Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus which remain after format


  • This topic is locked This topic is locked
14 replies to this topic

#1 MMG23

MMG23

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 29 July 2012 - 04:01 PM

I have virus which remain after format.
I think that may be mbr,bios,tdl4.Dunno ..
Here is the old topic :
http://www.bleepingcomputer.com/forums/topic461228.html/page__p__2784169__hl__bootkit__fromsearch__1#entry2784169

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 AM

Posted 03 August 2012 - 04:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462991 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 AM

Posted 04 August 2012 - 10:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your DDS log is clean.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please let me know what issues you are having with this computer.

#4 MMG23

MMG23
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 04 August 2012 - 06:33 PM

Hey nasdaq.
The problem is that im infected with RAT,and seconds after i reinswall my Windows the control of my pc is taken.
Plus that im being DDOSED all the time.

TDSSKILLER LOG :

02:12:13.0627 5004	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
02:12:15.0631 5004	============================================================
02:12:15.0631 5004	Current date / time: 2012/08/05 02:12:15.0631
02:12:15.0631 5004	SystemInfo:
02:12:15.0631 5004	
02:12:15.0632 5004	OS Version: 6.1.7600 ServicePack: 0.0
02:12:15.0632 5004	Product type: Workstation
02:12:15.0632 5004	ComputerName: ALBATRON-PC
02:12:15.0632 5004	UserName: Albatron
02:12:15.0632 5004	Windows directory: C:\Windows
02:12:15.0633 5004	System windows directory: C:\Windows
02:12:15.0633 5004	Running under WOW64
02:12:15.0633 5004	Processor architecture: Intel x64
02:12:15.0633 5004	Number of processors: 4
02:12:15.0633 5004	Page size: 0x1000
02:12:15.0633 5004	Boot type: Normal boot
02:12:15.0633 5004	============================================================
02:12:16.0396 5004	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:12:16.0405 5004	============================================================
02:12:16.0405 5004	\Device\Harddisk0\DR0:
02:12:16.0405 5004	MBR partitions:
02:12:16.0405 5004	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
02:12:16.0421 5004	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x1030354B
02:12:16.0421 5004	============================================================
02:12:16.0437 5004	C: <-> \Device\Harddisk0\DR0\Partition0
02:12:16.0438 5004	D: <-> \Device\Harddisk0\DR0\Partition1
02:12:16.0438 5004	============================================================
02:12:16.0438 5004	Initialize success
02:12:16.0438 5004	============================================================
02:12:35.0570 3192	============================================================
02:12:35.0570 3192	Scan started
02:12:35.0570 3192	Mode: Manual; 
02:12:35.0570 3192	============================================================
02:12:36.0228 3192	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
02:12:36.0236 3192	1394ohci - ok
02:12:36.0275 3192	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
02:12:36.0282 3192	ACPI - ok
02:12:36.0303 3192	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
02:12:36.0308 3192	AcpiPmi - ok
02:12:36.0357 3192	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
02:12:36.0386 3192	adp94xx - ok
02:12:36.0423 3192	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
02:12:36.0455 3192	adpahci - ok
02:12:36.0474 3192	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
02:12:36.0493 3192	adpu320 - ok
02:12:36.0518 3192	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
02:12:36.0519 3192	AeLookupSvc - ok
02:12:36.0561 3192	AFD             (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
02:12:36.0573 3192	AFD - ok
02:12:36.0598 3192	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
02:12:36.0607 3192	agp440 - ok
02:12:36.0621 3192	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
02:12:36.0629 3192	ALG - ok
02:12:36.0644 3192	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
02:12:36.0650 3192	aliide - ok
02:12:36.0654 3192	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
02:12:36.0660 3192	amdide - ok
02:12:36.0676 3192	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
02:12:36.0684 3192	AmdK8 - ok
02:12:36.0711 3192	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
02:12:36.0713 3192	AmdPPM - ok
02:12:36.0735 3192	amdsata         (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
02:12:36.0755 3192	amdsata - ok
02:12:36.0773 3192	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
02:12:36.0794 3192	amdsbs - ok
02:12:36.0808 3192	amdxata         (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
02:12:36.0813 3192	amdxata - ok
02:12:36.0909 3192	AntiVirMailService (b089c306d4df73a28cef5240d0142cb3) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
02:12:37.0041 3192	AntiVirMailService - ok
02:12:37.0100 3192	AntiVirSchedulerService (45879699881c9fd3fb53bde187163661) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
02:12:37.0179 3192	AntiVirSchedulerService - ok
02:12:37.0207 3192	AntiVirService  (ec5cbedd47bae12e7d369c3b5b857964) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
02:12:37.0208 3192	AntiVirService - ok
02:12:37.0254 3192	AntiVirWebService (f7c781c4c098fc3f8e2e4dfb48ee019d) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
02:12:37.0350 3192	AntiVirWebService - ok
02:12:37.0622 3192	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
02:12:37.0631 3192	AppID - ok
02:12:37.0657 3192	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
02:12:37.0658 3192	AppIDSvc - ok
02:12:37.0679 3192	Appinfo         (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
02:12:37.0680 3192	Appinfo - ok
02:12:37.0718 3192	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
02:12:37.0719 3192	AppMgmt - ok
02:12:37.0736 3192	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
02:12:37.0747 3192	arc - ok
02:12:37.0768 3192	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
02:12:37.0779 3192	arcsas - ok
02:12:37.0801 3192	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:12:37.0805 3192	AsyncMac - ok
02:12:37.0823 3192	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
02:12:37.0824 3192	atapi - ok
02:12:37.0879 3192	AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
02:12:37.0893 3192	AudioEndpointBuilder - ok
02:12:37.0898 3192	AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
02:12:37.0902 3192	AudioSrv - ok
02:12:37.0926 3192	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
02:12:37.0932 3192	avgntflt - ok
02:12:37.0956 3192	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
02:12:37.0963 3192	avipbb - ok
02:12:37.0971 3192	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
02:12:37.0976 3192	avkmgr - ok
02:12:38.0000 3192	AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
02:12:38.0001 3192	AxInstSV - ok
02:12:38.0049 3192	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
02:12:38.0080 3192	b06bdrv - ok
02:12:38.0124 3192	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:12:38.0165 3192	b57nd60a - ok
02:12:38.0209 3192	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
02:12:38.0212 3192	BDESVC - ok
02:12:38.0240 3192	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:12:38.0246 3192	Beep - ok
02:12:38.0326 3192	BFE             (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
02:12:38.0346 3192	BFE - ok
02:12:38.0408 3192	BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
02:12:38.0428 3192	BITS - ok
02:12:38.0479 3192	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
02:12:38.0491 3192	blbdrive - ok
02:12:38.0512 3192	bowser          (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
02:12:38.0536 3192	bowser - ok
02:12:38.0559 3192	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:12:38.0568 3192	BrFiltLo - ok
02:12:38.0575 3192	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:12:38.0583 3192	BrFiltUp - ok
02:12:38.0619 3192	Browser         (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
02:12:38.0620 3192	Browser - ok
02:12:38.0638 3192	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:12:38.0663 3192	Brserid - ok
02:12:38.0668 3192	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:12:38.0675 3192	BrSerWdm - ok
02:12:38.0679 3192	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:12:38.0683 3192	BrUsbMdm - ok
02:12:38.0687 3192	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:12:38.0690 3192	BrUsbSer - ok
02:12:38.0704 3192	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
02:12:38.0710 3192	BTHMODEM - ok
02:12:38.0760 3192	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
02:12:38.0763 3192	bthserv - ok
02:12:38.0796 3192	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:12:38.0821 3192	cdfs - ok
02:12:38.0856 3192	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
02:12:38.0882 3192	cdrom - ok
02:12:38.0903 3192	CertPropSvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
02:12:38.0904 3192	CertPropSvc - ok
02:12:38.0915 3192	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
02:12:38.0923 3192	circlass - ok
02:12:38.0972 3192	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:12:38.0986 3192	CLFS - ok
02:12:39.0129 3192	CLPSLS          (882e3973505c441ce000133c821d0edd) C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
02:12:39.0137 3192	CLPSLS - ok
02:12:39.0501 3192	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:12:39.0722 3192	clr_optimization_v2.0.50727_32 - ok
02:12:39.0841 3192	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:12:39.0868 3192	clr_optimization_v2.0.50727_64 - ok
02:12:39.0997 3192	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
02:12:40.0006 3192	CmBatt - ok
02:12:40.0256 3192	cmdAgent        (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
02:12:40.0275 3192	cmdAgent - ok
02:12:40.0410 3192	cmderd          (7eac5e62f0b93262984d450e0d497b61) C:\Windows\system32\DRIVERS\cmderd.sys
02:12:40.0411 3192	cmderd - ok
02:12:40.0468 3192	cmdGuard        (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
02:12:40.0478 3192	cmdGuard - ok
02:12:40.0501 3192	cmdHlp          (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
02:12:40.0502 3192	cmdHlp - ok
02:12:40.0527 3192	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
02:12:40.0533 3192	cmdide - ok
02:12:40.0627 3192	CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
02:12:40.0663 3192	CNG - ok
02:12:40.0672 3192	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
02:12:40.0677 3192	Compbatt - ok
02:12:40.0692 3192	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
02:12:40.0697 3192	CompositeBus - ok
02:12:40.0710 3192	COMSysApp - ok
02:12:40.0729 3192	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
02:12:40.0734 3192	crcdisk - ok
02:12:40.0803 3192	CryptSvc        (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
02:12:40.0807 3192	CryptSvc - ok
02:12:40.0864 3192	CSC             (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
02:12:40.0893 3192	CSC - ok
02:12:40.0936 3192	CscService      (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
02:12:40.0951 3192	CscService - ok
02:12:40.0997 3192	DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
02:12:41.0008 3192	DcomLaunch - ok
02:12:41.0054 3192	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
02:12:41.0078 3192	defragsvc - ok
02:12:41.0130 3192	DfsC            (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
02:12:41.0154 3192	DfsC - ok
02:12:41.0185 3192	Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
02:12:41.0193 3192	Dhcp - ok
02:12:41.0204 3192	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:12:41.0206 3192	discache - ok
02:12:41.0227 3192	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
02:12:41.0235 3192	Disk - ok
02:12:41.0262 3192	Dnscache        (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
02:12:41.0264 3192	Dnscache - ok
02:12:41.0279 3192	dot3svc         (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
02:12:41.0290 3192	dot3svc - ok
02:12:41.0314 3192	DPS             (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
02:12:41.0316 3192	DPS - ok
02:12:41.0345 3192	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:12:41.0349 3192	drmkaud - ok
02:12:41.0406 3192	DXGKrnl         (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
02:12:41.0442 3192	DXGKrnl - ok
02:12:41.0458 3192	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
02:12:41.0459 3192	EapHost - ok
02:12:41.0600 3192	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
02:12:41.0745 3192	ebdrv - ok
02:12:41.0842 3192	EFS             (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
02:12:41.0844 3192	EFS - ok
02:12:41.0914 3192	ehRecvr         (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
02:12:41.0945 3192	ehRecvr - ok
02:12:41.0957 3192	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
02:12:41.0968 3192	ehSched - ok
02:12:42.0048 3192	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
02:12:42.0096 3192	elxstor - ok
02:12:42.0119 3192	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
02:12:42.0128 3192	ErrDev - ok
02:12:42.0180 3192	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
02:12:42.0193 3192	EventSystem - ok
02:12:42.0217 3192	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:12:42.0234 3192	exfat - ok
02:12:42.0256 3192	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:12:42.0267 3192	fastfat - ok
02:12:42.0320 3192	Fax             (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
02:12:42.0334 3192	Fax - ok
02:12:42.0344 3192	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
02:12:42.0348 3192	fdc - ok
02:12:42.0363 3192	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
02:12:42.0363 3192	fdPHost - ok
02:12:42.0370 3192	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
02:12:42.0371 3192	FDResPub - ok
02:12:42.0392 3192	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:12:42.0397 3192	FileInfo - ok
02:12:42.0412 3192	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:12:42.0416 3192	Filetrace - ok
02:12:42.0427 3192	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
02:12:42.0430 3192	flpydisk - ok
02:12:42.0461 3192	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
02:12:42.0476 3192	FltMgr - ok
02:12:42.0545 3192	FontCache       (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
02:12:42.0567 3192	FontCache - ok
02:12:42.0664 3192	FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:12:42.0778 3192	FontCache3.0.0.0 - ok
02:12:42.0832 3192	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:12:42.0846 3192	FsDepends - ok
02:12:42.0863 3192	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
02:12:42.0869 3192	Fs_Rec - ok
02:12:42.0902 3192	fvevol          (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
02:12:42.0904 3192	fvevol - ok
02:12:42.0918 3192	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:12:42.0926 3192	gagp30kx - ok
02:12:42.0983 3192	gpsvc           (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
02:12:43.0003 3192	gpsvc - ok
02:12:43.0009 3192	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:12:43.0016 3192	hcw85cir - ok
02:12:43.0077 3192	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
02:12:43.0092 3192	HdAudAddService - ok
02:12:43.0122 3192	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:12:43.0125 3192	HDAudBus - ok
02:12:43.0139 3192	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
02:12:43.0145 3192	HidBatt - ok
02:12:43.0161 3192	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
02:12:43.0172 3192	HidBth - ok
02:12:43.0178 3192	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
02:12:43.0184 3192	HidIr - ok
02:12:43.0214 3192	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
02:12:43.0215 3192	hidserv - ok
02:12:43.0232 3192	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
02:12:43.0242 3192	HidUsb - ok
02:12:43.0277 3192	hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
02:12:43.0281 3192	hkmsvc - ok
02:12:43.0315 3192	HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
02:12:43.0323 3192	HomeGroupListener - ok
02:12:43.0354 3192	HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
02:12:43.0357 3192	HomeGroupProvider - ok
02:12:43.0393 3192	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
02:12:43.0403 3192	HpSAMD - ok
02:12:43.0477 3192	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
02:12:43.0503 3192	HTTP - ok
02:12:43.0515 3192	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
02:12:43.0520 3192	hwpolicy - ok
02:12:43.0549 3192	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
02:12:43.0562 3192	i8042prt - ok
02:12:43.0593 3192	iaStorV         (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
02:12:43.0623 3192	iaStorV - ok
02:12:43.0764 3192	idsvc           (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:12:43.0904 3192	idsvc - ok
02:12:43.0977 3192	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
02:12:43.0990 3192	iirsp - ok
02:12:44.0072 3192	IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
02:12:44.0103 3192	IKEEXT - ok
02:12:44.0143 3192	inspect         (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
02:12:44.0144 3192	inspect - ok
02:12:44.0168 3192	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
02:12:44.0174 3192	intelide - ok
02:12:44.0196 3192	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
02:12:44.0204 3192	intelppm - ok
02:12:44.0233 3192	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
02:12:44.0235 3192	IPBusEnum - ok
02:12:44.0256 3192	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:12:44.0266 3192	IpFilterDriver - ok
02:12:44.0303 3192	iphlpsvc        (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
02:12:44.0313 3192	iphlpsvc - ok
02:12:44.0320 3192	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
02:12:44.0327 3192	IPMIDRV - ok
02:12:44.0335 3192	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:12:44.0344 3192	IPNAT - ok
02:12:44.0360 3192	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:12:44.0364 3192	IRENUM - ok
02:12:44.0386 3192	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
02:12:44.0391 3192	isapnp - ok
02:12:44.0426 3192	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
02:12:44.0446 3192	iScsiPrt - ok
02:12:44.0462 3192	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
02:12:44.0467 3192	kbdclass - ok
02:12:44.0481 3192	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
02:12:44.0485 3192	kbdhid - ok
02:12:44.0516 3192	KeyIso          (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
02:12:44.0517 3192	KeyIso - ok
02:12:44.0533 3192	KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
02:12:44.0543 3192	KSecDD - ok
02:12:44.0562 3192	KSecPkg         (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
02:12:44.0578 3192	KSecPkg - ok
02:12:44.0593 3192	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:12:44.0596 3192	ksthunk - ok
02:12:44.0630 3192	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
02:12:44.0664 3192	KtmRm - ok
02:12:44.0716 3192	LanmanServer    (c926920b8978de6acfe9e15c709e9b57) C:\Windows\system32\srvsvc.dll
02:12:44.0732 3192	LanmanServer - ok
02:12:44.0763 3192	LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
02:12:44.0766 3192	LanmanWorkstation - ok
02:12:44.0799 3192	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:12:44.0806 3192	lltdio - ok
02:12:44.0847 3192	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
02:12:44.0863 3192	lltdsvc - ok
02:12:44.0883 3192	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
02:12:44.0884 3192	lmhosts - ok
02:12:44.0921 3192	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:12:44.0933 3192	LSI_FC - ok
02:12:44.0945 3192	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:12:44.0956 3192	LSI_SAS - ok
02:12:44.0978 3192	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:12:44.0986 3192	LSI_SAS2 - ok
02:12:44.0999 3192	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:12:45.0010 3192	LSI_SCSI - ok
02:12:45.0037 3192	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:12:45.0052 3192	luafv - ok
02:12:45.0084 3192	MBAMProtector   (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
02:12:45.0089 3192	MBAMProtector - ok
02:12:45.0191 3192	MBAMService     (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
02:12:45.0304 3192	MBAMService - ok
02:12:45.0332 3192	Mcx2Svc         (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
02:12:45.0342 3192	Mcx2Svc - ok
02:12:45.0384 3192	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
02:12:45.0396 3192	megasas - ok
02:12:45.0428 3192	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
02:12:45.0467 3192	MegaSR - ok
02:12:45.0487 3192	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:12:45.0491 3192	MMCSS - ok
02:12:45.0511 3192	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:12:45.0516 3192	Modem - ok
02:12:45.0535 3192	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:12:45.0536 3192	monitor - ok
02:12:45.0563 3192	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
02:12:45.0570 3192	mouclass - ok
02:12:45.0581 3192	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:12:45.0587 3192	mouhid - ok
02:12:45.0600 3192	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
02:12:45.0610 3192	mountmgr - ok
02:12:45.0630 3192	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
02:12:45.0649 3192	mpio - ok
02:12:45.0764 3192	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:12:45.0839 3192	mpsdrv - ok
02:12:45.0939 3192	MpsSvc          (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
02:12:45.0967 3192	MpsSvc - ok
02:12:45.0995 3192	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
02:12:46.0021 3192	MRxDAV - ok
02:12:46.0051 3192	mrxsmb          (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:12:46.0069 3192	mrxsmb - ok
02:12:46.0142 3192	mrxsmb10        (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:12:46.0183 3192	mrxsmb10 - ok
02:12:46.0197 3192	mrxsmb20        (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:12:46.0208 3192	mrxsmb20 - ok
02:12:46.0219 3192	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
02:12:46.0226 3192	msahci - ok
02:12:46.0243 3192	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
02:12:46.0263 3192	msdsm - ok
02:12:46.0286 3192	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
02:12:46.0306 3192	MSDTC - ok
02:12:46.0321 3192	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:12:46.0326 3192	Msfs - ok
02:12:46.0339 3192	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:12:46.0342 3192	mshidkmdf - ok
02:12:46.0356 3192	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
02:12:46.0361 3192	msisadrv - ok
02:12:46.0404 3192	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
02:12:46.0422 3192	MSiSCSI - ok
02:12:46.0426 3192	msiserver - ok
02:12:46.0441 3192	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:12:46.0445 3192	MSKSSRV - ok
02:12:46.0450 3192	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:12:46.0465 3192	MSPCLOCK - ok
02:12:46.0468 3192	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:12:46.0471 3192	MSPQM - ok
02:12:46.0504 3192	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
02:12:46.0528 3192	MsRPC - ok
02:12:46.0545 3192	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
02:12:46.0546 3192	mssmbios - ok
02:12:46.0550 3192	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:12:46.0554 3192	MSTEE - ok
02:12:46.0558 3192	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
02:12:46.0562 3192	MTConfig - ok
02:12:46.0585 3192	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:12:46.0590 3192	Mup - ok
02:12:46.0636 3192	napagent        (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
02:12:46.0649 3192	napagent - ok
02:12:46.0695 3192	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:12:46.0711 3192	NativeWifiP - ok
02:12:46.0761 3192	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
02:12:46.0778 3192	NDIS - ok
02:12:46.0795 3192	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:12:46.0799 3192	NdisCap - ok
02:12:46.0823 3192	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:12:46.0827 3192	NdisTapi - ok
02:12:46.0833 3192	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
02:12:46.0838 3192	Ndisuio - ok
02:12:46.0858 3192	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
02:12:46.0877 3192	NdisWan - ok
02:12:46.0892 3192	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
02:12:46.0897 3192	NDProxy - ok
02:12:46.0915 3192	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:12:46.0919 3192	NetBIOS - ok
02:12:46.0943 3192	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
02:12:46.0952 3192	NetBT - ok
02:12:46.0973 3192	Netlogon        (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
02:12:46.0974 3192	Netlogon - ok
02:12:47.0020 3192	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
02:12:47.0028 3192	Netman - ok
02:12:47.0055 3192	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
02:12:47.0066 3192	netprofm - ok
02:12:47.0167 3192	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:12:47.0286 3192	NetTcpPortSharing - ok
02:12:47.0317 3192	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
02:12:47.0322 3192	nfrd960 - ok
02:12:47.0369 3192	NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
02:12:47.0383 3192	NlaSvc - ok
02:12:47.0401 3192	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:12:47.0407 3192	Npfs - ok
02:12:47.0426 3192	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
02:12:47.0428 3192	nsi - ok
02:12:47.0441 3192	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:12:47.0443 3192	nsiproxy - ok
02:12:47.0532 3192	Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
02:12:47.0595 3192	Ntfs - ok
02:12:47.0712 3192	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:12:47.0719 3192	Null - ok
02:12:48.0594 3192	nvlddmkm        (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:12:48.0666 3192	nvlddmkm - ok
02:12:48.0820 3192	nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
02:12:48.0843 3192	nvraid - ok
02:12:48.0866 3192	nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
02:12:48.0883 3192	nvstor - ok
02:12:48.0949 3192	nvsvc           (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
02:12:48.0956 3192	nvsvc - ok
02:12:49.0079 3192	nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
02:12:49.0184 3192	nvUpdatusService - ok
02:12:49.0322 3192	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
02:12:49.0348 3192	nv_agp - ok
02:12:49.0361 3192	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
02:12:49.0372 3192	ohci1394 - ok
02:12:49.0412 3192	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:12:49.0419 3192	p2pimsvc - ok
02:12:49.0464 3192	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
02:12:49.0477 3192	p2psvc - ok
02:12:49.0507 3192	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
02:12:49.0519 3192	Parport - ok
02:12:49.0534 3192	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
02:12:49.0542 3192	partmgr - ok
02:12:49.0559 3192	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
02:12:49.0561 3192	PcaSvc - ok
02:12:49.0581 3192	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
02:12:49.0599 3192	pci - ok
02:12:49.0610 3192	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
02:12:49.0616 3192	pciide - ok
02:12:49.0640 3192	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
02:12:49.0661 3192	pcmcia - ok
02:12:49.0674 3192	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:12:49.0680 3192	pcw - ok
02:12:49.0719 3192	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:12:49.0759 3192	PEAUTH - ok
02:12:49.0837 3192	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
02:12:49.0870 3192	PeerDistSvc - ok
02:12:49.0935 3192	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
02:12:50.0026 3192	PerfHost - ok
02:12:50.0159 3192	pla             (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
02:12:50.0190 3192	pla - ok
02:12:50.0230 3192	PlugPlay        (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
02:12:50.0244 3192	PlugPlay - ok
02:12:50.0263 3192	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
02:12:50.0264 3192	PNRPAutoReg - ok
02:12:50.0293 3192	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:12:50.0296 3192	PNRPsvc - ok
02:12:50.0337 3192	PolicyAgent     (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
02:12:50.0348 3192	PolicyAgent - ok
02:12:50.0367 3192	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
02:12:50.0369 3192	Power - ok
02:12:50.0423 3192	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
02:12:50.0448 3192	PptpMiniport - ok
02:12:50.0474 3192	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
02:12:50.0490 3192	Processor - ok
02:12:50.0537 3192	ProfSvc         (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
02:12:50.0547 3192	ProfSvc - ok
02:12:50.0573 3192	ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
02:12:50.0575 3192	ProtectedStorage - ok
02:12:50.0605 3192	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
02:12:50.0607 3192	Psched - ok
02:12:50.0682 3192	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
02:12:50.0756 3192	ql2300 - ok
02:12:50.0884 3192	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
02:12:50.0910 3192	ql40xx - ok
02:12:50.0948 3192	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
02:12:50.0957 3192	QWAVE - ok
02:12:50.0976 3192	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:12:50.0983 3192	QWAVEdrv - ok
02:12:50.0988 3192	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:12:50.0992 3192	RasAcd - ok
02:12:51.0022 3192	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:12:51.0029 3192	RasAgileVpn - ok
02:12:51.0046 3192	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
02:12:51.0049 3192	RasAuto - ok
02:12:51.0066 3192	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:12:51.0076 3192	Rasl2tp - ok
02:12:51.0111 3192	RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
02:12:51.0126 3192	RasMan - ok
02:12:51.0155 3192	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:12:51.0166 3192	RasPppoe - ok
02:12:51.0180 3192	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:12:51.0192 3192	RasSstp - ok
02:12:51.0221 3192	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
02:12:51.0249 3192	rdbss - ok
02:12:51.0262 3192	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
02:12:51.0267 3192	rdpbus - ok
02:12:51.0284 3192	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:12:51.0285 3192	RDPCDD - ok
02:12:51.0325 3192	RDPDR           (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
02:12:51.0367 3192	RDPDR - ok
02:12:51.0402 3192	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:12:51.0403 3192	RDPENCDD - ok
02:12:51.0410 3192	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:12:51.0411 3192	RDPREFMP - ok
02:12:51.0424 3192	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
02:12:51.0436 3192	RDPWD - ok
02:12:51.0461 3192	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
02:12:51.0478 3192	rdyboost - ok
02:12:51.0505 3192	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
02:12:51.0507 3192	RemoteAccess - ok
02:12:51.0539 3192	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
02:12:51.0540 3192	RemoteRegistry - ok
02:12:51.0562 3192	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
02:12:51.0563 3192	RpcEptMapper - ok
02:12:51.0582 3192	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
02:12:51.0586 3192	RpcLocator - ok
02:12:51.0629 3192	RpcSs           (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
02:12:51.0632 3192	RpcSs - ok
02:12:51.0671 3192	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:12:51.0680 3192	rspndr - ok
02:12:51.0771 3192	RTL8023x64      (68dd0457d18fccef7384ae84022f0c86) C:\Windows\system32\DRIVERS\Rtnic64.sys
02:12:51.0782 3192	RTL8023x64 - ok
02:12:51.0813 3192	RTL8167         (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
02:12:51.0840 3192	RTL8167 - ok
02:12:51.0867 3192	s3cap           (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
02:12:51.0872 3192	s3cap - ok
02:12:51.0897 3192	SamSs           (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
02:12:51.0899 3192	SamSs - ok
02:12:51.0917 3192	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
02:12:51.0929 3192	sbp2port - ok
02:12:51.0967 3192	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
02:12:51.0970 3192	SCardSvr - ok
02:12:51.0986 3192	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
02:12:51.0992 3192	scfilter - ok
02:12:52.0053 3192	Schedule        (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
02:12:52.0074 3192	Schedule - ok
02:12:52.0099 3192	SCPolicySvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
02:12:52.0100 3192	SCPolicySvc - ok
02:12:52.0129 3192	SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
02:12:52.0155 3192	SDRSVC - ok
02:12:52.0213 3192	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:12:52.0222 3192	secdrv - ok
02:12:52.0242 3192	seclogon        (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
02:12:52.0247 3192	seclogon - ok
02:12:52.0267 3192	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
02:12:52.0272 3192	SENS - ok
02:12:52.0287 3192	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
02:12:52.0289 3192	SensrSvc - ok
02:12:52.0296 3192	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
02:12:52.0301 3192	Serenum - ok
02:12:52.0319 3192	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
02:12:52.0330 3192	Serial - ok
02:12:52.0355 3192	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
02:12:52.0360 3192	sermouse - ok
02:12:52.0392 3192	SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
02:12:52.0395 3192	SessionEnv - ok
02:12:52.0400 3192	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
02:12:52.0405 3192	sffdisk - ok
02:12:52.0411 3192	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
02:12:52.0416 3192	sffp_mmc - ok
02:12:52.0421 3192	sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
02:12:52.0426 3192	sffp_sd - ok
02:12:52.0430 3192	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
02:12:52.0433 3192	sfloppy - ok
02:12:52.0474 3192	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
02:12:52.0482 3192	SharedAccess - ok
02:12:52.0521 3192	ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
02:12:52.0524 3192	ShellHWDetection - ok
02:12:52.0541 3192	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:12:52.0546 3192	SiSRaid2 - ok
02:12:52.0562 3192	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
02:12:52.0568 3192	SiSRaid4 - ok
02:12:52.0625 3192	SkypeUpdate     (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
02:12:52.0628 3192	SkypeUpdate - ok
02:12:52.0656 3192	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:12:52.0680 3192	Smb - ok
02:12:52.0717 3192	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
02:12:52.0719 3192	SNMPTRAP - ok
02:12:52.0748 3192	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:12:52.0754 3192	spldr - ok
02:12:52.0794 3192	Spooler         (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe
02:12:52.0800 3192	Spooler - ok
02:12:53.0012 3192	sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
02:12:53.0033 3192	sppsvc - ok
02:12:53.0162 3192	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
02:12:53.0167 3192	sppuinotify - ok
02:12:53.0255 3192	srv             (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
02:12:53.0320 3192	srv - ok
02:12:53.0355 3192	srv2            (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
02:12:53.0384 3192	srv2 - ok
02:12:53.0409 3192	srvnet          (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
02:12:53.0428 3192	srvnet - ok
02:12:53.0470 3192	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
02:12:53.0480 3192	SSDPSRV - ok
02:12:53.0500 3192	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
02:12:53.0502 3192	SstpSvc - ok
02:12:53.0513 3192	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
02:12:53.0519 3192	stexstor - ok
02:12:53.0570 3192	stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
02:12:53.0586 3192	stisvc - ok
02:12:53.0614 3192	storflt         (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
02:12:53.0620 3192	storflt - ok
02:12:53.0642 3192	storvsc         (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
02:12:53.0648 3192	storvsc - ok
02:12:53.0665 3192	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
02:12:53.0671 3192	swenum - ok
02:12:53.0704 3192	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
02:12:53.0724 3192	swprv - ok
02:12:53.0815 3192	SysMain         (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
02:12:53.0849 3192	SysMain - ok
02:12:53.0947 3192	TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
02:12:53.0953 3192	TabletInputService - ok
02:12:53.0996 3192	TapiSrv         (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
02:12:54.0005 3192	TapiSrv - ok
02:12:54.0031 3192	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
02:12:54.0034 3192	TBS - ok
02:12:54.0373 3192	Tcpip           (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
02:12:54.0458 3192	Tcpip - ok
02:12:54.0645 3192	TCPIP6          (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
02:12:54.0654 3192	TCPIP6 - ok
02:12:54.0716 3192	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
02:12:54.0720 3192	tcpipreg - ok
02:12:54.0737 3192	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:12:54.0740 3192	TDPIPE - ok
02:12:54.0744 3192	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
02:12:54.0748 3192	TDTCP - ok
02:12:54.0782 3192	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
02:12:54.0791 3192	tdx - ok
02:12:54.0848 3192	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
02:12:54.0862 3192	TermDD - ok
02:12:54.0938 3192	TermService     (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
02:12:54.0958 3192	TermService - ok
02:12:54.0969 3192	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
02:12:54.0971 3192	Themes - ok
02:12:54.0995 3192	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:12:54.0997 3192	THREADORDER - ok
02:12:55.0021 3192	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
02:12:55.0024 3192	TrkWks - ok
02:12:55.0072 3192	truecrypt       (370a6907ddf79532a39319492b1fa38a) C:\Windows\system32\drivers\truecrypt.sys
02:12:55.0095 3192	truecrypt - ok
02:12:55.0170 3192	TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
02:12:55.0177 3192	TrustedInstaller - ok
02:12:55.0212 3192	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:12:55.0223 3192	tssecsrv - ok
02:12:55.0270 3192	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
02:12:55.0274 3192	tunnel - ok
02:12:55.0308 3192	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
02:12:55.0323 3192	uagp35 - ok
02:12:55.0355 3192	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
02:12:55.0389 3192	udfs - ok
02:12:55.0416 3192	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
02:12:55.0426 3192	UI0Detect - ok
02:12:55.0436 3192	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
02:12:55.0444 3192	uliagpkx - ok
02:12:55.0473 3192	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
02:12:55.0480 3192	umbus - ok
02:12:55.0500 3192	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
02:12:55.0505 3192	UmPass - ok
02:12:55.0550 3192	UmRdpService    (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
02:12:55.0553 3192	UmRdpService - ok
02:12:55.0591 3192	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
02:12:55.0607 3192	upnphost - ok
02:12:55.0635 3192	usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
02:12:55.0652 3192	usbccgp - ok
02:12:55.0678 3192	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
02:12:55.0690 3192	usbcir - ok
02:12:55.0703 3192	usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
02:12:55.0704 3192	usbehci - ok
02:12:55.0736 3192	usbhub          (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
02:12:55.0754 3192	usbhub - ok
02:12:55.0766 3192	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
02:12:55.0767 3192	usbohci - ok
02:12:55.0779 3192	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
02:12:55.0783 3192	usbprint - ok
02:12:55.0790 3192	USBSTOR         (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:12:55.0803 3192	USBSTOR - ok
02:12:55.0807 3192	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
02:12:55.0812 3192	usbuhci - ok
02:12:55.0837 3192	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
02:12:55.0838 3192	UxSms - ok
02:12:55.0863 3192	VaultSvc        (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
02:12:55.0864 3192	VaultSvc - ok
02:12:55.0874 3192	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
02:12:55.0879 3192	vdrvroot - ok
02:12:55.0912 3192	vds             (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
02:12:55.0923 3192	vds - ok
02:12:55.0944 3192	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:12:55.0948 3192	vga - ok
02:12:55.0965 3192	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:12:55.0969 3192	VgaSave - ok
02:12:55.0985 3192	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
02:12:55.0999 3192	vhdmp - ok
02:12:56.0015 3192	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
02:12:56.0020 3192	viaide - ok
02:12:56.0058 3192	vmbus           (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
02:12:56.0076 3192	vmbus - ok
02:12:56.0088 3192	VMBusHID        (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
02:12:56.0092 3192	VMBusHID - ok
02:12:56.0114 3192	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
02:12:56.0119 3192	volmgr - ok
02:12:56.0148 3192	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
02:12:56.0155 3192	volmgrx - ok
02:12:56.0180 3192	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
02:12:56.0197 3192	volsnap - ok
02:12:56.0218 3192	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
02:12:56.0236 3192	vsmraid - ok
02:12:56.0324 3192	VSS             (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
02:12:56.0354 3192	VSS - ok
02:12:56.0479 3192	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
02:12:56.0490 3192	vwifibus - ok
02:12:56.0533 3192	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
02:12:56.0547 3192	W32Time - ok
02:12:56.0557 3192	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
02:12:56.0562 3192	WacomPen - ok
02:12:56.0587 3192	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
02:12:56.0599 3192	WANARP - ok
02:12:56.0612 3192	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
02:12:56.0613 3192	Wanarpv6 - ok
02:12:56.0703 3192	wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
02:12:56.0764 3192	wbengine - ok
02:12:56.0874 3192	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
02:12:56.0892 3192	WbioSrvc - ok
02:12:56.0929 3192	wcncsvc         (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
02:12:56.0949 3192	wcncsvc - ok
02:12:56.0969 3192	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
02:12:56.0971 3192	WcsPlugInService - ok
02:12:57.0024 3192	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
02:12:57.0036 3192	Wd - ok
02:12:57.0082 3192	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:12:57.0113 3192	Wdf01000 - ok
02:12:57.0128 3192	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:12:57.0130 3192	WdiServiceHost - ok
02:12:57.0135 3192	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:12:57.0138 3192	WdiSystemHost - ok
02:12:57.0167 3192	WebClient       (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
02:12:57.0176 3192	WebClient - ok
02:12:57.0210 3192	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
02:12:57.0216 3192	Wecsvc - ok
02:12:57.0230 3192	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
02:12:57.0232 3192	wercplsupport - ok
02:12:57.0256 3192	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
02:12:57.0258 3192	WerSvc - ok
02:12:57.0322 3192	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:12:57.0330 3192	WfpLwf - ok
02:12:57.0353 3192	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:12:57.0364 3192	WIMMount - ok
02:12:57.0425 3192	WinDefend - ok
02:12:57.0445 3192	WinHttpAutoProxySvc - ok
02:12:57.0522 3192	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
02:12:57.0530 3192	Winmgmt - ok
02:12:57.0656 3192	WinRM           (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
02:12:57.0702 3192	WinRM - ok
02:12:57.0867 3192	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
02:12:57.0904 3192	Wlansvc - ok
02:12:57.0973 3192	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
02:12:57.0976 3192	WmiAcpi - ok
02:12:58.0053 3192	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
02:12:58.0058 3192	wmiApSrv - ok
02:12:58.0111 3192	WMPNetworkSvc - ok
02:12:58.0143 3192	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
02:12:58.0145 3192	WPCSvc - ok
02:12:58.0168 3192	WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
02:12:58.0170 3192	WPDBusEnum - ok
02:12:58.0193 3192	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:12:58.0197 3192	ws2ifsl - ok
02:12:58.0216 3192	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
02:12:58.0219 3192	wscsvc - ok
02:12:58.0224 3192	WSearch - ok
02:12:58.0336 3192	wuauserv        (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
02:12:58.0399 3192	wuauserv - ok
02:12:58.0535 3192	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
02:12:58.0559 3192	WudfPf - ok
02:12:58.0591 3192	wudfsvc         (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
02:12:58.0594 3192	wudfsvc - ok
02:12:58.0621 3192	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
02:12:58.0631 3192	WwanSvc - ok
02:12:58.0665 3192	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:12:58.0815 3192	\Device\Harddisk0\DR0 - ok
02:12:58.0819 3192	Boot (0x1200)   (de86c2bf2fdd7019b1b1dfdaf85a1d4f) \Device\Harddisk0\DR0\Partition0
02:12:58.0821 3192	\Device\Harddisk0\DR0\Partition0 - ok
02:12:58.0840 3192	Boot (0x1200)   (3df18b0928649e5aa38134f1721183c2) \Device\Harddisk0\DR0\Partition1
02:12:58.0841 3192	\Device\Harddisk0\DR0\Partition1 - ok
02:12:58.0842 3192	============================================================
02:12:58.0842 3192	Scan finished
02:12:58.0842 3192	============================================================
02:12:58.0856 3684	Detected object count: 0
02:12:58.0856 3684	Actual detected object count: 0

Edited by MMG23, 04 August 2012 - 06:43 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 AM

Posted 05 August 2012 - 08:02 AM

The problem is that im infected with RAT

What is RAT?


Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

#6 MMG23

MMG23
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 05 August 2012 - 10:35 AM

Rat (remote administation tool) is powerful spyware aplication,which gives ability on the hacker to see what you are doing on real time,acces files on the infected machine etc etc.I know those viruses are very rare,but im infected with it. :C
Also i had strange notification by Comodo Proactive Defense.Which report me that svchost.exe is not digitally verified .So im starting to think that the RAT may be injected in one of the processes of svchost.exe.

ComboFix 12-08-05.02 - Albatron 08.2012 г. 17:36:51.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.4094.3129 [GMT 3:00]
Running from: c:\users\Albatron\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 14:39 . 2012-08-05 14:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 14:10 . 2012-08-05 14:10 -------- d-----w- C:\VritualRoot
2012-08-01 14:21 . 2012-08-01 14:21 -------- d-----w- c:\program files\Speccy
2012-07-31 11:43 . 2012-08-05 14:31 -------- d-----w- c:\programdata\Comodo
2012-07-30 21:31 . 2012-08-05 12:03 -------- d-----w- c:\windows\SysWow64\Adobe
2012-07-30 17:09 . 2012-07-30 17:09 -------- d-----w- c:\programdata\ashampoo
2012-07-30 17:09 . 2012-07-30 17:09 -------- d-----w- c:\program files (x86)\Ashampoo
2012-07-30 14:20 . 2012-07-30 14:20 -------- d-----w- c:\users\UpdatusUser
2012-07-30 14:19 . 2012-07-30 14:19 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-07-30 14:19 . 2012-07-30 14:20 -------- d-----w- c:\programdata\NVIDIA
2012-07-30 14:18 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-07-30 14:18 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-07-30 14:18 . 2012-05-15 09:29 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-07-30 14:18 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-07-30 14:18 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-07-30 14:18 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-07-30 14:18 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-07-30 14:18 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-07-30 14:17 . 2012-07-30 14:17 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-07-30 13:59 . 2012-07-30 13:59 -------- d-----w- c:\program files (x86)\uTorrent
2012-07-30 12:40 . 2012-07-30 12:40 -------- d-----w- c:\program files\WinRAR
2012-07-30 12:36 . 2012-07-30 12:36 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-07-30 12:36 . 2012-07-30 12:36 -------- d-----w- c:\program files\TrueCrypt
2012-07-30 02:33 . 2012-07-29 15:44 -------- d-----w- c:\windows\Panther
2012-07-30 02:33 . 2012-07-30 02:33 -------- d-----w- C:\Boot
2012-07-29 17:42 . 2012-07-29 17:42 -------- d-----w- c:\programdata\Malwarebytes
2012-07-29 17:42 . 2012-07-29 17:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-29 17:42 . 2012-07-03 10:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-29 17:00 . 2012-07-29 17:00 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-07-29 17:00 . 2012-07-29 17:00 -------- d-----r- c:\program files (x86)\Skype
2012-07-29 16:59 . 2012-07-29 17:00 -------- d-----w- c:\programdata\Skype
2012-07-29 16:25 . 2012-07-31 11:43 -------- d-----w- c:\programdata\CPA_VA
2012-07-29 16:14 . 2012-07-29 16:14 -------- d-----w- c:\programdata\Avira
2012-07-29 16:14 . 2012-07-29 16:14 -------- d-----w- c:\program files (x86)\Avira
2012-07-29 16:14 . 2012-07-29 16:12 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-29 16:14 . 2012-07-29 16:12 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-29 16:14 . 2012-07-29 16:12 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-29 16:14 . 2012-07-29 16:12 139360 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-07-29 16:14 . 2012-07-29 16:12 114128 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-07-29 16:04 . 2012-07-15 23:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E8594C8-6B1B-4289-8782-0BC51889B7BB}\mpengine.dll
2012-07-29 16:04 . 2012-05-31 09:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-07-29 15:57 . 2012-07-31 11:48 -------- d-sh--w- c:\windows\Installer
2012-07-29 15:57 . 2012-07-29 15:57 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-07-29 15:57 . 2012-07-29 15:57 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-07-29 15:57 . 2012-07-29 15:57 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-07-29 15:56 . 2012-07-31 11:46 -------- d-----w- c:\program files\COMODO
2012-07-29 15:44 . 2012-08-05 14:24 -------- d-----w- c:\users\Albatron
2012-07-29 15:43 . 2012-07-29 15:43 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 10:48 . 2009-07-13 21:59 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2009-06-10 20:37 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-29 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-07-29 375760]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-29 86224]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-07-29 465360]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-29 27760]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2012-03-11 22696]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3290351902-2129551743-3293291974-1000Core.job
- c:\users\Albatron\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-29 15:55]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3290351902-2129551743-3293291974-1000UA.job
- c:\users\Albatron\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-29 15:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 46.55.222.38 46.55.222.6
TCP: Interfaces\{56EE67DB-C5B1-46F6-A5AA-E9AA1958E70B}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{6EB81988-4EA0-49FB-B502-D39F43E19F21}: NameServer = 8.26.56.26,156.154.70.22
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-05 17:41:03
ComboFix-quarantined-files.txt 2012-08-05 14:41
.
Pre-Run: 1 087 070 208 bytes free
Post-Run: 998 449 152 bytes free
.
- - End Of File - - A7EE451B5AECF47F467858F6C86665F1
==============

Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
COMODO Antivirus
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avguard.exe
Comodo Firewall cfp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

Edited by nasdaq, 05 August 2012 - 12:20 PM.
code boxes removed.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 AM

Posted 05 August 2012 - 12:27 PM

Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!


Click the Out of date service pack!! SecurityCheck log and update your Service Pack.

===

Lets check svchost.exe error message.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    svchost.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#8 MMG23

MMG23
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 05 August 2012 - 01:30 PM

SystemLook 30.07.11 by jpshortstuff

Log created at 21:27 on 05/08/2012 by Albatron

Administrator - Elevation successful



========== filefind ==========



Searching for "svchost.exe"

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe	--a---- 217672 bytes	[17:42 29/07/2012]	[10:46 03/07/2012] 8A7F34F0BBD076EC3815680A7309114F

C:\Windows\erdnt\cache64\svchost.exe	--a---- 27136 bytes	[14:40 05/08/2012]	[01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D

C:\Windows\erdnt\cache86\svchost.exe	--a---- 20992 bytes	[14:40 05/08/2012]	[01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866

C:\Windows\System32\svchost.exe	--a---- 27136 bytes	[23:31 13/07/2009]	[01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D

C:\Windows\SysWOW64\svchost.exe	--a---- 20992 bytes	[23:19 13/07/2009]	[01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866

C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe	--a---- 27136 bytes	[23:31 13/07/2009]	[01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D

C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe	--a---- 20992 bytes	[23:19 13/07/2009]	[01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866



-= EOF =-


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 AM

Posted 06 August 2012 - 07:35 AM

The Svchost.exe used by the operating system are good.
C:\Windows\System32\svchost.exe --a---- 27136 bytes [23:31 13/07/2009] [01:39 14/07/2009] C78655BC80301D76ED4FEF1C1EA40A7D
C:\Windows\SysWOW64\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866

You also have one in here
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe --a---- 217672 bytes [17:42 29/07/2012] [10:46 03/07/2012] 8A7F34F0BBD076EC3815680A7309114F
Which may not be signed by which was installed and is only used by Malwarebytes. Noting to worry about.
===

Your logs are clean.

For you peace of mind I suggest you run this scan.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

===

When all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 AM

Posted 07 August 2012 - 09:12 AM

Hey,nasdaq.Sorry if i disturbing you,but when i installed Agnium IS, and scanned with it,detected Bifrost (the rat) and Bzub (stealer)


Clean the Quarantine folder.

Wait a day and scan again. This might just be some left over from a previous infection.

Keep me posted.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 AM

Posted 08 August 2012 - 08:40 AM

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

#12 MMG23

MMG23
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 08 August 2012 - 01:13 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-08 20:59:20
-----------------------------
20:59:20.684 OS Version: Windows x64 6.1.7600
20:59:20.685 Number of processors: 4 586 0x503
20:59:20.687 ComputerName: ALBATRON-PC UserName: Albatron
20:59:26.160 Initialize success
20:59:38.667 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
20:59:38.672 Disk 0 Vendor: ST3160811AS 3.AAE Size: 152627MB BusType: 3
20:59:38.937 Disk 0 MBR read successfully
20:59:38.942 Disk 0 MBR scan
20:59:38.947 Disk 0 Windows 7 default MBR code
20:59:39.014 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20002 MB offset 63
20:59:39.020 Disk 0 Partition - 00 0F Extended LBA 132614 MB offset 40965750
20:59:39.088 Disk 0 Partition 2 00 07 HPFS/NTFS 132614 MB offset 40965813
20:59:39.215 Disk 0 scanning C:\Windows\system32\drivers
21:01:18.218 Service scanning
21:03:23.401 Modules scanning
21:03:23.406 Disk 0 trace - called modules:
21:03:23.455 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys ataport.SYS pciide.sys
21:03:23.458 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a4d060]
21:03:23.788 3 CLASSPNP.SYS[fffff88001afd43f] -> nt!IofCallDriver -> [0xfffffa80048e3c40]
21:03:23.792 5 PCTCore64.sys[fffff8800115e720] -> nt!IofCallDriver -> [0xfffffa800441f580]
21:03:23.796 7 ACPI.sys[fffff88000f39781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa800443a680]
21:03:23.800 Scan finished successfully
21:07:11.126 Disk 0 MBR has been saved successfully to "C:\Users\Albatron\Desktop\MBR.dat"
21:07:11.132 The log file has been saved successfully to "C:\Users\Albatron\Desktop\aswMBR.txt"
21:07:26.091 Disk 0 MBR has been saved successfully to "C:\Users\Albatron\Desktop\New folder\MBR.dat"
21:07:26.098 The log file has been saved successfully to "C:\Users\Albatron\Desktop\New folder\aswMBR.txt"

Edited by MMG23, 09 August 2012 - 05:19 AM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 AM

Posted 09 August 2012 - 07:18 AM

Your Master Boot Record is clean.

#14 MMG23

MMG23
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 09 August 2012 - 07:50 AM

Hmm .. then it may be BIOS virus ?
OR the hardware may be messed ?

Edited by MMG23, 09 August 2012 - 07:50 AM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 AM

Posted 09 August 2012 - 08:07 AM

boopme in your previous topic check the BIOS. It's clean.

As for the hardware issue is any then I suggest you start a new topic in this forum.
Internal hardware
http://www.bleepingcomputer.com/forums/forum7.html




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users