Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help!! TrojanHorsepatched_c.LXT


  • This topic is locked This topic is locked
8 replies to this topic

#1 wtfhelpmeplz

wtfhelpmeplz

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 22 July 2012 - 06:54 PM

My avg popped up an alert this morning for "trojanhorsepatched_c.lxt"- ultimately it will not allow me to remove it. I ran a full scan which came back w/ a huge list of trojans, several which it stated were impossible to remove....? (I scan every day and never had anything like this happen- i also noticed on the list of trojans something was listed w/ malwarebytes in the name...but i forgot to write it down.)It continues to randomly pop up an alert, asking if I want to force the removal. When I say yes it says unsuccessful impossible to remove threat. it def looks like its the real avg not some type of malware. it will pop up again telling me to reboot computer in order to remove threats. but upon reboot it is still not successful. anyways i ran mbam and sas and they each found a cpl things which were successfully removed. I updated all scanners and have ran them over and over and rebooted several times and can't figure it out.
at first i noticed google chrome running extremely slow. also when i went to log into facebook a warning popped up saying threat detected w/ option to leave site or proceed anyway. i just x-ed out and was able to use mozilla browser for a while. suddenly i was browser hijacked no matter what browser used- everything is redirected. avg threat detection still popping up but unable to remove threat.
so now i have no idea what to do. i did see some other posts from today on here that sounded very similar to mine but because i wasn't sure i went ahead and created this post. if someone could please tell me what i should do i would appreciate it bunches. :lmao: thanks


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:34 PM

Posted 22 July 2012 - 07:26 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 wtfhelpmeplz

wtfhelpmeplz
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 22 July 2012 - 10:27 PM

TDSSKiller Log Report






21:43:37.0198 6132 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
21:43:39.0198 6132 ============================================================
21:43:39.0198 6132 Current date / time: 2012/07/22 21:43:39.0198
21:43:39.0198 6132 SystemInfo:
21:43:39.0198 6132
21:43:39.0198 6132 OS Version: 6.1.7601 ServicePack: 1.0
21:43:39.0198 6132 Product type: Workstation
21:43:39.0198 6132 ComputerName: TARA-PC
21:43:39.0198 6132 UserName: Tara
21:43:39.0198 6132 Windows directory: C:\Windows
21:43:39.0198 6132 System windows directory: C:\Windows
21:43:39.0198 6132 Running under WOW64
21:43:39.0198 6132 Processor architecture: Intel x64
21:43:39.0198 6132 Number of processors: 2
21:43:39.0198 6132 Page size: 0x1000
21:43:39.0198 6132 Boot type: Normal boot
21:43:39.0198 6132 ============================================================
21:43:40.0569 6132 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:43:40.0569 6132 ============================================================
21:43:40.0569 6132 \Device\Harddisk0\DR0:
21:43:40.0569 6132 MBR partitions:
21:43:40.0569 6132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x10029D5, BlocksNum 0x2E937CC1
21:43:40.0569 6132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F93A696, BlocksNum 0x44DCB32B
21:43:40.0569 6132 ============================================================
21:43:40.0599 6132 C: <-> \Device\Harddisk0\DR0\Partition0
21:43:40.0629 6132 D: <-> \Device\Harddisk0\DR0\Partition1
21:43:40.0629 6132 ============================================================
21:43:40.0629 6132 Initialize success
21:43:40.0629 6132 ============================================================
21:44:12.0873 1272 ============================================================
21:44:12.0873 1272 Scan started
21:44:12.0873 1272 Mode: Manual; TDLFS;
21:44:12.0873 1272 ============================================================
21:44:15.0584 1272 !SASCORE (6b9a496ed67631da8adb802461876c36) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
21:44:15.0584 1272 !SASCORE - ok
21:44:15.0704 1272 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:44:15.0714 1272 1394ohci - ok
21:44:15.0774 1272 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:44:15.0774 1272 ACPI - ok
21:44:15.0834 1272 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:44:15.0834 1272 AcpiPmi - ok
21:44:15.0924 1272 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:44:15.0924 1272 AdobeFlashPlayerUpdateSvc - ok
21:44:15.0964 1272 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:44:15.0974 1272 adp94xx - ok
21:44:16.0014 1272 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:44:16.0024 1272 adpahci - ok
21:44:16.0034 1272 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:44:16.0044 1272 adpu320 - ok
21:44:16.0064 1272 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:44:16.0064 1272 AeLookupSvc - ok
21:44:16.0134 1272 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:44:16.0134 1272 AFD - ok
21:44:16.0154 1272 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:44:16.0154 1272 agp440 - ok
21:44:16.0174 1272 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:44:16.0174 1272 ALG - ok
21:44:16.0204 1272 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:44:16.0204 1272 aliide - ok
21:44:16.0234 1272 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:44:16.0234 1272 amdide - ok
21:44:16.0254 1272 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:44:16.0254 1272 AmdK8 - ok
21:44:16.0264 1272 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:44:16.0264 1272 AmdPPM - ok
21:44:16.0274 1272 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:44:16.0274 1272 amdsata - ok
21:44:16.0304 1272 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:44:16.0304 1272 amdsbs - ok
21:44:16.0324 1272 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:44:16.0324 1272 amdxata - ok
21:44:16.0354 1272 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:44:16.0354 1272 AppID - ok
21:44:16.0354 1272 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:44:16.0354 1272 AppIDSvc - ok
21:44:16.0384 1272 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:44:16.0384 1272 Appinfo - ok
21:44:16.0564 1272 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:44:16.0564 1272 Apple Mobile Device - ok
21:44:16.0584 1272 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:44:16.0584 1272 arc - ok
21:44:16.0604 1272 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:44:16.0604 1272 arcsas - ok
21:44:16.0664 1272 AsIO (a82c01606dc27d05d9d3bfb6bb807e32) C:\Windows\syswow64\drivers\AsIO.sys
21:44:16.0664 1272 AsIO - ok
21:44:16.0664 1272 AsUpIO (26d66e32e78d3059715b3a17bc679cd9) C:\Windows\syswow64\drivers\AsUpIO.sys
21:44:16.0674 1272 AsUpIO - ok
21:44:16.0694 1272 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:44:16.0694 1272 AsyncMac - ok
21:44:16.0704 1272 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:44:16.0704 1272 atapi - ok
21:44:16.0804 1272 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:44:16.0814 1272 AudioEndpointBuilder - ok
21:44:16.0824 1272 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:44:16.0824 1272 AudioSrv - ok
21:44:16.0884 1272 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
21:44:16.0884 1272 AVG Security Toolbar Service - ok
21:44:17.0144 1272 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
21:44:17.0174 1272 AVGIDSAgent - ok
21:44:17.0314 1272 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
21:44:17.0314 1272 AVGIDSDriver - ok
21:44:17.0324 1272 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
21:44:17.0324 1272 AVGIDSFilter - ok
21:44:17.0354 1272 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
21:44:17.0354 1272 AVGIDSHA - ok
21:44:17.0394 1272 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
21:44:17.0404 1272 Avgldx64 - ok
21:44:17.0414 1272 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
21:44:17.0424 1272 Avgmfx64 - ok
21:44:17.0474 1272 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
21:44:17.0474 1272 Avgrkx64 - ok
21:44:17.0644 1272 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
21:44:17.0654 1272 Avgtdia - ok
21:44:17.0684 1272 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
21:44:17.0694 1272 avgwd - ok
21:44:17.0724 1272 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:44:17.0724 1272 AxInstSV - ok
21:44:17.0764 1272 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:44:17.0764 1272 b06bdrv - ok
21:44:17.0794 1272 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:44:17.0804 1272 b57nd60a - ok
21:44:17.0964 1272 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:44:17.0964 1272 BDESVC - ok
21:44:17.0984 1272 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:44:17.0984 1272 Beep - ok
21:44:18.0014 1272 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:44:18.0014 1272 blbdrive - ok
21:44:18.0074 1272 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
21:44:18.0084 1272 Bonjour Service - ok
21:44:18.0124 1272 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:44:18.0134 1272 bowser - ok
21:44:18.0154 1272 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:44:18.0154 1272 BrFiltLo - ok
21:44:18.0164 1272 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:44:18.0174 1272 BrFiltUp - ok
21:44:18.0194 1272 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:44:18.0194 1272 Browser - ok
21:44:18.0214 1272 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:44:18.0224 1272 Brserid - ok
21:44:18.0234 1272 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:44:18.0234 1272 BrSerWdm - ok
21:44:18.0244 1272 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:44:18.0244 1272 BrUsbMdm - ok
21:44:18.0264 1272 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:44:18.0264 1272 BrUsbSer - ok
21:44:18.0284 1272 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:44:18.0284 1272 BTHMODEM - ok
21:44:18.0294 1272 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:44:18.0294 1272 bthserv - ok
21:44:18.0304 1272 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:44:18.0314 1272 cdfs - ok
21:44:18.0344 1272 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:44:18.0344 1272 cdrom - ok
21:44:18.0484 1272 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:44:18.0484 1272 CertPropSvc - ok
21:44:18.0524 1272 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:44:18.0524 1272 circlass - ok
21:44:18.0544 1272 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:44:18.0554 1272 CLFS - ok
21:44:18.0614 1272 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:44:18.0614 1272 clr_optimization_v2.0.50727_32 - ok
21:44:18.0644 1272 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:44:18.0644 1272 clr_optimization_v2.0.50727_64 - ok
21:44:18.0734 1272 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:44:18.0734 1272 clr_optimization_v4.0.30319_32 - ok
21:44:18.0774 1272 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:44:18.0774 1272 clr_optimization_v4.0.30319_64 - ok
21:44:18.0794 1272 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:44:18.0794 1272 CmBatt - ok
21:44:18.0804 1272 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:44:18.0814 1272 cmdide - ok
21:44:18.0854 1272 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
21:44:18.0854 1272 CNG - ok
21:44:18.0874 1272 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:44:18.0874 1272 Compbatt - ok
21:44:18.0914 1272 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:44:18.0914 1272 CompositeBus - ok
21:44:18.0924 1272 COMSysApp - ok
21:44:18.0934 1272 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:44:18.0934 1272 crcdisk - ok
21:44:18.0984 1272 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
21:44:18.0984 1272 CryptSvc - ok
21:44:19.0024 1272 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
21:44:19.0024 1272 dc3d - ok
21:44:19.0064 1272 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:44:19.0074 1272 DcomLaunch - ok
21:44:19.0114 1272 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:44:19.0124 1272 defragsvc - ok
21:44:19.0214 1272 Device Handle Service (4b7c99c585a7be24be410389071d9f14) C:\Windows\SysWOW64\AsHookDevice.exe
21:44:19.0224 1272 Device Handle Service - ok
21:44:19.0254 1272 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:44:19.0264 1272 DfsC - ok
21:44:19.0284 1272 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:44:19.0284 1272 Dhcp - ok
21:44:19.0294 1272 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:44:19.0294 1272 discache - ok
21:44:19.0314 1272 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:44:19.0314 1272 Disk - ok
21:44:19.0334 1272 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:44:19.0334 1272 Dnscache - ok
21:44:19.0374 1272 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:44:19.0374 1272 dot3svc - ok
21:44:19.0434 1272 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:44:19.0444 1272 DPS - ok
21:44:19.0474 1272 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:44:19.0474 1272 drmkaud - ok
21:44:19.0514 1272 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:44:19.0524 1272 DXGKrnl - ok
21:44:19.0544 1272 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:44:19.0544 1272 EapHost - ok
21:44:19.0644 1272 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:44:19.0704 1272 ebdrv - ok
21:44:19.0774 1272 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:44:19.0774 1272 EFS - ok
21:44:19.0814 1272 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:44:19.0824 1272 ehRecvr - ok
21:44:19.0844 1272 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:44:19.0844 1272 ehSched - ok
21:44:19.0884 1272 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:44:19.0884 1272 elxstor - ok
21:44:19.0914 1272 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:44:19.0924 1272 ErrDev - ok
21:44:19.0974 1272 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:44:19.0974 1272 EventSystem - ok
21:44:19.0994 1272 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:44:19.0994 1272 exfat - ok
21:44:20.0004 1272 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:44:20.0014 1272 fastfat - ok
21:44:20.0064 1272 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:44:20.0074 1272 Fax - ok
21:44:20.0084 1272 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:44:20.0094 1272 fdc - ok
21:44:20.0114 1272 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:44:20.0114 1272 fdPHost - ok
21:44:20.0124 1272 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:44:20.0124 1272 FDResPub - ok
21:44:20.0134 1272 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:44:20.0134 1272 FileInfo - ok
21:44:20.0154 1272 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:44:20.0154 1272 Filetrace - ok
21:44:20.0184 1272 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:44:20.0184 1272 flpydisk - ok
21:44:20.0244 1272 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:44:20.0244 1272 FltMgr - ok
21:44:20.0294 1272 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:44:20.0324 1272 FontCache - ok
21:44:20.0364 1272 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:44:20.0364 1272 FontCache3.0.0.0 - ok
21:44:20.0374 1272 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:44:20.0384 1272 FsDepends - ok
21:44:20.0494 1272 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
21:44:20.0514 1272 fssfltr - ok
21:44:20.0604 1272 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:44:20.0634 1272 fsssvc - ok
21:44:20.0704 1272 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:44:20.0704 1272 Fs_Rec - ok
21:44:20.0804 1272 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:44:20.0804 1272 fvevol - ok
21:44:20.0824 1272 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:44:20.0824 1272 gagp30kx - ok
21:44:20.0874 1272 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:44:20.0884 1272 gpsvc - ok
21:44:20.0954 1272 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:44:20.0964 1272 gupdate - ok
21:44:20.0984 1272 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:44:20.0994 1272 gupdatem - ok
21:44:21.0034 1272 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:44:21.0044 1272 hcw85cir - ok
21:44:21.0094 1272 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:44:21.0104 1272 HdAudAddService - ok
21:44:21.0134 1272 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:44:21.0134 1272 HDAudBus - ok
21:44:21.0144 1272 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:44:21.0144 1272 HidBatt - ok
21:44:21.0164 1272 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:44:21.0164 1272 HidBth - ok
21:44:21.0184 1272 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:44:21.0184 1272 HidIr - ok
21:44:21.0204 1272 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:44:21.0204 1272 hidserv - ok
21:44:21.0214 1272 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:44:21.0214 1272 HidUsb - ok
21:44:21.0284 1272 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:44:21.0284 1272 hkmsvc - ok
21:44:21.0324 1272 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:44:21.0324 1272 HomeGroupListener - ok
21:44:21.0344 1272 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:44:21.0344 1272 HomeGroupProvider - ok
21:44:21.0374 1272 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:44:21.0384 1272 HpSAMD - ok
21:44:21.0424 1272 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:44:21.0424 1272 HTTP - ok
21:44:21.0454 1272 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:44:21.0454 1272 hwpolicy - ok
21:44:21.0464 1272 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:44:21.0474 1272 i8042prt - ok
21:44:21.0564 1272 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:44:21.0564 1272 iaStorV - ok
21:44:21.0624 1272 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:44:21.0634 1272 idsvc - ok
21:44:21.0994 1272 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:44:22.0174 1272 igfx - ok
21:44:22.0254 1272 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:44:22.0254 1272 iirsp - ok
21:44:22.0354 1272 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:44:22.0364 1272 IKEEXT - ok
21:44:22.0434 1272 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
21:44:22.0444 1272 IntcAzAudAddService - ok
21:44:22.0505 1272 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
21:44:22.0505 1272 IntcHdmiAddService - ok
21:44:22.0525 1272 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:44:22.0525 1272 intelide - ok
21:44:22.0555 1272 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:44:22.0555 1272 intelppm - ok
21:44:22.0625 1272 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:44:22.0635 1272 IPBusEnum - ok
21:44:22.0775 1272 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:44:22.0785 1272 IpFilterDriver - ok
21:44:22.0795 1272 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:44:22.0805 1272 IPMIDRV - ok
21:44:22.0815 1272 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:44:22.0825 1272 IPNAT - ok
21:44:22.0835 1272 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:44:22.0845 1272 IRENUM - ok
21:44:22.0855 1272 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:44:22.0855 1272 isapnp - ok
21:44:22.0875 1272 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:44:22.0875 1272 iScsiPrt - ok
21:44:22.0895 1272 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:44:22.0905 1272 kbdclass - ok
21:44:22.0915 1272 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:44:22.0915 1272 kbdhid - ok
21:44:22.0945 1272 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:44:22.0945 1272 KeyIso - ok
21:44:23.0045 1272 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
21:44:23.0045 1272 KSecDD - ok
21:44:23.0145 1272 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
21:44:23.0145 1272 KSecPkg - ok
21:44:23.0165 1272 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:44:23.0165 1272 ksthunk - ok
21:44:23.0195 1272 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:44:23.0205 1272 KtmRm - ok
21:44:23.0265 1272 L1E (1541d77d3eb41177bd7026d49948aa95) C:\Windows\system32\DRIVERS\L1E62x64.sys
21:44:23.0265 1272 L1E - ok
21:44:23.0295 1272 L8042Kbd (8fa5f561f8d9e9d9d0f5b9fdc92fe0fa) C:\Windows\system32\DRIVERS\L8042Kbd.sys
21:44:23.0295 1272 L8042Kbd - ok
21:44:23.0335 1272 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:44:23.0345 1272 LanmanServer - ok
21:44:23.0375 1272 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:44:23.0385 1272 LanmanWorkstation - ok
21:44:23.0415 1272 LHidFilt (2ab5199d61f6c2bbdcaf21acb9276845) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:44:23.0415 1272 LHidFilt - ok
21:44:23.0435 1272 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:44:23.0435 1272 lltdio - ok
21:44:23.0455 1272 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:44:23.0455 1272 lltdsvc - ok
21:44:23.0505 1272 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:44:23.0505 1272 lmhosts - ok
21:44:23.0565 1272 LMouFilt (ed2fd8bbd73478cce7c707fb8103cb56) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:44:23.0565 1272 LMouFilt - ok
21:44:23.0625 1272 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:44:23.0625 1272 LSI_FC - ok
21:44:23.0645 1272 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:44:23.0645 1272 LSI_SAS - ok
21:44:23.0665 1272 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:44:23.0665 1272 LSI_SAS2 - ok
21:44:23.0675 1272 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:44:23.0675 1272 LSI_SCSI - ok
21:44:23.0685 1272 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:44:23.0685 1272 luafv - ok
21:44:23.0715 1272 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:44:23.0715 1272 LVPr2M64 - ok
21:44:23.0745 1272 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:44:23.0745 1272 LVPr2Mon - ok
21:44:23.0805 1272 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
21:44:23.0805 1272 LVRS64 - ok
21:44:23.0975 1272 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
21:44:24.0005 1272 LVUVC64 - ok
21:44:24.0115 1272 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
21:44:24.0115 1272 MBAMProtector - ok
21:44:24.0195 1272 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:44:24.0195 1272 MBAMService - ok
21:44:24.0265 1272 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:44:24.0265 1272 Mcx2Svc - ok
21:44:24.0285 1272 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:44:24.0285 1272 megasas - ok
21:44:24.0305 1272 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:44:24.0305 1272 MegaSR - ok
21:44:24.0335 1272 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:44:24.0335 1272 MMCSS - ok
21:44:24.0345 1272 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:44:24.0355 1272 Modem - ok
21:44:24.0375 1272 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:44:24.0375 1272 monitor - ok
21:44:24.0425 1272 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:44:24.0425 1272 mouclass - ok
21:44:24.0455 1272 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:44:24.0455 1272 mouhid - ok
21:44:24.0575 1272 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:44:24.0575 1272 mountmgr - ok
21:44:24.0655 1272 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:44:24.0655 1272 MozillaMaintenance - ok
21:44:24.0685 1272 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:44:24.0685 1272 mpio - ok
21:44:24.0705 1272 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:44:24.0705 1272 mpsdrv - ok
21:44:24.0735 1272 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:44:24.0745 1272 MRxDAV - ok
21:44:24.0765 1272 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:44:24.0775 1272 mrxsmb - ok
21:44:24.0835 1272 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:44:24.0845 1272 mrxsmb10 - ok
21:44:24.0865 1272 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:44:24.0875 1272 mrxsmb20 - ok
21:44:24.0895 1272 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:44:24.0895 1272 msahci - ok
21:44:24.0915 1272 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:44:24.0915 1272 msdsm - ok
21:44:24.0935 1272 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:44:24.0935 1272 MSDTC - ok
21:44:24.0945 1272 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:44:24.0955 1272 Msfs - ok
21:44:24.0975 1272 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:44:24.0975 1272 mshidkmdf - ok
21:44:24.0985 1272 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:44:24.0985 1272 msisadrv - ok
21:44:25.0015 1272 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:44:25.0025 1272 MSiSCSI - ok
21:44:25.0025 1272 msiserver - ok
21:44:25.0065 1272 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:44:25.0065 1272 MSKSSRV - ok
21:44:25.0085 1272 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:44:25.0085 1272 MSPCLOCK - ok
21:44:25.0085 1272 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:44:25.0085 1272 MSPQM - ok
21:44:25.0115 1272 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:44:25.0115 1272 MsRPC - ok
21:44:25.0125 1272 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:44:25.0125 1272 mssmbios - ok
21:44:25.0135 1272 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:44:25.0135 1272 MSTEE - ok
21:44:25.0155 1272 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:44:25.0155 1272 MTConfig - ok
21:44:25.0185 1272 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
21:44:25.0185 1272 MTsensor - ok
21:44:25.0195 1272 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:44:25.0195 1272 Mup - ok
21:44:25.0235 1272 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:44:25.0235 1272 napagent - ok
21:44:25.0295 1272 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:44:25.0295 1272 NativeWifiP - ok
21:44:25.0365 1272 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:44:25.0375 1272 NDIS - ok
21:44:25.0385 1272 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:44:25.0385 1272 NdisCap - ok
21:44:25.0415 1272 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:44:25.0415 1272 NdisTapi - ok
21:44:25.0445 1272 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:44:25.0445 1272 Ndisuio - ok
21:44:25.0465 1272 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:44:25.0465 1272 NdisWan - ok
21:44:25.0515 1272 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:44:25.0525 1272 NDProxy - ok
21:44:25.0575 1272 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:44:25.0585 1272 NetBIOS - ok
21:44:25.0605 1272 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:44:25.0605 1272 NetBT - ok
21:44:25.0635 1272 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:44:25.0645 1272 Netlogon - ok
21:44:25.0685 1272 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:44:25.0685 1272 Netman - ok
21:44:25.0715 1272 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:44:25.0715 1272 netprofm - ok
21:44:25.0785 1272 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys
21:44:25.0805 1272 netr28x - ok
21:44:25.0845 1272 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:44:25.0855 1272 NetTcpPortSharing - ok
21:44:25.0865 1272 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:44:25.0865 1272 nfrd960 - ok
21:44:25.0895 1272 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:44:25.0895 1272 NlaSvc - ok
21:44:25.0915 1272 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:44:25.0915 1272 Npfs - ok
21:44:25.0925 1272 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:44:25.0925 1272 nsi - ok
21:44:25.0935 1272 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:44:25.0935 1272 nsiproxy - ok
21:44:26.0045 1272 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:44:26.0065 1272 Ntfs - ok
21:44:26.0105 1272 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:44:26.0105 1272 Null - ok
21:44:26.0145 1272 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:44:26.0155 1272 nvraid - ok
21:44:26.0165 1272 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:44:26.0165 1272 nvstor - ok
21:44:26.0185 1272 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:44:26.0185 1272 nv_agp - ok
21:44:26.0265 1272 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:44:26.0275 1272 ohci1394 - ok
21:44:26.0305 1272 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:44:26.0305 1272 p2pimsvc - ok
21:44:26.0335 1272 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:44:26.0345 1272 p2psvc - ok
21:44:26.0355 1272 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:44:26.0365 1272 Parport - ok
21:44:26.0385 1272 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:44:26.0395 1272 partmgr - ok
21:44:26.0405 1272 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:44:26.0405 1272 PcaSvc - ok
21:44:26.0425 1272 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:44:26.0425 1272 pci - ok
21:44:26.0435 1272 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:44:26.0435 1272 pciide - ok
21:44:26.0465 1272 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:44:26.0536 1272 pcmcia - ok
21:44:26.0556 1272 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:44:26.0556 1272 pcw - ok
21:44:26.0586 1272 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:44:26.0596 1272 PEAUTH - ok
21:44:26.0656 1272 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:44:26.0656 1272 PerfHost - ok
21:44:26.0726 1272 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:44:26.0756 1272 pla - ok
21:44:26.0836 1272 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:44:26.0846 1272 PlugPlay - ok
21:44:26.0856 1272 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:44:26.0866 1272 PNRPAutoReg - ok
21:44:26.0876 1272 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:44:26.0886 1272 PNRPsvc - ok
21:44:26.0906 1272 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:44:26.0916 1272 PolicyAgent - ok
21:44:26.0946 1272 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:44:26.0946 1272 Power - ok
21:44:27.0006 1272 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:44:27.0006 1272 PptpMiniport - ok
21:44:27.0046 1272 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:44:27.0046 1272 Processor - ok
21:44:27.0096 1272 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
21:44:27.0096 1272 ProfSvc - ok
21:44:27.0126 1272 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:44:27.0136 1272 ProtectedStorage - ok
21:44:27.0176 1272 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:44:27.0176 1272 Psched - ok
21:44:27.0286 1272 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:44:27.0336 1272 ql2300 - ok
21:44:27.0386 1272 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:44:27.0386 1272 ql40xx - ok
21:44:27.0406 1272 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:44:27.0416 1272 QWAVE - ok
21:44:27.0426 1272 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:44:27.0426 1272 QWAVEdrv - ok
21:44:27.0446 1272 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:44:27.0446 1272 RasAcd - ok
21:44:27.0516 1272 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:44:27.0536 1272 RasAgileVpn - ok
21:44:27.0636 1272 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:44:27.0656 1272 RasAuto - ok
21:44:27.0666 1272 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:44:27.0676 1272 Rasl2tp - ok
21:44:27.0696 1272 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:44:27.0696 1272 RasMan - ok
21:44:27.0716 1272 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:44:27.0726 1272 RasPppoe - ok
21:44:27.0746 1272 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:44:27.0746 1272 RasSstp - ok
21:44:27.0766 1272 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:44:27.0766 1272 rdbss - ok
21:44:27.0786 1272 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:44:27.0786 1272 rdpbus - ok
21:44:27.0796 1272 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:44:27.0796 1272 RDPCDD - ok
21:44:27.0816 1272 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:44:27.0816 1272 RDPENCDD - ok
21:44:27.0826 1272 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:44:27.0826 1272 RDPREFMP - ok
21:44:27.0906 1272 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
21:44:27.0936 1272 RDPWD - ok
21:44:27.0966 1272 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:44:27.0966 1272 rdyboost - ok
21:44:28.0006 1272 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:44:28.0016 1272 RemoteAccess - ok
21:44:28.0036 1272 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:44:28.0036 1272 RemoteRegistry - ok
21:44:28.0066 1272 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
21:44:28.0066 1272 RimUsb - ok
21:44:28.0086 1272 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:44:28.0086 1272 RpcEptMapper - ok
21:44:28.0116 1272 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:44:28.0116 1272 RpcLocator - ok
21:44:28.0416 1272 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:44:28.0426 1272 RpcSs - ok
21:44:28.0446 1272 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:44:28.0456 1272 rspndr - ok
21:44:28.0486 1272 RTL8187B (4a06585c8673f4458e9fbbc9dddb4d28) C:\Windows\system32\DRIVERS\wg111v3.sys
21:44:28.0486 1272 RTL8187B - ok
21:44:28.0516 1272 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:44:28.0516 1272 SamSs - ok
21:44:28.0586 1272 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:44:28.0586 1272 SASDIFSV - ok
21:44:28.0626 1272 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:44:28.0626 1272 SASKUTIL - ok
21:44:28.0676 1272 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:44:28.0676 1272 sbp2port - ok
21:44:28.0696 1272 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:44:28.0706 1272 SCardSvr - ok
21:44:28.0736 1272 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:44:28.0736 1272 scfilter - ok
21:44:28.0796 1272 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:44:28.0806 1272 Schedule - ok
21:44:28.0836 1272 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:44:28.0836 1272 SCPolicySvc - ok
21:44:28.0906 1272 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:44:28.0926 1272 SDRSVC - ok
21:44:28.0976 1272 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:44:28.0976 1272 secdrv - ok
21:44:29.0006 1272 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:44:29.0016 1272 seclogon - ok
21:44:29.0026 1272 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:44:29.0036 1272 SENS - ok
21:44:29.0046 1272 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:44:29.0056 1272 SensrSvc - ok
21:44:29.0066 1272 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:44:29.0066 1272 Serenum - ok
21:44:29.0126 1272 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:44:29.0136 1272 Serial - ok
21:44:29.0206 1272 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:44:29.0206 1272 sermouse - ok
21:44:29.0256 1272 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:44:29.0256 1272 SessionEnv - ok
21:44:29.0286 1272 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:44:29.0296 1272 sffdisk - ok
21:44:29.0306 1272 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:44:29.0306 1272 sffp_mmc - ok
21:44:29.0316 1272 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:44:29.0316 1272 sffp_sd - ok
21:44:29.0366 1272 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:44:29.0366 1272 sfloppy - ok
21:44:29.0416 1272 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:44:29.0426 1272 ShellHWDetection - ok
21:44:29.0436 1272 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:44:29.0436 1272 SiSRaid2 - ok
21:44:29.0446 1272 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:44:29.0456 1272 SiSRaid4 - ok
21:44:29.0677 1272 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:44:29.0697 1272 Skype C2C Service - ok
21:44:29.0767 1272 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:44:29.0767 1272 SkypeUpdate - ok
21:44:29.0887 1272 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:44:29.0887 1272 Smb - ok
21:44:29.0917 1272 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:44:29.0927 1272 SNMPTRAP - ok
21:44:29.0937 1272 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:44:29.0937 1272 spldr - ok
21:44:29.0957 1272 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:44:29.0967 1272 Spooler - ok
21:44:30.0147 1272 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:44:30.0167 1272 sppsvc - ok
21:44:30.0197 1272 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:44:30.0207 1272 sppuinotify - ok
21:44:30.0237 1272 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:44:30.0247 1272 srv - ok
21:44:30.0307 1272 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:44:30.0307 1272 srv2 - ok
21:44:30.0357 1272 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:44:30.0357 1272 srvnet - ok
21:44:30.0377 1272 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:44:30.0377 1272 SSDPSRV - ok
21:44:30.0397 1272 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:44:30.0397 1272 SstpSvc - ok
21:44:30.0417 1272 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:44:30.0417 1272 stexstor - ok
21:44:30.0457 1272 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:44:30.0457 1272 stisvc - ok
21:44:30.0487 1272 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:44:30.0487 1272 swenum - ok
21:44:30.0517 1272 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:44:30.0517 1272 swprv - ok
21:44:30.0647 1272 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:44:30.0657 1272 SysMain - ok
21:44:30.0727 1272 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:44:30.0727 1272 TabletInputService - ok
21:44:30.0757 1272 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:44:30.0767 1272 TapiSrv - ok
21:44:30.0777 1272 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:44:30.0777 1272 TBS - ok
21:44:30.0907 1272 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:44:30.0917 1272 Tcpip - ok
21:44:31.0017 1272 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:44:31.0037 1272 TCPIP6 - ok
21:44:31.0107 1272 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:44:31.0107 1272 tcpipreg - ok
21:44:31.0137 1272 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:44:31.0147 1272 TDPIPE - ok
21:44:31.0167 1272 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:44:31.0167 1272 TDTCP - ok
21:44:31.0207 1272 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:44:31.0207 1272 tdx - ok
21:44:31.0247 1272 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:44:31.0247 1272 TermDD - ok
21:44:31.0307 1272 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:44:31.0317 1272 TermService - ok
21:44:31.0337 1272 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:44:31.0337 1272 Themes - ok
21:44:31.0357 1272 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:44:31.0357 1272 THREADORDER - ok
21:44:31.0387 1272 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
21:44:31.0387 1272 TIEHDUSB - ok
21:44:31.0437 1272 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:44:31.0437 1272 TrkWks - ok
21:44:31.0467 1272 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:44:31.0477 1272 TrustedInstaller - ok
21:44:31.0547 1272 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:44:31.0547 1272 tssecsrv - ok
21:44:31.0597 1272 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:44:31.0597 1272 TsUsbFlt - ok
21:44:31.0637 1272 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:44:31.0647 1272 tunnel - ok
21:44:31.0657 1272 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:44:31.0667 1272 uagp35 - ok
21:44:31.0677 1272 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:44:31.0687 1272 udfs - ok
21:44:31.0697 1272 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:44:31.0707 1272 UI0Detect - ok
21:44:31.0737 1272 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:44:31.0737 1272 uliagpkx - ok
21:44:31.0767 1272 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:44:31.0767 1272 umbus - ok
21:44:31.0817 1272 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:44:31.0817 1272 UmPass - ok
21:44:31.0917 1272 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
21:44:31.0917 1272 UMVPFSrv - ok
21:44:31.0947 1272 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:44:31.0957 1272 upnphost - ok
21:44:31.0977 1272 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:44:31.0977 1272 usbaudio - ok
21:44:31.0997 1272 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:44:31.0997 1272 usbccgp - ok
21:44:32.0057 1272 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:44:32.0057 1272 usbcir - ok
21:44:32.0107 1272 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:44:32.0107 1272 usbehci - ok
21:44:32.0127 1272 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:44:32.0127 1272 usbhub - ok
21:44:32.0147 1272 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:44:32.0147 1272 usbohci - ok
21:44:32.0177 1272 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:44:32.0177 1272 usbprint - ok
21:44:32.0207 1272 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:44:32.0207 1272 usbscan - ok
21:44:32.0217 1272 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
21:44:32.0227 1272 USBSTOR - ok
21:44:32.0477 1272 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
21:44:32.0497 1272 usbuhci - ok
21:44:32.0577 1272 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:44:32.0577 1272 UxSms - ok
21:44:32.0667 1272 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:44:32.0667 1272 VaultSvc - ok
21:44:32.0687 1272 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:44:32.0687 1272 vdrvroot - ok
21:44:32.0947 1272 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:44:32.0977 1272 vds - ok
21:44:32.0987 1272 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:44:32.0987 1272 vga - ok
21:44:33.0007 1272 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:44:33.0007 1272 VgaSave - ok
21:44:33.0027 1272 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:44:33.0027 1272 vhdmp - ok
21:44:33.0047 1272 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:44:33.0047 1272 viaide - ok
21:44:33.0067 1272 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:44:33.0067 1272 volmgr - ok
21:44:33.0097 1272 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:44:33.0107 1272 volmgrx - ok
21:44:33.0117 1272 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:44:33.0127 1272 volsnap - ok
21:44:33.0187 1272 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:44:33.0187 1272 vsmraid - ok
21:44:33.0267 1272 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:44:33.0317 1272 VSS - ok
21:44:33.0638 1272 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
21:44:33.0648 1272 vToolbarUpdater11.2.0 - ok
21:44:33.0778 1272 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:44:33.0778 1272 vwifibus - ok
21:44:33.0788 1272 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:44:33.0798 1272 vwififlt - ok
21:44:33.0818 1272 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:44:33.0818 1272 vwifimp - ok
21:44:33.0848 1272 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:44:33.0858 1272 W32Time - ok
21:44:33.0878 1272 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:44:33.0878 1272 WacomPen - ok
21:44:33.0938 1272 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:44:33.0938 1272 WANARP - ok
21:44:33.0968 1272 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:44:33.0968 1272 Wanarpv6 - ok
21:44:34.0068 1272 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:44:34.0088 1272 WatAdminSvc - ok
21:44:34.0148 1272 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:44:34.0178 1272 wbengine - ok
21:44:34.0298 1272 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:44:34.0308 1272 WbioSrvc - ok
21:44:34.0348 1272 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:44:34.0358 1272 wcncsvc - ok
21:44:34.0368 1272 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:44:34.0368 1272 WcsPlugInService - ok
21:44:34.0378 1272 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:44:34.0388 1272 Wd - ok
21:44:34.0418 1272 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:44:34.0418 1272 Wdf01000 - ok
21:44:34.0428 1272 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:44:34.0428 1272 WdiServiceHost - ok
21:44:34.0438 1272 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:44:34.0438 1272 WdiSystemHost - ok
21:44:34.0608 1272 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:44:34.0628 1272 WebClient - ok
21:44:34.0648 1272 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:44:34.0658 1272 Wecsvc - ok
21:44:34.0668 1272 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:44:34.0678 1272 wercplsupport - ok
21:44:34.0698 1272 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:44:34.0698 1272 WerSvc - ok
21:44:34.0718 1272 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:44:34.0728 1272 WfpLwf - ok
21:44:34.0738 1272 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:44:34.0738 1272 WIMMount - ok
21:44:34.0748 1272 WinHttpAutoProxySvc - ok
21:44:34.0848 1272 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:44:34.0848 1272 Winmgmt - ok
21:44:34.0938 1272 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:44:34.0978 1272 WinRM - ok
21:44:35.0118 1272 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:44:35.0118 1272 Wlansvc - ok
21:44:35.0268 1272 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:44:35.0278 1272 wlidsvc - ok
21:44:35.0368 1272 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:44:35.0368 1272 WmiAcpi - ok
21:44:35.0408 1272 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:44:35.0408 1272 wmiApSrv - ok
21:44:35.0438 1272 WMPNetworkSvc - ok
21:44:35.0448 1272 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:44:35.0448 1272 WPCSvc - ok
21:44:35.0488 1272 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:44:35.0488 1272 WPDBusEnum - ok
21:44:35.0548 1272 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:44:35.0548 1272 ws2ifsl - ok
21:44:35.0558 1272 WSearch - ok
21:44:35.0618 1272 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:44:35.0618 1272 WudfPf - ok
21:44:35.0638 1272 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:44:35.0648 1272 WUDFRd - ok
21:44:35.0658 1272 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:44:35.0658 1272 wudfsvc - ok
21:44:35.0678 1272 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:44:35.0678 1272 WwanSvc - ok
21:44:35.0718 1272 MBR (0x1B8) (f05261c246ce4b3c544521ffff7aef5d) \Device\Harddisk0\DR0
21:44:35.0948 1272 \Device\Harddisk0\DR0 - ok
21:44:35.0948 1272 Boot (0x1200) (7fc9d142aa8c76070f0e4627c6ec697c) \Device\Harddisk0\DR0\Partition0
21:44:35.0948 1272 \Device\Harddisk0\DR0\Partition0 - ok
21:44:35.0978 1272 Boot (0x1200) (0e7aa56f9422c8dc71d0a74ba84904e4) \Device\Harddisk0\DR0\Partition1
21:44:35.0978 1272 \Device\Harddisk0\DR0\Partition1 - ok
21:44:35.0978 1272 ============================================================
21:44:35.0978 1272 Scan finished
21:44:35.0978 1272 ============================================================
21:44:35.0988 0380 Detected object count: 0
21:44:35.0988 0380 Actual detected object count: 0

#4 wtfhelpmeplz

wtfhelpmeplz
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 22 July 2012 - 10:31 PM

aswMBR Log
It found 2 infected things- I left the scanner open because I didn't know if I should go back and click on "FixMBR". Should I click on that or just exit out of it?


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-22 21:48:39
-----------------------------
21:48:39.788 OS Version: Windows x64 6.1.7601 Service Pack 1
21:48:39.788 Number of processors: 2 586 0x170A
21:48:39.788 ComputerName: TARA-PC UserName: Tara
21:48:41.498 Initialize success
22:10:05.204 AVAST engine defs: 12072201
22:11:14.021 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:11:14.025 Disk 0 Vendor: ST31000528AS CC44 Size: 953869MB BusType: 3
22:11:14.050 Disk 0 MBR read successfully
22:11:14.055 Disk 0 MBR scan
22:11:14.063 Disk 0 unknown MBR code
22:11:14.068 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 8197 MB offset 63
22:11:14.082 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 381551 MB offset 16787925
22:11:14.105 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 564118 MB offset 798205590
22:11:14.136 Disk 0 scanning C:\Windows\system32\drivers
22:11:24.264 Service scanning
22:11:41.706 Modules scanning
22:11:41.706 Disk 0 trace - called modules:
22:11:41.737 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:11:41.737 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006120060]
22:11:42.065 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8005c582f0]
22:11:42.065 5 ACPI.sys[fffff88000fa77a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005c5c060]
22:11:46.854 AVAST engine scan C:\Windows
22:11:50.770 AVAST engine scan C:\Windows\system32
22:14:00.484 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
22:14:02.659 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
22:15:03.373 AVAST engine scan C:\Windows\system32\drivers
22:15:17.259 AVAST engine scan C:\Users\Tara
22:41:44.744 AVAST engine scan C:\ProgramData
22:43:23.192 Scan finished successfully
22:43:53.198 Disk 0 MBR has been saved successfully to "C:\Users\Tara\Downloads\MBR.dat"
22:43:53.208 The log file has been saved successfully to "C:\Users\Tara\Downloads\aswMBRlog.txt"

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:34 PM

Posted 22 July 2012 - 10:32 PM

We need advanced tools to remove this one

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#6 wtfhelpmeplz

wtfhelpmeplz
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 22 July 2012 - 11:08 PM

Eset online scanner log





C:\Program Files (x86)\1ClickDownload\1ClickSettingsManager.exe Win32/Adware.1ClickDownload.E application cleaned by deleting - quarantined
C:\Program Files (x86)\1ClickDownload\ocmainpack.exe Win32/Adware.1ClickDownload.E application cleaned by deleting - quarantined
C:\Users\Tara\AppData\Local\Temp\ICReinstall\cnet2_BigBrotherKeyloggerSetup-47_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Tara\Downloads\Christine_Warren-The_Other_Series_including_the_Fixed_books (1).exe Win32/Adware.1ClickDownload.C application cleaned by deleting - quarantined
C:\Users\Tara\Downloads\Christine_Warren-The_Other_Series_including_the_Fixed_books.exe Win32/Adware.1ClickDownload.C application cleaned by deleting - quarantined
C:\Users\Tara\Downloads\cnet2_BigBrotherKeyloggerSetup-47_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Tara\Pictures\Kresley_Cole_-_Immortals_After_Dark_Series_-_UPDATED.exe Win32/Adware.1ClickDownload.C application cleaned by deleting - quarantined
C:\Windows\Installer\{50854cd7-a391-e12e-52c4-5b5f0efcb4f5}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{50854cd7-a391-e12e-52c4-5b5f0efcb4f5}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
Operating memory multiple threats

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:34 PM

Posted 22 July 2012 - 11:09 PM

Please follow my previous instructions :)

Edited by narenxp, 22 July 2012 - 11:09 PM.


#8 wtfhelpmeplz

wtfhelpmeplz
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 22 July 2012 - 11:10 PM

We need advanced tools to remove this one

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck



Ok thanks

#9 Platypus

Platypus

  • Moderator
  • 14,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:09:34 AM

Posted 23 July 2012 - 03:26 AM

Continued here:

http://www.bleepingcomputer.com/forums/topic462031.html

Top 5 things that never get done:

1.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users