Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Generic29.DFS , also Luhe.Sirefef.A


  • Please log in to reply
21 replies to this topic

#1 VaMaster54 - Mike

VaMaster54 - Mike

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centreville, Winchester, VIRGINIA
  • Local time:05:20 PM

Posted 04 August 2012 - 06:53 PM

AVG Security. Vista Home. Dell 530 Inspiron. 64 bit operating system.

Invaded .. Trojan Horse Generic29.DFS (quite a few showing in memory) , also Luhe.Sirefef.A

Also AVG rootkit scan shows 17 unknown files....IRP hook....object is hidden.

My knowledge manuvering and following directions is pretty good, virus stuff little.

Outside of acting sluggish, nothing bad....yet, but read this is a nasty one.

Was here in the winter and "Gringo" was great. utmost respect for this website.

I do have a clean laptop for backup use and research.

Mike


*Moderator Edit: Moved topic from Vista to the more appropriate forum. ~ Queen-Evie*

Edited by VaMaster54 - Mike, 04 August 2012 - 08:10 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:20 PM

Posted 05 August 2012 - 12:07 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 VaMaster54 - Mike

VaMaster54 - Mike
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centreville, Winchester, VIRGINIA
  • Local time:05:20 PM

Posted 05 August 2012 - 08:39 AM

Ran TDSS, was running ansMBR and went blue screen halfway thru.. Will attempt again after running ESET, which is currently running.

Am going to post these results 1 at a time so as not to delay in case I get blue screened again. Hope that is okay and might give you and idea.

Thanks for your help, I do appreciate it.

TDSS RESULTS



07:25:10.0736 119884 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
07:25:12.0737 119884 ============================================================
07:25:12.0738 119884 Current date / time: 2012/08/05 07:25:12.0737
07:25:12.0738 119884 SystemInfo:
07:25:12.0738 119884
07:25:12.0738 119884 OS Version: 6.0.6002 ServicePack: 2.0
07:25:12.0738 119884 Product type: Workstation
07:25:12.0738 119884 ComputerName: MDTAVENNER-PC
07:25:12.0738 119884 UserName: MD Tavenner
07:25:12.0738 119884 Windows directory: C:\Windows
07:25:12.0738 119884 System windows directory: C:\Windows
07:25:12.0738 119884 Running under WOW64
07:25:12.0738 119884 Processor architecture: Intel x64
07:25:12.0738 119884 Number of processors: 2
07:25:12.0738 119884 Page size: 0x1000
07:25:12.0738 119884 Boot type: Normal boot
07:25:12.0738 119884 ============================================================
07:25:16.0525 119884 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:25:16.0695 119884 ============================================================
07:25:16.0695 119884 \Device\Harddisk0\DR0:
07:25:16.0722 119884 MBR partitions:
07:25:16.0722 119884 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
07:25:16.0722 119884 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
07:25:16.0722 119884 ============================================================
07:25:16.0764 119884 C: <-> \Device\Harddisk0\DR0\Partition1
07:25:16.0885 119884 D: <-> \Device\Harddisk0\DR0\Partition0
07:25:16.0885 119884 ============================================================
07:25:16.0885 119884 Initialize success
07:25:16.0885 119884 ============================================================
07:28:19.0707 120796 ============================================================
07:28:19.0707 120796 Scan started
07:28:19.0707 120796 Mode: Manual; TDLFS;
07:28:19.0707 120796 ============================================================
07:28:21.0192 120796 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
07:28:21.0196 120796 !SASCORE - ok
07:28:21.0333 120796 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
07:28:21.0340 120796 ACPI - ok
07:28:21.0446 120796 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:28:21.0450 120796 AdobeFlashPlayerUpdateSvc - ok
07:28:21.0532 120796 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
07:28:21.0546 120796 adp94xx - ok
07:28:21.0587 120796 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
07:28:21.0592 120796 adpahci - ok
07:28:21.0614 120796 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
07:28:21.0617 120796 adpu160m - ok
07:28:21.0632 120796 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
07:28:21.0636 120796 adpu320 - ok
07:28:21.0674 120796 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
07:28:21.0675 120796 AeLookupSvc - ok
07:28:21.0716 120796 AERTFilters (0d7a11395c0a33d9e7587cdb9866efad) C:\Windows\system32\AERTSr64.exe
07:28:21.0718 120796 AERTFilters - ok
07:28:21.0755 120796 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
07:28:21.0761 120796 AFD - ok
07:28:21.0799 120796 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
07:28:21.0801 120796 agp440 - ok
07:28:21.0812 120796 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
07:28:21.0815 120796 aic78xx - ok
07:28:21.0827 120796 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
07:28:21.0829 120796 ALG - ok
07:28:21.0848 120796 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
07:28:21.0849 120796 aliide - ok
07:28:21.0855 120796 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
07:28:21.0857 120796 amdide - ok
07:28:21.0870 120796 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
07:28:21.0937 120796 AmdK8 - ok
07:28:22.0013 120796 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
07:28:22.0015 120796 Appinfo - ok
07:28:22.0112 120796 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:28:22.0114 120796 Apple Mobile Device - ok
07:28:22.0229 120796 Application Updater (0805ecf10476a091999e4d59d0db71a2) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
07:28:22.0239 120796 Application Updater - ok
07:28:22.0292 120796 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
07:28:22.0296 120796 arc - ok
07:28:22.0315 120796 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
07:28:22.0364 120796 arcsas - ok
07:28:22.0407 120796 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
07:28:22.0410 120796 AsyncMac - ok
07:28:22.0427 120796 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
07:28:22.0429 120796 atapi - ok
07:28:22.0477 120796 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
07:28:22.0483 120796 AudioEndpointBuilder - ok
07:28:22.0490 120796 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
07:28:22.0495 120796 AudioSrv - ok
07:28:22.0600 120796 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
07:28:22.0604 120796 AVG Security Toolbar Service - ok
07:28:22.0652 120796 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
07:28:22.0655 120796 Avgfwfd - ok
07:28:22.0806 120796 avgfws (5cd22eb540f82c70e33e530003f3903b) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
07:28:22.0843 120796 avgfws - ok
07:28:23.0062 120796 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
07:28:23.0126 120796 AVGIDSAgent - ok
07:28:23.0247 120796 AVGIDSDriver (fa46adf6e497cf185160f09e603ce2a3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
07:28:23.0251 120796 AVGIDSDriver - ok
07:28:23.0277 120796 AVGIDSEH (d6b93e5d8b96a66f55a4d2ee7f24667c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
07:28:23.0281 120796 AVGIDSEH - ok
07:28:23.0301 120796 AVGIDSFilter (ff6551f1ab0da3b30c9dec923f21b504) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
07:28:23.0303 120796 AVGIDSFilter - ok
07:28:23.0327 120796 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
07:28:23.0333 120796 Avgldx64 - ok
07:28:23.0359 120796 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
07:28:23.0363 120796 Avgmfx64 - ok
07:28:23.0372 120796 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
07:28:23.0375 120796 Avgrkx64 - ok
07:28:23.0412 120796 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
07:28:23.0419 120796 Avgtdia - ok
07:28:23.0496 120796 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
07:28:23.0499 120796 avgwd - ok
07:28:23.0518 120796 Beep - ok
07:28:23.0577 120796 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
07:28:23.0585 120796 BFE - ok
07:28:23.0656 120796 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
07:28:23.0684 120796 BITS - ok
07:28:23.0723 120796 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
07:28:23.0793 120796 blbdrive - ok
07:28:23.0911 120796 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
07:28:23.0915 120796 Bonjour Service - ok
07:28:23.0939 120796 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
07:28:23.0943 120796 bowser - ok
07:28:23.0976 120796 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
07:28:24.0031 120796 BrFiltLo - ok
07:28:24.0066 120796 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
07:28:24.0125 120796 BrFiltUp - ok
07:28:24.0173 120796 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
07:28:24.0176 120796 Browser - ok
07:28:24.0191 120796 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
07:28:24.0343 120796 Brserid - ok
07:28:24.0379 120796 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
07:28:24.0438 120796 BrSerWdm - ok
07:28:24.0476 120796 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
07:28:24.0521 120796 BrUsbMdm - ok
07:28:24.0556 120796 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
07:28:24.0591 120796 BrUsbSer - ok
07:28:24.0641 120796 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
07:28:24.0697 120796 BTHMODEM - ok
07:28:24.0768 120796 CAXHWBS2 (6c2dd66a3db32450d661ba89b18b1941) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
07:28:24.0836 120796 CAXHWBS2 - ok
07:28:24.0873 120796 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
07:28:24.0876 120796 cdfs - ok
07:28:24.0901 120796 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
07:28:24.0960 120796 cdrom - ok
07:28:25.0017 120796 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
07:28:25.0019 120796 CertPropSvc - ok
07:28:25.0041 120796 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
07:28:25.0130 120796 circlass - ok
07:28:25.0183 120796 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
07:28:25.0189 120796 CLFS - ok
07:28:25.0250 120796 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:28:25.0253 120796 clr_optimization_v2.0.50727_32 - ok
07:28:25.0304 120796 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:28:25.0307 120796 clr_optimization_v2.0.50727_64 - ok
07:28:25.0372 120796 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:28:25.0397 120796 clr_optimization_v4.0.30319_32 - ok
07:28:25.0427 120796 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:28:25.0449 120796 clr_optimization_v4.0.30319_64 - ok
07:28:25.0472 120796 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
07:28:25.0475 120796 cmdide - ok
07:28:25.0490 120796 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
07:28:25.0493 120796 Compbatt - ok
07:28:25.0499 120796 COMSysApp - ok
07:28:25.0512 120796 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
07:28:25.0515 120796 crcdisk - ok
07:28:25.0550 120796 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
07:28:25.0554 120796 CryptSvc - ok
07:28:25.0608 120796 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
07:28:25.0622 120796 DcomLaunch - ok
07:28:25.0650 120796 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
07:28:25.0653 120796 DfsC - ok
07:28:25.0806 120796 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
07:28:25.0859 120796 DFSR - ok
07:28:25.0960 120796 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
07:28:25.0965 120796 Dhcp - ok
07:28:26.0002 120796 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
07:28:26.0005 120796 disk - ok
07:28:26.0035 120796 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
07:28:26.0039 120796 Dnscache - ok
07:28:26.0116 120796 DockLoginService (db29915209770d8b59654345ec2d943a) C:\Program Files\Dell\DellDock\DockLogin.exe
07:28:26.0119 120796 DockLoginService - ok
07:28:26.0149 120796 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
07:28:26.0154 120796 dot3svc - ok
07:28:26.0181 120796 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
07:28:26.0247 120796 Dot4 - ok
07:28:26.0298 120796 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
07:28:26.0353 120796 Dot4Print - ok
07:28:26.0387 120796 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
07:28:26.0418 120796 dot4usb - ok
07:28:26.0473 120796 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
07:28:26.0476 120796 DPS - ok
07:28:26.0506 120796 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
07:28:26.0509 120796 drmkaud - ok
07:28:26.0561 120796 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
07:28:26.0576 120796 DXGKrnl - ok
07:28:26.0608 120796 e1express (a458e7d986f51c827640f5d1f1e886e4) C:\Windows\system32\DRIVERS\e1e6032e.sys
07:28:26.0615 120796 e1express - ok
07:28:26.0640 120796 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
07:28:26.0678 120796 E1G60 - ok
07:28:26.0717 120796 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
07:28:26.0720 120796 EapHost - ok
07:28:26.0757 120796 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
07:28:26.0761 120796 Ecache - ok
07:28:26.0804 120796 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
07:28:26.0810 120796 ehRecvr - ok
07:28:26.0824 120796 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
07:28:26.0828 120796 ehSched - ok
07:28:26.0848 120796 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
07:28:26.0849 120796 ehstart - ok
07:28:26.0876 120796 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
07:28:26.0884 120796 elxstor - ok
07:28:26.0926 120796 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
07:28:26.0933 120796 EMDMgmt - ok
07:28:26.0950 120796 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
07:28:26.0954 120796 ErrDev - ok
07:28:26.0992 120796 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
07:28:26.0998 120796 EventSystem - ok
07:28:27.0037 120796 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
07:28:27.0042 120796 exfat - ok
07:28:27.0085 120796 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
07:28:27.0090 120796 fastfat - ok
07:28:27.0116 120796 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
07:28:27.0159 120796 fdc - ok
07:28:27.0206 120796 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
07:28:27.0209 120796 fdPHost - ok
07:28:27.0220 120796 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
07:28:27.0222 120796 FDResPub - ok
07:28:27.0238 120796 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
07:28:27.0246 120796 FileInfo - ok
07:28:27.0271 120796 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
07:28:27.0274 120796 Filetrace - ok
07:28:27.0289 120796 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
07:28:27.0292 120796 flpydisk - ok
07:28:27.0347 120796 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
07:28:27.0353 120796 FltMgr - ok
07:28:27.0432 120796 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
07:28:27.0451 120796 FontCache - ok
07:28:27.0501 120796 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:28:27.0503 120796 FontCache3.0.0.0 - ok
07:28:27.0536 120796 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
07:28:27.0539 120796 fssfltr - ok
07:28:27.0678 120796 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
07:28:27.0701 120796 fsssvc - ok
07:28:27.0785 120796 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
07:28:27.0787 120796 Fs_Rec - ok
07:28:27.0821 120796 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
07:28:27.0824 120796 gagp30kx - ok
07:28:27.0904 120796 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
07:28:27.0908 120796 GamesAppService - ok
07:28:27.0942 120796 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:28:27.0945 120796 GEARAspiWDM - ok
07:28:28.0001 120796 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
07:28:28.0013 120796 gpsvc - ok
07:28:28.0075 120796 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:28:28.0077 120796 gupdate - ok
07:28:28.0092 120796 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:28:28.0094 120796 gupdatem - ok
07:28:28.0153 120796 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:28:28.0201 120796 HDAudBus - ok
07:28:28.0258 120796 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
07:28:28.0316 120796 HidBth - ok
07:28:28.0365 120796 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
07:28:28.0397 120796 HidIr - ok
07:28:28.0440 120796 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
07:28:28.0443 120796 hidserv - ok
07:28:28.0460 120796 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
07:28:28.0463 120796 HidUsb - ok
07:28:28.0484 120796 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
07:28:28.0488 120796 hkmsvc - ok
07:28:28.0517 120796 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
07:28:28.0520 120796 HpCISSs - ok
07:28:28.0586 120796 hpqcxs08 (ce0fcec4d4d860f36d972759b11eaf0f) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
07:28:28.0591 120796 hpqcxs08 - ok
07:28:28.0627 120796 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
07:28:28.0630 120796 hpqddsvc - ok
07:28:29.0050 120796 HSF_DPV (60f1d0ede7ae2b92b3a8886e825b7147) C:\Windows\system32\DRIVERS\CAX_DPV.sys
07:28:29.0132 120796 HSF_DPV - ok
07:28:29.0472 120796 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
07:28:29.0481 120796 HTTP - ok
07:28:29.0520 120796 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
07:28:29.0522 120796 i2omp - ok
07:28:29.0557 120796 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
07:28:29.0606 120796 i8042prt - ok
07:28:29.0652 120796 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
07:28:29.0657 120796 iaStorV - ok
07:28:29.0746 120796 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:28:29.0757 120796 idsvc - ok
07:28:30.0027 120796 igfx (50f15f9aee2e7692dfe58917e2d40498) C:\Windows\system32\DRIVERS\igdkmd64.sys
07:28:30.0168 120796 igfx - ok
07:28:30.0278 120796 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
07:28:30.0281 120796 iirsp - ok
07:28:30.0319 120796 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
07:28:30.0328 120796 IKEEXT - ok
07:28:30.0431 120796 IntcAzAudAddService (b3fb479a7c0626499eb5989bc087cf8d) C:\Windows\system32\drivers\RTKVHD64.sys
07:28:30.0505 120796 IntcAzAudAddService - ok
07:28:30.0612 120796 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
07:28:30.0615 120796 intelide - ok
07:28:30.0628 120796 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
07:28:30.0676 120796 intelppm - ok
07:28:30.0727 120796 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
07:28:30.0731 120796 IPBusEnum - ok
07:28:30.0758 120796 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:28:30.0762 120796 IpFilterDriver - ok
07:28:30.0799 120796 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
07:28:30.0804 120796 iphlpsvc - ok
07:28:30.0810 120796 IpInIp - ok
07:28:30.0837 120796 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
07:28:30.0841 120796 IPMIDRV - ok
07:28:30.0866 120796 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
07:28:30.0870 120796 IPNAT - ok
07:28:30.0968 120796 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
07:28:30.0982 120796 iPod Service - ok
07:28:31.0009 120796 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
07:28:31.0011 120796 IRENUM - ok
07:28:31.0032 120796 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
07:28:31.0034 120796 isapnp - ok
07:28:31.0070 120796 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
07:28:31.0076 120796 iScsiPrt - ok
07:28:31.0086 120796 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
07:28:31.0089 120796 iteatapi - ok
07:28:31.0104 120796 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
07:28:31.0107 120796 iteraid - ok
07:28:31.0121 120796 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
07:28:31.0124 120796 kbdclass - ok
07:28:31.0137 120796 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
07:28:31.0140 120796 kbdhid - ok
07:28:31.0163 120796 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
07:28:31.0166 120796 KeyIso - ok
07:28:31.0220 120796 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
07:28:31.0230 120796 KSecDD - ok
07:28:31.0263 120796 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
07:28:31.0266 120796 ksthunk - ok
07:28:31.0314 120796 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
07:28:31.0322 120796 KtmRm - ok
07:28:31.0355 120796 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
07:28:31.0361 120796 LanmanServer - ok
07:28:31.0396 120796 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
07:28:31.0403 120796 LanmanWorkstation - ok
07:28:31.0512 120796 LBTServ (7cdb827d183c3a29edac9e62e399488a) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
07:28:31.0515 120796 LBTServ - ok
07:28:31.0563 120796 LHidFilt (83e05435f4d2c0f0a1fd74c41ded44e5) C:\Windows\system32\DRIVERS\LHidFilt.Sys
07:28:31.0566 120796 LHidFilt - ok
07:28:31.0586 120796 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
07:28:31.0589 120796 lltdio - ok
07:28:31.0625 120796 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
07:28:31.0632 120796 lltdsvc - ok
07:28:31.0657 120796 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
07:28:31.0660 120796 lmhosts - ok
07:28:31.0667 120796 LMouFilt (abcbc7271c33567d686c91cf690cf2eb) C:\Windows\system32\DRIVERS\LMouFilt.Sys
07:28:31.0697 120796 LMouFilt - ok
07:28:31.0749 120796 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
07:28:31.0754 120796 LSI_FC - ok
07:28:31.0771 120796 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
07:28:31.0775 120796 LSI_SAS - ok
07:28:31.0790 120796 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
07:28:31.0795 120796 LSI_SCSI - ok
07:28:31.0808 120796 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
07:28:31.0812 120796 luafv - ok
07:28:31.0840 120796 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
07:28:31.0842 120796 MBAMProtector - ok
07:28:31.0923 120796 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
07:28:31.0934 120796 MBAMService - ok
07:28:31.0957 120796 MCSTRM - ok
07:28:31.0993 120796 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
07:28:31.0997 120796 Mcx2Svc - ok
07:28:32.0024 120796 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
07:28:32.0070 120796 mdmxsdk - ok
07:28:32.0121 120796 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
07:28:32.0124 120796 megasas - ok
07:28:32.0161 120796 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
07:28:32.0169 120796 MegaSR - ok
07:28:32.0185 120796 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
07:28:32.0188 120796 MMCSS - ok
07:28:32.0205 120796 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
07:28:32.0208 120796 Modem - ok
07:28:32.0223 120796 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
07:28:32.0226 120796 monitor - ok
07:28:32.0248 120796 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
07:28:32.0251 120796 mouclass - ok
07:28:32.0279 120796 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
07:28:32.0280 120796 mouhid - ok
07:28:32.0288 120796 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
07:28:32.0291 120796 MountMgr - ok
07:28:32.0317 120796 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
07:28:32.0320 120796 mpio - ok
07:28:32.0343 120796 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
07:28:32.0345 120796 mpsdrv - ok
07:28:32.0387 120796 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
07:28:32.0394 120796 MpsSvc - ok
07:28:32.0406 120796 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
07:28:32.0408 120796 Mraid35x - ok
07:28:32.0426 120796 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
07:28:32.0429 120796 MRxDAV - ok
07:28:32.0465 120796 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:28:32.0468 120796 mrxsmb - ok
07:28:32.0508 120796 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:28:32.0512 120796 mrxsmb10 - ok
07:28:32.0527 120796 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:28:32.0529 120796 mrxsmb20 - ok
07:28:32.0576 120796 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
07:28:32.0577 120796 msahci - ok
07:28:32.0629 120796 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
07:28:32.0633 120796 msdsm - ok
07:28:32.0675 120796 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
07:28:32.0679 120796 MSDTC - ok
07:28:32.0720 120796 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
07:28:32.0723 120796 Msfs - ok
07:28:32.0742 120796 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
07:28:32.0744 120796 msisadrv - ok
07:28:32.0777 120796 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
07:28:32.0780 120796 MSiSCSI - ok
07:28:32.0790 120796 msiserver - ok
07:28:32.0816 120796 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
07:28:32.0818 120796 MSKSSRV - ok
07:28:32.0836 120796 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
07:28:32.0838 120796 MSPCLOCK - ok
07:28:32.0860 120796 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
07:28:32.0862 120796 MSPQM - ok
07:28:32.0992 120796 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
07:28:32.0997 120796 MsRPC - ok
07:28:33.0038 120796 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
07:28:33.0040 120796 mssmbios - ok
07:28:33.0058 120796 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
07:28:33.0060 120796 MSTEE - ok
07:28:33.0076 120796 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
07:28:33.0079 120796 Mup - ok
07:28:33.0126 120796 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
07:28:33.0134 120796 napagent - ok
07:28:33.0174 120796 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
07:28:33.0178 120796 NativeWifiP - ok
07:28:33.0244 120796 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
07:28:33.0257 120796 NDIS - ok
07:28:33.0286 120796 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
07:28:33.0288 120796 NdisTapi - ok
07:28:33.0306 120796 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
07:28:33.0308 120796 Ndisuio - ok
07:28:33.0341 120796 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
07:28:33.0344 120796 NdisWan - ok
07:28:33.0354 120796 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
07:28:33.0356 120796 NDProxy - ok
07:28:33.0394 120796 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
07:28:33.0396 120796 Net Driver HPZ12 - ok
07:28:33.0405 120796 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
07:28:33.0407 120796 NetBIOS - ok
07:28:33.0432 120796 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
07:28:33.0436 120796 netbt - ok
07:28:33.0471 120796 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
07:28:33.0473 120796 Netlogon - ok
07:28:33.0508 120796 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
07:28:33.0514 120796 Netman - ok
07:28:33.0537 120796 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
07:28:33.0542 120796 netprofm - ok
07:28:33.0587 120796 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:28:33.0589 120796 NetTcpPortSharing - ok
07:28:33.0631 120796 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
07:28:33.0634 120796 nfrd960 - ok
07:28:33.0660 120796 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
07:28:33.0664 120796 NlaSvc - ok
07:28:33.0690 120796 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
07:28:33.0692 120796 Npfs - ok
07:28:33.0708 120796 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
07:28:33.0710 120796 nsi - ok
07:28:33.0728 120796 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
07:28:33.0730 120796 nsiproxy - ok
07:28:33.0831 120796 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
07:28:33.0853 120796 Ntfs - ok
07:28:33.0980 120796 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
07:28:33.0982 120796 Null - ok
07:28:34.0014 120796 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
07:28:34.0018 120796 nvraid - ok
07:28:34.0050 120796 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
07:28:34.0053 120796 nvstor - ok
07:28:34.0099 120796 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
07:28:34.0103 120796 nv_agp - ok
07:28:34.0109 120796 NwlnkFlt - ok
07:28:34.0118 120796 NwlnkFwd - ok
07:28:34.0148 120796 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
07:28:34.0198 120796 ohci1394 - ok
07:28:34.0272 120796 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
07:28:34.0288 120796 p2pimsvc - ok
07:28:34.0306 120796 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
07:28:34.0317 120796 p2psvc - ok
07:28:34.0337 120796 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
07:28:34.0398 120796 Parport - ok
07:28:34.0474 120796 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
07:28:34.0477 120796 partmgr - ok
07:28:34.0507 120796 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
07:28:34.0511 120796 PcaSvc - ok
07:28:34.0549 120796 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
07:28:34.0554 120796 pci - ok
07:28:34.0577 120796 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
07:28:34.0579 120796 pciide - ok
07:28:34.0612 120796 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
07:28:34.0617 120796 pcmcia - ok
07:28:34.0660 120796 PCTCore (d48bd0ff27afb97005b33c9b6d26da3f) C:\Windows\system32\drivers\PCTCore64.sys
07:28:34.0667 120796 PCTCore - ok
07:28:34.0713 120796 pctDS (1335454528adfa13e1d3c4fa3fdbdc42) C:\Windows\system32\drivers\pctDS64.sys
07:28:34.0722 120796 pctDS - ok
07:28:34.0797 120796 pctEFA (df2a2505f17319dada4b204688cec0c2) C:\Windows\system32\drivers\pctEFA64.sys
07:28:34.0816 120796 pctEFA - ok
07:28:34.0864 120796 pctgntdi (c99a3ee29f23a5d61bd127b48ac9a64e) C:\Windows\System32\drivers\pctgntdi64.sys
07:28:34.0871 120796 pctgntdi - ok
07:28:34.0914 120796 pctplsg (73ed285bdce37b3ab69cc5a371bf3010) C:\Windows\System32\drivers\pctplsg64.sys
07:28:34.0918 120796 pctplsg - ok
07:28:34.0949 120796 PCTSD (13635ffcaeebddbe2ca93b1218d8331f) C:\Windows\system32\Drivers\PCTSD64.sys
07:28:34.0955 120796 PCTSD - ok
07:28:35.0005 120796 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
07:28:35.0018 120796 PEAUTH - ok
07:28:35.0074 120796 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
07:28:35.0076 120796 PerfHost - ok
07:28:35.0175 120796 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
07:28:35.0200 120796 pla - ok
07:28:35.0239 120796 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
07:28:35.0246 120796 PlugPlay - ok
07:28:35.0280 120796 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
07:28:35.0283 120796 Pml Driver HPZ12 - ok
07:28:35.0338 120796 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
07:28:35.0349 120796 PNRPAutoReg - ok
07:28:35.0366 120796 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
07:28:35.0377 120796 PNRPsvc - ok
07:28:35.0408 120796 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
07:28:35.0418 120796 PolicyAgent - ok
07:28:35.0464 120796 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
07:28:35.0468 120796 PptpMiniport - ok
07:28:35.0495 120796 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
07:28:35.0530 120796 Processor - ok
07:28:35.0579 120796 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
07:28:35.0585 120796 ProfSvc - ok
07:28:35.0646 120796 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
07:28:35.0648 120796 ProtectedStorage - ok
07:28:35.0711 120796 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
07:28:35.0713 120796 PSched - ok
07:28:35.0758 120796 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
07:28:35.0761 120796 PxHlpa64 - ok
07:28:35.0818 120796 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
07:28:35.0850 120796 ql2300 - ok
07:28:35.0864 120796 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
07:28:35.0868 120796 ql40xx - ok
07:28:35.0898 120796 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
07:28:35.0905 120796 QWAVE - ok
07:28:35.0918 120796 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
07:28:35.0920 120796 QWAVEdrv - ok
07:28:36.0020 120796 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
07:28:36.0101 120796 R300 - ok
07:28:36.0200 120796 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
07:28:36.0202 120796 RasAcd - ok
07:28:36.0225 120796 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
07:28:36.0228 120796 RasAuto - ok
07:28:36.0260 120796 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:28:36.0263 120796 Rasl2tp - ok
07:28:36.0282 120796 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
07:28:36.0287 120796 RasMan - ok
07:28:36.0314 120796 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
07:28:36.0316 120796 RasPppoe - ok
07:28:36.0344 120796 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
07:28:36.0347 120796 RasSstp - ok
07:28:36.0377 120796 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
07:28:36.0381 120796 rdbss - ok
07:28:36.0405 120796 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:28:36.0406 120796 RDPCDD - ok
07:28:36.0433 120796 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
07:28:36.0517 120796 rdpdr - ok
07:28:36.0522 120796 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
07:28:36.0526 120796 RDPENCDD - ok
07:28:36.0582 120796 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
07:28:36.0586 120796 RDPWD - ok
07:28:36.0608 120796 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
07:28:36.0611 120796 RemoteAccess - ok
07:28:36.0648 120796 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
07:28:36.0653 120796 RemoteRegistry - ok
07:28:36.0661 120796 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
07:28:36.0663 120796 RpcLocator - ok
07:28:36.0712 120796 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
07:28:36.0720 120796 RpcSs - ok
07:28:36.0738 120796 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
07:28:36.0741 120796 rspndr - ok
07:28:36.0771 120796 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
07:28:36.0773 120796 SamSs - ok
07:28:36.0847 120796 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
07:28:36.0848 120796 SASDIFSV - ok
07:28:36.0855 120796 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
07:28:36.0856 120796 SASKUTIL - ok
07:28:36.0875 120796 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
07:28:36.0879 120796 sbp2port - ok
07:28:36.0912 120796 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
07:28:36.0917 120796 SCardSvr - ok
07:28:36.0984 120796 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
07:28:37.0000 120796 Schedule - ok
07:28:37.0024 120796 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
07:28:37.0026 120796 SCPolicySvc - ok
07:28:37.0084 120796 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
07:28:37.0091 120796 sdAuxService - ok
07:28:37.0155 120796 sdCoreService (32828691ef6e3e1cd0c32fbe8617763e) C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
07:28:37.0173 120796 sdCoreService - ok
07:28:37.0254 120796 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
07:28:37.0260 120796 SDRSVC - ok
07:28:37.0319 120796 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
07:28:37.0323 120796 SeaPort - ok
07:28:37.0334 120796 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
07:28:37.0338 120796 seclogon - ok
07:28:37.0355 120796 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
07:28:37.0359 120796 SENS - ok
07:28:37.0393 120796 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
07:28:37.0430 120796 Serenum - ok
07:28:37.0467 120796 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
07:28:37.0500 120796 Serial - ok
07:28:37.0547 120796 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
07:28:37.0578 120796 sermouse - ok
07:28:37.0639 120796 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
07:28:37.0644 120796 SessionEnv - ok
07:28:37.0662 120796 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
07:28:37.0698 120796 sffdisk - ok
07:28:37.0739 120796 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
07:28:37.0788 120796 sffp_mmc - ok
07:28:37.0821 120796 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
07:28:37.0857 120796 sffp_sd - ok
07:28:37.0902 120796 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
07:28:37.0932 120796 sfloppy - ok
07:28:37.0993 120796 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
07:28:38.0000 120796 SharedAccess - ok
07:28:38.0040 120796 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
07:28:38.0047 120796 ShellHWDetection - ok
07:28:38.0072 120796 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
07:28:38.0075 120796 SiSRaid2 - ok
07:28:38.0089 120796 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
07:28:38.0093 120796 SiSRaid4 - ok
07:28:38.0148 120796 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
07:28:38.0152 120796 SkypeUpdate - ok
07:28:38.0280 120796 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
07:28:38.0320 120796 slsvc - ok
07:28:38.0401 120796 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
07:28:38.0406 120796 SLUINotify - ok
07:28:38.0440 120796 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
07:28:38.0443 120796 Smb - ok
07:28:38.0468 120796 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
07:28:38.0472 120796 SNMPTRAP - ok
07:28:38.0485 120796 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
07:28:38.0488 120796 spldr - ok
07:28:38.0530 120796 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
07:28:38.0535 120796 Spooler - ok
07:28:38.0614 120796 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
07:28:38.0622 120796 srv - ok
07:28:38.0647 120796 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
07:28:38.0651 120796 srv2 - ok
07:28:38.0666 120796 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
07:28:38.0671 120796 srvnet - ok
07:28:38.0683 120796 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
07:28:38.0690 120796 SSDPSRV - ok
07:28:38.0722 120796 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
07:28:38.0727 120796 SstpSvc - ok
07:28:38.0755 120796 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
07:28:38.0784 120796 StillCam - ok
07:28:38.0850 120796 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
07:28:38.0862 120796 stisvc - ok
07:28:38.0924 120796 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
07:28:38.0927 120796 stllssvr - ok
07:28:38.0955 120796 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
07:28:38.0957 120796 swenum - ok
07:28:39.0005 120796 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
07:28:39.0015 120796 swprv - ok
07:28:39.0028 120796 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
07:28:39.0031 120796 Symc8xx - ok
07:28:39.0043 120796 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
07:28:39.0046 120796 Sym_hi - ok
07:28:39.0060 120796 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
07:28:39.0063 120796 Sym_u3 - ok
07:28:39.0117 120796 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
07:28:39.0133 120796 SysMain - ok
07:28:39.0162 120796 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
07:28:39.0167 120796 TabletInputService - ok
07:28:39.0211 120796 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
07:28:39.0219 120796 TapiSrv - ok
07:28:39.0235 120796 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
07:28:39.0240 120796 TBS - ok
07:28:39.0325 120796 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
07:28:39.0349 120796 Tcpip - ok
07:28:39.0372 120796 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
07:28:39.0387 120796 Tcpip6 - ok
07:28:39.0434 120796 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
07:28:39.0437 120796 tcpipreg - ok
07:28:39.0467 120796 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
07:28:39.0470 120796 TDPIPE - ok
07:28:39.0500 120796 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
07:28:39.0533 120796 TDTCP - ok
07:28:39.0806 120796 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
07:28:39.0811 120796 tdx - ok
07:28:39.0853 120796 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
07:28:39.0876 120796 TermDD - ok
07:28:39.0940 120796 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
07:28:39.0952 120796 TermService - ok
07:28:39.0980 120796 TfFsMon (9cd5c339754e2310790ca27dbbd31f88) C:\Windows\system32\drivers\TfFsMon.sys
07:28:39.0982 120796 TfFsMon - ok
07:28:40.0017 120796 TfNetMon (00809507fafa1be93dbbace5029f27bb) C:\Windows\system32\drivers\TfNetMon.sys
07:28:40.0020 120796 TfNetMon - ok
07:28:40.0136 120796 TFSysMon (3593a7b1264fba24fe9e097a99b3e848) C:\Windows\system32\drivers\TfSysMon.sys
07:28:40.0145 120796 TFSysMon - ok
07:28:40.0188 120796 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
07:28:40.0191 120796 Themes - ok
07:28:40.0217 120796 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
07:28:40.0219 120796 THREADORDER - ok
07:28:40.0262 120796 ThreatFire - ok
07:28:40.0288 120796 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
07:28:40.0292 120796 TrkWks - ok
07:28:40.0314 120796 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
07:28:40.0316 120796 TrustedInstaller - ok
07:28:40.0340 120796 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:28:40.0342 120796 tssecsrv - ok
07:28:40.0362 120796 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
07:28:40.0364 120796 tunmp - ok
07:28:40.0388 120796 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
07:28:40.0390 120796 tunnel - ok
07:28:40.0407 120796 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
07:28:40.0410 120796 uagp35 - ok
07:28:40.0445 120796 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
07:28:40.0450 120796 udfs - ok
07:28:40.0467 120796 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
07:28:40.0470 120796 UI0Detect - ok
07:28:40.0486 120796 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
07:28:40.0489 120796 uliagpkx - ok
07:28:40.0509 120796 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
07:28:40.0514 120796 uliahci - ok
07:28:40.0530 120796 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
07:28:40.0534 120796 UlSata - ok
07:28:40.0559 120796 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
07:28:40.0563 120796 ulsata2 - ok
07:28:40.0575 120796 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
07:28:40.0607 120796 umbus - ok
07:28:40.0675 120796 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
07:28:40.0682 120796 upnphost - ok
07:28:40.0711 120796 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
07:28:40.0798 120796 USBAAPL64 - ok
07:28:40.0833 120796 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
07:28:40.0873 120796 usbccgp - ok
07:28:40.0912 120796 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
07:28:40.0967 120796 usbcir - ok
07:28:41.0017 120796 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
07:28:41.0051 120796 usbehci - ok
07:28:41.0109 120796 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
07:28:41.0115 120796 usbhub - ok
07:28:41.0132 120796 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
07:28:41.0205 120796 usbohci - ok
07:28:41.0238 120796 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
07:28:41.0241 120796 usbprint - ok
07:28:41.0254 120796 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
07:28:41.0257 120796 usbscan - ok
07:28:41.0284 120796 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:28:41.0322 120796 USBSTOR - ok
07:28:41.0359 120796 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
07:28:41.0362 120796 usbuhci - ok
07:28:41.0393 120796 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
07:28:41.0397 120796 UxSms - ok
07:28:41.0438 120796 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
07:28:41.0449 120796 vds - ok
07:28:41.0472 120796 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
07:28:41.0515 120796 vga - ok
07:28:41.0553 120796 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
07:28:41.0555 120796 VgaSave - ok
07:28:41.0570 120796 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
07:28:41.0572 120796 viaide - ok
07:28:41.0600 120796 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
07:28:41.0602 120796 volmgr - ok
07:28:41.0634 120796 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
07:28:41.0640 120796 volmgrx - ok
07:28:41.0678 120796 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
07:28:41.0682 120796 volsnap - ok
07:28:41.0704 120796 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
07:28:41.0708 120796 vsmraid - ok
07:28:41.0773 120796 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
07:28:41.0794 120796 VSS - ok
07:28:41.0908 120796 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
07:28:41.0920 120796 vToolbarUpdater11.2.0 - ok
07:28:42.0022 120796 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
07:28:42.0029 120796 W32Time - ok
07:28:42.0071 120796 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
07:28:42.0121 120796 WacomPen - ok
07:28:42.0171 120796 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
07:28:42.0174 120796 Wanarp - ok
07:28:42.0181 120796 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
07:28:42.0183 120796 Wanarpv6 - ok
07:28:42.0234 120796 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
07:28:42.0244 120796 wcncsvc - ok
07:28:42.0268 120796 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
07:28:42.0272 120796 WcsPlugInService - ok
07:28:42.0290 120796 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
07:28:42.0292 120796 Wd - ok
07:28:42.0336 120796 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
07:28:42.0349 120796 Wdf01000 - ok
07:28:42.0365 120796 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
07:28:42.0369 120796 WdiServiceHost - ok
07:28:42.0375 120796 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
07:28:42.0378 120796 WdiSystemHost - ok
07:28:42.0400 120796 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
07:28:42.0406 120796 WebClient - ok
07:28:42.0440 120796 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
07:28:42.0445 120796 Wecsvc - ok
07:28:42.0463 120796 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
07:28:42.0468 120796 wercplsupport - ok
07:28:42.0484 120796 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
07:28:42.0489 120796 WerSvc - ok
07:28:42.0572 120796 winachsf (a53cde6beea165fe9b430476eede3c54) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
07:28:42.0636 120796 winachsf - ok
07:28:42.0711 120796 WinDefend - ok
07:28:42.0725 120796 WinHttpAutoProxySvc - ok
07:28:42.0782 120796 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
07:28:42.0787 120796 Winmgmt - ok
07:28:42.0925 120796 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
07:28:42.0984 120796 WinRM - ok
07:28:43.0091 120796 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
07:28:43.0104 120796 Wlansvc - ok
07:28:43.0252 120796 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:28:43.0287 120796 wlidsvc - ok
07:28:43.0381 120796 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
07:28:43.0441 120796 WmiAcpi - ok
07:28:43.0513 120796 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
07:28:43.0517 120796 wmiApSrv - ok
07:28:43.0538 120796 WMPNetworkSvc - ok
07:28:43.0579 120796 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
07:28:43.0586 120796 WPCSvc - ok
07:28:43.0613 120796 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
07:28:43.0619 120796 WPDBusEnum - ok
07:28:43.0753 120796 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:28:43.0770 120796 WPFFontCache_v0400 - ok
07:28:43.0799 120796 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
07:28:43.0802 120796 ws2ifsl - ok
07:28:43.0830 120796 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
07:28:43.0835 120796 wscsvc - ok
07:28:43.0842 120796 WSearch - ok
07:28:43.0971 120796 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
07:28:44.0012 120796 wuauserv - ok
07:28:44.0121 120796 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:28:44.0125 120796 WUDFRd - ok
07:28:44.0150 120796 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
07:28:44.0155 120796 wudfsvc - ok
07:28:44.0183 120796 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
07:28:44.0217 120796 XAudio - ok
07:28:44.0266 120796 XAudioService (963c27034bba4ac52a13f7a3c657c708) C:\Windows\system32\DRIVERS\xaudio64.exe
07:28:44.0273 120796 XAudioService - ok
07:28:44.0366 120796 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
07:28:44.0376 120796 YahooAUService - ok
07:28:44.0404 120796 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
07:28:44.0462 120796 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
07:28:44.0462 120796 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
07:28:44.0509 120796 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
07:28:44.0509 120796 \Device\Harddisk0\DR0 - detected TDSS File System (1)
07:28:44.0542 120796 Boot (0x1200) (9cb736b8eba99aab8217ff23d8e60310) \Device\Harddisk0\DR0\Partition0
07:28:44.0544 120796 \Device\Harddisk0\DR0\Partition0 - ok
07:28:44.0550 120796 Boot (0x1200) (99fd39222fbeed53c673f6ea1e9c9379) \Device\Harddisk0\DR0\Partition1
07:28:44.0553 120796 \Device\Harddisk0\DR0\Partition1 - ok
07:28:44.0554 120796 ============================================================
07:28:44.0554 120796 Scan finished
07:28:44.0554 120796 ============================================================
07:28:44.0575 119680 Detected object count: 2
07:28:44.0575 119680 Actual detected object count: 2
07:44:24.0175 119680 \Device\Harddisk0\DR0\# - copied to quarantine
07:44:24.0176 119680 \Device\Harddisk0\DR0 - copied to quarantine
07:44:24.0458 119680 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
07:44:24.0470 119680 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
07:44:24.0489 119680 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
07:44:24.0579 119680 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
07:44:24.0676 119680 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
07:44:24.0838 119680 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
07:44:24.0841 119680 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
07:44:24.0843 119680 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
07:44:24.0846 119680 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
07:44:24.0850 119680 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
07:44:24.0869 119680 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
07:44:24.0871 119680 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
07:44:24.0879 119680 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
07:44:25.0021 119680 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
07:44:25.0039 119680 \Device\Harddisk0\DR0 - ok
07:44:26.0062 119680 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
07:44:26.0062 119680 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:44:26.0063 119680 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
07:45:45.0907 120600 Deinitialize success

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:20 PM

Posted 05 August 2012 - 08:55 AM

Restart the PC and run ASWMBR once again.If you still receive bluescreen run it in safemode

07:44:26.0063 119680 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Make sure to delete it,do not skip

#5 VaMaster54 - Mike

VaMaster54 - Mike
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centreville, Winchester, VIRGINIA
  • Local time:05:20 PM

Posted 05 August 2012 - 09:18 AM

Should i let ESET finsih and post the results or run in the order listed. ESET is about half finished with 12 infected files thus far. Will let it finish unless instructed otherwise to run ansMBR before ESET. Sorry if i am screwing this up.

Mike

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:20 PM

Posted 05 August 2012 - 10:07 AM

Allow ESET to finish,Lets do one by one

#7 VaMaster54 - Mike

VaMaster54 - Mike
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centreville, Winchester, VIRGINIA
  • Local time:05:20 PM

Posted 05 August 2012 - 12:16 PM

ESET REPORT

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll a variant of Win32/Toolbar.Widgi application cleaned by deleting (after the next restart) - quarantined
C:\ProgramData\Microsoft\Windows\DRM\DB8A.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.08.2012_07.25.12\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.08.2012_07.25.12\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.08.2012_07.25.12\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.08.2012_07.25.12\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.08.2012_07.25.12\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NP trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.08.2012_07.25.12\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.08.2012_07.25.12\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.08.2012_07.25.12\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\MD Tavenner\AppData\Local\temp\NOD4CEA.tmp a variant of Win32/Toolbar.Widgi application cleaned by deleting (after the next restart) - quarantined
C:\Users\MD Tavenner\AppData\Local\{3056bfcb-08c9-467e-9d3a-6363f3d670ce}\U\000000cb.@ Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\Users\MD Tavenner\AppData\Local\{3056bfcb-08c9-467e-9d3a-6363f3d670ce}\U\80000000.@ Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\Users\MD Tavenner\AppData\Local\{3056bfcb-08c9-467e-9d3a-6363f3d670ce}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined

#8 VaMaster54 - Mike

VaMaster54 - Mike
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centreville, Winchester, VIRGINIA
  • Local time:05:20 PM

Posted 05 August 2012 - 03:17 PM

Tried running aswMBR 4 times including safe mode.

It always got stuck on..C:Users\MDTavenner\AppData\Local\Microsoft\WindowsLive\Installer\Cata let it run for 2 hours on this last time.

Here is the report it did generate...Hope this can help.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-05 13:31:57
-----------------------------
13:31:57.806 OS Version: Windows x64 6.0.6002 Service Pack 2
13:31:57.807 Number of processors: 2 586 0x1706
13:31:57.807 ComputerName: MDTAVENNER-PC UserName: MD Tavenner
13:32:01.656 Initialize success
13:32:18.365 AVAST engine defs: 12080500
13:32:33.274 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:32:33.284 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5BA Size: 476940MB BusType: 3
13:32:33.287 Device \Driver\atapi -> MajorFunction fffffa80067725e8
13:32:33.306 Disk 0 MBR read successfully
13:32:33.309 Disk 0 MBR scan
13:32:33.317 Disk 0 Windows VISTA default MBR code
13:32:33.324 Disk 0 MBR hidden
13:32:33.340 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
13:32:33.360 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
13:32:33.379 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461899 MB offset 30801920
13:32:33.422 Disk 0 scanning C:\Windows\system32\drivers
13:33:02.331 Service scanning
13:34:15.911 Modules scanning
13:34:16.264 Disk 0 trace - called modules:
13:34:16.279 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys acpi.sys >>UNKNOWN [0xfffffa80067725e8]<<hal.dll
13:34:16.286 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f00790]
13:34:16.293 3 CLASSPNP.SYS[fffffa600140bc33] -> nt!IofCallDriver -> [0xfffffa8004efbcf0]
13:34:16.301 5 PCTCore64.sys[fffffa6000a4ff38] -> nt!IofCallDriver -> [0xfffffa8004ca44d0]
13:34:16.315 7 acpi.sys[fffffa6000946fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004c85940]
13:34:16.325 \Driver\atapi[0xfffffa8006770290] -> IRP_MJ_CREATE -> 0xfffffa80067725e8
13:34:33.373 AVAST engine scan C:\Windows
13:34:40.609 AVAST engine scan C:\Windows\system32
13:42:12.160 AVAST engine scan C:\Windows\system32\drivers
13:42:35.034 AVAST engine scan C:\Users\MD Tavenner
14:15:43.688 Disk 0 MBR has been saved successfully to "C:\Users\MD Tavenner\Desktop\MBR.dat"
14:15:43.695 The log file has been saved successfully to "C:\Users\MD Tavenner\Desktop\aswMBRb.txt"

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:20 PM

Posted 05 August 2012 - 03:39 PM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{3056bfcb-08c9-467e-9d3a-6363f3d670ce}

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#10 VaMaster54 - Mike

VaMaster54 - Mike
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centreville, Winchester, VIRGINIA
  • Local time:05:20 PM

Posted 05 August 2012 - 10:28 PM

SYSTEM LOOK

SystemLook 30.07.11 by jpshortstuff
Log created at 17:18 on 05/08/2012 by MD Tavenner
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\ERDNT\cache64\services.exe --a---- 384512 bytes [03:43 28/02/2012] [07:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3
C:\Windows\System32\services.exe --a---- 384512 bytes [19:42 18/09/2009] [07:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3
C:\Windows\SysWOW64\services.exe --a---- 279552 bytes [19:42 18/09/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe --a---- 384512 bytes [02:49 21/01/2008] [02:49 21/01/2008] DFAC660F0F139276CC9299812DE42719
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --a---- 384512 bytes [19:42 18/09/2009] [07:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [02:50 21/01/2008] [02:50 21/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [19:42 18/09/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

========== folderfind ==========

Searching for "{3056bfcb-08c9-467e-9d3a-6363f3d670ce}"
C:\Users\MD Tavenner\AppData\Local\{3056bfcb-08c9-467e-9d3a-6363f3d670ce} d--hs-- [11:10 11/01/2012]

-= EOF =-

MINI TOOLBOX

MiniToolBox by Farbar Version: 23-07-2012
Ran by MD Tavenner (administrator) on 05-08-2012 at 22:53:54
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82562V-2 10/100 Network Connection = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : MDTavenner-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection
Physical Address. . . . . . . . . : 00-21-9B-26-C7-38
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c1a0:8c7f:64b7:a18%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, August 05, 2012 10:47:06 PM
Lease Expires . . . . . . . . . . : Monday, August 06, 2012 10:47:05 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 251666843
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-2B-D2-EC-00-21-9B-26-C7-38
DNS Servers . . . . . . . . . . . : 192.168.1.1
71.250.0.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4006:803::1001
74.125.226.199
74.125.226.201
74.125.226.197
74.125.226.193
74.125.226.196
74.125.226.195
74.125.226.200
74.125.226.198
74.125.226.206
74.125.226.192
74.125.226.194



Pinging google.com [173.194.43.1] with 32 bytes of data:

Reply from 173.194.43.1: bytes=32 time=23ms TTL=251

Reply from 173.194.43.1: bytes=32 time=23ms TTL=251



Ping statistics for 173.194.43.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 23ms, Maximum = 23ms, Average = 23ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=54ms TTL=250

Reply from 209.191.122.70: bytes=32 time=50ms TTL=250



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 50ms, Maximum = 54ms, Average = 52ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 21 9b 26 c7 38 ...... Intel® 82562V-2 10/100 Network Connection
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.home
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.3 276
192.168.1.3 255.255.255.255 On-link 192.168.1.3 276
192.168.1.255 255.255.255.255 On-link 192.168.1.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::c1a0:8c7f:64b7:a18/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 16 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/05/2012 10:54:05 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, faulting module svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, exception code 0xc0000005, fault offset 0x00003993,
process id 0xd7c, application start time 0xsvchost.exe0.

Error: (08/05/2012 10:54:05 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a, exception code 0xc0000005, fault offset 0x0001da22,
process id 0xd7c, application start time 0xsvchost.exe0.

Error: (08/05/2012 10:53:55 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, faulting module svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, exception code 0xc0000005, fault offset 0x00003993,
process id 0x1268, application start time 0xsvchost.exe0.

Error: (08/05/2012 10:53:55 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a, exception code 0xc0000005, fault offset 0x0001da22,
process id 0x1268, application start time 0xsvchost.exe0.

Error: (08/05/2012 10:53:44 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, faulting module svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, exception code 0xc0000005, fault offset 0x00003993,
process id 0xff8, application start time 0xsvchost.exe0.

Error: (08/05/2012 10:53:44 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a, exception code 0xc0000005, fault offset 0x0001da22,
process id 0xff8, application start time 0xsvchost.exe0.

Error: (08/05/2012 10:53:34 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, faulting module svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, exception code 0xc0000005, fault offset 0x00003993,
process id 0x15e4, application start time 0xsvchost.exe0.

Error: (08/05/2012 10:53:33 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a, exception code 0xc0000005, fault offset 0x0001da22,
process id 0x15e4, application start time 0xsvchost.exe0.

Error: (08/05/2012 10:53:23 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, faulting module svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, exception code 0xc0000005, fault offset 0x00003993,
process id 0x33c, application start time 0xsvchost.exe0.

Error: (08/05/2012 10:53:23 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a, exception code 0xc0000005, fault offset 0x0001da22,
process id 0x33c, application start time 0xsvchost.exe0.


System errors:
=============
Error: (08/05/2012 10:49:25 PM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (08/05/2012 10:49:25 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (08/05/2012 10:47:50 PM) (Source: Service Control Manager) (User: )
Description: MCSTRM%%2

Error: (08/05/2012 10:44:33 PM) (Source: Service Control Manager) (User: )
Description: 30000avgwd

Error: (08/05/2012 10:43:34 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (08/05/2012 06:18:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Security Update for Microsoft Works 9 (KB2680317){A89539BB-5D77-471B-AE05-8BC8082D6A50}101

Error: (08/05/2012 04:08:36 PM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (08/05/2012 04:08:36 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (08/05/2012 04:05:53 PM) (Source: Service Control Manager) (User: )
Description: MCSTRM%%2

Error: (08/05/2012 03:38:43 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068


Microsoft Office Sessions:
=========================
Error: (08/05/2012 10:54:05 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6002.181114acfb17dsvchost.exe6.0.6002.181114acfb17dc000000500003993d7c01cd737ebe15f17c

Error: (08/05/2012 10:54:05 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6002.181114acfb17dmsvcrt.dll7.0.6002.185514ee8cc5ac00000050001da22d7c01cd737ebe15f17c

Error: (08/05/2012 10:53:55 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6002.181114acfb17dsvchost.exe6.0.6002.181114acfb17dc000000500003993126801cd737eb7cee33c

Error: (08/05/2012 10:53:55 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6002.181114acfb17dmsvcrt.dll7.0.6002.185514ee8cc5ac00000050001da22126801cd737eb7cee33c

Error: (08/05/2012 10:53:44 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6002.181114acfb17dsvchost.exe6.0.6002.181114acfb17dc000000500003993ff801cd737eb15d4a5c

Error: (08/05/2012 10:53:44 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6002.181114acfb17dmsvcrt.dll7.0.6002.185514ee8cc5ac00000050001da22ff801cd737eb15d4a5c

Error: (08/05/2012 10:53:34 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6002.181114acfb17dsvchost.exe6.0.6002.181114acfb17dc00000050000399315e401cd737eab18eb9c

Error: (08/05/2012 10:53:33 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6002.181114acfb17dmsvcrt.dll7.0.6002.185514ee8cc5ac00000050001da2215e401cd737eab18eb9c

Error: (08/05/2012 10:53:23 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6002.181114acfb17dsvchost.exe6.0.6002.181114acfb17dc00000050000399333c01cd737ea491e65c

Error: (08/05/2012 10:53:23 PM) (Source: Application Error)(User: )
Description: svchost.exe6.0.6002.181114acfb17dmsvcrt.dll7.0.6002.185514ee8cc5ac00000050001da2233c01cd737ea491e65c


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 7.2.8)
Apple Mobile Device Support (Version: 5.2.0.6)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.1913)
Bonjour (Version: 3.0.0.10)
CDDRV_Installer (Version: 4.60)
Conexant D850 PCI V.92 Modem (Version: 7.74.00)
Dell Dock (Version: 1.0.0)
Google Talk (remove only)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Document Manager 1.0 (Version: 1.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Officejet J6400 Series (Version: 1.0)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 10.0 (Version: 10.0)
iCloud (Version: 1.1.0.40)
iTunes (Version: 10.6.3.25)
KhalInstallWrapper (Version: 4.72.40)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.8.0)
Modem Diagnostic Tool (Version: 1.0.24.0)
OCR Software by I.R.I.S. 10.0 (Version: 10.0)
Shop for HP Supplies (Version: 10.0)
SUPERAntiSpyware (Version: 5.0.1144)
WinDirStat 1.1.2
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
WinPatrol (Version: 24.5.2012)
WinRAR 4.10 beta 2 (64-bit) (Version: 4.10.2)
Yahoo! BrowserPlus 2.7.1

========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 4084.27 MB
Available physical RAM: 1956.39 MB
Total Pagefile: 8343.79 MB
Available Pagefile: 5762.73 MB
Total Virtual: 4095.88 MB
Available Virtual: 3996.63 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:78.84 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.41 GB) NTFS

========================= Users: ========================================

User accounts for \\MDTAVENNER-PC

Administrator Guest MD Tavenner


**** End of log ****

FSS

Farbar Service Scanner Version: 04-08-2012 01
Ran by MD Tavenner (administrator) on 05-08-2012 at 22:57:48
Running from "C:\Users\MD Tavenner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHISFW8D"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-09-18 15:42] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-15 07:11] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-08 17:40] - [2012-03-30 08:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-14 06:45] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-09-18 15:42] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-09-18 15:41] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-09-18 15:42] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-09-18 15:41] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-09-18 15:42] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-09-18 15:42] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-09-18 15:42] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-13 08:49] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-09-18 15:42] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****


ADWARE CLEANER

# AdwCleaner v1.800 - Logfile created 08/05/2012 at 23:15:18
# Updated 01/08/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : MD Tavenner - MDTAVENNER-PC
# Running from : C:\Users\MD Tavenner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\MD Tavenner\AppData\Local\AVG Secure Search
Deleted on reboot : C:\Users\MD Tavenner\AppData\LocalLow\AVG Secure Search
Deleted on reboot : C:\Users\MD Tavenner\AppData\LocalLow\boost_interprocess
Deleted on reboot : C:\Users\MD Tavenner\AppData\LocalLow\Search Settings
Deleted on reboot : C:\ProgramData\AVG Secure Search
Deleted on reboot : C:\ProgramData\InstallMate
Deleted on reboot : C:\Program Files (x86)\Application Updater
Deleted on reboot : C:\Program Files (x86)\AVG Secure Search
Deleted on reboot : C:\Program Files (x86)\vShare.tv plugin
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted on reboot : C:\Program Files (x86)\Common Files\spigot

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.60

File : C:\Users\MD Tavenner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1480 octets] - [05/08/2012 23:15:18]

########## EOF - C:\AdwCleaner[S1].txt - [1608 octets] ##########

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:20 PM

Posted 06 August 2012 - 07:13 AM

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\MD Tavenner\AppData\Local\{3056bfcb-08c9-467e-9d3a-6363f3d670ce}

delete the folder,restart the PC and let me know if you have any current issues

Please post the new ASWMBR log

Edited by narenxp, 06 August 2012 - 07:14 AM.


#12 VaMaster54 - Mike

VaMaster54 - Mike
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centreville, Winchester, VIRGINIA
  • Local time:05:20 PM

Posted 06 August 2012 - 09:30 AM

aswMBR still gets stuck...ran regular and in safe mode. Regular gives more report which is below. Running MBAM now. Will note any irregularities during computer use.



swMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-06 08:32:09
-----------------------------
08:32:09.684 OS Version: Windows x64 6.0.6002 Service Pack 2
08:32:09.685 Number of processors: 2 586 0x1706
08:32:09.685 ComputerName: MDTAVENNER-PC UserName: MD Tavenner
08:32:14.320 Initialize success
08:32:32.462 AVAST engine defs: 12080500
08:32:44.657 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:32:44.659 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5BA Size: 476940MB BusType: 3
08:32:44.662 Device \Driver\atapi -> MajorFunction fffffa8006e025e8
08:32:44.702 Disk 0 MBR read successfully
08:32:44.705 Disk 0 MBR scan
08:32:44.710 Disk 0 Windows VISTA default MBR code
08:32:44.713 Disk 0 MBR hidden
08:32:44.721 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
08:32:44.748 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
08:32:44.776 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461899 MB offset 30801920
08:32:44.862 Disk 0 scanning C:\Windows\system32\drivers
08:33:16.323 Service scanning
08:33:53.150 Modules scanning
08:33:53.162 Disk 0 trace - called modules:
08:33:53.167 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys acpi.sys >>UNKNOWN [0xfffffa8006e025e8]<<hal.dll
08:33:53.173 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e2e790]
08:33:53.177 3 CLASSPNP.SYS[fffffa600140cc33] -> nt!IofCallDriver -> [0xfffffa8005fc1cf0]
08:33:53.182 5 PCTCore64.sys[fffffa6000a56f38] -> nt!IofCallDriver -> [0xfffffa8004ca24e0]
08:33:53.188 7 acpi.sys[fffffa6000941fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004c84940]
08:33:53.193 \Driver\atapi[0xfffffa8006e13c90] -> IRP_MJ_CREATE -> 0xfffffa8006e025e8
08:33:56.813 AVAST engine scan C:\Windows
08:34:06.574 AVAST engine scan C:\Windows\system32
08:40:27.382 AVAST engine scan C:\Windows\system32\drivers
08:40:54.802 AVAST engine scan C:\Users\MD Tavenner
09:45:31.874 Disk 0 MBR has been saved successfully to "C:\Users\MD Tavenner\Desktop\MBR.dat"
09:45:31.890 The log file has been saved successfully to "C:\Users\MD Tavenner\Desktop\aswMBRa.txt"

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:20 PM

Posted 06 August 2012 - 09:36 AM

Delete did you delete the folder?

Please run TDSSkiller and post the new log

#14 VaMaster54 - Mike

VaMaster54 - Mike
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centreville, Winchester, VIRGINIA
  • Local time:05:20 PM

Posted 06 August 2012 - 10:02 AM

Yes Sir, I did delete the folder.

Ran TDSS exactly under same parameters as earlier, here is the report.............

10:46:29.0036 5620 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
10:46:29.0416 5620 ============================================================
10:46:29.0416 5620 Current date / time: 2012/08/06 10:46:29.0416
10:46:29.0417 5620 SystemInfo:
10:46:29.0417 5620
10:46:29.0417 5620 OS Version: 6.0.6002 ServicePack: 2.0
10:46:29.0417 5620 Product type: Workstation
10:46:29.0417 5620 ComputerName: MDTAVENNER-PC
10:46:29.0417 5620 UserName: MD Tavenner
10:46:29.0417 5620 Windows directory: C:\Windows
10:46:29.0417 5620 System windows directory: C:\Windows
10:46:29.0417 5620 Running under WOW64
10:46:29.0417 5620 Processor architecture: Intel x64
10:46:29.0417 5620 Number of processors: 2
10:46:29.0417 5620 Page size: 0x1000
10:46:29.0417 5620 Boot type: Normal boot
10:46:29.0417 5620 ============================================================
10:46:31.0564 5620 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:46:31.0569 5620 ============================================================
10:46:31.0569 5620 \Device\Harddisk0\DR0:
10:46:31.0569 5620 MBR partitions:
10:46:31.0569 5620 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
10:46:31.0569 5620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
10:46:31.0569 5620 ============================================================
10:46:31.0599 5620 C: <-> \Device\Harddisk0\DR0\Partition1
10:46:31.0631 5620 D: <-> \Device\Harddisk0\DR0\Partition0
10:46:31.0631 5620 ============================================================
10:46:31.0631 5620 Initialize success
10:46:31.0632 5620 ============================================================
10:47:20.0282 5900 ============================================================
10:47:20.0282 5900 Scan started
10:47:20.0282 5900 Mode: Manual; TDLFS;
10:47:20.0283 5900 ============================================================
10:47:24.0207 5900 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
10:47:24.0210 5900 !SASCORE - ok
10:47:24.0365 5900 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
10:47:24.0370 5900 ACPI - ok
10:47:24.0470 5900 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:47:24.0474 5900 AdobeFlashPlayerUpdateSvc - ok
10:47:24.0547 5900 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
10:47:24.0555 5900 adp94xx - ok
10:47:24.0579 5900 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
10:47:24.0585 5900 adpahci - ok
10:47:24.0602 5900 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
10:47:24.0606 5900 adpu160m - ok
10:47:24.0620 5900 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
10:47:24.0625 5900 adpu320 - ok
10:47:24.0657 5900 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
10:47:24.0659 5900 AeLookupSvc - ok
10:47:24.0699 5900 AERTFilters (0d7a11395c0a33d9e7587cdb9866efad) C:\Windows\system32\AERTSr64.exe
10:47:24.0701 5900 AERTFilters - ok
10:47:24.0740 5900 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
10:47:24.0747 5900 AFD - ok
10:47:24.0782 5900 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
10:47:24.0786 5900 agp440 - ok
10:47:24.0812 5900 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
10:47:24.0815 5900 aic78xx - ok
10:47:24.0828 5900 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
10:47:24.0830 5900 ALG - ok
10:47:24.0855 5900 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
10:47:24.0858 5900 aliide - ok
10:47:24.0871 5900 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
10:47:24.0874 5900 amdide - ok
10:47:24.0886 5900 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
10:47:24.0889 5900 AmdK8 - ok
10:47:24.0937 5900 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
10:47:24.0939 5900 Appinfo - ok
10:47:25.0061 5900 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:47:25.0063 5900 Apple Mobile Device - ok
10:47:25.0150 5900 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
10:47:25.0153 5900 arc - ok
10:47:25.0173 5900 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
10:47:25.0177 5900 arcsas - ok
10:47:25.0190 5900 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
10:47:25.0194 5900 AsyncMac - ok
10:47:25.0212 5900 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
10:47:25.0213 5900 atapi - ok
10:47:25.0261 5900 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
10:47:25.0268 5900 AudioEndpointBuilder - ok
10:47:25.0276 5900 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
10:47:25.0281 5900 AudioSrv - ok
10:47:25.0391 5900 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
10:47:25.0395 5900 AVG Security Toolbar Service - ok
10:47:25.0444 5900 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
10:47:25.0447 5900 Avgfwfd - ok
10:47:25.0576 5900 avgfws (5cd22eb540f82c70e33e530003f3903b) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
10:47:25.0612 5900 avgfws - ok
10:47:25.0836 5900 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
10:47:25.0886 5900 AVGIDSAgent - ok
10:47:25.0987 5900 AVGIDSDriver (fa46adf6e497cf185160f09e603ce2a3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
10:47:25.0992 5900 AVGIDSDriver - ok
10:47:26.0026 5900 AVGIDSEH (d6b93e5d8b96a66f55a4d2ee7f24667c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
10:47:26.0029 5900 AVGIDSEH - ok
10:47:26.0044 5900 AVGIDSFilter (ff6551f1ab0da3b30c9dec923f21b504) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
10:47:26.0047 5900 AVGIDSFilter - ok
10:47:26.0159 5900 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
10:47:26.0165 5900 Avgldx64 - ok
10:47:26.0183 5900 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
10:47:26.0186 5900 Avgmfx64 - ok
10:47:26.0197 5900 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
10:47:26.0199 5900 Avgrkx64 - ok
10:47:26.0222 5900 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
10:47:26.0231 5900 Avgtdia - ok
10:47:26.0302 5900 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
10:47:26.0305 5900 avgwd - ok
10:47:26.0334 5900 Beep - ok
10:47:26.0386 5900 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
10:47:26.0394 5900 BFE - ok
10:47:26.0463 5900 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
10:47:26.0495 5900 BITS - ok
10:47:26.0539 5900 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
10:47:26.0545 5900 blbdrive - ok
10:47:26.0643 5900 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:47:26.0648 5900 Bonjour Service - ok
10:47:26.0672 5900 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
10:47:26.0677 5900 bowser - ok
10:47:26.0701 5900 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
10:47:26.0703 5900 BrFiltLo - ok
10:47:26.0716 5900 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
10:47:26.0728 5900 BrFiltUp - ok
10:47:26.0755 5900 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
10:47:26.0760 5900 Browser - ok
10:47:26.0774 5900 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
10:47:26.0777 5900 Brserid - ok
10:47:26.0788 5900 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
10:47:26.0793 5900 BrSerWdm - ok
10:47:26.0809 5900 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
10:47:26.0812 5900 BrUsbMdm - ok
10:47:26.0822 5900 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
10:47:26.0826 5900 BrUsbSer - ok
10:47:26.0843 5900 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
10:47:26.0846 5900 BTHMODEM - ok
10:47:26.0911 5900 CAXHWBS2 (6c2dd66a3db32450d661ba89b18b1941) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
10:47:26.0918 5900 CAXHWBS2 - ok
10:47:26.0932 5900 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
10:47:26.0935 5900 cdfs - ok
10:47:26.0961 5900 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
10:47:26.0964 5900 cdrom - ok
10:47:27.0000 5900 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
10:47:27.0002 5900 CertPropSvc - ok
10:47:27.0024 5900 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
10:47:27.0027 5900 circlass - ok
10:47:27.0072 5900 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
10:47:27.0079 5900 CLFS - ok
10:47:27.0216 5900 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:47:27.0219 5900 clr_optimization_v2.0.50727_32 - ok
10:47:27.0262 5900 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:47:27.0265 5900 clr_optimization_v2.0.50727_64 - ok
10:47:27.0330 5900 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:47:27.0363 5900 clr_optimization_v4.0.30319_32 - ok
10:47:27.0401 5900 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:47:27.0423 5900 clr_optimization_v4.0.30319_64 - ok
10:47:27.0455 5900 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
10:47:27.0458 5900 cmdide - ok
10:47:27.0490 5900 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
10:47:27.0493 5900 Compbatt - ok
10:47:27.0504 5900 COMSysApp - ok
10:47:27.0528 5900 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
10:47:27.0531 5900 crcdisk - ok
10:47:27.0598 5900 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
10:47:27.0603 5900 CryptSvc - ok
10:47:27.0845 5900 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
10:47:27.0855 5900 DcomLaunch - ok
10:47:27.0876 5900 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
10:47:27.0878 5900 DfsC - ok
10:47:28.0134 5900 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
10:47:28.0176 5900 DFSR - ok
10:47:28.0311 5900 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
10:47:28.0315 5900 Dhcp - ok
10:47:28.0351 5900 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
10:47:28.0354 5900 disk - ok
10:47:28.0393 5900 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
10:47:28.0396 5900 Dnscache - ok
10:47:28.0475 5900 DockLoginService (db29915209770d8b59654345ec2d943a) C:\Program Files\Dell\DellDock\DockLogin.exe
10:47:28.0477 5900 DockLoginService - ok
10:47:28.0507 5900 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
10:47:28.0511 5900 dot3svc - ok
10:47:28.0572 5900 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
10:47:28.0577 5900 Dot4 - ok
10:47:28.0618 5900 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:47:28.0620 5900 Dot4Print - ok
10:47:28.0670 5900 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
10:47:28.0672 5900 dot4usb - ok
10:47:28.0705 5900 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
10:47:28.0709 5900 DPS - ok
10:47:28.0772 5900 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
10:47:28.0774 5900 drmkaud - ok
10:47:28.0825 5900 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
10:47:28.0837 5900 DXGKrnl - ok
10:47:28.0866 5900 e1express (a458e7d986f51c827640f5d1f1e886e4) C:\Windows\system32\DRIVERS\e1e6032e.sys
10:47:28.0872 5900 e1express - ok
10:47:28.0898 5900 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
10:47:28.0901 5900 E1G60 - ok
10:47:28.0917 5900 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
10:47:28.0919 5900 EapHost - ok
10:47:28.0958 5900 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
10:47:28.0962 5900 Ecache - ok
10:47:29.0003 5900 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
10:47:29.0008 5900 ehRecvr - ok
10:47:29.0025 5900 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
10:47:29.0028 5900 ehSched - ok
10:47:29.0062 5900 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
10:47:29.0063 5900 ehstart - ok
10:47:29.0151 5900 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
10:47:29.0168 5900 elxstor - ok
10:47:29.0233 5900 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
10:47:29.0240 5900 EMDMgmt - ok
10:47:29.0258 5900 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
10:47:29.0260 5900 ErrDev - ok
10:47:29.0302 5900 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
10:47:29.0310 5900 EventSystem - ok
10:47:29.0410 5900 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
10:47:29.0415 5900 exfat - ok
10:47:29.0461 5900 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
10:47:29.0465 5900 fastfat - ok
10:47:29.0507 5900 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
10:47:29.0510 5900 fdc - ok
10:47:29.0531 5900 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
10:47:29.0533 5900 fdPHost - ok
10:47:29.0545 5900 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
10:47:29.0548 5900 FDResPub - ok
10:47:29.0563 5900 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
10:47:29.0566 5900 FileInfo - ok
10:47:29.0587 5900 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
10:47:29.0591 5900 Filetrace - ok
10:47:29.0614 5900 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:47:29.0616 5900 flpydisk - ok
10:47:29.0666 5900 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
10:47:29.0670 5900 FltMgr - ok
10:47:29.0749 5900 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
10:47:29.0768 5900 FontCache - ok
10:47:29.0817 5900 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:47:29.0819 5900 FontCache3.0.0.0 - ok
10:47:29.0861 5900 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
10:47:29.0864 5900 fssfltr - ok
10:47:29.0994 5900 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
10:47:30.0016 5900 fsssvc - ok
10:47:30.0109 5900 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
10:47:30.0111 5900 Fs_Rec - ok
10:47:30.0195 5900 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
10:47:30.0198 5900 gagp30kx - ok
10:47:30.0287 5900 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:47:30.0291 5900 GamesAppService - ok
10:47:30.0333 5900 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:47:30.0336 5900 GEARAspiWDM - ok
10:47:30.0410 5900 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
10:47:30.0422 5900 gpsvc - ok
10:47:30.0482 5900 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:47:30.0486 5900 gupdate - ok
10:47:30.0499 5900 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:47:30.0501 5900 gupdatem - ok
10:47:30.0566 5900 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:47:30.0581 5900 HDAudBus - ok
10:47:30.0615 5900 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
10:47:30.0618 5900 HidBth - ok
10:47:30.0637 5900 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
10:47:30.0641 5900 HidIr - ok
10:47:30.0665 5900 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
10:47:30.0667 5900 hidserv - ok
10:47:30.0685 5900 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
10:47:30.0687 5900 HidUsb - ok
10:47:30.0709 5900 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
10:47:30.0713 5900 hkmsvc - ok
10:47:30.0742 5900 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
10:47:30.0745 5900 HpCISSs - ok
10:47:30.0812 5900 hpqcxs08 (ce0fcec4d4d860f36d972759b11eaf0f) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
10:47:30.0816 5900 hpqcxs08 - ok
10:47:30.0844 5900 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
10:47:30.0847 5900 hpqddsvc - ok
10:47:30.0925 5900 HSF_DPV (60f1d0ede7ae2b92b3a8886e825b7147) C:\Windows\system32\DRIVERS\CAX_DPV.sys
10:47:30.0949 5900 HSF_DPV - ok
10:47:31.0068 5900 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
10:47:31.0081 5900 HTTP - ok
10:47:31.0136 5900 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
10:47:31.0139 5900 i2omp - ok
10:47:31.0173 5900 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
10:47:31.0176 5900 i8042prt - ok
10:47:31.0202 5900 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
10:47:31.0209 5900 iaStorV - ok
10:47:31.0303 5900 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:47:31.0314 5900 idsvc - ok
10:47:31.0577 5900 igfx (50f15f9aee2e7692dfe58917e2d40498) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:47:31.0688 5900 igfx - ok
10:47:31.0785 5900 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
10:47:31.0788 5900 iirsp - ok
10:47:31.0826 5900 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
10:47:31.0833 5900 IKEEXT - ok
10:47:31.0925 5900 IntcAzAudAddService (b3fb479a7c0626499eb5989bc087cf8d) C:\Windows\system32\drivers\RTKVHD64.sys
10:47:31.0942 5900 IntcAzAudAddService - ok
10:47:32.0029 5900 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
10:47:32.0030 5900 intelide - ok
10:47:32.0045 5900 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
10:47:32.0047 5900 intelppm - ok
10:47:32.0135 5900 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
10:47:32.0137 5900 IPBusEnum - ok
10:47:32.0166 5900 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:47:32.0168 5900 IpFilterDriver - ok
10:47:32.0207 5900 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
10:47:32.0211 5900 iphlpsvc - ok
10:47:32.0214 5900 IpInIp - ok
10:47:32.0236 5900 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
10:47:32.0256 5900 IPMIDRV - ok
10:47:32.0275 5900 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
10:47:32.0278 5900 IPNAT - ok
10:47:32.0362 5900 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
10:47:32.0369 5900 iPod Service - ok
10:47:32.0400 5900 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
10:47:32.0402 5900 IRENUM - ok
10:47:32.0424 5900 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
10:47:32.0425 5900 isapnp - ok
10:47:32.0461 5900 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
10:47:32.0465 5900 iScsiPrt - ok
10:47:32.0477 5900 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
10:47:32.0479 5900 iteatapi - ok
10:47:32.0488 5900 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
10:47:32.0491 5900 iteraid - ok
10:47:32.0503 5900 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
10:47:32.0508 5900 kbdclass - ok
10:47:32.0519 5900 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
10:47:32.0524 5900 kbdhid - ok
10:47:32.0546 5900 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:47:32.0548 5900 KeyIso - ok
10:47:32.0602 5900 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
10:47:32.0610 5900 KSecDD - ok
10:47:32.0646 5900 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
10:47:32.0648 5900 ksthunk - ok
10:47:32.0687 5900 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
10:47:32.0694 5900 KtmRm - ok
10:47:32.0721 5900 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
10:47:32.0727 5900 LanmanServer - ok
10:47:32.0763 5900 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
10:47:32.0768 5900 LanmanWorkstation - ok
10:47:32.0862 5900 LBTServ (7cdb827d183c3a29edac9e62e399488a) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
10:47:32.0865 5900 LBTServ - ok
10:47:32.0906 5900 LHidFilt (83e05435f4d2c0f0a1fd74c41ded44e5) C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:47:32.0909 5900 LHidFilt - ok
10:47:32.0927 5900 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
10:47:32.0930 5900 lltdio - ok
10:47:32.0967 5900 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
10:47:32.0973 5900 lltdsvc - ok
10:47:32.0999 5900 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
10:47:33.0001 5900 lmhosts - ok
10:47:33.0008 5900 LMouFilt (abcbc7271c33567d686c91cf690cf2eb) C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:47:33.0011 5900 LMouFilt - ok
10:47:33.0042 5900 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
10:47:33.0045 5900 LSI_FC - ok
10:47:33.0067 5900 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
10:47:33.0070 5900 LSI_SAS - ok
10:47:33.0131 5900 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
10:47:33.0135 5900 LSI_SCSI - ok
10:47:33.0149 5900 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
10:47:33.0152 5900 luafv - ok
10:47:33.0181 5900 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
10:47:33.0183 5900 MBAMProtector - ok
10:47:33.0287 5900 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:47:33.0295 5900 MBAMService - ok
10:47:33.0314 5900 MCSTRM - ok
10:47:33.0351 5900 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
10:47:33.0355 5900 Mcx2Svc - ok
10:47:33.0382 5900 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:47:33.0384 5900 mdmxsdk - ok
10:47:33.0421 5900 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
10:47:33.0424 5900 megasas - ok
10:47:33.0469 5900 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
10:47:33.0477 5900 MegaSR - ok
10:47:33.0493 5900 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
10:47:33.0496 5900 MMCSS - ok
10:47:33.0508 5900 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
10:47:33.0509 5900 Modem - ok
10:47:33.0522 5900 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
10:47:33.0524 5900 monitor - ok
10:47:33.0548 5900 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
10:47:33.0551 5900 mouclass - ok
10:47:33.0578 5900 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
10:47:33.0580 5900 mouhid - ok
10:47:33.0589 5900 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
10:47:33.0591 5900 MountMgr - ok
10:47:33.0617 5900 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
10:47:33.0619 5900 mpio - ok
10:47:33.0643 5900 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
10:47:33.0645 5900 mpsdrv - ok
10:47:33.0687 5900 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
10:47:33.0694 5900 MpsSvc - ok
10:47:33.0706 5900 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
10:47:33.0708 5900 Mraid35x - ok
10:47:33.0727 5900 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
10:47:33.0729 5900 MRxDAV - ok
10:47:33.0757 5900 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:47:33.0760 5900 mrxsmb - ok
10:47:33.0789 5900 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:47:33.0793 5900 mrxsmb10 - ok
10:47:33.0808 5900 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:47:33.0812 5900 mrxsmb20 - ok
10:47:33.0825 5900 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
10:47:33.0837 5900 msahci - ok
10:47:33.0854 5900 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
10:47:33.0857 5900 msdsm - ok
10:47:33.0891 5900 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
10:47:33.0894 5900 MSDTC - ok
10:47:33.0920 5900 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
10:47:33.0923 5900 Msfs - ok
10:47:33.0940 5900 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
10:47:33.0942 5900 msisadrv - ok
10:47:33.0976 5900 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
10:47:33.0979 5900 MSiSCSI - ok
10:47:33.0984 5900 msiserver - ok
10:47:34.0007 5900 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
10:47:34.0009 5900 MSKSSRV - ok
10:47:34.0019 5900 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
10:47:34.0022 5900 MSPCLOCK - ok
10:47:34.0035 5900 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
10:47:34.0036 5900 MSPQM - ok
10:47:34.0140 5900 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
10:47:34.0145 5900 MsRPC - ok
10:47:34.0171 5900 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
10:47:34.0173 5900 mssmbios - ok
10:47:34.0183 5900 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
10:47:34.0185 5900 MSTEE - ok
10:47:34.0201 5900 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
10:47:34.0204 5900 Mup - ok
10:47:34.0489 5900 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
10:47:34.0497 5900 napagent - ok
10:47:34.0526 5900 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
10:47:34.0531 5900 NativeWifiP - ok
10:47:34.0592 5900 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
10:47:34.0604 5900 NDIS - ok
10:47:34.0619 5900 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
10:47:34.0623 5900 NdisTapi - ok
10:47:34.0647 5900 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
10:47:34.0650 5900 Ndisuio - ok
10:47:34.0682 5900 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
10:47:34.0687 5900 NdisWan - ok
10:47:34.0705 5900 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
10:47:34.0709 5900 NDProxy - ok
10:47:34.0744 5900 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
10:47:34.0746 5900 Net Driver HPZ12 - ok
10:47:34.0763 5900 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
10:47:34.0766 5900 NetBIOS - ok
10:47:34.0800 5900 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
10:47:34.0807 5900 netbt - ok
10:47:34.0838 5900 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:47:34.0840 5900 Netlogon - ok
10:47:34.0877 5900 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
10:47:34.0884 5900 Netman - ok
10:47:34.0908 5900 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
10:47:34.0915 5900 netprofm - ok
10:47:34.0953 5900 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:47:34.0956 5900 NetTcpPortSharing - ok
10:47:34.0990 5900 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
10:47:34.0993 5900 nfrd960 - ok
10:47:35.0012 5900 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
10:47:35.0017 5900 NlaSvc - ok
10:47:35.0040 5900 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
10:47:35.0043 5900 Npfs - ok
10:47:35.0066 5900 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
10:47:35.0069 5900 nsi - ok
10:47:35.0136 5900 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
10:47:35.0138 5900 nsiproxy - ok
10:47:35.0207 5900 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
10:47:35.0224 5900 Ntfs - ok
10:47:35.0313 5900 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
10:47:35.0315 5900 Null - ok
10:47:35.0389 5900 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
10:47:35.0392 5900 nvraid - ok
10:47:35.0425 5900 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
10:47:35.0427 5900 nvstor - ok
10:47:35.0448 5900 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
10:47:35.0451 5900 nv_agp - ok
10:47:35.0456 5900 NwlnkFlt - ok
10:47:35.0462 5900 NwlnkFwd - ok
10:47:35.0489 5900 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
10:47:35.0492 5900 ohci1394 - ok
10:47:35.0545 5900 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:47:35.0556 5900 p2pimsvc - ok
10:47:35.0566 5900 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:47:35.0573 5900 p2psvc - ok
10:47:35.0586 5900 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
10:47:35.0590 5900 Parport - ok
10:47:35.0624 5900 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
10:47:35.0627 5900 partmgr - ok
10:47:35.0657 5900 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
10:47:35.0660 5900 PcaSvc - ok
10:47:35.0694 5900 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
10:47:35.0698 5900 pci - ok
10:47:35.0718 5900 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
10:47:35.0722 5900 pciide - ok
10:47:35.0753 5900 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
10:47:35.0757 5900 pcmcia - ok
10:47:35.0793 5900 PCTCore (d48bd0ff27afb97005b33c9b6d26da3f) C:\Windows\system32\drivers\PCTCore64.sys
10:47:35.0799 5900 PCTCore - ok
10:47:35.0837 5900 pctDS (1335454528adfa13e1d3c4fa3fdbdc42) C:\Windows\system32\drivers\pctDS64.sys
10:47:35.0845 5900 pctDS - ok
10:47:35.0904 5900 pctEFA (df2a2505f17319dada4b204688cec0c2) C:\Windows\system32\drivers\pctEFA64.sys
10:47:35.0919 5900 pctEFA - ok
10:47:35.0955 5900 pctgntdi (c99a3ee29f23a5d61bd127b48ac9a64e) C:\Windows\System32\drivers\pctgntdi64.sys
10:47:35.0961 5900 pctgntdi - ok
10:47:35.0997 5900 pctplsg (73ed285bdce37b3ab69cc5a371bf3010) C:\Windows\System32\drivers\pctplsg64.sys
10:47:36.0000 5900 pctplsg - ok
10:47:36.0032 5900 PCTSD (13635ffcaeebddbe2ca93b1218d8331f) C:\Windows\system32\Drivers\PCTSD64.sys
10:47:36.0036 5900 PCTSD - ok
10:47:36.0146 5900 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
10:47:36.0156 5900 PEAUTH - ok
10:47:36.0215 5900 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
10:47:36.0216 5900 PerfHost - ok
10:47:36.0305 5900 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
10:47:36.0322 5900 pla - ok
10:47:36.0353 5900 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
10:47:36.0358 5900 PlugPlay - ok
10:47:36.0396 5900 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
10:47:36.0398 5900 Pml Driver HPZ12 - ok
10:47:36.0444 5900 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:47:36.0451 5900 PNRPAutoReg - ok
10:47:36.0461 5900 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:47:36.0468 5900 PNRPsvc - ok
10:47:36.0515 5900 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
10:47:36.0522 5900 PolicyAgent - ok
10:47:36.0574 5900 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
10:47:36.0577 5900 PptpMiniport - ok
10:47:36.0595 5900 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
10:47:36.0597 5900 Processor - ok
10:47:36.0628 5900 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
10:47:36.0632 5900 ProfSvc - ok
10:47:36.0662 5900 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:47:36.0664 5900 ProtectedStorage - ok
10:47:36.0685 5900 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
10:47:36.0688 5900 PSched - ok
10:47:36.0721 5900 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:47:36.0724 5900 PxHlpa64 - ok
10:47:36.0782 5900 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
10:47:36.0800 5900 ql2300 - ok
10:47:36.0827 5900 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
10:47:36.0830 5900 ql40xx - ok
10:47:36.0858 5900 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
10:47:36.0863 5900 QWAVE - ok
10:47:36.0892 5900 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
10:47:36.0894 5900 QWAVEdrv - ok
10:47:37.0014 5900 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
10:47:37.0057 5900 R300 - ok
10:47:37.0191 5900 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
10:47:37.0193 5900 RasAcd - ok
10:47:37.0217 5900 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
10:47:37.0220 5900 RasAuto - ok
10:47:37.0251 5900 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:47:37.0255 5900 Rasl2tp - ok
10:47:37.0272 5900 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
10:47:37.0276 5900 RasMan - ok
10:47:37.0310 5900 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
10:47:37.0312 5900 RasPppoe - ok
10:47:37.0343 5900 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
10:47:37.0346 5900 RasSstp - ok
10:47:37.0375 5900 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
10:47:37.0379 5900 rdbss - ok
10:47:37.0406 5900 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:47:37.0409 5900 RDPCDD - ok
10:47:37.0442 5900 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
10:47:37.0448 5900 rdpdr - ok
10:47:37.0458 5900 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
10:47:37.0460 5900 RDPENCDD - ok
10:47:37.0497 5900 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
10:47:37.0501 5900 RDPWD - ok
10:47:37.0533 5900 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
10:47:37.0536 5900 RemoteAccess - ok
10:47:37.0578 5900 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
10:47:37.0584 5900 RemoteRegistry - ok
10:47:37.0603 5900 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
10:47:37.0604 5900 RpcLocator - ok
10:47:37.0658 5900 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
10:47:37.0664 5900 RpcSs - ok
10:47:37.0695 5900 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
10:47:37.0697 5900 rspndr - ok
10:47:37.0720 5900 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:47:37.0722 5900 SamSs - ok
10:47:37.0805 5900 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
10:47:37.0807 5900 SASDIFSV - ok
10:47:37.0816 5900 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
10:47:37.0817 5900 SASKUTIL - ok
10:47:37.0833 5900 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
10:47:37.0844 5900 sbp2port - ok
10:47:37.0870 5900 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
10:47:37.0874 5900 SCardSvr - ok
10:47:37.0927 5900 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
10:47:37.0938 5900 Schedule - ok
10:47:37.0965 5900 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
10:47:37.0966 5900 SCPolicySvc - ok
10:47:38.0024 5900 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
10:47:38.0029 5900 sdAuxService - ok
10:47:38.0169 5900 sdCoreService (32828691ef6e3e1cd0c32fbe8617763e) C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
10:47:38.0212 5900 sdCoreService - ok
10:47:38.0329 5900 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
10:47:38.0332 5900 SDRSVC - ok
10:47:38.0409 5900 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:47:38.0410 5900 SeaPort - ok
10:47:38.0434 5900 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
10:47:38.0436 5900 seclogon - ok
10:47:38.0454 5900 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
10:47:38.0457 5900 SENS - ok
10:47:38.0484 5900 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
10:47:38.0486 5900 Serenum - ok
10:47:38.0500 5900 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
10:47:38.0502 5900 Serial - ok
10:47:38.0517 5900 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
10:47:38.0522 5900 sermouse - ok
10:47:38.0622 5900 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
10:47:38.0625 5900 SessionEnv - ok
10:47:38.0636 5900 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
10:47:38.0638 5900 sffdisk - ok
10:47:38.0646 5900 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
10:47:38.0650 5900 sffp_mmc - ok
10:47:38.0662 5900 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
10:47:38.0665 5900 sffp_sd - ok
10:47:38.0676 5900 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
10:47:38.0679 5900 sfloppy - ok
10:47:38.0709 5900 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
10:47:38.0713 5900 SharedAccess - ok
10:47:38.0737 5900 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
10:47:38.0742 5900 ShellHWDetection - ok
10:47:38.0755 5900 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
10:47:38.0756 5900 SiSRaid2 - ok
10:47:38.0873 5900 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
10:47:38.0876 5900 SiSRaid4 - ok
10:47:38.0931 5900 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
10:47:38.0934 5900 SkypeUpdate - ok
10:47:39.0058 5900 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
10:47:39.0087 5900 slsvc - ok
10:47:39.0201 5900 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
10:47:39.0203 5900 SLUINotify - ok
10:47:39.0239 5900 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
10:47:39.0242 5900 Smb - ok
10:47:39.0259 5900 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
10:47:39.0261 5900 SNMPTRAP - ok
10:47:39.0277 5900 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
10:47:39.0278 5900 spldr - ok
10:47:39.0983 5900 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
10:47:39.0990 5900 Spooler - ok
10:47:40.0022 5900 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
10:47:40.0031 5900 srv - ok
10:47:40.0061 5900 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
10:47:40.0065 5900 srv2 - ok
10:47:40.0132 5900 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
10:47:40.0137 5900 srvnet - ok
10:47:40.0158 5900 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
10:47:40.0164 5900 SSDPSRV - ok
10:47:40.0196 5900 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
10:47:40.0202 5900 SstpSvc - ok
10:47:40.0229 5900 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
10:47:40.0232 5900 StillCam - ok
10:47:40.0274 5900 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
10:47:40.0286 5900 stisvc - ok
10:47:40.0357 5900 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
10:47:40.0360 5900 stllssvr - ok
10:47:40.0396 5900 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
10:47:40.0399 5900 swenum - ok
10:47:40.0455 5900 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
10:47:40.0464 5900 swprv - ok
10:47:40.0495 5900 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
10:47:40.0497 5900 Symc8xx - ok
10:47:40.0526 5900 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
10:47:40.0528 5900 Sym_hi - ok
10:47:40.0560 5900 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
10:47:40.0563 5900 Sym_u3 - ok
10:47:40.0669 5900 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
10:47:40.0685 5900 SysMain - ok
10:47:40.0712 5900 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
10:47:40.0716 5900 TabletInputService - ok
10:47:40.0751 5900 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
10:47:40.0759 5900 TapiSrv - ok
10:47:40.0777 5900 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
10:47:40.0781 5900 TBS - ok
10:47:40.0868 5900 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
10:47:40.0892 5900 Tcpip - ok
10:47:40.0916 5900 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
10:47:40.0930 5900 Tcpip6 - ok
10:47:40.0967 5900 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
10:47:40.0970 5900 tcpipreg - ok
10:47:41.0000 5900 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
10:47:41.0003 5900 TDPIPE - ok
10:47:41.0016 5900 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
10:47:41.0018 5900 TDTCP - ok
10:47:41.0060 5900 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
10:47:41.0073 5900 tdx - ok
10:47:41.0135 5900 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
10:47:41.0138 5900 TermDD - ok
10:47:41.0179 5900 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
10:47:41.0190 5900 TermService - ok
10:47:41.0214 5900 TfFsMon (9cd5c339754e2310790ca27dbbd31f88) C:\Windows\system32\drivers\TfFsMon.sys
10:47:41.0217 5900 TfFsMon - ok
10:47:41.0240 5900 TfNetMon (00809507fafa1be93dbbace5029f27bb) C:\Windows\system32\drivers\TfNetMon.sys
10:47:41.0243 5900 TfNetMon - ok
10:47:41.0299 5900 TFSysMon (3593a7b1264fba24fe9e097a99b3e848) C:\Windows\system32\drivers\TfSysMon.sys
10:47:41.0311 5900 TFSysMon - ok
10:47:41.0364 5900 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
10:47:41.0369 5900 Themes - ok
10:47:41.0400 5900 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
10:47:41.0403 5900 THREADORDER - ok
10:47:41.0479 5900 ThreatFire - ok
10:47:41.0505 5900 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
10:47:41.0510 5900 TrkWks - ok
10:47:41.0531 5900 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
10:47:41.0532 5900 TrustedInstaller - ok
10:47:41.0565 5900 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:47:41.0568 5900 tssecsrv - ok
10:47:41.0595 5900 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
10:47:41.0598 5900 tunmp - ok
10:47:41.0621 5900 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
10:47:41.0623 5900 tunnel - ok
10:47:41.0657 5900 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
10:47:41.0660 5900 uagp35 - ok
10:47:41.0695 5900 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
10:47:41.0702 5900 udfs - ok
10:47:41.0734 5900 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
10:47:41.0738 5900 UI0Detect - ok
10:47:41.0753 5900 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
10:47:41.0757 5900 uliagpkx - ok
10:47:41.0785 5900 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
10:47:41.0791 5900 uliahci - ok
10:47:41.0807 5900 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
10:47:41.0811 5900 UlSata - ok
10:47:41.0827 5900 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
10:47:41.0841 5900 ulsata2 - ok
10:47:41.0858 5900 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
10:47:41.0861 5900 umbus - ok
10:47:41.0901 5900 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
10:47:41.0909 5900 upnphost - ok
10:47:41.0935 5900 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
10:47:41.0938 5900 USBAAPL64 - ok
10:47:41.0974 5900 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
10:47:41.0978 5900 usbccgp - ok
10:47:41.0996 5900 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
10:47:41.0999 5900 usbcir - ok
10:47:42.0026 5900 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
10:47:42.0029 5900 usbehci - ok
10:47:42.0065 5900 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
10:47:42.0071 5900 usbhub - ok
10:47:42.0140 5900 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
10:47:42.0143 5900 usbohci - ok
10:47:42.0154 5900 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
10:47:42.0157 5900 usbprint - ok
10:47:42.0170 5900 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
10:47:42.0172 5900 usbscan - ok
10:47:42.0185 5900 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:47:42.0188 5900 USBSTOR - ok
10:47:42.0217 5900 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
10:47:42.0220 5900 usbuhci - ok
10:47:42.0251 5900 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
10:47:42.0255 5900 UxSms - ok
10:47:42.0298 5900 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
10:47:42.0304 5900 vds - ok
10:47:42.0321 5900 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
10:47:42.0330 5900 vga - ok
10:47:42.0353 5900 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
10:47:42.0354 5900 VgaSave - ok
10:47:42.0362 5900 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
10:47:42.0364 5900 viaide - ok
10:47:42.0382 5900 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
10:47:42.0384 5900 volmgr - ok
10:47:42.0426 5900 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
10:47:42.0431 5900 volmgrx - ok
10:47:42.0462 5900 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
10:47:42.0466 5900 volsnap - ok
10:47:42.0488 5900 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
10:47:42.0491 5900 vsmraid - ok
10:47:42.0567 5900 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
10:47:42.0586 5900 VSS - ok
10:47:42.0630 5900 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
10:47:42.0636 5900 W32Time - ok
10:47:42.0696 5900 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
10:47:42.0698 5900 WacomPen - ok
10:47:42.0729 5900 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:47:42.0731 5900 Wanarp - ok
10:47:42.0736 5900 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:47:42.0737 5900 Wanarpv6 - ok
10:47:42.0792 5900 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
10:47:42.0801 5900 wcncsvc - ok
10:47:42.0835 5900 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
10:47:42.0837 5900 WcsPlugInService - ok
10:47:42.0881 5900 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
10:47:42.0883 5900 Wd - ok
10:47:42.0961 5900 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
10:47:42.0973 5900 Wdf01000 - ok
10:47:42.0990 5900 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
10:47:42.0994 5900 WdiServiceHost - ok
10:47:42.0998 5900 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
10:47:43.0004 5900 WdiSystemHost - ok
10:47:43.0025 5900 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
10:47:43.0031 5900 WebClient - ok
10:47:43.0076 5900 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
10:47:43.0082 5900 Wecsvc - ok
10:47:43.0137 5900 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
10:47:43.0140 5900 wercplsupport - ok
10:47:43.0158 5900 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
10:47:43.0161 5900 WerSvc - ok
10:47:43.0242 5900 winachsf (a53cde6beea165fe9b430476eede3c54) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
10:47:43.0256 5900 winachsf - ok
10:47:43.0294 5900 WinDefend - ok
10:47:43.0302 5900 WinHttpAutoProxySvc - ok
10:47:43.0354 5900 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
10:47:43.0358 5900 Winmgmt - ok
10:47:43.0447 5900 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
10:47:43.0473 5900 WinRM - ok
10:47:43.0584 5900 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
10:47:43.0594 5900 Wlansvc - ok
10:47:43.0743 5900 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:47:43.0769 5900 wlidsvc - ok
10:47:43.0864 5900 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
10:47:43.0866 5900 WmiAcpi - ok
10:47:43.0912 5900 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
10:47:43.0916 5900 wmiApSrv - ok
10:47:43.0954 5900 WMPNetworkSvc - ok
10:47:43.0988 5900 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
10:47:43.0993 5900 WPCSvc - ok
10:47:44.0022 5900 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
10:47:44.0026 5900 WPDBusEnum - ok
10:47:44.0231 5900 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:47:44.0248 5900 WPFFontCache_v0400 - ok
10:47:44.0281 5900 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
10:47:44.0288 5900 ws2ifsl - ok
10:47:44.0321 5900 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
10:47:44.0326 5900 wscsvc - ok
10:47:44.0335 5900 WSearch - ok
10:47:44.0465 5900 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:47:44.0507 5900 wuauserv - ok
10:47:44.0612 5900 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:47:44.0616 5900 WUDFRd - ok
10:47:44.0642 5900 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
10:47:44.0647 5900 wudfsvc - ok
10:47:44.0691 5900 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
10:47:44.0693 5900 XAudio - ok
10:47:44.0725 5900 XAudioService (963c27034bba4ac52a13f7a3c657c708) C:\Windows\system32\DRIVERS\xaudio64.exe
10:47:44.0732 5900 XAudioService - ok
10:47:44.0832 5900 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:47:44.0839 5900 YahooAUService - ok
10:47:44.0853 5900 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
10:47:44.0911 5900 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
10:47:44.0912 5900 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
10:47:44.0959 5900 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:47:44.0960 5900 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:47:44.0992 5900 Boot (0x1200) (9cb736b8eba99aab8217ff23d8e60310) \Device\Harddisk0\DR0\Partition0
10:47:45.0005 5900 \Device\Harddisk0\DR0\Partition0 - ok
10:47:45.0019 5900 Boot (0x1200) (99fd39222fbeed53c673f6ea1e9c9379) \Device\Harddisk0\DR0\Partition1
10:47:45.0022 5900 \Device\Harddisk0\DR0\Partition1 - ok
10:47:45.0026 5900 ============================================================
10:47:45.0026 5900 Scan finished
10:47:45.0026 5900 ============================================================
10:47:45.0058 4204 Detected object count: 2
10:47:45.0058 4204 Actual detected object count: 2
10:48:03.0647 4204 \Device\Harddisk0\DR0\# - copied to quarantine
10:48:03.0648 4204 \Device\Harddisk0\DR0 - copied to quarantine
10:48:03.0683 4204 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
10:48:03.0685 4204 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
10:48:03.0688 4204 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
10:48:03.0692 4204 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
10:48:03.0698 4204 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:48:03.0703 4204 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:48:03.0704 4204 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
10:48:03.0705 4204 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
10:48:03.0708 4204 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
10:48:03.0710 4204 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:48:03.0712 4204 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:48:03.0714 4204 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
10:48:03.0716 4204 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
10:48:03.0717 4204 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
10:48:03.0748 4204 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
10:48:03.0749 4204 \Device\Harddisk0\DR0 - ok
10:48:03.0751 4204 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
10:48:03.0751 4204 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:48:03.0752 4204 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
10:48:46.0485 2556 Deinitialize success

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:20 PM

Posted 06 August 2012 - 10:23 AM

Infecting keeps repeating

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot,click on REPAIR

Run TDSSkiller and aswmbr once again and post the new logs




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users