Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trouble with removing Trojan Horse Patched_c.LZI?


  • Please log in to reply
3 replies to this topic

#1 JayWichester

JayWichester

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 30 July 2012 - 11:43 PM

My AVG has been popping up with this ('this' being a alert for 'trojan horse patched_c.lzi') for the last 2 days, actually, but I didn't pay much attention until today. My computer crashed twice and shut itself down once with a blue screen informing me that the shutdown was to prevent damage.

Now I can't do much of anything without AVG popping up with an alert for it, and when it asks if I want to move it to the vault I get informed it is either white listed or cannot be moved. I have 2 other programs that don't even find it TO ask about getting rid of it. (Spybot and Malwarebytes)

I've been googling it and I just keep finding the exact same set of instructions that want me to go deleting things in the registry and I'm nervous about doing that.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:56 PM

Posted 31 July 2012 - 06:48 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 JayWichester

JayWichester
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:56 PM

Posted 31 July 2012 - 05:34 PM

16:27:47.0578 6696 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
16:27:47.0985 6696 ============================================================
16:27:47.0985 6696 Current date / time: 2012/07/31 16:27:47.0985
16:27:47.0985 6696 SystemInfo:
16:27:47.0985 6696
16:27:47.0985 6696 OS Version: 6.0.6002 ServicePack: 2.0
16:27:47.0985 6696 Product type: Workstation
16:27:47.0986 6696 ComputerName: BRANDON-PC
16:27:47.0986 6696 UserName: Brandon
16:27:47.0986 6696 Windows directory: C:\Windows
16:27:47.0986 6696 System windows directory: C:\Windows
16:27:47.0986 6696 Running under WOW64
16:27:47.0986 6696 Processor architecture: Intel x64
16:27:47.0986 6696 Number of processors: 2
16:27:47.0986 6696 Page size: 0x1000
16:27:47.0986 6696 Boot type: Normal boot
16:27:47.0986 6696 ============================================================
16:27:49.0302 6696 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:27:57.0545 6696 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:27:57.0561 6696 Drive \Device\Harddisk1\DR1 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:27:57.0577 6696 ============================================================
16:27:57.0577 6696 \Device\Harddisk2\DR2:
16:27:57.0577 6696 MBR partitions:
16:27:57.0577 6696 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
16:27:57.0577 6696 \Device\Harddisk0\DR0:
16:27:57.0639 6696 MBR partitions:
16:27:57.0639 6696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
16:27:57.0639 6696 \Device\Harddisk1\DR1:
16:27:57.0639 6696 MBR partitions:
16:27:57.0639 6696 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4000
16:27:57.0639 6696 ============================================================
16:27:57.0748 6696 C: <-> \Device\Harddisk1\DR1\Partition0
16:27:57.0842 6696 E: <-> \Device\Harddisk0\DR0\Partition0
16:27:57.0857 6696 B: <-> \Device\Harddisk2\DR2\Partition0
16:27:57.0857 6696 ============================================================
16:27:57.0857 6696 Initialize success
16:27:57.0857 6696 ============================================================
16:29:10.0039 1420 ============================================================
16:29:10.0039 1420 Scan started
16:29:10.0039 1420 Mode: Manual; TDLFS;
16:29:10.0039 1420 ============================================================
16:29:20.0584 1420 a016bus (25e6c904b273f97a5e6e2d16e859a70d) C:\Windows\system32\DRIVERS\a016bus.sys
16:29:20.0584 1420 a016bus - ok
16:29:20.0584 1420 a016mdfl (8676aaedea6e1bcc4b7d050a62ec0ed3) C:\Windows\system32\DRIVERS\a016mdfl.sys
16:29:20.0584 1420 a016mdfl - ok
16:29:20.0615 1420 a016mdm (451b692665e0a3d90a7c583d98a0fc47) C:\Windows\system32\DRIVERS\a016mdm.sys
16:29:20.0615 1420 a016mdm - ok
16:29:20.0631 1420 a016mgmt (1971b457b64377fa6243fc69b837c214) C:\Windows\system32\DRIVERS\a016mgmt.sys
16:29:20.0631 1420 a016mgmt - ok
16:29:20.0647 1420 a016obex (6042fc874ccb746173b80d73df293fd6) C:\Windows\system32\DRIVERS\a016obex.sys
16:29:20.0647 1420 a016obex - ok
16:29:20.0678 1420 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
16:29:20.0693 1420 ACPI - ok
16:29:20.0818 1420 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:29:20.0818 1420 AdobeFlashPlayerUpdateSvc - ok
16:29:20.0849 1420 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
16:29:20.0865 1420 adp94xx - ok
16:29:20.0912 1420 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
16:29:20.0974 1420 adpahci - ok
16:29:20.0990 1420 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
16:29:20.0990 1420 adpu160m - ok
16:29:21.0005 1420 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
16:29:21.0005 1420 adpu320 - ok
16:29:21.0037 1420 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
16:29:21.0037 1420 AeLookupSvc - ok
16:29:21.0099 1420 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
16:29:21.0099 1420 AFD - ok
16:29:21.0193 1420 AffinegyService (b29bc445561f1ac7b1daf67af954c36b) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
16:29:21.0208 1420 AffinegyService - ok
16:29:21.0224 1420 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
16:29:21.0224 1420 agp440 - ok
16:29:21.0255 1420 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
16:29:21.0255 1420 aic78xx - ok
16:29:21.0458 1420 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
16:29:21.0458 1420 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
16:29:21.0458 1420 Akamai ( HiddenFile.Multi.Generic ) - warning
16:29:21.0458 1420 Akamai - detected HiddenFile.Multi.Generic (1)
16:29:21.0551 1420 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
16:29:21.0551 1420 ALG - ok
16:29:21.0583 1420 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
16:29:21.0583 1420 aliide - ok
16:29:21.0614 1420 AMD External Events Utility (514089cb4a7df38dc4dd936ade4114d3) C:\Windows\system32\atiesrxx.exe
16:29:21.0614 1420 AMD External Events Utility - ok
16:29:21.0661 1420 AMD FUEL Service - ok
16:29:21.0661 1420 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
16:29:21.0676 1420 amdide - ok
16:29:21.0707 1420 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
16:29:21.0707 1420 amdiox64 - ok
16:29:21.0723 1420 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
16:29:21.0723 1420 AmdK8 - ok
16:29:22.0113 1420 amdkmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
16:29:22.0285 1420 amdkmdag - ok
16:29:22.0394 1420 amdkmdap (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
16:29:22.0394 1420 amdkmdap - ok
16:29:22.0441 1420 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
16:29:22.0441 1420 Appinfo - ok
16:29:22.0565 1420 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:29:22.0565 1420 Apple Mobile Device - ok
16:29:22.0612 1420 AppMgmt (3da98c07b18a676180fe7eed924d1673) C:\Windows\System32\appmgmts.dll
16:29:22.0612 1420 AppMgmt - ok
16:29:22.0643 1420 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
16:29:22.0643 1420 arc - ok
16:29:22.0659 1420 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
16:29:22.0659 1420 arcsas - ok
16:29:22.0675 1420 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
16:29:22.0675 1420 AsyncMac - ok
16:29:22.0690 1420 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
16:29:22.0690 1420 atapi - ok
16:29:22.0737 1420 AtiHDAudioService (c3941eac6a5cd621f002b12c9ee4857b) C:\Windows\system32\drivers\AtihdLH6.sys
16:29:22.0737 1420 AtiHDAudioService - ok
16:29:22.0768 1420 AtiHdmiService (3ac10a57313af6793ff1bac6146fcff7) C:\Windows\system32\drivers\AtiHdmi.sys
16:29:22.0768 1420 AtiHdmiService - ok
16:29:23.0127 1420 atikmdag (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
16:29:23.0158 1420 atikmdag - ok
16:29:23.0267 1420 atksgt (09149d03629a44f4773e621c432d1d89) C:\Windows\system32\DRIVERS\atksgt.sys
16:29:23.0267 1420 atksgt - ok
16:29:23.0314 1420 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
16:29:23.0314 1420 AudioEndpointBuilder - ok
16:29:23.0330 1420 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
16:29:23.0330 1420 AudioSrv - ok
16:29:23.0579 1420 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
16:29:23.0595 1420 AVGIDSAgent - ok
16:29:23.0720 1420 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
16:29:23.0720 1420 AVGIDSDriver - ok
16:29:23.0735 1420 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
16:29:23.0735 1420 AVGIDSFilter - ok
16:29:23.0751 1420 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
16:29:23.0751 1420 AVGIDSHA - ok
16:29:23.0782 1420 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
16:29:23.0782 1420 Avgldx64 - ok
16:29:23.0813 1420 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
16:29:23.0813 1420 Avgmfx64 - ok
16:29:23.0845 1420 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
16:29:23.0845 1420 Avgrkx64 - ok
16:29:23.0876 1420 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
16:29:23.0876 1420 Avgtdia - ok
16:29:23.0954 1420 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
16:29:23.0954 1420 avgwd - ok
16:29:23.0985 1420 BIOS (00cadb1bc2d0030f0b2a1063618b6bd7) C:\Windows\system32\drivers\BIOS64.sys
16:29:23.0985 1420 BIOS - ok
16:29:24.0001 1420 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
16:29:24.0001 1420 blbdrive - ok
16:29:24.0110 1420 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:29:24.0110 1420 Bonjour Service - ok
16:29:24.0141 1420 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
16:29:24.0141 1420 bowser - ok
16:29:24.0157 1420 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
16:29:24.0157 1420 BrFiltLo - ok
16:29:24.0172 1420 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
16:29:24.0172 1420 BrFiltUp - ok
16:29:24.0188 1420 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
16:29:24.0188 1420 Browser - ok
16:29:24.0219 1420 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
16:29:24.0219 1420 Brserid - ok
16:29:24.0235 1420 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
16:29:24.0235 1420 BrSerWdm - ok
16:29:24.0235 1420 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
16:29:24.0235 1420 BrUsbMdm - ok
16:29:24.0250 1420 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
16:29:24.0250 1420 BrUsbSer - ok
16:29:24.0266 1420 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
16:29:24.0266 1420 BTHMODEM - ok
16:29:24.0281 1420 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
16:29:24.0281 1420 cdfs - ok
16:29:24.0297 1420 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
16:29:24.0297 1420 cdrom - ok
16:29:24.0344 1420 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
16:29:24.0344 1420 CertPropSvc - ok
16:29:24.0359 1420 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
16:29:24.0359 1420 circlass - ok
16:29:24.0391 1420 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
16:29:24.0391 1420 CLFS - ok
16:29:24.0453 1420 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:29:24.0453 1420 clr_optimization_v2.0.50727_32 - ok
16:29:24.0500 1420 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:29:24.0500 1420 clr_optimization_v2.0.50727_64 - ok
16:29:24.0578 1420 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:29:24.0578 1420 clr_optimization_v4.0.30319_32 - ok
16:29:24.0625 1420 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:29:24.0640 1420 clr_optimization_v4.0.30319_64 - ok
16:29:24.0656 1420 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
16:29:24.0656 1420 cmdide - ok
16:29:24.0671 1420 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
16:29:24.0671 1420 Compbatt - ok
16:29:24.0687 1420 COMSysApp - ok
16:29:24.0718 1420 cpuz132 (c9c25778efe890baa4087e32937016a0) C:\Windows\system32\drivers\cpuz132_x64.sys
16:29:24.0718 1420 cpuz132 - ok
16:29:24.0734 1420 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
16:29:24.0734 1420 crcdisk - ok
16:29:24.0765 1420 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
16:29:24.0781 1420 CryptSvc - ok
16:29:24.0812 1420 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
16:29:24.0827 1420 CSC - ok
16:29:24.0890 1420 CscService (1b5f256d31836ed2ba60b3a6c800200c) C:\Windows\System32\cscsvc.dll
16:29:24.0890 1420 CscService - ok
16:29:24.0952 1420 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
16:29:24.0952 1420 DcomLaunch - ok
16:29:24.0983 1420 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
16:29:24.0983 1420 DfsC - ok
16:29:25.0139 1420 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
16:29:25.0217 1420 DFSR - ok
16:29:25.0358 1420 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
16:29:25.0358 1420 Dhcp - ok
16:29:25.0389 1420 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
16:29:25.0389 1420 disk - ok
16:29:25.0420 1420 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
16:29:25.0420 1420 Dnscache - ok
16:29:25.0436 1420 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
16:29:25.0436 1420 dot3svc - ok
16:29:25.0467 1420 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
16:29:25.0467 1420 DPS - ok
16:29:25.0514 1420 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
16:29:25.0514 1420 drmkaud - ok
16:29:25.0654 1420 dump_wmimmc - ok
16:29:25.0701 1420 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
16:29:25.0717 1420 DXGKrnl - ok
16:29:25.0732 1420 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
16:29:25.0748 1420 E1G60 - ok
16:29:25.0763 1420 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
16:29:25.0763 1420 EapHost - ok
16:29:25.0779 1420 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
16:29:25.0795 1420 Ecache - ok
16:29:25.0841 1420 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
16:29:25.0841 1420 ehRecvr - ok
16:29:25.0857 1420 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
16:29:25.0857 1420 ehSched - ok
16:29:25.0873 1420 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
16:29:25.0873 1420 ehstart - ok
16:29:25.0888 1420 ElRawDisk (627350a11295d82bf78d155b12ffd0ef) C:\Windows\system32\drivers\ElRawDsk.sys
16:29:25.0888 1420 ElRawDisk - ok
16:29:25.0919 1420 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
16:29:25.0919 1420 elxstor - ok
16:29:25.0951 1420 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
16:29:25.0966 1420 EMDMgmt - ok
16:29:25.0982 1420 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
16:29:25.0982 1420 ErrDev - ok
16:29:26.0122 1420 ES lite Service (dcd7487d00aa4dffaeb4c8b086af1134) C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
16:29:26.0122 1420 ES lite Service - ok
16:29:26.0231 1420 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
16:29:26.0247 1420 EventSystem - ok
16:29:26.0341 1420 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
16:29:26.0356 1420 exfat - ok
16:29:26.0387 1420 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
16:29:26.0387 1420 fastfat - ok
16:29:26.0465 1420 Fax (989a776a2ff32a148fcf15c44058b129) C:\Windows\system32\fxssvc.exe
16:29:26.0512 1420 Fax - ok
16:29:26.0590 1420 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
16:29:26.0590 1420 fdc - ok
16:29:26.0637 1420 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
16:29:26.0637 1420 fdPHost - ok
16:29:26.0731 1420 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
16:29:26.0731 1420 FDResPub - ok
16:29:26.0793 1420 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
16:29:26.0793 1420 FileInfo - ok
16:29:26.0809 1420 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
16:29:26.0824 1420 Filetrace - ok
16:29:26.0840 1420 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:29:26.0840 1420 flpydisk - ok
16:29:26.0887 1420 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
16:29:26.0887 1420 FltMgr - ok
16:29:27.0027 1420 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
16:29:27.0043 1420 FontCache - ok
16:29:27.0105 1420 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:29:27.0105 1420 FontCache3.0.0.0 - ok
16:29:27.0152 1420 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
16:29:27.0152 1420 Fs_Rec - ok
16:29:27.0199 1420 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
16:29:27.0199 1420 fvevol - ok
16:29:27.0230 1420 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
16:29:27.0230 1420 gagp30kx - ok
16:29:27.0277 1420 gdrv (46e2828bca26b31fa5a1dd4d84df633d) C:\Windows\gdrv.sys
16:29:27.0277 1420 gdrv - ok
16:29:27.0308 1420 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:29:27.0308 1420 GEARAspiWDM - ok
16:29:27.0401 1420 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
16:29:27.0401 1420 gpsvc - ok
16:29:27.0464 1420 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
16:29:27.0464 1420 GVTDrv64 - ok
16:29:27.0542 1420 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
16:29:27.0620 1420 HdAudAddService - ok
16:29:27.0713 1420 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:29:27.0723 1420 HDAudBus - ok
16:29:27.0753 1420 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
16:29:27.0843 1420 HidBth - ok
16:29:28.0083 1420 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
16:29:28.0213 1420 HidIr - ok
16:29:28.0243 1420 hidkmdf (207c7ed27ba6add3985a90671c931b55) C:\Windows\system32\DRIVERS\hidkmdf.sys
16:29:28.0323 1420 hidkmdf - ok
16:29:28.0393 1420 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
16:29:28.0403 1420 hidserv - ok
16:29:28.0443 1420 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
16:29:28.0453 1420 HidUsb - ok
16:29:28.0523 1420 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
16:29:28.0523 1420 hkmsvc - ok
16:29:28.0563 1420 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
16:29:28.0563 1420 HpCISSs - ok
16:29:28.0673 1420 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
16:29:28.0683 1420 HTTP - ok
16:29:28.0703 1420 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
16:29:28.0713 1420 i2omp - ok
16:29:28.0733 1420 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
16:29:28.0743 1420 i8042prt - ok
16:29:28.0793 1420 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
16:29:28.0813 1420 iaStorV - ok
16:29:28.0923 1420 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:29:28.0933 1420 IDriverT - ok
16:29:29.0113 1420 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:29:29.0153 1420 idsvc - ok
16:29:29.0183 1420 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
16:29:29.0193 1420 iirsp - ok
16:29:29.0263 1420 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
16:29:29.0293 1420 IKEEXT - ok
16:29:29.0569 1420 IntcAzAudAddService (4b071aebbc13d60430ee0371b262f681) C:\Windows\system32\drivers\RTKVHD64.sys
16:29:29.0585 1420 IntcAzAudAddService - ok
16:29:29.0694 1420 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
16:29:29.0694 1420 intelide - ok
16:29:29.0709 1420 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
16:29:29.0709 1420 intelppm - ok
16:29:29.0835 1420 ioloSystemService (228431b4214e2f540b6b6367b2a65e05) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
16:29:29.0835 1420 ioloSystemService - ok
16:29:29.0913 1420 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
16:29:29.0929 1420 IPBusEnum - ok
16:29:29.0960 1420 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:29:29.0960 1420 IpFilterDriver - ok
16:29:29.0976 1420 IpInIp - ok
16:29:30.0007 1420 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
16:29:30.0007 1420 IPMIDRV - ok
16:29:30.0038 1420 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
16:29:30.0038 1420 IPNAT - ok
16:29:30.0163 1420 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
16:29:30.0163 1420 iPod Service - ok
16:29:30.0178 1420 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
16:29:30.0178 1420 IRENUM - ok
16:29:30.0272 1420 is3srv (8598e4a12eaa945b35365dd2750b9777) C:\Windows\syswow64\drivers\is3srv64.sys
16:29:30.0288 1420 is3srv - ok
16:29:30.0303 1420 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
16:29:30.0303 1420 isapnp - ok
16:29:30.0350 1420 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
16:29:30.0350 1420 iScsiPrt - ok
16:29:30.0397 1420 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
16:29:30.0397 1420 iteatapi - ok
16:29:30.0428 1420 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
16:29:30.0428 1420 iteraid - ok
16:29:30.0459 1420 JRAID (db85fe8d6cbaa2047cb4da1b2c193d76) C:\Windows\system32\DRIVERS\jraid.sys
16:29:30.0459 1420 JRAID - ok
16:29:30.0459 1420 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
16:29:30.0459 1420 kbdclass - ok
16:29:30.0475 1420 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
16:29:30.0475 1420 kbdhid - ok
16:29:30.0506 1420 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
16:29:30.0506 1420 KeyIso - ok
16:29:30.0568 1420 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
16:29:30.0568 1420 KSecDD - ok
16:29:30.0584 1420 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
16:29:30.0584 1420 ksthunk - ok
16:29:31.0037 1420 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
16:29:31.0037 1420 KtmRm - ok
16:29:31.0084 1420 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
16:29:31.0084 1420 LanmanServer - ok
16:29:31.0115 1420 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
16:29:31.0115 1420 LanmanWorkstation - ok
16:29:31.0147 1420 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:29:31.0147 1420 LHidFilt - ok
16:29:31.0193 1420 lirsgt (5ea407821bb3104c31a705175ab4f309) C:\Windows\system32\DRIVERS\lirsgt.sys
16:29:31.0193 1420 lirsgt - ok
16:29:31.0225 1420 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
16:29:31.0225 1420 lltdio - ok
16:29:31.0271 1420 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
16:29:31.0287 1420 lltdsvc - ok
16:29:31.0303 1420 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
16:29:31.0303 1420 lmhosts - ok
16:29:31.0318 1420 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:29:31.0318 1420 LMouFilt - ok
16:29:31.0334 1420 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
16:29:31.0334 1420 LSI_FC - ok
16:29:31.0349 1420 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
16:29:31.0349 1420 LSI_SAS - ok
16:29:31.0365 1420 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
16:29:31.0365 1420 LSI_SCSI - ok
16:29:31.0381 1420 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
16:29:31.0381 1420 luafv - ok
16:29:31.0412 1420 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
16:29:31.0412 1420 Mcx2Svc - ok
16:29:31.0427 1420 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
16:29:31.0427 1420 megasas - ok
16:29:31.0459 1420 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
16:29:31.0459 1420 MegaSR - ok
16:29:31.0474 1420 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
16:29:31.0474 1420 MMCSS - ok
16:29:31.0490 1420 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
16:29:31.0490 1420 Modem - ok
16:29:31.0521 1420 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
16:29:31.0521 1420 monitor - ok
16:29:31.0521 1420 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
16:29:31.0521 1420 mouclass - ok
16:29:31.0537 1420 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
16:29:31.0537 1420 mouhid - ok
16:29:31.0552 1420 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
16:29:31.0552 1420 MountMgr - ok
16:29:31.0630 1420 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:29:31.0630 1420 MozillaMaintenance - ok
16:29:31.0646 1420 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
16:29:31.0646 1420 mpio - ok
16:29:31.0661 1420 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
16:29:31.0661 1420 mpsdrv - ok
16:29:31.0677 1420 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
16:29:31.0677 1420 Mraid35x - ok
16:29:31.0708 1420 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
16:29:31.0708 1420 MRxDAV - ok
16:29:31.0724 1420 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:29:31.0724 1420 mrxsmb - ok
16:29:31.0771 1420 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:29:31.0771 1420 mrxsmb10 - ok
16:29:31.0786 1420 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:29:31.0786 1420 mrxsmb20 - ok
16:29:31.0802 1420 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
16:29:31.0802 1420 msahci - ok
16:29:31.0817 1420 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
16:29:31.0817 1420 msdsm - ok
16:29:31.0864 1420 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
16:29:31.0864 1420 MSDTC - ok
16:29:31.0911 1420 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
16:29:31.0911 1420 Msfs - ok
16:29:31.0927 1420 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
16:29:31.0927 1420 msisadrv - ok
16:29:31.0942 1420 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
16:29:31.0958 1420 MSiSCSI - ok
16:29:31.0958 1420 msiserver - ok
16:29:31.0973 1420 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
16:29:31.0973 1420 MSKSSRV - ok
16:29:32.0005 1420 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
16:29:32.0005 1420 MSPCLOCK - ok
16:29:32.0020 1420 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
16:29:32.0020 1420 MSPQM - ok
16:29:32.0051 1420 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
16:29:32.0051 1420 MsRPC - ok
16:29:32.0083 1420 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
16:29:32.0083 1420 mssmbios - ok
16:29:32.0098 1420 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
16:29:32.0098 1420 MSTEE - ok
16:29:32.0114 1420 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
16:29:32.0114 1420 Mup - ok
16:29:32.0145 1420 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
16:29:32.0145 1420 napagent - ok
16:29:32.0192 1420 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
16:29:32.0192 1420 NativeWifiP - ok
16:29:32.0239 1420 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
16:29:32.0254 1420 NDIS - ok
16:29:32.0285 1420 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
16:29:32.0285 1420 NdisTapi - ok
16:29:32.0285 1420 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
16:29:32.0285 1420 Ndisuio - ok
16:29:32.0317 1420 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
16:29:32.0317 1420 NdisWan - ok
16:29:32.0332 1420 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
16:29:32.0332 1420 NDProxy - ok
16:29:32.0363 1420 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
16:29:32.0363 1420 NetBIOS - ok
16:29:32.0613 1420 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
16:29:32.0629 1420 netbt - ok
16:29:32.0644 1420 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
16:29:32.0644 1420 Netlogon - ok
16:29:32.0675 1420 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
16:29:32.0675 1420 Netman - ok
16:29:32.0707 1420 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
16:29:32.0707 1420 netprofm - ok
16:29:32.0785 1420 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:29:32.0785 1420 NetTcpPortSharing - ok
16:29:32.0800 1420 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
16:29:32.0800 1420 nfrd960 - ok
16:29:32.0816 1420 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
16:29:32.0816 1420 NlaSvc - ok
16:29:32.0816 1420 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
16:29:32.0816 1420 Npfs - ok
16:29:32.0831 1420 NPPTNT2 - ok
16:29:32.0847 1420 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
16:29:32.0847 1420 nsi - ok
16:29:32.0863 1420 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
16:29:32.0863 1420 nsiproxy - ok
16:29:32.0941 1420 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
16:29:32.0987 1420 Ntfs - ok
16:29:33.0050 1420 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
16:29:33.0050 1420 Null - ok
16:29:33.0065 1420 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
16:29:33.0065 1420 nvraid - ok
16:29:33.0081 1420 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
16:29:33.0081 1420 nvstor - ok
16:29:33.0097 1420 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
16:29:33.0097 1420 nv_agp - ok
16:29:33.0097 1420 NwlnkFlt - ok
16:29:33.0097 1420 NwlnkFwd - ok
16:29:33.0112 1420 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
16:29:33.0112 1420 ohci1394 - ok
16:29:33.0143 1420 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
16:29:33.0143 1420 p2pimsvc - ok
16:29:33.0159 1420 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
16:29:33.0159 1420 p2psvc - ok
16:29:33.0175 1420 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
16:29:33.0175 1420 Parport - ok
16:29:33.0206 1420 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
16:29:33.0206 1420 partmgr - ok
16:29:33.0284 1420 pbfilter (7c0582921913d00180ec2b8518ba135c) C:\Program Files\PeerBlock\pbfilter.sys
16:29:33.0284 1420 pbfilter - ok
16:29:33.0315 1420 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
16:29:33.0331 1420 PcaSvc - ok
16:29:33.0331 1420 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
16:29:33.0331 1420 pci - ok
16:29:33.0362 1420 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
16:29:33.0362 1420 pciide - ok
16:29:33.0393 1420 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
16:29:33.0409 1420 pcmcia - ok
16:29:33.0440 1420 PDFsFilter (8570c04d9dbfddd2ccf655deb4d84715) C:\Windows\system32\DRIVERS\PDFsFilter.sys
16:29:33.0440 1420 PDFsFilter - ok
16:29:33.0471 1420 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
16:29:33.0471 1420 PEAUTH - ok
16:29:33.0549 1420 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
16:29:33.0549 1420 PerfHost - ok
16:29:33.0611 1420 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
16:29:33.0611 1420 pla - ok
16:29:33.0643 1420 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
16:29:33.0643 1420 PlugPlay - ok
16:29:33.0689 1420 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
16:29:33.0689 1420 PNRPAutoReg - ok
16:29:33.0689 1420 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
16:29:33.0689 1420 PNRPsvc - ok
16:29:33.0752 1420 Point64 (524afd218390c4a8806b48cdff54ad3a) C:\Windows\system32\DRIVERS\point64k.sys
16:29:33.0752 1420 Point64 - ok
16:29:33.0783 1420 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
16:29:33.0799 1420 PolicyAgent - ok
16:29:33.0814 1420 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
16:29:33.0814 1420 PptpMiniport - ok
16:29:33.0830 1420 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
16:29:33.0830 1420 Processor - ok
16:29:33.0861 1420 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
16:29:33.0861 1420 ProfSvc - ok
16:29:33.0877 1420 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
16:29:33.0877 1420 ProtectedStorage - ok
16:29:33.0908 1420 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
16:29:33.0908 1420 PSched - ok
16:29:33.0970 1420 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
16:29:34.0001 1420 ql2300 - ok
16:29:34.0001 1420 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
16:29:34.0017 1420 ql40xx - ok
16:29:34.0048 1420 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
16:29:34.0048 1420 QWAVE - ok
16:29:34.0064 1420 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
16:29:34.0064 1420 QWAVEdrv - ok
16:29:34.0064 1420 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
16:29:34.0079 1420 RasAcd - ok
16:29:34.0111 1420 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
16:29:34.0111 1420 RasAuto - ok
16:29:34.0126 1420 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:29:34.0126 1420 Rasl2tp - ok
16:29:34.0157 1420 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
16:29:34.0157 1420 RasMan - ok
16:29:34.0173 1420 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
16:29:34.0173 1420 RasPppoe - ok
16:29:34.0189 1420 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
16:29:34.0189 1420 RasSstp - ok
16:29:34.0220 1420 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
16:29:34.0235 1420 rdbss - ok
16:29:34.0251 1420 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:29:34.0251 1420 RDPCDD - ok
16:29:34.0282 1420 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
16:29:34.0298 1420 rdpdr - ok
16:29:34.0313 1420 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
16:29:34.0313 1420 RDPENCDD - ok
16:29:34.0360 1420 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
16:29:34.0360 1420 RDPWD - ok
16:29:34.0391 1420 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
16:29:34.0391 1420 RemoteAccess - ok
16:29:34.0423 1420 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
16:29:34.0423 1420 RemoteRegistry - ok
16:29:34.0454 1420 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
16:29:34.0469 1420 RpcLocator - ok
16:29:34.0516 1420 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
16:29:34.0532 1420 RpcSs - ok
16:29:34.0547 1420 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
16:29:34.0547 1420 rspndr - ok
16:29:34.0563 1420 RTHDMIAzAudService - ok
16:29:34.0594 1420 RTL8169 (faeeed5a8949e6ba611a7b738ad28cee) C:\Windows\system32\DRIVERS\Rtlh64.sys
16:29:34.0594 1420 RTL8169 - ok
16:29:34.0610 1420 RzSynapse (24510c4a77aba3b07aefa840db888637) C:\Windows\system32\DRIVERS\RzSynapse.sys
16:29:34.0610 1420 RzSynapse - ok
16:29:34.0641 1420 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
16:29:34.0641 1420 SamSs - ok
16:29:34.0657 1420 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
16:29:34.0672 1420 sbp2port - ok
16:29:34.0688 1420 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
16:29:34.0688 1420 SBRE - ok
16:29:34.0781 1420 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:29:34.0813 1420 SBSDWSCService - ok
16:29:34.0844 1420 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
16:29:34.0844 1420 SCardSvr - ok
16:29:34.0891 1420 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
16:29:34.0906 1420 Schedule - ok
16:29:35.0000 1420 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
16:29:35.0000 1420 SCPolicySvc - ok
16:29:35.0031 1420 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
16:29:35.0031 1420 SDRSVC - ok
16:29:35.0125 1420 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:29:35.0125 1420 secdrv - ok
16:29:35.0140 1420 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
16:29:35.0140 1420 seclogon - ok
16:29:35.0156 1420 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
16:29:35.0156 1420 SENS - ok
16:29:35.0171 1420 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
16:29:35.0171 1420 Serenum - ok
16:29:35.0203 1420 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
16:29:35.0203 1420 Serial - ok
16:29:35.0218 1420 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
16:29:35.0218 1420 sermouse - ok
16:29:35.0234 1420 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
16:29:35.0234 1420 SessionEnv - ok
16:29:35.0249 1420 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
16:29:35.0249 1420 sffdisk - ok
16:29:35.0374 1420 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
16:29:35.0374 1420 sffp_mmc - ok
16:29:35.0421 1420 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
16:29:35.0421 1420 sffp_sd - ok
16:29:35.0421 1420 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
16:29:35.0421 1420 sfloppy - ok
16:29:35.0468 1420 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
16:29:35.0468 1420 ShellHWDetection - ok
16:29:35.0468 1420 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
16:29:35.0468 1420 SiSRaid2 - ok
16:29:35.0483 1420 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
16:29:35.0483 1420 SiSRaid4 - ok
16:29:35.0593 1420 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
16:29:35.0608 1420 slsvc - ok
16:29:35.0733 1420 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
16:29:35.0733 1420 SLUINotify - ok
16:29:35.0780 1420 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
16:29:35.0780 1420 Smb - ok
16:29:35.0842 1420 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
16:29:35.0842 1420 SNMPTRAP - ok
16:29:35.0858 1420 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
16:29:35.0858 1420 spldr - ok
16:29:35.0873 1420 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
16:29:35.0873 1420 Spooler - ok
16:29:35.0951 1420 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys
16:29:35.0951 1420 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf
16:29:35.0951 1420 sptd ( LockedFile.Multi.Generic ) - warning
16:29:35.0951 1420 sptd - detected LockedFile.Multi.Generic (1)
16:29:35.0998 1420 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
16:29:35.0998 1420 srv - ok
16:29:36.0107 1420 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
16:29:36.0107 1420 srv2 - ok
16:29:36.0232 1420 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
16:29:36.0232 1420 srvnet - ok
16:29:36.0248 1420 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
16:29:36.0248 1420 SSDPSRV - ok
16:29:36.0295 1420 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
16:29:36.0310 1420 SstpSvc - ok
16:29:36.0373 1420 Steam Client Service - ok
16:29:36.0513 1420 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
16:29:36.0513 1420 stisvc - ok
16:29:36.0529 1420 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
16:29:36.0529 1420 swenum - ok
16:29:36.0591 1420 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
16:29:36.0591 1420 swprv - ok
16:29:36.0607 1420 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
16:29:36.0607 1420 Symc8xx - ok
16:29:36.0607 1420 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
16:29:36.0607 1420 Sym_hi - ok
16:29:36.0622 1420 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
16:29:36.0622 1420 Sym_u3 - ok
16:29:36.0638 1420 SysInfo - ok
16:29:36.0685 1420 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
16:29:36.0700 1420 SysMain - ok
16:29:36.0794 1420 szkg5 (8598e4a12eaa945b35365dd2750b9777) C:\Windows\syswow64\DRIVERS\szkg64.sys
16:29:36.0794 1420 szkg5 - ok
16:29:36.0919 1420 szserver (8fdaf81240a4057162cad255f02a844e) C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
16:29:36.0919 1420 szserver - ok
16:29:36.0997 1420 T2Fltr - ok
16:29:37.0028 1420 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
16:29:37.0028 1420 TabletInputService - ok
16:29:37.0527 1420 TabletServicePen (0314b23f5f6661483084b9ce0822d0bf) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
16:29:37.0558 1420 TabletServicePen - ok
16:29:37.0652 1420 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
16:29:37.0652 1420 TapiSrv - ok
16:29:37.0683 1420 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
16:29:37.0683 1420 TBS - ok
16:29:37.0792 1420 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
16:29:37.0839 1420 Tcpip - ok
16:29:37.0948 1420 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
16:29:37.0964 1420 Tcpip6 - ok
16:29:38.0042 1420 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
16:29:38.0042 1420 tcpipreg - ok
16:29:38.0073 1420 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
16:29:38.0073 1420 TDPIPE - ok
16:29:38.0089 1420 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
16:29:38.0089 1420 TDTCP - ok
16:29:38.0104 1420 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
16:29:38.0104 1420 tdx - ok
16:29:38.0135 1420 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
16:29:38.0135 1420 TermDD - ok
16:29:38.0213 1420 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
16:29:38.0213 1420 TermService - ok
16:29:38.0260 1420 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
16:29:38.0276 1420 Themes - ok
16:29:38.0291 1420 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
16:29:38.0291 1420 THREADORDER - ok
16:29:38.0432 1420 TouchServicePen (be897cae477dd8a149b3db77472af87d) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
16:29:38.0447 1420 TouchServicePen - ok
16:29:38.0603 1420 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
16:29:38.0603 1420 TrkWks - ok
16:29:38.0650 1420 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
16:29:38.0650 1420 TrustedInstaller - ok
16:29:38.0697 1420 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:29:38.0697 1420 tssecsrv - ok
16:29:38.0713 1420 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
16:29:38.0713 1420 tunmp - ok
16:29:38.0759 1420 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
16:29:38.0759 1420 tunnel - ok
16:29:38.0759 1420 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
16:29:38.0775 1420 uagp35 - ok
16:29:38.0791 1420 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
16:29:38.0806 1420 udfs - ok
16:29:38.0822 1420 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
16:29:38.0822 1420 UI0Detect - ok
16:29:38.0837 1420 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
16:29:38.0837 1420 uliagpkx - ok
16:29:38.0853 1420 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
16:29:38.0869 1420 uliahci - ok
16:29:38.0884 1420 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
16:29:38.0900 1420 UlSata - ok
16:29:38.0915 1420 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
16:29:38.0915 1420 ulsata2 - ok
16:29:38.0931 1420 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
16:29:38.0947 1420 umbus - ok
16:29:38.0947 1420 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
16:29:38.0947 1420 UMPass - ok
16:29:38.0978 1420 UmRdpService (dc5e34f189b827199b9cc8481c648269) C:\Windows\System32\umrdp.dll
16:29:38.0993 1420 UmRdpService - ok
16:29:39.0009 1420 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
16:29:39.0009 1420 upnphost - ok
16:29:39.0087 1420 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
16:29:39.0087 1420 USBAAPL64 - ok
16:29:39.0134 1420 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
16:29:39.0134 1420 usbaudio - ok
16:29:39.0134 1420 usbbus - ok
16:29:39.0181 1420 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
16:29:39.0181 1420 usbccgp - ok
16:29:39.0196 1420 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
16:29:39.0196 1420 usbcir - ok
16:29:39.0196 1420 UsbDiag - ok
16:29:39.0227 1420 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
16:29:39.0227 1420 usbehci - ok
16:29:39.0259 1420 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
16:29:39.0259 1420 usbhub - ok
16:29:39.0259 1420 USBModem - ok
16:29:39.0290 1420 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
16:29:39.0290 1420 usbohci - ok
16:29:39.0321 1420 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
16:29:39.0321 1420 usbprint - ok
16:29:39.0352 1420 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
16:29:39.0352 1420 usbscan - ok
16:29:39.0368 1420 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:29:39.0368 1420 USBSTOR - ok
16:29:39.0383 1420 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
16:29:39.0383 1420 usbuhci - ok
16:29:39.0399 1420 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
16:29:39.0399 1420 UxSms - ok
16:29:39.0446 1420 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
16:29:39.0446 1420 vds - ok
16:29:39.0461 1420 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
16:29:39.0461 1420 vga - ok
16:29:39.0477 1420 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
16:29:39.0477 1420 VgaSave - ok
16:29:39.0493 1420 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
16:29:39.0493 1420 viaide - ok
16:29:39.0571 1420 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
16:29:39.0586 1420 Viewpoint Manager Service - ok
16:29:39.0586 1420 VJoystick (b7f49333d2513eb1edaffdc269a23b68) C:\Windows\system32\DRIVERS\VJoystick.sys
16:29:39.0586 1420 VJoystick - ok
16:29:39.0617 1420 VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys
16:29:39.0617 1420 VKbms - ok
16:29:39.0649 1420 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
16:29:39.0649 1420 volmgr - ok
16:29:39.0680 1420 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
16:29:39.0695 1420 volmgrx - ok
16:29:39.0711 1420 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
16:29:39.0711 1420 volsnap - ok
16:29:39.0727 1420 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
16:29:39.0727 1420 vsmraid - ok
16:29:39.0789 1420 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
16:29:39.0805 1420 VSS - ok
16:29:39.0914 1420 vzandnetdiag (81843561a47a00aa302bfb7c5b678126) C:\Windows\system32\DRIVERS\lgvzandnetdiag64.sys
16:29:39.0914 1420 vzandnetdiag - ok
16:29:39.0929 1420 vzandnetmodem (818ca779c2457f328335fa48d507ef07) C:\Windows\system32\DRIVERS\lgvzandnetmdm64.sys
16:29:39.0929 1420 vzandnetmodem - ok
16:29:39.0945 1420 vzandnetndis (9125f20cb20b814fe2b4504f8ab5dc8a) C:\Windows\system32\DRIVERS\lgvzandnetndis64.sys
16:29:39.0945 1420 vzandnetndis - ok
16:29:39.0992 1420 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
16:29:39.0992 1420 W32Time - ok
16:29:40.0007 1420 wacmoumonitor (8d7d3a085b7b73d178d4c15106f16f3b) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
16:29:40.0007 1420 wacmoumonitor - ok
16:29:40.0023 1420 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
16:29:40.0023 1420 wacommousefilter - ok
16:29:40.0039 1420 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
16:29:40.0039 1420 WacomPen - ok
16:29:40.0070 1420 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
16:29:40.0070 1420 wacomvhid - ok
16:29:40.0101 1420 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:29:40.0101 1420 Wanarp - ok
16:29:40.0101 1420 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:29:40.0101 1420 Wanarpv6 - ok
16:29:40.0148 1420 wbengine (48eee289df9e4989128b2283f3eeacc6) C:\Windows\system32\wbengine.exe
16:29:40.0163 1420 wbengine - ok
16:29:40.0195 1420 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
16:29:40.0210 1420 wcncsvc - ok
16:29:40.0226 1420 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
16:29:40.0241 1420 WcsPlugInService - ok
16:29:40.0273 1420 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
16:29:40.0273 1420 Wd - ok
16:29:40.0319 1420 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:29:40.0319 1420 Wdf01000 - ok
16:29:40.0335 1420 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
16:29:40.0335 1420 WdiServiceHost - ok
16:29:40.0335 1420 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
16:29:40.0335 1420 WdiSystemHost - ok
16:29:40.0366 1420 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
16:29:40.0366 1420 WebClient - ok
16:29:40.0397 1420 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
16:29:40.0397 1420 Wecsvc - ok
16:29:40.0413 1420 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
16:29:40.0413 1420 wercplsupport - ok
16:29:40.0429 1420 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
16:29:40.0429 1420 WerSvc - ok
16:29:40.0444 1420 WinHttpAutoProxySvc - ok
16:29:40.0491 1420 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
16:29:40.0491 1420 Winmgmt - ok
16:29:40.0585 1420 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
16:29:40.0600 1420 WinRM - ok
16:29:40.0709 1420 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
16:29:40.0709 1420 Wlansvc - ok
16:29:40.0834 1420 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:29:40.0850 1420 wlidsvc - ok
16:29:40.0912 1420 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys
16:29:40.0912 1420 WmBEnum - ok
16:29:40.0943 1420 WmFilter (6f6f2b263002b243d3501c7e6c8fc11d) C:\Windows\system32\drivers\WmFilter.sys
16:29:40.0943 1420 WmFilter - ok
16:29:40.0959 1420 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:29:40.0959 1420 WmiAcpi - ok
16:29:41.0006 1420 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
16:29:41.0006 1420 wmiApSrv - ok
16:29:41.0053 1420 WMPNetworkSvc - ok
16:29:41.0068 1420 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys
16:29:41.0068 1420 WmVirHid - ok
16:29:41.0099 1420 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys
16:29:41.0099 1420 WmXlCore - ok
16:29:41.0131 1420 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
16:29:41.0146 1420 WPCSvc - ok
16:29:41.0162 1420 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
16:29:41.0162 1420 WPDBusEnum - ok
16:29:41.0193 1420 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
16:29:41.0193 1420 WpdUsb - ok
16:29:41.0583 1420 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:29:41.0583 1420 WPFFontCache_v0400 - ok
16:29:41.0614 1420 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
16:29:41.0614 1420 ws2ifsl - ok
16:29:41.0614 1420 WSearch - ok
16:29:41.0645 1420 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:29:41.0645 1420 WUDFRd - ok
16:29:41.0677 1420 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
16:29:41.0677 1420 wudfsvc - ok
16:29:41.0739 1420 X6va001 - ok
16:29:41.0801 1420 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys
16:29:41.0848 1420 xnacc - ok
16:29:41.0848 1420 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
16:29:41.0911 1420 \Device\Harddisk2\DR2 - ok
16:29:41.0911 1420 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:29:42.0519 1420 \Device\Harddisk0\DR0 - ok
16:29:42.0535 1420 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
16:29:42.0862 1420 \Device\Harddisk1\DR1 - ok
16:29:42.0862 1420 Boot (0x1200) (de58c6e4a78151ac7df2d466b35fe87e) \Device\Harddisk2\DR2\Partition0
16:29:42.0862 1420 \Device\Harddisk2\DR2\Partition0 - ok
16:29:42.0862 1420 Boot (0x1200) (f02b30a590998f634a83ee8e2c0f8cf2) \Device\Harddisk0\DR0\Partition0
16:29:42.0862 1420 \Device\Harddisk0\DR0\Partition0 - ok
16:29:42.0862 1420 Boot (0x1200) (2335888f5964fd5d4765ec4109890480) \Device\Harddisk1\DR1\Partition0
16:29:42.0862 1420 \Device\Harddisk1\DR1\Partition0 - ok
16:29:42.0862 1420 ============================================================
16:29:42.0862 1420 Scan finished
16:29:42.0862 1420 ============================================================
16:29:42.0862 9400 Detected object count: 2
16:29:42.0862 9400 Actual detected object count: 2


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-31 16:33:42
-----------------------------
16:33:42.763 OS Version: Windows x64 6.0.6002 Service Pack 2
16:33:42.763 Number of processors: 2 586 0x402
16:33:42.764 ComputerName: BRANDON-PC UserName: Brandon
16:33:44.876 Initialize success
16:36:40.663 AVAST engine defs: 12073102
16:41:07.676 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
16:41:07.678 Disk 0 Vendor: WDC_WD10EADS-65P6B0 01.00A01 Size: 953869MB BusType: 3
16:41:07.679 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-3
16:41:07.680 Disk 1 Vendor: ST3250410AS 4.AAA Size: 238474MB BusType: 3
16:41:07.682 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0
16:41:07.683 Disk 2 Vendor: ST31000528AS CC3E Size: 953868MB BusType: 3
16:41:07.695 Disk 1 MBR read successfully
16:41:07.697 Disk 1 MBR scan
16:41:07.700 Disk 1 Windows VISTA default MBR code
16:41:07.705 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 2048
16:41:07.728 Disk 1 scanning C:\Windows\system32\drivers
16:41:15.453 Service scanning
16:41:34.685 Modules scanning
16:41:34.690 Disk 1 trace - called modules:
16:41:34.841 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa8007bf52c0]<<spmn.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
16:41:34.845 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8009405060]
16:41:34.848 3 CLASSPNP.SYS[fffffa6000fcec33] -> nt!IofCallDriver -> [0xfffffa8007bc8580]
16:41:34.851 5 acpi.sys[fffffa600079afde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-3[0xfffffa8007c08060]
16:41:34.854 \Driver\atapi[0xfffffa8007bab060] -> IRP_MJ_CREATE -> 0xfffffa8007bf52c0
16:41:37.850 AVAST engine scan C:\Windows
16:41:40.083 AVAST engine scan C:\Windows\system32
16:43:37.834 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
16:43:40.069 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
16:45:02.395 AVAST engine scan C:\Windows\system32\drivers
16:45:13.161 AVAST engine scan C:\Users\Brandon
17:00:24.105 AVAST engine scan C:\ProgramData
17:03:25.473 Scan finished successfully
17:06:02.016 Disk 1 MBR has been saved successfully to "C:\Users\Brandon\Desktop\MBR.dat"
17:06:02.019 The log file has been saved successfully to "C:\Users\Brandon\Desktop\aswMBR.txt"


C:\Users\Brandon\AppData\Local\AOL\AMD\xwqecqzq.dll a variant of Win32/Kryptik.AIGG trojan cleaned by deleting - quarantined
C:\Users\Brandon\AppData\Local\assembly\Apple\lcdlu.dll a variant of Win32/Kryptik.AIZQ trojan cleaned by deleting - quarantined
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Default\aadhdbgedhgfgediddgfdbdadedjgcgc\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Brandon\Music\Getting Lucky With You.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
C:\Windows\Installer\{5dc271b0-dc8a-a1e2-6683-20ef3f954d53}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{5dc271b0-dc8a-a1e2-6683-20ef3f954d53}\U\000000cb.@ Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\Windows\Installer\{5dc271b0-dc8a-a1e2-6683-20ef3f954d53}\U\80000000.@ Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\Windows\Installer\{5dc271b0-dc8a-a1e2-6683-20ef3f954d53}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan


Did all that right?

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:56 PM

Posted 31 July 2012 - 06:15 PM

We need advanced tools to remove this one

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users