c726add9a10) C:\Program Files (x86)\WolfTeamIS\wolf64.sys
13:48:04.0513 4336 wolf - ok
13:48:04.0561 4336 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
13:48:04.0580 4336 WPCSvc - ok
13:48:04.0646 4336 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
13:48:04.0650 4336 WPDBusEnum - ok
13:48:04.0767 4336 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
13:48:04.0778 4336 WpdUsb - ok
13:48:05.0183 4336 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:48:05.0191 4336 WPFFontCache_v0400 - ok
13:48:05.0228 4336 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
13:48:05.0230 4336 ws2ifsl - ok
13:48:05.0266 4336 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
13:48:05.0269 4336 wscsvc - ok
13:48:05.0274 4336 WSearch - ok
13:48:05.0441 4336 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:48:05.0514 4336 wuauserv - ok
13:48:05.0967 4336 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:48:05.0973 4336 WUDFRd - ok
13:48:05.0999 4336 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
13:48:06.0003 4336 wudfsvc - ok
13:48:06.0106 4336 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys
13:48:06.0122 4336 xnacc - ok
13:48:06.0159 4336 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
13:48:06.0161 4336 xusb21 - ok
13:48:06.0255 4336 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
13:48:06.0260 4336 YahooAUService - ok
13:48:06.0263 4336 yksvc - ok
13:48:06.0310 4336 yukonx64 (b681cadb266b151061e7baa82b0d77b7) C:\Windows\system32\DRIVERS\yk60x64.sys
13:48:06.0322 4336 yukonx64 - ok
13:48:06.0467 4336 {329F96B6-DF1E-4328-BFDA-39EA953C1312} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
13:48:06.0469 4336 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
13:48:06.0501 4336 MBR (0x1B8) (b751af1acddd7a1a71313731839f4ecb) \Device\Harddisk0\DR0
13:48:09.0680 4336 \Device\Harddisk0\DR0 - ok
13:48:09.0684 4336 Boot (0x1200) (77a42a097fad7ab978f591924543d44a) \Device\Harddisk0\DR0\Partition0
13:48:09.0686 4336 \Device\Harddisk0\DR0\Partition0 - ok
13:48:09.0703 4336 Boot (0x1200) (3df4b63b9495706e2f4f273acab4bc49) \Device\Harddisk0\DR0\Partition1
13:48:09.0705 4336 \Device\Harddisk0\DR0\Partition1 - ok
13:48:09.0706 4336 ============================================================
13:48:09.0706 4336 Scan finished
13:48:09.0706 4336 ============================================================
13:48:09.0718 1548 Detected object count: 2
13:48:09.0718 1548 Actual detected object count: 2
13:48:39.0117 1548 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
13:48:39.0117 1548 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
13:48:39.0119 1548 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:48:39.0119 1548 sptd ( LockedFile.Multi.Generic ) - User select action: Skip




Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.16.10

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
home :: HOME-PC [administrator]

Protection: Disabled

7/16/2012 1:51:08 PM
mbam-log-2012-07-16 (13-51-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 261780
Time elapsed: 3 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-16 13:55:55
-----------------------------
13:55:55.245 OS Version: Windows x64 6.0.6002 Service Pack 2
13:55:55.245 Number of processors: 4 586 0x203
13:55:55.247 ComputerName: HOME-PC UserName: home
13:55:58.006 Initialize success
13:59:01.941 AVAST engine defs: 12071600
13:59:16.213 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:59:16.215 Disk 0 Vendor: WDC_WD6400AAKS-22A7B2 01.03B01 Size: 610480MB BusType: 3
13:59:16.227 Disk 0 MBR read successfully
13:59:16.229 Disk 0 MBR scan
13:59:16.233 Disk 0 unknown MBR code
13:59:16.235 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10001 MB offset 63
13:59:16.249 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 486468 MB offset 20484096
13:59:16.272 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 114007 MB offset 1016772608
13:59:16.311 Disk 0 scanning C:\Windows\system32\drivers
13:59:25.819 Service scanning
13:59:50.616 Modules scanning
13:59:50.620 Disk 0 trace - called modules:
13:59:50.633 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80045262c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:59:50.636 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800488a260]
13:59:50.648 3 CLASSPNP.SYS[fffffa6000eb4c33] -> nt!IofCallDriver -> [0xfffffa800451b9b0]
13:59:50.651 5 acpi.sys[fffffa6000b72fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004517060]
13:59:50.654 \Driver\atapi[0xfffffa8004a33430] -> IRP_MJ_CREATE -> 0xfffffa80045262c0
13:59:53.364 AVAST engine scan C:\Windows
13:59:58.630 AVAST engine scan C:\Windows\system32
14:04:41.426 AVAST engine scan C:\Windows\system32\drivers
14:05:04.391 AVAST engine scan C:\Users\home
14:14:15.596 Disk 0 MBR has been saved successfully to "C:\Users\home\Desktop\MBR.dat"
14:14:15.598 The log file has been saved successfully to "C:\Users\home\Desktop\aswMBR.txt"

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:16 AM

Posted 16 July 2012 - 07:38 PM

Hello, I feel you must have a deeper infection. The unknown in the aswMBR concerns me and I cannot get info on it.
To be safe we should post a new topic about a possible rootkit.

We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.
Include that aswMBR log above.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users