Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse patched_c.LZI


  • This topic is locked This topic is locked
4 replies to this topic

#1 TheSkyBelow

TheSkyBelow

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 29 July 2012 - 09:17 PM

Hello there, my av keeps telling e i have this virus, the patched_c.LZI something or other, and it is gumming up my computer. I have read up on some similar cases with different names and I was wondering if I needed to do anything in particular for my computer? what programs should I download and use to make the logs necessary to figure out what to do?

Thanks you for any help you can give.

Edited by Budapest, 30 July 2012 - 03:23 AM.
Moved from Vista ~Budapest


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:24 PM

Posted 30 July 2012 - 06:07 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 TheSkyBelow

TheSkyBelow
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 31 July 2012 - 10:34 PM

log from the Tdss:

15:17:34.0446 1968 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:17:34.0945 1968 ============================================================
15:17:34.0945 1968 Current date / time: 2012/07/31 15:17:34.0945
15:17:34.0945 1968 SystemInfo:
15:17:34.0945 1968
15:17:34.0945 1968 OS Version: 6.0.6002 ServicePack: 2.0
15:17:34.0945 1968 Product type: Workstation
15:17:34.0945 1968 ComputerName: OWNER-PC
15:17:34.0945 1968 UserName: Phyzaar
15:17:34.0945 1968 Windows directory: C:\Windows
15:17:34.0945 1968 System windows directory: C:\Windows
15:17:34.0945 1968 Running under WOW64
15:17:34.0945 1968 Processor architecture: Intel x64
15:17:34.0945 1968 Number of processors: 2
15:17:34.0945 1968 Page size: 0x1000
15:17:34.0945 1968 Boot type: Safe boot with network
15:17:34.0945 1968 ============================================================
15:17:36.0022 1968 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:17:36.0022 1968 ============================================================
15:17:36.0022 1968 \Device\Harddisk0\DR0:
15:17:36.0022 1968 MBR partitions:
15:17:36.0022 1968 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
15:17:36.0022 1968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
15:17:36.0022 1968 ============================================================
15:17:36.0053 1968 C: <-> \Device\Harddisk0\DR0\Partition1
15:17:36.0084 1968 D: <-> \Device\Harddisk0\DR0\Partition0
15:17:36.0084 1968 ============================================================
15:17:36.0084 1968 Initialize success
15:17:36.0084 1968 ============================================================
15:17:48.0127 1344 ============================================================
15:17:48.0127 1344 Scan started
15:17:48.0127 1344 Mode: Manual; TDLFS;
15:17:48.0127 1344 ============================================================
15:17:48.0658 1344 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
15:17:48.0658 1344 ACPI - ok
15:17:48.0798 1344 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:17:48.0798 1344 AdobeFlashPlayerUpdateSvc - ok
15:17:48.0845 1344 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
15:17:48.0845 1344 adp94xx - ok
15:17:48.0876 1344 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
15:17:48.0876 1344 adpahci - ok
15:17:48.0892 1344 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
15:17:48.0907 1344 adpu160m - ok
15:17:48.0923 1344 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
15:17:48.0923 1344 adpu320 - ok
15:17:48.0954 1344 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
15:17:48.0954 1344 AeLookupSvc - ok
15:17:48.0985 1344 AERTFilters (0d7a11395c0a33d9e7587cdb9866efad) C:\Windows\system32\AERTSr64.exe
15:17:48.0985 1344 AERTFilters - ok
15:17:49.0016 1344 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
15:17:49.0032 1344 AFD - ok
15:17:49.0079 1344 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
15:17:49.0079 1344 agp440 - ok
15:17:49.0094 1344 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
15:17:49.0094 1344 aic78xx - ok
15:17:49.0110 1344 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
15:17:49.0110 1344 ALG - ok
15:17:49.0141 1344 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
15:17:49.0141 1344 aliide - ok
15:17:49.0157 1344 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
15:17:49.0157 1344 amdide - ok
15:17:49.0172 1344 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
15:17:49.0172 1344 AmdK8 - ok
15:17:49.0219 1344 anodlwf (4ccf421e6c4b2a4cbce000715911f7cc) C:\Windows\system32\DRIVERS\anodlwfx.sys
15:17:49.0219 1344 anodlwf - ok
15:17:49.0266 1344 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
15:17:49.0266 1344 Appinfo - ok
15:17:49.0360 1344 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:17:49.0360 1344 Apple Mobile Device - ok
15:17:49.0391 1344 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
15:17:49.0391 1344 arc - ok
15:17:49.0422 1344 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
15:17:49.0422 1344 arcsas - ok
15:17:49.0438 1344 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
15:17:49.0438 1344 AsyncMac - ok
15:17:49.0500 1344 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
15:17:49.0500 1344 atapi - ok
15:17:49.0562 1344 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:17:49.0578 1344 AudioEndpointBuilder - ok
15:17:49.0578 1344 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:17:49.0578 1344 AudioSrv - ok
15:17:49.0718 1344 avg8emc (b9ae3c63a53396cd669ef8ae9c9cbd85) C:\PROGRA~2\AVG\AVG8\avgemc.exe
15:17:49.0734 1344 avg8emc - ok
15:17:49.0796 1344 avg8wd (db338a6bd3976904eb0f8343f51e64eb) C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
15:17:49.0796 1344 avg8wd - ok
15:17:49.0906 1344 Avgfwfd (1d495bc2a818e1f7f6a1aa71bc30cdee) C:\Windows\system32\DRIVERS\avgfwd6a.sys
15:17:49.0906 1344 Avgfwfd - ok
15:17:50.0218 1344 avgfws8 (fbb8385153a03e63aeeb7e407c8a6805) C:\PROGRA~2\AVG\AVG8\avgfws8.exe
15:17:50.0233 1344 avgfws8 - ok
15:17:50.0452 1344 AVGIDSAgent (5a2355bebdd8230cfaba3a4cfeb95971) C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
15:17:50.0514 1344 AVGIDSAgent - ok
15:17:50.0691 1344 AVGIDSDriver (918d34e38850d8bf45051d1c4dba8877) C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSDriver.sys
15:17:50.0691 1344 AVGIDSDriver - ok
15:17:50.0801 1344 AVGIDSErHr (60103c4ac9f02ca47a966c08f447d8eb) C:\Windows\syswow64\Drivers\AVGIDSErHr.sys
15:17:50.0801 1344 AVGIDSErHr - ok
15:17:50.0821 1344 AVGIDSFilter (cedf3c206fb7f24ff983edd18c8d8a02) C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\driver\platform_VISTA\AVGIDSFilter.sys
15:17:50.0821 1344 AVGIDSFilter - ok
15:17:50.0871 1344 AVGIDSWatcher (7bc545eea6313e973e475786c0bef21f) C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
15:17:50.0871 1344 AVGIDSWatcher - ok
15:17:50.0991 1344 AvgLdx64 (276c5b14336452c8ce547ed5d00e0e62) C:\Windows\System32\Drivers\avgldx64.sys
15:17:50.0991 1344 AvgLdx64 - ok
15:17:51.0011 1344 AvgMfx64 (b9c21c3753dcbccac6b62e1a560eb6f7) C:\Windows\System32\Drivers\avgmfx64.sys
15:17:51.0021 1344 AvgMfx64 - ok
15:17:51.0041 1344 AvgRkx64 (56000e9d0bffa9887ff33150966a118e) C:\Windows\system32\Drivers\avgrkx64.sys
15:17:51.0041 1344 AvgRkx64 - ok
15:17:51.0061 1344 AvgTdiA (86d08cf28005f7f626a84d512f84d6c2) C:\Windows\System32\Drivers\avgtdia.sys
15:17:51.0061 1344 AvgTdiA - ok
15:17:51.0081 1344 Beep - ok
15:17:51.0151 1344 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
15:17:51.0151 1344 BFE - ok
15:17:51.0241 1344 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
15:17:51.0341 1344 BITS - ok
15:17:51.0371 1344 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
15:17:51.0391 1344 blbdrive - ok
15:17:51.0491 1344 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:17:51.0501 1344 Bonjour Service - ok
15:17:51.0551 1344 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
15:17:51.0561 1344 bowser - ok
15:17:51.0581 1344 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
15:17:51.0581 1344 BrFiltLo - ok
15:17:51.0601 1344 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
15:17:51.0611 1344 BrFiltUp - ok
15:17:51.0651 1344 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
15:17:51.0651 1344 Browser - ok
15:17:51.0671 1344 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
15:17:51.0671 1344 Brserid - ok
15:17:51.0681 1344 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
15:17:51.0691 1344 BrSerWdm - ok
15:17:51.0691 1344 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
15:17:51.0691 1344 BrUsbMdm - ok
15:17:51.0701 1344 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
15:17:51.0701 1344 BrUsbSer - ok
15:17:51.0721 1344 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
15:17:51.0721 1344 BTHMODEM - ok
15:17:51.0811 1344 catchme - ok
15:17:51.0861 1344 CAXHWBS2 (6c2dd66a3db32450d661ba89b18b1941) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
15:17:51.0861 1344 CAXHWBS2 - ok
15:17:51.0881 1344 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
15:17:51.0881 1344 cdfs - ok
15:17:51.0941 1344 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
15:17:51.0951 1344 cdrom - ok
15:17:52.0011 1344 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:17:52.0011 1344 CertPropSvc - ok
15:17:52.0031 1344 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
15:17:52.0031 1344 circlass - ok
15:17:52.0091 1344 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
15:17:52.0101 1344 CLFS - ok
15:17:52.0191 1344 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:17:52.0191 1344 clr_optimization_v2.0.50727_32 - ok
15:17:52.0261 1344 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:17:52.0261 1344 clr_optimization_v2.0.50727_64 - ok
15:17:52.0341 1344 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:17:52.0551 1344 clr_optimization_v4.0.30319_32 - ok
15:17:52.0611 1344 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:17:52.0771 1344 clr_optimization_v4.0.30319_64 - ok
15:17:52.0801 1344 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
15:17:52.0801 1344 cmdide - ok
15:17:52.0831 1344 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
15:17:52.0831 1344 Compbatt - ok
15:17:52.0831 1344 COMSysApp - ok
15:17:52.0851 1344 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
15:17:52.0851 1344 crcdisk - ok
15:17:52.0921 1344 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
15:17:52.0931 1344 CryptSvc - ok
15:17:53.0011 1344 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:17:53.0021 1344 DcomLaunch - ok
15:17:53.0061 1344 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
15:17:53.0061 1344 DfsC - ok
15:17:53.0221 1344 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
15:17:53.0261 1344 DFSR - ok
15:17:53.0331 1344 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
15:17:53.0341 1344 Dhcp - ok
15:17:53.0401 1344 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
15:17:53.0401 1344 disk - ok
15:17:53.0471 1344 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
15:17:53.0471 1344 Dnscache - ok
15:17:53.0521 1344 DockLoginService (db29915209770d8b59654345ec2d943a) C:\Program Files\Dell\DellDock\DockLogin.exe
15:17:53.0531 1344 DockLoginService - ok
15:17:53.0591 1344 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
15:17:53.0601 1344 dot3svc - ok
15:17:53.0621 1344 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
15:17:53.0631 1344 DPS - ok
15:17:53.0651 1344 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
15:17:53.0651 1344 drmkaud - ok
15:17:53.0721 1344 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
15:17:53.0731 1344 DXGKrnl - ok
15:17:53.0771 1344 e1express (a458e7d986f51c827640f5d1f1e886e4) C:\Windows\system32\DRIVERS\e1e6032e.sys
15:17:53.0771 1344 e1express - ok
15:17:53.0791 1344 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
15:17:53.0801 1344 E1G60 - ok
15:17:53.0811 1344 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
15:17:53.0811 1344 EapHost - ok
15:17:53.0871 1344 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
15:17:53.0871 1344 Ecache - ok
15:17:53.0921 1344 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
15:17:53.0921 1344 ehRecvr - ok
15:17:53.0941 1344 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
15:17:53.0941 1344 ehSched - ok
15:17:53.0961 1344 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
15:17:53.0961 1344 ehstart - ok
15:17:53.0991 1344 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
15:17:53.0991 1344 elxstor - ok
15:17:54.0061 1344 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
15:17:54.0061 1344 EMDMgmt - ok
15:17:54.0091 1344 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
15:17:54.0091 1344 ErrDev - ok
15:17:54.0161 1344 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
15:17:54.0171 1344 EventSystem - ok
15:17:54.0231 1344 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
15:17:54.0231 1344 exfat - ok
15:17:54.0261 1344 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
15:17:54.0261 1344 fastfat - ok
15:17:54.0281 1344 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
15:17:54.0281 1344 fdc - ok
15:17:54.0301 1344 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
15:17:54.0301 1344 fdPHost - ok
15:17:54.0311 1344 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
15:17:54.0311 1344 FDResPub - ok
15:17:54.0331 1344 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
15:17:54.0341 1344 FileInfo - ok
15:17:54.0351 1344 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
15:17:54.0351 1344 Filetrace - ok
15:17:54.0351 1344 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:17:54.0351 1344 flpydisk - ok
15:17:54.0371 1344 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
15:17:54.0371 1344 FltMgr - ok
15:17:54.0491 1344 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
15:17:54.0501 1344 FontCache - ok
15:17:54.0581 1344 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:17:54.0591 1344 FontCache3.0.0.0 - ok
15:17:54.0651 1344 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
15:17:54.0651 1344 Fs_Rec - ok
15:17:54.0681 1344 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
15:17:54.0681 1344 gagp30kx - ok
15:17:54.0741 1344 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:17:54.0751 1344 GEARAspiWDM - ok
15:17:54.0821 1344 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
15:17:54.0821 1344 GoToAssist - ok
15:17:54.0901 1344 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
15:17:54.0911 1344 gpsvc - ok
15:17:54.0981 1344 gupdate1c9efc03ada2d10 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:17:54.0981 1344 gupdate1c9efc03ada2d10 - ok
15:17:54.0991 1344 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:17:54.0991 1344 gupdatem - ok
15:17:55.0081 1344 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:17:55.0091 1344 HDAudBus - ok
15:17:55.0121 1344 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
15:17:55.0121 1344 HidBth - ok
15:17:55.0131 1344 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
15:17:55.0131 1344 HidIr - ok
15:17:55.0141 1344 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
15:17:55.0151 1344 hidserv - ok
15:17:55.0211 1344 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
15:17:55.0211 1344 HidUsb - ok
15:17:55.0251 1344 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
15:17:55.0291 1344 hkmsvc - ok
15:17:55.0501 1344 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
15:17:55.0501 1344 HpCISSs - ok
15:17:55.0561 1344 HSF_DPV (60f1d0ede7ae2b92b3a8886e825b7147) C:\Windows\system32\DRIVERS\CAX_DPV.sys
15:17:55.0581 1344 HSF_DPV - ok
15:17:55.0711 1344 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
15:17:55.0711 1344 HTTP - ok
15:17:55.0741 1344 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
15:17:55.0741 1344 i2omp - ok
15:17:55.0761 1344 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
15:17:55.0761 1344 i8042prt - ok
15:17:55.0791 1344 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
15:17:55.0801 1344 iaStorV - ok
15:17:55.0941 1344 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:17:55.0951 1344 idsvc - ok
15:17:56.0261 1344 igfx (df87170ec724080676c18d5a0af87fc5) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:17:56.0341 1344 igfx - ok
15:17:56.0411 1344 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
15:17:56.0411 1344 iirsp - ok
15:17:56.0481 1344 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
15:17:56.0491 1344 IKEEXT - ok
15:17:56.0561 1344 IntcAzAudAddService (b3fb479a7c0626499eb5989bc087cf8d) C:\Windows\system32\drivers\RTKVHD64.sys
15:17:56.0581 1344 IntcAzAudAddService - ok
15:17:56.0611 1344 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
15:17:56.0611 1344 intelide - ok
15:17:56.0621 1344 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
15:17:56.0621 1344 intelppm - ok
15:17:56.0651 1344 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
15:17:56.0651 1344 IPBusEnum - ok
15:17:56.0701 1344 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:17:56.0701 1344 IpFilterDriver - ok
15:17:56.0781 1344 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
15:17:56.0781 1344 iphlpsvc - ok
15:17:56.0781 1344 IpInIp - ok
15:17:56.0811 1344 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
15:17:56.0811 1344 IPMIDRV - ok
15:17:56.0831 1344 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
15:17:56.0831 1344 IPNAT - ok
15:17:56.0931 1344 iPod Service (e94503089df8976f5c4c9d5168e9765f) C:\Program Files\iPod\bin\iPodService.exe
15:17:56.0941 1344 iPod Service - ok
15:17:56.0951 1344 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
15:17:56.0951 1344 IRENUM - ok
15:17:56.0971 1344 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
15:17:56.0971 1344 isapnp - ok
15:17:57.0041 1344 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
15:17:57.0041 1344 iScsiPrt - ok
15:17:57.0061 1344 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
15:17:57.0071 1344 iteatapi - ok
15:17:57.0081 1344 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
15:17:57.0091 1344 iteraid - ok
15:17:57.0111 1344 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
15:17:57.0111 1344 kbdclass - ok
15:17:57.0111 1344 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
15:17:57.0111 1344 kbdhid - ok
15:17:57.0131 1344 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:17:57.0131 1344 KeyIso - ok
15:17:57.0201 1344 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
15:17:57.0211 1344 KSecDD - ok
15:17:57.0221 1344 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
15:17:57.0221 1344 ksthunk - ok
15:17:57.0261 1344 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
15:17:57.0271 1344 KtmRm - ok
15:17:57.0341 1344 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
15:17:57.0351 1344 LanmanServer - ok
15:17:57.0421 1344 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
15:17:57.0421 1344 LanmanWorkstation - ok
15:17:57.0551 1344 Lavasoft Ad-Aware Service (6df2be94d712753fb8d87495469b5262) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
15:17:57.0571 1344 Lavasoft Ad-Aware Service - ok
15:17:57.0681 1344 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
15:17:57.0701 1344 Lbd - ok
15:17:57.0711 1344 libusb0 - ok
15:17:57.0721 1344 libusbd - ok
15:17:57.0731 1344 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
15:17:57.0731 1344 lltdio - ok
15:17:57.0771 1344 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
15:17:57.0781 1344 lltdsvc - ok
15:17:57.0791 1344 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
15:17:57.0791 1344 lmhosts - ok
15:17:57.0821 1344 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
15:17:57.0821 1344 LSI_FC - ok
15:17:57.0841 1344 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
15:17:57.0841 1344 LSI_SAS - ok
15:17:57.0861 1344 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
15:17:57.0861 1344 LSI_SCSI - ok
15:17:57.0871 1344 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
15:17:57.0871 1344 luafv - ok
15:17:57.0891 1344 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2svc.dll
15:17:57.0891 1344 Mcx2Svc - ok
15:17:57.0911 1344 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:17:57.0911 1344 mdmxsdk - ok
15:17:57.0931 1344 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
15:17:57.0931 1344 megasas - ok
15:17:57.0971 1344 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
15:17:57.0991 1344 MegaSR - ok
15:17:58.0011 1344 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:17:58.0011 1344 MMCSS - ok
15:17:58.0021 1344 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
15:17:58.0021 1344 Modem - ok
15:17:58.0041 1344 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
15:17:58.0041 1344 monitor - ok
15:17:58.0051 1344 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
15:17:58.0051 1344 mouclass - ok
15:17:58.0061 1344 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
15:17:58.0061 1344 mouhid - ok
15:17:58.0071 1344 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
15:17:58.0081 1344 MountMgr - ok
15:17:58.0131 1344 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:17:58.0141 1344 MozillaMaintenance - ok
15:17:58.0171 1344 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
15:17:58.0171 1344 mpio - ok
15:17:58.0191 1344 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
15:17:58.0191 1344 mpsdrv - ok
15:17:58.0221 1344 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
15:17:58.0221 1344 Mraid35x - ok
15:17:58.0281 1344 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
15:17:58.0281 1344 MRxDAV - ok
15:17:58.0326 1344 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:17:58.0326 1344 mrxsmb - ok
15:17:58.0358 1344 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:17:58.0358 1344 mrxsmb10 - ok
15:17:58.0373 1344 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:17:58.0373 1344 mrxsmb20 - ok
15:17:58.0404 1344 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
15:17:58.0404 1344 msahci - ok
15:17:58.0436 1344 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
15:17:58.0436 1344 msdsm - ok
15:17:58.0467 1344 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
15:17:58.0467 1344 MSDTC - ok
15:17:58.0482 1344 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
15:17:58.0482 1344 Msfs - ok
15:17:58.0498 1344 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
15:17:58.0498 1344 msisadrv - ok
15:17:58.0529 1344 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
15:17:58.0545 1344 MSiSCSI - ok
15:17:58.0545 1344 msiserver - ok
15:17:58.0560 1344 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
15:17:58.0560 1344 MSKSSRV - ok
15:17:58.0560 1344 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
15:17:58.0560 1344 MSPCLOCK - ok
15:17:58.0576 1344 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
15:17:58.0576 1344 MSPQM - ok
15:17:58.0638 1344 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
15:17:58.0638 1344 MsRPC - ok
15:17:58.0654 1344 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
15:17:58.0654 1344 mssmbios - ok
15:17:58.0654 1344 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
15:17:58.0654 1344 MSTEE - ok
15:17:58.0716 1344 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
15:17:58.0716 1344 Mup - ok
15:17:58.0748 1344 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
15:17:58.0748 1344 napagent - ok
15:17:58.0779 1344 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
15:17:58.0779 1344 NativeWifiP - ok
15:17:58.0826 1344 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
15:17:58.0826 1344 NDIS - ok
15:17:58.0857 1344 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
15:17:58.0857 1344 NdisTapi - ok
15:17:58.0857 1344 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
15:17:58.0872 1344 Ndisuio - ok
15:17:58.0919 1344 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
15:17:58.0919 1344 NdisWan - ok
15:17:58.0935 1344 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
15:17:58.0935 1344 NDProxy - ok
15:17:58.0950 1344 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
15:17:58.0950 1344 NetBIOS - ok
15:17:58.0966 1344 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
15:17:58.0966 1344 netbt - ok
15:17:58.0982 1344 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:17:58.0982 1344 Netlogon - ok
15:17:59.0013 1344 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
15:17:59.0013 1344 Netman - ok
15:17:59.0028 1344 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
15:17:59.0028 1344 netprofm - ok
15:17:59.0091 1344 netr28ux (9c7234623096284339c698ffb41daece) C:\Windows\system32\DRIVERS\Dnetr28ux.sys
15:17:59.0091 1344 netr28ux - ok
15:17:59.0184 1344 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:17:59.0200 1344 NetTcpPortSharing - ok
15:17:59.0216 1344 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
15:17:59.0216 1344 nfrd960 - ok
15:17:59.0247 1344 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
15:17:59.0247 1344 NlaSvc - ok
15:17:59.0262 1344 NMSAccessU - ok
15:17:59.0325 1344 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
15:17:59.0325 1344 Npfs - ok
15:17:59.0340 1344 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
15:17:59.0340 1344 nsi - ok
15:17:59.0356 1344 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
15:17:59.0356 1344 nsiproxy - ok
15:17:59.0403 1344 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
15:17:59.0418 1344 Ntfs - ok
15:17:59.0465 1344 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
15:17:59.0465 1344 Null - ok
15:17:59.0496 1344 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
15:17:59.0496 1344 nvraid - ok
15:17:59.0512 1344 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
15:17:59.0512 1344 nvstor - ok
15:17:59.0528 1344 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
15:17:59.0528 1344 nv_agp - ok
15:17:59.0528 1344 NwlnkFlt - ok
15:17:59.0543 1344 NwlnkFwd - ok
15:17:59.0668 1344 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:17:59.0668 1344 odserv - ok
15:17:59.0684 1344 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
15:17:59.0684 1344 ohci1394 - ok
15:17:59.0715 1344 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:17:59.0715 1344 ose - ok
15:17:59.0793 1344 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:17:59.0808 1344 p2pimsvc - ok
15:17:59.0808 1344 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:17:59.0824 1344 p2psvc - ok
15:17:59.0855 1344 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
15:17:59.0855 1344 Parport - ok
15:17:59.0918 1344 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
15:17:59.0918 1344 partmgr - ok
15:17:59.0933 1344 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
15:17:59.0933 1344 PcaSvc - ok
15:17:59.0996 1344 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
15:18:00.0011 1344 pci - ok
15:18:00.0027 1344 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
15:18:00.0027 1344 pciide - ok
15:18:00.0058 1344 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
15:18:00.0058 1344 pcmcia - ok
15:18:00.0105 1344 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
15:18:00.0105 1344 PEAUTH - ok
15:18:00.0167 1344 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
15:18:00.0230 1344 PerfHost - ok
15:18:00.0308 1344 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
15:18:00.0323 1344 pla - ok
15:18:00.0401 1344 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
15:18:00.0401 1344 PlugPlay - ok
15:18:00.0479 1344 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:18:00.0479 1344 PNRPAutoReg - ok
15:18:00.0495 1344 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:18:00.0495 1344 PNRPsvc - ok
15:18:00.0573 1344 Point64 (e27b59c24404f671802f209bd580f818) C:\Windows\system32\DRIVERS\point64k.sys
15:18:00.0573 1344 Point64 - ok
15:18:00.0604 1344 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
15:18:00.0604 1344 PolicyAgent - ok
15:18:00.0635 1344 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
15:18:00.0635 1344 PptpMiniport - ok
15:18:00.0666 1344 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
15:18:00.0666 1344 Processor - ok
15:18:00.0698 1344 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
15:18:00.0698 1344 ProfSvc - ok
15:18:00.0713 1344 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:18:00.0713 1344 ProtectedStorage - ok
15:18:00.0776 1344 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
15:18:00.0776 1344 PSched - ok
15:18:00.0807 1344 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
15:18:00.0807 1344 PxHlpa64 - ok
15:18:00.0869 1344 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
15:18:00.0885 1344 ql2300 - ok
15:18:00.0916 1344 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
15:18:00.0916 1344 ql40xx - ok
15:18:00.0947 1344 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
15:18:00.0963 1344 QWAVE - ok
15:18:00.0963 1344 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
15:18:00.0963 1344 QWAVEdrv - ok
15:18:01.0072 1344 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
15:18:01.0103 1344 R300 - ok
15:18:01.0166 1344 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
15:18:01.0166 1344 RasAcd - ok
15:18:01.0197 1344 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
15:18:01.0197 1344 RasAuto - ok
15:18:01.0259 1344 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:18:01.0259 1344 Rasl2tp - ok
15:18:01.0290 1344 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
15:18:01.0290 1344 RasMan - ok
15:18:01.0306 1344 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
15:18:01.0306 1344 RasPppoe - ok
15:18:01.0322 1344 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
15:18:01.0322 1344 RasSstp - ok
15:18:01.0337 1344 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
15:18:01.0337 1344 rdbss - ok
15:18:01.0353 1344 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:18:01.0353 1344 RDPCDD - ok
15:18:01.0384 1344 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
15:18:01.0400 1344 rdpdr - ok
15:18:01.0400 1344 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
15:18:01.0400 1344 RDPENCDD - ok
15:18:01.0462 1344 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
15:18:01.0462 1344 RDPWD - ok
15:18:01.0488 1344 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
15:18:01.0488 1344 RemoteAccess - ok
15:18:01.0498 1344 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
15:18:01.0508 1344 RemoteRegistry - ok
15:18:01.0558 1344 Roxio UPnP Renderer 11 - ok
15:18:01.0588 1344 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
15:18:01.0588 1344 RpcLocator - ok
15:18:01.0658 1344 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:18:01.0668 1344 RpcSs - ok
15:18:01.0688 1344 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
15:18:01.0698 1344 rspndr - ok
15:18:01.0718 1344 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:18:01.0718 1344 SamSs - ok
15:18:01.0738 1344 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
15:18:01.0738 1344 sbp2port - ok
15:18:01.0898 1344 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
15:18:01.0908 1344 SBSDWSCService - ok
15:18:01.0968 1344 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
15:18:01.0968 1344 SCardSvr - ok
15:18:02.0028 1344 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
15:18:02.0038 1344 Schedule - ok
15:18:02.0058 1344 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:18:02.0058 1344 SCPolicySvc - ok
15:18:02.0078 1344 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
15:18:02.0078 1344 SDRSVC - ok
15:18:02.0118 1344 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:18:02.0118 1344 secdrv - ok
15:18:02.0128 1344 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
15:18:02.0128 1344 seclogon - ok
15:18:02.0138 1344 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
15:18:02.0138 1344 SENS - ok
15:18:02.0158 1344 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
15:18:02.0158 1344 Serenum - ok
15:18:02.0168 1344 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
15:18:02.0168 1344 Serial - ok
15:18:02.0188 1344 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
15:18:02.0188 1344 sermouse - ok
15:18:02.0208 1344 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
15:18:02.0218 1344 SessionEnv - ok
15:18:02.0228 1344 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
15:18:02.0228 1344 sffdisk - ok
15:18:02.0248 1344 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
15:18:02.0248 1344 sffp_mmc - ok
15:18:02.0258 1344 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
15:18:02.0258 1344 sffp_sd - ok
15:18:02.0268 1344 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
15:18:02.0268 1344 sfloppy - ok
15:18:02.0308 1344 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
15:18:02.0308 1344 SharedAccess - ok
15:18:02.0358 1344 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
15:18:02.0358 1344 ShellHWDetection - ok
15:18:02.0378 1344 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
15:18:02.0388 1344 SiSRaid2 - ok
15:18:02.0408 1344 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
15:18:02.0408 1344 SiSRaid4 - ok
15:18:02.0548 1344 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
15:18:02.0578 1344 slsvc - ok
15:18:02.0638 1344 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
15:18:02.0638 1344 SLUINotify - ok
15:18:02.0688 1344 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
15:18:02.0698 1344 Smb - ok
15:18:02.0718 1344 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
15:18:02.0718 1344 SNMPTRAP - ok
15:18:02.0768 1344 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
15:18:02.0768 1344 spldr - ok
15:18:02.0828 1344 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
15:18:02.0838 1344 Spooler - ok
15:18:02.0958 1344 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
15:18:02.0968 1344 sptd - ok
15:18:03.0038 1344 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
15:18:03.0038 1344 srv - ok
15:18:03.0088 1344 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
15:18:03.0088 1344 srv2 - ok
15:18:03.0108 1344 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
15:18:03.0108 1344 srvnet - ok
15:18:03.0118 1344 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
15:18:03.0128 1344 SSDPSRV - ok
15:18:03.0158 1344 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
15:18:03.0158 1344 SstpSvc - ok
15:18:03.0228 1344 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
15:18:03.0238 1344 stisvc - ok
15:18:03.0258 1344 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
15:18:03.0258 1344 swenum - ok
15:18:03.0288 1344 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
15:18:03.0288 1344 swprv - ok
15:18:03.0308 1344 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
15:18:03.0318 1344 Symc8xx - ok
15:18:03.0328 1344 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
15:18:03.0328 1344 Sym_hi - ok
15:18:03.0348 1344 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
15:18:03.0348 1344 Sym_u3 - ok
15:18:03.0408 1344 SynasUSB (512231ba47975f3f1a67b11f271bb49d) C:\Windows\system32\drivers\SynUSB64.sys
15:18:03.0408 1344 SynasUSB - ok
15:18:03.0938 1344 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
15:18:03.0998 1344 SysMain - ok
15:18:04.0028 1344 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
15:18:04.0028 1344 TabletInputService - ok
15:18:04.0088 1344 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
15:18:04.0098 1344 TapiSrv - ok
15:18:04.0108 1344 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
15:18:04.0108 1344 TBS - ok
15:18:04.0208 1344 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
15:18:04.0228 1344 Tcpip - ok
15:18:04.0238 1344 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
15:18:04.0248 1344 Tcpip6 - ok
15:18:04.0298 1344 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
15:18:04.0308 1344 tcpipreg - ok
15:18:04.0328 1344 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
15:18:04.0328 1344 TDPIPE - ok
15:18:04.0338 1344 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
15:18:04.0338 1344 TDTCP - ok
15:18:04.0348 1344 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
15:18:04.0348 1344 tdx - ok
15:18:04.0408 1344 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
15:18:04.0408 1344 TermDD - ok
15:18:04.0478 1344 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
15:18:04.0488 1344 TermService - ok
15:18:04.0538 1344 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
15:18:04.0538 1344 Themes - ok
15:18:04.0548 1344 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:18:04.0548 1344 THREADORDER - ok
15:18:04.0568 1344 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
15:18:04.0578 1344 TrkWks - ok
15:18:04.0598 1344 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
15:18:04.0608 1344 TrustedInstaller - ok
15:18:04.0618 1344 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:18:04.0618 1344 tssecsrv - ok
15:18:04.0638 1344 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
15:18:04.0638 1344 tunmp - ok
15:18:04.0698 1344 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
15:18:04.0698 1344 tunnel - ok
15:18:04.0718 1344 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
15:18:04.0718 1344 uagp35 - ok
15:18:04.0778 1344 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
15:18:04.0778 1344 udfs - ok
15:18:04.0798 1344 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
15:18:04.0798 1344 UI0Detect - ok
15:18:04.0818 1344 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
15:18:04.0818 1344 uliagpkx - ok
15:18:04.0838 1344 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
15:18:04.0838 1344 uliahci - ok
15:18:04.0858 1344 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
15:18:04.0858 1344 UlSata - ok
15:18:04.0888 1344 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
15:18:04.0898 1344 ulsata2 - ok
15:18:04.0908 1344 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
15:18:04.0918 1344 umbus - ok
15:18:04.0918 1344 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
15:18:04.0918 1344 UMPass - ok
15:18:04.0958 1344 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
15:18:04.0958 1344 upnphost - ok
15:18:05.0038 1344 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
15:18:05.0048 1344 USBAAPL64 - ok
15:18:05.0108 1344 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
15:18:05.0108 1344 usbaudio - ok
15:18:05.0128 1344 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
15:18:05.0138 1344 usbccgp - ok
15:18:05.0148 1344 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
15:18:05.0168 1344 usbcir - ok
15:18:05.0188 1344 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
15:18:05.0188 1344 usbehci - ok
15:18:05.0248 1344 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
15:18:05.0258 1344 usbhub - ok
15:18:05.0278 1344 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
15:18:05.0278 1344 usbohci - ok
15:18:05.0298 1344 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
15:18:05.0298 1344 usbprint - ok
15:18:05.0318 1344 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
15:18:05.0318 1344 usbscan - ok
15:18:05.0338 1344 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:18:05.0338 1344 USBSTOR - ok
15:18:05.0348 1344 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
15:18:05.0348 1344 usbuhci - ok
15:18:05.0398 1344 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
15:18:05.0398 1344 UxSms - ok
15:18:05.0468 1344 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
15:18:05.0468 1344 vds - ok
15:18:05.0488 1344 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
15:18:05.0498 1344 vga - ok
15:18:05.0498 1344 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
15:18:05.0498 1344 VgaSave - ok
15:18:05.0518 1344 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
15:18:05.0518 1344 viaide - ok
15:18:05.0548 1344 Viewpoint Manager Service - ok
15:18:05.0608 1344 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
15:18:05.0608 1344 volmgr - ok
15:18:05.0678 1344 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
15:18:05.0688 1344 volmgrx - ok
15:18:05.0748 1344 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
15:18:05.0748 1344 volsnap - ok
15:18:05.0768 1344 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
15:18:05.0788 1344 vsmraid - ok
15:18:05.0888 1344 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
15:18:05.0898 1344 VSS - ok
15:18:05.0958 1344 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
15:18:05.0968 1344 W32Time - ok
15:18:05.0998 1344 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
15:18:05.0998 1344 WacomPen - ok
15:18:06.0058 1344 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:18:06.0058 1344 Wanarp - ok
15:18:06.0058 1344 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:18:06.0068 1344 Wanarpv6 - ok
15:18:06.0098 1344 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
15:18:06.0098 1344 wcncsvc - ok
15:18:06.0118 1344 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
15:18:06.0128 1344 WcsPlugInService - ok
15:18:06.0148 1344 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
15:18:06.0148 1344 Wd - ok
15:18:06.0198 1344 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
15:18:06.0208 1344 Wdf01000 - ok
15:18:06.0218 1344 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:18:06.0218 1344 WdiServiceHost - ok
15:18:06.0218 1344 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:18:06.0228 1344 WdiSystemHost - ok
15:18:06.0288 1344 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
15:18:06.0288 1344 WebClient - ok
15:18:06.0338 1344 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
15:18:06.0338 1344 Wecsvc - ok
15:18:06.0348 1344 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
15:18:06.0348 1344 wercplsupport - ok
15:18:06.0378 1344 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
15:18:06.0378 1344 WerSvc - ok
15:18:06.0448 1344 winachsf (a53cde6beea165fe9b430476eede3c54) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
15:18:06.0448 1344 winachsf - ok
15:18:06.0488 1344 WinDefend - ok
15:18:06.0498 1344 WinHttpAutoProxySvc - ok
15:18:06.0578 1344 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
15:18:06.0588 1344 Winmgmt - ok
15:18:06.0698 1344 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
15:18:06.0728 1344 WinRM - ok
15:18:06.0808 1344 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
15:18:06.0818 1344 Wlansvc - ok
15:18:06.0958 1344 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:18:06.0978 1344 wlidsvc - ok
15:18:07.0098 1344 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
15:18:07.0098 1344 WmiAcpi - ok
15:18:07.0208 1344 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
15:18:07.0208 1344 wmiApSrv - ok
15:18:07.0258 1344 WMPNetworkSvc - ok
15:18:07.0288 1344 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
15:18:07.0288 1344 WPCSvc - ok
15:18:07.0358 1344 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
15:18:07.0358 1344 WPDBusEnum - ok
15:18:07.0378 1344 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
15:18:07.0378 1344 WpdUsb - ok
15:18:07.0548 1344 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:18:07.0558 1344 WPFFontCache_v0400 - ok
15:18:07.0608 1344 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
15:18:07.0608 1344 wscsvc - ok
15:18:07.0618 1344 WSearch - ok
15:18:07.0758 1344 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:18:07.0778 1344 wuauserv - ok
15:18:07.0898 1344 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:18:07.0898 1344 WUDFRd - ok
15:18:07.0928 1344 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
15:18:07.0928 1344 wudfsvc - ok
15:18:07.0938 1344 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
15:18:07.0938 1344 XAudio - ok
15:18:07.0968 1344 XAudioService (963c27034bba4ac52a13f7a3c657c708) C:\Windows\system32\DRIVERS\xaudio64.exe
15:18:07.0978 1344 XAudioService - ok
15:18:08.0008 1344 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
15:18:08.0218 1344 \Device\Harddisk0\DR0 - ok
15:18:08.0258 1344 Boot (0x1200) (0cfb5e5fcb69a102736196fc7eaba60a) \Device\Harddisk0\DR0\Partition0
15:18:08.0258 1344 \Device\Harddisk0\DR0\Partition0 - ok
15:18:08.0268 1344 Boot (0x1200) (d80c3ccddb1a2eda2fbcc17d4d0f6932) \Device\Harddisk0\DR0\Partition1
15:18:08.0268 1344 \Device\Harddisk0\DR0\Partition1 - ok
15:18:08.0268 1344 ============================================================
15:18:08.0268 1344 Scan finished
15:18:08.0268 1344 ============================================================
15:18:08.0278 0764 Detected object count: 0
15:18:08.0278 0764 Actual detected object count: 0



log from aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-31 15:30:19
-----------------------------
15:30:19.514 OS Version: Windows x64 6.0.6002 Service Pack 2
15:30:19.514 Number of processors: 2 586 0x1706
15:30:19.514 ComputerName: OWNER-PC UserName: Phyzaar
15:30:20.731 Initialize success
15:31:10.448 AVAST engine defs: 12073102
15:38:38.549 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:38:38.549 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5BA Size: 476940MB BusType: 3
15:38:38.565 Disk 0 MBR read successfully
15:38:38.565 Disk 0 MBR scan
15:38:38.580 Disk 0 Windows VISTA default MBR code
15:38:38.580 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
15:38:38.596 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
15:38:38.611 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461899 MB offset 30801920
15:38:38.643 Disk 0 scanning C:\Windows\system32\drivers
15:38:48.103 Service scanning
15:39:10.707 Modules scanning
15:39:10.707 Disk 0 trace - called modules:
15:39:10.723 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:39:10.723 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004aa3060]
15:39:10.723 3 CLASSPNP.SYS[fffffa60011cdc33] -> nt!IofCallDriver -> [0xfffffa80048b3580]
15:39:10.739 5 acpi.sys[fffffa6000b6efde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80048b5060]
15:39:12.080 AVAST engine scan C:\Windows
15:39:16.994 AVAST engine scan C:\Windows\system32
15:41:06.623 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:41:09.782 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:42:23.035 AVAST engine scan C:\Windows\system32\drivers
15:42:45.936 AVAST engine scan C:\Users\Phyzaar
15:57:56.595 AVAST engine scan C:\ProgramData
16:02:59.661 Scan finished successfully
16:24:16.041 Disk 0 MBR has been saved successfully to "C:\Users\Phyzaar\Desktop\fixer\MBR.dat"
16:24:16.057 The log file has been saved successfully to "C:\Users\Phyzaar\Desktop\fixer\aswMBR.txt"



log from eset:

C:\BitTorrent Downloads\Cubase.Studio.4.rar probably a variant of Win32/Agent.FASOXUX trojan deleted - quarantined
C:\Program Files (x86)\Common Files\ZugoInstaller.exe multiple threats cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{6eafbdfb-1624-7891-b48c-d81310fa2096}\U\000000cb.@.vir Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{6eafbdfb-1624-7891-b48c-d81310fa2096}\U\80000064.@.vir Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\3d30f927-3709415b multiple threats deleted - quarantined
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\94b77a8-50800913 a variant of Java/Exploit.CVE-2011-3544.C trojan deleted - quarantined
C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\219b1bf7-72789c07 multiple threats deleted - quarantined
C:\Users\Phyzaar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\3aa4da42-4ada9f49 multiple threats deleted - quarantined
C:\Users\Phyzaar\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\1dccba96-7360f009 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\Phyzaar\Downloads\FreeYouTubeDownloaderSetup.exe multiple threats cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan


Thank you for helping.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:24 PM

Posted 01 August 2012 - 06:18 AM

We need advanced tools to remove this one

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:24 PM

Posted 09 August 2012 - 02:44 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic464289.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users