Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes wont remove svchost.exe trojan agent??


  • Please log in to reply
3 replies to this topic

#1 RebelLawyer

RebelLawyer

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oxford, MS
  • Local time:03:51 PM

Posted 26 July 2012 - 03:24 PM

Hey all!

I'm new, and I think I have a potentially serious problem on my laptop.
Malwarebytes has detected 2 malware files on my computer, they're both trojan agents called svchost.exe. Malwarebytes goes through the removal process and asks me to restart my computer but upon rescanning (twice now!) the trojan files are still there.

From my google search, I've identified that this isn't a good thing to have, but I couldn't figure out how to get rid of it.

Does anyone know what this is and can anymore help me please??

-Ashley

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:51 PM

Posted 26 July 2012 - 03:53 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 hidaian

hidaian

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 30 July 2012 - 08:34 PM

I am having the same exact problems are the OP so i went ahead and ran all the tools and got the logs you requested hoping you can help me.



20:09:12.0123 3300 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:09:12.0465 3300 ============================================================
20:09:12.0465 3300 Current date / time: 2012/07/30 20:09:12.0465
20:09:12.0465 3300 SystemInfo:
20:09:12.0465 3300
20:09:12.0465 3300 OS Version: 6.1.7601 ServicePack: 1.0
20:09:12.0465 3300 Product type: Workstation
20:09:12.0465 3300 ComputerName: HIDAIAN-PC
20:09:12.0465 3300 UserName: Hidaian
20:09:12.0465 3300 Windows directory: C:\Windows
20:09:12.0465 3300 System windows directory: C:\Windows
20:09:12.0465 3300 Running under WOW64
20:09:12.0465 3300 Processor architecture: Intel x64
20:09:12.0465 3300 Number of processors: 4
20:09:12.0465 3300 Page size: 0x1000
20:09:12.0465 3300 Boot type: Normal boot
20:09:12.0465 3300 ============================================================
20:09:13.0150 3300 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:09:13.0154 3300 ============================================================
20:09:13.0154 3300 \Device\Harddisk0\DR0:
20:09:13.0154 3300 MBR partitions:
20:09:13.0154 3300 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:09:13.0154 3300 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000
20:09:13.0154 3300 ============================================================
20:09:13.0166 3300 C: <-> \Device\Harddisk0\DR0\Partition1
20:09:13.0166 3300 ============================================================
20:09:13.0166 3300 Initialize success
20:09:13.0166 3300 ============================================================
20:09:45.0535 3208 ============================================================
20:09:45.0535 3208 Scan started
20:09:45.0535 3208 Mode: Manual; TDLFS;
20:09:45.0535 3208 ============================================================
20:09:46.0576 3208 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:09:46.0579 3208 1394ohci - ok
20:09:46.0611 3208 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:09:46.0614 3208 ACPI - ok
20:09:46.0618 3208 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:09:46.0619 3208 AcpiPmi - ok
20:09:46.0698 3208 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:09:46.0700 3208 AdobeFlashPlayerUpdateSvc - ok
20:09:46.0740 3208 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:09:46.0753 3208 adp94xx - ok
20:09:46.0771 3208 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:09:46.0775 3208 adpahci - ok
20:09:46.0788 3208 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:09:46.0791 3208 adpu320 - ok
20:09:46.0821 3208 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:09:46.0822 3208 AeLookupSvc - ok
20:09:46.0867 3208 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:09:46.0880 3208 AFD - ok
20:09:46.0893 3208 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:09:46.0894 3208 agp440 - ok
20:09:46.0905 3208 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:09:46.0906 3208 ALG - ok
20:09:46.0916 3208 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:09:46.0916 3208 aliide - ok
20:09:46.0931 3208 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:09:46.0932 3208 amdide - ok
20:09:46.0937 3208 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:09:46.0938 3208 AmdK8 - ok
20:09:46.0943 3208 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
20:09:46.0944 3208 AmdPPM - ok
20:09:46.0964 3208 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:09:46.0966 3208 amdsata - ok
20:09:46.0975 3208 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:09:46.0977 3208 amdsbs - ok
20:09:47.0003 3208 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:09:47.0003 3208 amdxata - ok
20:09:47.0042 3208 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:09:47.0044 3208 AppID - ok
20:09:47.0052 3208 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:09:47.0053 3208 AppIDSvc - ok
20:09:47.0072 3208 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:09:47.0073 3208 Appinfo - ok
20:09:47.0135 3208 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:09:47.0137 3208 Apple Mobile Device - ok
20:09:47.0148 3208 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:09:47.0150 3208 arc - ok
20:09:47.0168 3208 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:09:47.0170 3208 arcsas - ok
20:09:47.0195 3208 asmthub3 (e1e75921e9eb025009696d4837f531fb) C:\Windows\system32\DRIVERS\asmthub3.sys
20:09:47.0196 3208 asmthub3 - ok
20:09:47.0229 3208 asmtxhci (b0cf9ab16006b61634d4f955345ca5d2) C:\Windows\system32\DRIVERS\asmtxhci.sys
20:09:47.0232 3208 asmtxhci - ok
20:09:47.0278 3208 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:09:47.0279 3208 aspnet_state - ok
20:09:47.0305 3208 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:09:47.0306 3208 AsyncMac - ok
20:09:47.0312 3208 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:09:47.0313 3208 atapi - ok
20:09:47.0342 3208 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:09:47.0351 3208 AudioEndpointBuilder - ok
20:09:47.0359 3208 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:09:47.0364 3208 AudioSrv - ok
20:09:47.0391 3208 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:09:47.0393 3208 AxInstSV - ok
20:09:47.0423 3208 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:09:47.0437 3208 b06bdrv - ok
20:09:47.0533 3208 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:09:47.0537 3208 b57nd60a - ok
20:09:47.0583 3208 BBSvc (6f8638ea0a55d65b03e24f6d1153d8f7) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:09:47.0585 3208 BBSvc - ok
20:09:47.0614 3208 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:09:47.0616 3208 BBUpdate - ok
20:09:47.0636 3208 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:09:47.0638 3208 BDESVC - ok
20:09:47.0647 3208 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:09:47.0647 3208 Beep - ok
20:09:47.0672 3208 BIOS (00cadb1bc2d0030f0b2a1063618b6bd7) C:\Windows\system32\drivers\BIOS64.sys
20:09:47.0673 3208 BIOS - ok
20:09:47.0683 3208 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:09:47.0684 3208 blbdrive - ok
20:09:47.0735 3208 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:09:47.0739 3208 Bonjour Service - ok
20:09:47.0762 3208 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:09:47.0764 3208 bowser - ok
20:09:47.0767 3208 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:09:47.0768 3208 BrFiltLo - ok
20:09:47.0771 3208 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:09:47.0772 3208 BrFiltUp - ok
20:09:47.0785 3208 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:09:47.0787 3208 Browser - ok
20:09:47.0804 3208 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:09:47.0809 3208 Brserid - ok
20:09:47.0814 3208 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:09:47.0815 3208 BrSerWdm - ok
20:09:47.0818 3208 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:09:47.0819 3208 BrUsbMdm - ok
20:09:47.0823 3208 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:09:47.0823 3208 BrUsbSer - ok
20:09:47.0829 3208 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:09:47.0830 3208 BTHMODEM - ok
20:09:47.0845 3208 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:09:47.0846 3208 bthserv - ok
20:09:47.0860 3208 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:09:47.0861 3208 cdfs - ok
20:09:47.0881 3208 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:09:47.0882 3208 cdrom - ok
20:09:47.0899 3208 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:09:47.0900 3208 CertPropSvc - ok
20:09:47.0903 3208 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:09:47.0904 3208 circlass - ok
20:09:47.0921 3208 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:09:47.0924 3208 CLFS - ok
20:09:47.0950 3208 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:09:47.0951 3208 clr_optimization_v2.0.50727_32 - ok
20:09:47.0982 3208 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:09:47.0983 3208 clr_optimization_v2.0.50727_64 - ok
20:09:48.0021 3208 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:09:48.0022 3208 clr_optimization_v4.0.30319_32 - ok
20:09:48.0054 3208 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:09:48.0055 3208 clr_optimization_v4.0.30319_64 - ok
20:09:48.0059 3208 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:09:48.0059 3208 CmBatt - ok
20:09:48.0072 3208 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:09:48.0073 3208 cmdide - ok
20:09:48.0110 3208 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
20:09:48.0114 3208 CNG - ok
20:09:48.0122 3208 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:09:48.0123 3208 Compbatt - ok
20:09:48.0139 3208 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:09:48.0140 3208 CompositeBus - ok
20:09:48.0143 3208 COMSysApp - ok
20:09:48.0194 3208 cpuz135 - ok
20:09:48.0217 3208 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:09:48.0218 3208 crcdisk - ok
20:09:48.0250 3208 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:09:48.0252 3208 CryptSvc - ok
20:09:48.0287 3208 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:09:48.0293 3208 DcomLaunch - ok
20:09:48.0324 3208 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:09:48.0327 3208 defragsvc - ok
20:09:48.0347 3208 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:09:48.0348 3208 DfsC - ok
20:09:48.0360 3208 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:09:48.0363 3208 Dhcp - ok
20:09:48.0376 3208 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:09:48.0377 3208 discache - ok
20:09:48.0381 3208 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:09:48.0382 3208 Disk - ok
20:09:48.0406 3208 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:09:48.0409 3208 Dnscache - ok
20:09:48.0434 3208 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:09:48.0437 3208 dot3svc - ok
20:09:48.0450 3208 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:09:48.0452 3208 DPS - ok
20:09:48.0493 3208 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:09:48.0494 3208 drmkaud - ok
20:09:48.0539 3208 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:09:48.0546 3208 DXGKrnl - ok
20:09:48.0555 3208 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:09:48.0556 3208 EapHost - ok
20:09:48.0660 3208 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:09:48.0709 3208 ebdrv - ok
20:09:48.0762 3208 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:09:48.0763 3208 EFS - ok
20:09:48.0832 3208 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:09:48.0837 3208 ehRecvr - ok
20:09:48.0855 3208 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:09:48.0856 3208 ehSched - ok
20:09:48.0889 3208 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:09:48.0901 3208 elxstor - ok
20:09:48.0916 3208 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:09:48.0916 3208 ErrDev - ok
20:09:48.0942 3208 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:09:48.0947 3208 EventSystem - ok
20:09:48.0957 3208 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:09:48.0960 3208 exfat - ok
20:09:48.0969 3208 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:09:48.0972 3208 fastfat - ok
20:09:49.0018 3208 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:09:49.0036 3208 Fax - ok
20:09:49.0046 3208 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:09:49.0047 3208 fdc - ok
20:09:49.0058 3208 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:09:49.0059 3208 fdPHost - ok
20:09:49.0066 3208 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:09:49.0068 3208 FDResPub - ok
20:09:49.0081 3208 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:09:49.0082 3208 FileInfo - ok
20:09:49.0091 3208 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:09:49.0092 3208 Filetrace - ok
20:09:49.0095 3208 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:09:49.0096 3208 flpydisk - ok
20:09:49.0108 3208 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:09:49.0111 3208 FltMgr - ok
20:09:49.0164 3208 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:09:49.0180 3208 FontCache - ok
20:09:49.0218 3208 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:09:49.0219 3208 FontCache3.0.0.0 - ok
20:09:49.0235 3208 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:09:49.0237 3208 FsDepends - ok
20:09:49.0251 3208 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:09:49.0252 3208 Fs_Rec - ok
20:09:49.0267 3208 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:09:49.0269 3208 fvevol - ok
20:09:49.0287 3208 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:09:49.0289 3208 gagp30kx - ok
20:09:49.0318 3208 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:09:49.0319 3208 GEARAspiWDM - ok
20:09:49.0357 3208 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:09:49.0372 3208 gpsvc - ok
20:09:49.0380 3208 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:09:49.0381 3208 hcw85cir - ok
20:09:49.0418 3208 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:09:49.0422 3208 HdAudAddService - ok
20:09:49.0449 3208 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:09:49.0451 3208 HDAudBus - ok
20:09:49.0454 3208 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:09:49.0455 3208 HidBatt - ok
20:09:49.0460 3208 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:09:49.0461 3208 HidBth - ok
20:09:49.0470 3208 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:09:49.0471 3208 HidIr - ok
20:09:49.0475 3208 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:09:49.0476 3208 hidserv - ok
20:09:49.0520 3208 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:09:49.0521 3208 HidUsb - ok
20:09:49.0555 3208 hitmanpro36 (44f92c1f913e582bef9cac66443c6230) C:\Windows\system32\drivers\hitmanpro36.sys
20:09:49.0556 3208 hitmanpro36 - ok
20:09:49.0570 3208 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:09:49.0572 3208 hkmsvc - ok
20:09:49.0600 3208 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:09:49.0604 3208 HomeGroupListener - ok
20:09:49.0638 3208 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:09:49.0642 3208 HomeGroupProvider - ok
20:09:49.0660 3208 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:09:49.0662 3208 HpSAMD - ok
20:09:49.0698 3208 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:09:49.0715 3208 HTTP - ok
20:09:49.0722 3208 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:09:49.0723 3208 hwpolicy - ok
20:09:49.0729 3208 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:09:49.0731 3208 i8042prt - ok
20:09:49.0762 3208 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:09:49.0768 3208 iaStorV - ok
20:09:49.0817 3208 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:09:49.0824 3208 idsvc - ok
20:09:49.0836 3208 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:09:49.0837 3208 iirsp - ok
20:09:49.0885 3208 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:09:49.0900 3208 IKEEXT - ok
20:09:50.0023 3208 IntcAzAudAddService (88798b4381fd58fae2da07880c177c5c) C:\Windows\system32\drivers\RTKVHD64.sys
20:09:50.0035 3208 IntcAzAudAddService - ok
20:09:50.0095 3208 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:09:50.0096 3208 intelide - ok
20:09:50.0113 3208 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:09:50.0114 3208 intelppm - ok
20:09:50.0129 3208 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:09:50.0131 3208 IPBusEnum - ok
20:09:50.0140 3208 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:09:50.0141 3208 IpFilterDriver - ok
20:09:50.0147 3208 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:09:50.0149 3208 IPMIDRV - ok
20:09:50.0156 3208 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:09:50.0157 3208 IPNAT - ok
20:09:50.0256 3208 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
20:09:50.0263 3208 iPod Service - ok
20:09:50.0287 3208 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:09:50.0288 3208 IRENUM - ok
20:09:50.0302 3208 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:09:50.0303 3208 isapnp - ok
20:09:50.0326 3208 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:09:50.0330 3208 iScsiPrt - ok
20:09:50.0343 3208 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:09:50.0344 3208 kbdclass - ok
20:09:50.0348 3208 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:09:50.0348 3208 kbdhid - ok
20:09:50.0361 3208 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:09:50.0362 3208 KeyIso - ok
20:09:50.0425 3208 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
20:09:50.0427 3208 KSecDD - ok
20:09:50.0455 3208 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
20:09:50.0457 3208 KSecPkg - ok
20:09:50.0466 3208 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:09:50.0466 3208 ksthunk - ok
20:09:50.0485 3208 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:09:50.0490 3208 KtmRm - ok
20:09:50.0536 3208 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:09:50.0540 3208 LanmanServer - ok
20:09:50.0556 3208 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:09:50.0559 3208 LanmanWorkstation - ok
20:09:50.0568 3208 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:09:50.0569 3208 lltdio - ok
20:09:50.0592 3208 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:09:50.0596 3208 lltdsvc - ok
20:09:50.0600 3208 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:09:50.0601 3208 lmhosts - ok
20:09:50.0674 3208 LMS (98b16e756243bea9410e32025b19c06f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:09:50.0676 3208 LMS - ok
20:09:50.0695 3208 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:09:50.0697 3208 LSI_FC - ok
20:09:50.0704 3208 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:09:50.0706 3208 LSI_SAS - ok
20:09:50.0718 3208 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:09:50.0719 3208 LSI_SAS2 - ok
20:09:50.0726 3208 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:09:50.0728 3208 LSI_SCSI - ok
20:09:50.0738 3208 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:09:50.0739 3208 luafv - ok
20:09:50.0755 3208 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:09:50.0757 3208 Mcx2Svc - ok
20:09:50.0769 3208 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:09:50.0770 3208 megasas - ok
20:09:50.0782 3208 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:09:50.0786 3208 MegaSR - ok
20:09:50.0800 3208 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
20:09:50.0800 3208 MEIx64 - ok
20:09:50.0813 3208 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:09:50.0815 3208 MMCSS - ok
20:09:50.0824 3208 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:09:50.0825 3208 Modem - ok
20:09:50.0836 3208 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:09:50.0837 3208 monitor - ok
20:09:50.0841 3208 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:09:50.0842 3208 mouclass - ok
20:09:50.0846 3208 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:09:50.0846 3208 mouhid - ok
20:09:50.0858 3208 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:09:50.0859 3208 mountmgr - ok
20:09:50.0868 3208 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:09:50.0870 3208 mpio - ok
20:09:50.0879 3208 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:09:50.0880 3208 mpsdrv - ok
20:09:50.0888 3208 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:09:50.0890 3208 MRxDAV - ok
20:09:50.0916 3208 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:09:50.0918 3208 mrxsmb - ok
20:09:50.0930 3208 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:09:50.0934 3208 mrxsmb10 - ok
20:09:50.0955 3208 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:09:50.0957 3208 mrxsmb20 - ok
20:09:50.0961 3208 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:09:50.0962 3208 msahci - ok
20:09:50.0969 3208 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:09:50.0971 3208 msdsm - ok
20:09:50.0984 3208 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:09:50.0987 3208 MSDTC - ok
20:09:51.0004 3208 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:09:51.0005 3208 Msfs - ok
20:09:51.0014 3208 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:09:51.0015 3208 mshidkmdf - ok
20:09:51.0024 3208 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:09:51.0024 3208 msisadrv - ok
20:09:51.0050 3208 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:09:51.0053 3208 MSiSCSI - ok
20:09:51.0056 3208 msiserver - ok
20:09:51.0079 3208 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:09:51.0080 3208 MSKSSRV - ok
20:09:51.0093 3208 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:09:51.0094 3208 MSPCLOCK - ok
20:09:51.0111 3208 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:09:51.0112 3208 MSPQM - ok
20:09:51.0133 3208 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:09:51.0137 3208 MsRPC - ok
20:09:51.0145 3208 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:09:51.0146 3208 mssmbios - ok
20:09:51.0152 3208 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:09:51.0153 3208 MSTEE - ok
20:09:51.0159 3208 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:09:51.0160 3208 MTConfig - ok
20:09:51.0165 3208 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:09:51.0166 3208 Mup - ok
20:09:51.0212 3208 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:09:51.0226 3208 napagent - ok
20:09:51.0250 3208 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:09:51.0254 3208 NativeWifiP - ok
20:09:51.0335 3208 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
20:09:51.0338 3208 NAUpdate - ok
20:09:51.0391 3208 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:09:51.0401 3208 NDIS - ok
20:09:51.0408 3208 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:09:51.0409 3208 NdisCap - ok
20:09:51.0413 3208 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:09:51.0413 3208 NdisTapi - ok
20:09:51.0426 3208 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:09:51.0428 3208 Ndisuio - ok
20:09:51.0449 3208 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:09:51.0451 3208 NdisWan - ok
20:09:51.0477 3208 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:09:51.0478 3208 NDProxy - ok
20:09:51.0487 3208 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:09:51.0488 3208 NetBIOS - ok
20:09:51.0505 3208 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:09:51.0509 3208 NetBT - ok
20:09:51.0536 3208 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:09:51.0537 3208 Netlogon - ok
20:09:51.0560 3208 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:09:51.0565 3208 Netman - ok
20:09:51.0618 3208 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:09:51.0620 3208 NetMsmqActivator - ok
20:09:51.0634 3208 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:09:51.0635 3208 NetPipeActivator - ok
20:09:51.0675 3208 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:09:51.0679 3208 netprofm - ok
20:09:51.0681 3208 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:09:51.0681 3208 NetTcpActivator - ok
20:09:51.0683 3208 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:09:51.0684 3208 NetTcpPortSharing - ok
20:09:51.0769 3208 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:09:51.0770 3208 nfrd960 - ok
20:09:51.0794 3208 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:09:51.0797 3208 NlaSvc - ok
20:09:51.0799 3208 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:09:51.0800 3208 Npfs - ok
20:09:51.0802 3208 npggsvc - ok
20:09:51.0840 3208 npkcft64 - ok
20:09:51.0842 3208 npkuft64 - ok
20:09:51.0849 3208 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:09:51.0850 3208 nsi - ok
20:09:51.0854 3208 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:09:51.0854 3208 nsiproxy - ok
20:09:51.0915 3208 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:09:51.0929 3208 Ntfs - ok
20:09:51.0966 3208 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:09:51.0966 3208 Null - ok
20:09:51.0989 3208 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
20:09:51.0990 3208 NVHDA - ok
20:09:52.0390 3208 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:09:52.0437 3208 nvlddmkm - ok
20:09:52.0472 3208 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:09:52.0474 3208 nvraid - ok
20:09:52.0486 3208 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:09:52.0488 3208 nvstor - ok
20:09:52.0544 3208 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
20:09:52.0562 3208 nvsvc - ok
20:09:52.0643 3208 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:09:52.0657 3208 nvUpdatusService - ok
20:09:52.0693 3208 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:09:52.0694 3208 nv_agp - ok
20:09:52.0697 3208 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:09:52.0698 3208 ohci1394 - ok
20:09:52.0730 3208 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:09:52.0733 3208 p2pimsvc - ok
20:09:52.0755 3208 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:09:52.0761 3208 p2psvc - ok
20:09:52.0788 3208 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:09:52.0789 3208 Parport - ok
20:09:52.0804 3208 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:09:52.0805 3208 partmgr - ok
20:09:52.0820 3208 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:09:52.0823 3208 PcaSvc - ok
20:09:52.0837 3208 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:09:52.0839 3208 pci - ok
20:09:52.0844 3208 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:09:52.0845 3208 pciide - ok
20:09:52.0860 3208 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:09:52.0862 3208 pcmcia - ok
20:09:52.0867 3208 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:09:52.0867 3208 pcw - ok
20:09:52.0900 3208 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:09:52.0910 3208 PEAUTH - ok
20:09:53.0045 3208 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:09:53.0046 3208 PerfHost - ok
20:09:53.0110 3208 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:09:53.0128 3208 pla - ok
20:09:53.0163 3208 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:09:53.0168 3208 PlugPlay - ok
20:09:53.0175 3208 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:09:53.0176 3208 PNRPAutoReg - ok
20:09:53.0196 3208 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:09:53.0198 3208 PNRPsvc - ok
20:09:53.0237 3208 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:09:53.0249 3208 PolicyAgent - ok
20:09:53.0266 3208 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:09:53.0269 3208 Power - ok
20:09:53.0286 3208 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:09:53.0288 3208 PptpMiniport - ok
20:09:53.0292 3208 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:09:53.0293 3208 Processor - ok
20:09:53.0319 3208 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:09:53.0322 3208 ProfSvc - ok
20:09:53.0353 3208 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:09:53.0354 3208 ProtectedStorage - ok
20:09:53.0370 3208 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:09:53.0371 3208 Psched - ok
20:09:53.0433 3208 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:09:53.0457 3208 ql2300 - ok
20:09:53.0503 3208 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:09:53.0505 3208 ql40xx - ok
20:09:53.0515 3208 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:09:53.0518 3208 QWAVE - ok
20:09:53.0529 3208 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:09:53.0530 3208 QWAVEdrv - ok
20:09:53.0553 3208 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:09:53.0554 3208 RasAcd - ok
20:09:53.0559 3208 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:09:53.0560 3208 RasAgileVpn - ok
20:09:53.0575 3208 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:09:53.0578 3208 RasAuto - ok
20:09:53.0593 3208 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:09:53.0594 3208 Rasl2tp - ok
20:09:53.0616 3208 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:09:53.0620 3208 RasMan - ok
20:09:53.0636 3208 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:09:53.0637 3208 RasPppoe - ok
20:09:53.0645 3208 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:09:53.0647 3208 RasSstp - ok
20:09:53.0667 3208 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:09:53.0671 3208 rdbss - ok
20:09:53.0674 3208 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
20:09:53.0675 3208 rdpbus - ok
20:09:53.0685 3208 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:09:53.0685 3208 RDPCDD - ok
20:09:53.0691 3208 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:09:53.0691 3208 RDPENCDD - ok
20:09:53.0700 3208 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:09:53.0700 3208 RDPREFMP - ok
20:09:53.0724 3208 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:09:53.0726 3208 RDPWD - ok
20:09:53.0747 3208 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:09:53.0749 3208 rdyboost - ok
20:09:53.0764 3208 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:09:53.0766 3208 RemoteAccess - ok
20:09:53.0801 3208 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:09:53.0804 3208 RemoteRegistry - ok
20:09:53.0815 3208 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:09:53.0817 3208 RpcEptMapper - ok
20:09:53.0833 3208 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:09:53.0835 3208 RpcLocator - ok
20:09:53.0863 3208 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:09:53.0867 3208 RpcSs - ok
20:09:53.0883 3208 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:09:53.0885 3208 rspndr - ok
20:09:53.0929 3208 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:09:53.0932 3208 RTL8167 - ok
20:09:53.0937 3208 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:09:53.0938 3208 SamSs - ok
20:09:53.0945 3208 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:09:53.0947 3208 sbp2port - ok
20:09:53.0963 3208 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:09:53.0965 3208 SCardSvr - ok
20:09:53.0974 3208 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:09:53.0975 3208 scfilter - ok
20:09:54.0013 3208 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:09:54.0032 3208 Schedule - ok
20:09:54.0054 3208 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:09:54.0055 3208 SCPolicySvc - ok
20:09:54.0068 3208 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:09:54.0070 3208 SDRSVC - ok
20:09:54.0082 3208 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:09:54.0083 3208 secdrv - ok
20:09:54.0086 3208 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:09:54.0087 3208 seclogon - ok
20:09:54.0096 3208 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:09:54.0098 3208 SENS - ok
20:09:54.0101 3208 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:09:54.0103 3208 SensrSvc - ok
20:09:54.0125 3208 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:09:54.0125 3208 Serenum - ok
20:09:54.0139 3208 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:09:54.0140 3208 Serial - ok
20:09:54.0155 3208 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:09:54.0156 3208 sermouse - ok
20:09:54.0177 3208 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:09:54.0179 3208 SessionEnv - ok
20:09:54.0181 3208 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:09:54.0182 3208 sffdisk - ok
20:09:54.0184 3208 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:09:54.0185 3208 sffp_mmc - ok
20:09:54.0187 3208 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:09:54.0187 3208 sffp_sd - ok
20:09:54.0190 3208 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:09:54.0191 3208 sfloppy - ok
20:09:54.0213 3208 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:09:54.0217 3208 ShellHWDetection - ok
20:09:54.0231 3208 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:09:54.0232 3208 SiSRaid2 - ok
20:09:54.0242 3208 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:09:54.0243 3208 SiSRaid4 - ok
20:09:54.0278 3208 sj - ok
20:09:54.0320 3208 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:09:54.0321 3208 SkypeUpdate - ok
20:09:54.0328 3208 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:09:54.0330 3208 Smb - ok
20:09:54.0353 3208 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:09:54.0355 3208 SNMPTRAP - ok
20:09:54.0364 3208 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:09:54.0364 3208 spldr - ok
20:09:54.0397 3208 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:09:54.0417 3208 Spooler - ok
20:09:54.0545 3208 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:09:54.0623 3208 sppsvc - ok
20:09:54.0675 3208 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:09:54.0677 3208 sppuinotify - ok
20:09:54.0715 3208 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:09:54.0720 3208 srv - ok
20:09:54.0743 3208 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:09:54.0748 3208 srv2 - ok
20:09:54.0777 3208 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:09:54.0779 3208 srvnet - ok
20:09:54.0796 3208 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:09:54.0800 3208 SSDPSRV - ok
20:09:54.0812 3208 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:09:54.0815 3208 SstpSvc - ok
20:09:54.0843 3208 Steam Client Service - ok
20:09:54.0919 3208 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:09:54.0922 3208 Stereo Service - ok
20:09:54.0936 3208 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:09:54.0937 3208 stexstor - ok
20:09:54.0971 3208 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:09:54.0982 3208 stisvc - ok
20:09:55.0008 3208 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:09:55.0008 3208 swenum - ok
20:09:55.0036 3208 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:09:55.0049 3208 swprv - ok
20:09:55.0115 3208 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:09:55.0138 3208 SysMain - ok
20:09:55.0167 3208 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:09:55.0170 3208 TabletInputService - ok
20:09:55.0189 3208 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:09:55.0194 3208 TapiSrv - ok
20:09:55.0207 3208 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:09:55.0209 3208 TBS - ok
20:09:55.0294 3208 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:09:55.0310 3208 Tcpip - ok
20:09:55.0388 3208 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:09:55.0396 3208 TCPIP6 - ok
20:09:55.0419 3208 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:09:55.0420 3208 tcpipreg - ok
20:09:55.0432 3208 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:09:55.0433 3208 TDPIPE - ok
20:09:55.0447 3208 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:09:55.0448 3208 TDTCP - ok
20:09:55.0457 3208 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:09:55.0459 3208 tdx - ok
20:09:55.0472 3208 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
20:09:55.0473 3208 TermDD - ok
20:09:55.0519 3208 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:09:55.0527 3208 TermService - ok
20:09:55.0547 3208 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:09:55.0549 3208 Themes - ok
20:09:55.0564 3208 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:09:55.0565 3208 THREADORDER - ok
20:09:55.0594 3208 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:09:55.0597 3208 TrkWks - ok
20:09:55.0619 3208 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:09:55.0620 3208 TrustedInstaller - ok
20:09:55.0636 3208 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:09:55.0637 3208 tssecsrv - ok
20:09:55.0646 3208 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:09:55.0647 3208 TsUsbFlt - ok
20:09:55.0652 3208 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:09:55.0653 3208 TsUsbGD - ok
20:09:55.0663 3208 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:09:55.0664 3208 tunnel - ok
20:09:55.0670 3208 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:09:55.0671 3208 uagp35 - ok
20:09:55.0690 3208 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:09:55.0695 3208 udfs - ok
20:09:55.0715 3208 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:09:55.0717 3208 UI0Detect - ok
20:09:55.0726 3208 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:09:55.0727 3208 uliagpkx - ok
20:09:55.0742 3208 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:09:55.0743 3208 umbus - ok
20:09:55.0755 3208 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:09:55.0756 3208 UmPass - ok
20:09:55.0875 3208 UNS (7a78ed1088890114dfde2c4ab038d6b6) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:09:55.0892 3208 UNS - ok
20:09:55.0931 3208 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:09:55.0934 3208 upnphost - ok
20:09:55.0961 3208 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:09:55.0962 3208 USBAAPL64 - ok
20:09:55.0987 3208 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:09:55.0988 3208 usbccgp - ok
20:09:56.0002 3208 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:09:56.0004 3208 usbcir - ok
20:09:56.0026 3208 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:09:56.0027 3208 usbehci - ok
20:09:56.0040 3208 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:09:56.0043 3208 usbhub - ok
20:09:56.0066 3208 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:09:56.0067 3208 usbohci - ok
20:09:56.0082 3208 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
20:09:56.0083 3208 usbprint - ok
20:09:56.0111 3208 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:09:56.0112 3208 USBSTOR - ok
20:09:56.0128 3208 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:09:56.0129 3208 usbuhci - ok
20:09:56.0145 3208 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:09:56.0147 3208 UxSms - ok
20:09:56.0158 3208 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:09:56.0159 3208 VaultSvc - ok
20:09:56.0171 3208 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:09:56.0171 3208 vdrvroot - ok
20:09:56.0211 3208 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:09:56.0223 3208 vds - ok
20:09:56.0238 3208 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:09:56.0239 3208 vga - ok
20:09:56.0252 3208 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:09:56.0252 3208 VgaSave - ok
20:09:56.0272 3208 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:09:56.0274 3208 vhdmp - ok
20:09:56.0286 3208 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:09:56.0287 3208 viaide - ok
20:09:56.0292 3208 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:09:56.0293 3208 volmgr - ok
20:09:56.0320 3208 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:09:56.0324 3208 volmgrx - ok
20:09:56.0340 3208 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:09:56.0343 3208 volsnap - ok
20:09:56.0361 3208 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:09:56.0364 3208 vsmraid - ok
20:09:56.0425 3208 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:09:56.0463 3208 VSS - ok
20:09:56.0492 3208 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:09:56.0493 3208 vwifibus - ok
20:09:56.0520 3208 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:09:56.0525 3208 W32Time - ok
20:09:56.0539 3208 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:09:56.0540 3208 WacomPen - ok
20:09:56.0546 3208 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:09:56.0547 3208 WANARP - ok
20:09:56.0550 3208 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:09:56.0551 3208 Wanarpv6 - ok
20:09:56.0646 3208 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:09:56.0671 3208 WatAdminSvc - ok
20:09:56.0738 3208 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:09:56.0771 3208 wbengine - ok
20:09:56.0804 3208 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:09:56.0807 3208 WbioSrvc - ok
20:09:56.0831 3208 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:09:56.0836 3208 wcncsvc - ok
20:09:56.0851 3208 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:09:56.0853 3208 WcsPlugInService - ok
20:09:56.0866 3208 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:09:56.0867 3208 Wd - ok
20:09:56.0898 3208 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:09:56.0905 3208 Wdf01000 - ok
20:09:56.0911 3208 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:09:56.0914 3208 WdiServiceHost - ok
20:09:56.0916 3208 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:09:56.0918 3208 WdiSystemHost - ok
20:09:56.0940 3208 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:09:56.0943 3208 WebClient - ok
20:09:56.0957 3208 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:09:56.0960 3208 Wecsvc - ok
20:09:56.0969 3208 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:09:56.0970 3208 wercplsupport - ok
20:09:56.0983 3208 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:09:56.0985 3208 WerSvc - ok
20:09:56.0999 3208 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:09:57.0000 3208 WfpLwf - ok
20:09:57.0002 3208 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:09:57.0003 3208 WIMMount - ok
20:09:57.0013 3208 WinHttpAutoProxySvc - ok
20:09:57.0043 3208 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:09:57.0045 3208 Winmgmt - ok
20:09:57.0118 3208 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:09:57.0144 3208 WinRM - ok
20:09:57.0188 3208 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:09:57.0189 3208 WinUsb - ok
20:09:57.0228 3208 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:09:57.0242 3208 Wlansvc - ok
20:09:57.0354 3208 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:09:57.0369 3208 wlidsvc - ok
20:09:57.0388 3208 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:09:57.0389 3208 WmiAcpi - ok
20:09:57.0402 3208 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:09:57.0405 3208 wmiApSrv - ok
20:09:57.0421 3208 WMPNetworkSvc - ok
20:09:57.0426 3208 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:09:57.0427 3208 WPCSvc - ok
20:09:57.0443 3208 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:09:57.0445 3208 WPDBusEnum - ok
20:09:57.0459 3208 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:09:57.0459 3208 ws2ifsl - ok
20:09:57.0461 3208 WSearch - ok
20:09:57.0500 3208 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:09:57.0502 3208 WudfPf - ok
20:09:57.0516 3208 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:09:57.0518 3208 WUDFRd - ok
20:09:57.0525 3208 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:09:57.0527 3208 wudfsvc - ok
20:09:57.0539 3208 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:09:57.0542 3208 WwanSvc - ok
20:09:57.0572 3208 X6va008 - ok
20:09:57.0590 3208 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:09:57.0639 3208 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
20:09:57.0639 3208 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
20:09:57.0681 3208 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:09:57.0681 3208 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:09:57.0684 3208 Boot (0x1200) (d21e82291b8ac016687a965b1c50ce92) \Device\Harddisk0\DR0\Partition0
20:09:57.0685 3208 \Device\Harddisk0\DR0\Partition0 - ok
20:09:57.0688 3208 Boot (0x1200) (1dde78ab64080a2602dfdb1fb3e81b65) \Device\Harddisk0\DR0\Partition1
20:09:57.0689 3208 \Device\Harddisk0\DR0\Partition1 - ok
20:09:57.0690 3208 ============================================================
20:09:57.0690 3208 Scan finished
20:09:57.0690 3208 ============================================================
20:09:57.0700 3540 Detected object count: 2
20:09:57.0700 3540 Actual detected object count: 2
20:10:11.0708 3540 \Device\Harddisk0\DR0\# - copied to quarantine
20:10:11.0708 3540 \Device\Harddisk0\DR0 - copied to quarantine
20:10:11.0729 3540 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
20:10:11.0730 3540 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
20:10:11.0732 3540 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:10:11.0735 3540 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:10:11.0741 3540 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:10:11.0746 3540 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:10:11.0747 3540 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
20:10:11.0748 3540 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
20:10:11.0749 3540 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
20:10:11.0751 3540 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:10:11.0753 3540 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:10:11.0779 3540 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
20:10:11.0780 3540 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
20:10:11.0781 3540 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
20:10:11.0783 3540 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
20:10:11.0784 3540 \Device\Harddisk0\DR0 - ok
20:10:11.0792 3540 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
20:10:11.0792 3540 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:10:11.0793 3540 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:10:25.0936 2800 Deinitialize success




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-30 20:18:39
-----------------------------
20:18:39.024 OS Version: Windows x64 6.1.7601 Service Pack 1
20:18:39.024 Number of processors: 4 586 0x2A07
20:18:39.024 ComputerName: HIDAIAN-PC UserName: Hidaian
20:18:40.983 Initialize success
20:19:37.137 AVAST engine defs: 12073100
20:20:13.079 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
20:20:13.082 Disk 0 Vendor: WDC_WD7502AAEX-00Y9A0 05.01D05 Size: 715404MB BusType: 3
20:20:13.101 Disk 0 MBR read successfully
20:20:13.104 Disk 0 MBR scan
20:20:13.108 Disk 0 Windows 7 default MBR code
20:20:13.111 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:20:13.121 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715302 MB offset 206848
20:20:13.139 Disk 0 scanning C:\Windows\system32\drivers
20:20:16.895 Service scanning
20:20:28.970 Modules scanning
20:20:28.978 Disk 0 trace - called modules:
20:20:29.000 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:20:29.006 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007da5060]
20:20:29.012 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8007786520]
20:20:29.017 5 ACPI.sys[fffff88000f667a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007760060]
20:20:30.454 AVAST engine scan C:\Windows
20:20:31.860 AVAST engine scan C:\Windows\system32
20:21:54.912 AVAST engine scan C:\Windows\system32\drivers
20:22:00.337 AVAST engine scan C:\Users\Hidaian
20:23:09.935 Disk 0 MBR has been saved successfully to "C:\Users\Hidaian\Desktop\MBR.dat"
20:23:09.935 The log file has been saved successfully to "C:\Users\Hidaian\Desktop\aswMBR.txt"
20:26:21.486 File: C:\Users\Hidaian\AppData\Local\Temp\51DA.tmp **INFECTED** Win32:Alureon-AUN [Trj]
20:27:48.675 File: C:\Users\Hidaian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\6f87c2e5-4ae8cd18 **INFECTED** Win32:Karagany-IU [Trj]
20:31:44.328 AVAST engine scan C:\ProgramData
20:35:02.124 Scan finished successfully
21:33:07.308 Disk 0 MBR has been saved successfully to "C:\Users\Hidaian\Desktop\MBR.dat"
21:33:07.320 The log file has been saved successfully to "C:\Users\Hidaian\Desktop\aswMBR.txt"
21:33:19.899 Disk 0 MBR has been saved successfully to "C:\Users\Hidaian\Desktop\MBR.dat"
21:33:19.902 The log file has been saved successfully to "C:\Users\Hidaian\Desktop\aswMBR.txt"
21:33:32.275 Disk 0 MBR has been saved successfully to "C:\Users\Hidaian\Documents\MBR.dat"
21:33:32.278 The log file has been saved successfully to "C:\Users\Hidaian\Documents\aswMBR.txt"


C:\ProgramData\Microsoft\Windows\DRM\51B9.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\51BA.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.07.2012_20.09.12\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.07.2012_20.09.12\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.07.2012_20.09.12\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.07.2012_20.09.12\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.07.2012_20.09.12\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.07.2012_20.09.12\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.07.2012_20.09.12\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\30.07.2012_20.09.12\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\Hidaian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\6f87c2e5-4ae8cd18 a variant of Win32/Injector.UEZ trojan cleaned by deleting - quarantined
C:\Windows\Installer\{25bbb843-78d7-f71c-3ba3-1c5560fd8569}\U\80000000.@ Win64/Sirefef.AL trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCGHMLA0\script[1].js JS/Agent.NEJ trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\{25bbb843-78d7-f71c-3ba3-1c5560fd8569}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined


any help would be appreciated

Thanks !

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:51 PM

Posted 30 July 2012 - 08:38 PM

hidaian

Please EDIT the contents of your previous post and start a new topic to avoid confusion.

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users