Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with a "Trojan horse patched_c.LXT" in c:\Windows\System32\services.exe


  • This topic is locked This topic is locked
31 replies to this topic

#1 roy2012

roy2012

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 06 August 2012 - 08:43 AM

I have 2 issues .
1)
My AVG internet security resident shield regularly comes up with an alert stating that a threat has been detected . It says :
File name : c:\Windows\System32\services.exe
Threat name : trojan horse patched_c.LXT
detected on open.

beneath this box there is usually a button which will move the malware into the "virus vault " . But in this case there is nothing but a button giving me the option to ignore the threat . AVG also finds this same malware during the whole computer scan , but because services.exe is a system file AVG says that the file is "white listed" and so AVG just ignores it . AVG first found the trojan on 04/08/2012. So far i have been unable to remove it .
I am running Windows 7 Service pack 1 64bit - therefore i have not posted a GMER log as advised in the instructions topic.

2) luha.sirfef.a
AVG said in the whole computer scan 2 days ago that it found luha.sirefef.a . I did another whole computer scan today and it could not find the luha.sirefef.a ( I have disconnected my laptop from the internet due to the luha.sirefef.a and services.exe trojan) . does this mean that the virus is gone? I am a bit suspicious as i had not taken any steps to remove the sirefef other than deleting a registry file that was mentioned to be malicious on many websites
(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "Certoficate Revocation" = "o" . Now that the virus is no longer being found in AVG i cannot be sure of the location in which it was found . does it mean that becuase avg is no longer finding this virus , it is no longer there? - i repeat that i had not taken any steps against it apart from the deletion of the registry file mentioned. I don't even know what luhe.sirefef.a is and it is not in the microsoft malware encyclopedia.
the dds report was taken when my infected laptop was disconnected from the internet.
thank you,
roy



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Surroy Samsung at 14:03:24 on 2012-08-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6058.4200 [GMT 1:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\windows\system32\taskhost.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\explorer.exe
C:\windows\system32\msiexec.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgscana.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
uRun: [Google Update] "C:\Users\Surroy Samsung\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Conime] %windir%\system32\conime.exe
StartupFolder: C:\Users\SURROY~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EE8E2598-0154-46B8-B7BD-AB80774D7B07} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Conime] %windir%\system32\conime.exe
AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Surroy Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\t5ssd7tc.default\
FF - prefs.js: browser.search.selectedEngine - BitTorrentBar Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B48352e24-5be2-432a-bafc-c00a7c680521%7D&mid=8720a1589a5347d09a540de0376b2f26-f9666ff14c6a331e3d2b30467f6a1ceb1f5430a4&ds=AVG&v=11.1.0.12&lang=en&pr=pr&d=2012-05-22%2021%3A54%3A36&sap=ku&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Surroy Samsung\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Surroy Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\t5ssd7tc.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\plugins\np-mswmp.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]
R1 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwd6a.sys --> C:\windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-8-3 625816]
R2 sbapifs;sbapifs;C:\windows\system32\DRIVERS\sbapifs.sys --> C:\windows\system32\DRIVERS\sbapifs.sys [?]
R2 SGDrv;SGDrv;C:\windows\system32\DRIVERS\SGdrv64.sys --> C:\windows\system32\DRIVERS\SGdrv64.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-11 2656536]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-10 935008]
R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;C:\windows\system32\DRIVERS\AMPPAL.sys --> C:\windows\system32\DRIVERS\AMPPAL.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-3 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-11 1997416]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-4 250056]
S3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;C:\windows\system32\DRIVERS\amppal.sys --> C:\windows\system32\DRIVERS\amppal.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\system32\DRIVERS\btmaux.sys --> C:\windows\system32\DRIVERS\btmaux.sys [?]
S3 btmhsf;btmhsf;C:\windows\system32\DRIVERS\btmhsf.sys --> C:\windows\system32\DRIVERS\btmhsf.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-3 136176]
S3 iBtFltCoex;iBtFltCoex;C:\windows\system32\DRIVERS\iBtFltCoex.sys --> C:\windows\system32\DRIVERS\iBtFltCoex.sys [?]
S3 ivusb;Initio Driver for USB Default Controller;C:\windows\system32\DRIVERS\ivusb.sys --> C:\windows\system32\DRIVERS\ivusb.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-3 129976]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.Attached File  Attach.txt   15.56KB   1 downloads
=============== Created Last 30 ================
.
2012-08-05 17:50:22 812920 ----a-r- C:\windows\SysWow64\IS3Base5.dll
2012-08-05 17:50:22 67448 ----a-r- C:\windows\SysWow64\IS3Hks5.dll
2012-08-05 17:50:22 546680 ----a-r- C:\windows\SysWow64\SZComp5.dll
2012-08-05 17:50:22 497528 ----a-r- C:\windows\SysWow64\SZBase5.dll
2012-08-05 17:50:22 456568 ----a-r- C:\windows\SysWow64\IS3DBA5.dll
2012-08-05 17:50:22 391032 ----a-r- C:\windows\SysWow64\IS3UI5.dll
2012-08-05 17:50:22 23416 ----a-r- C:\windows\SysWow64\SZIO5.dll
2012-08-05 17:50:22 231288 ----a-r- C:\windows\SysWow64\IS3Win325.dll
2012-08-05 17:50:22 132984 ----a-r- C:\windows\SysWow64\IS3HTUI5.dll
2012-08-05 17:50:22 104312 ----a-r- C:\windows\SysWow64\IS3Inet5.dll
2012-08-05 17:50:22 100216 ----a-r- C:\windows\SysWow64\IS3Svc5.dll
2012-08-05 14:53:11 74872 ----a-r- C:\windows\System32\drivers\sbapifs.sys
2012-08-04 23:57:11 -------- d-----w- C:\ProgramData\STOPzilla!
2012-08-04 23:57:11 -------- d-----w- C:\Program Files (x86)\STOPzilla!
2012-08-04 20:01:52 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2012-08-04 19:51:06 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-04 19:51:06 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 19:34:01 -------- d-----w- C:\ProgramData\Electronic Arts
2012-08-04 19:34:01 -------- d-----w- C:\ProgramData\EA Core
2012-08-04 19:25:24 78680 ----a-w- C:\windows\System32\XAPOFX1_4.dll
2012-08-04 19:25:24 74072 ----a-w- C:\windows\SysWow64\XAPOFX1_4.dll
2012-08-04 19:25:24 530776 ----a-w- C:\windows\System32\XAudio2_6.dll
2012-08-04 19:25:24 528216 ----a-w- C:\windows\SysWow64\XAudio2_6.dll
2012-08-04 19:25:24 238936 ----a-w- C:\windows\SysWow64\xactengine3_6.dll
2012-08-04 19:25:24 176984 ----a-w- C:\windows\System32\xactengine3_6.dll
2012-08-04 19:25:23 24920 ----a-w- C:\windows\System32\X3DAudio1_7.dll
2012-08-04 19:25:23 22360 ----a-w- C:\windows\SysWow64\X3DAudio1_7.dll
2012-08-04 19:05:34 -------- d-----w- C:\Users\Surroy Samsung\AppData\Roaming\DAEMON Tools Pro
2012-08-04 19:04:41 -------- d-----w- C:\ProgramData\DAEMON Tools Pro
2012-08-04 10:55:28 -------- d-----w- C:\Users\Surroy Samsung\AppData\Local\DirectDownloader
2012-08-04 10:04:32 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-08-04 02:05:23 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-08-04 02:03:04 294912 ----a-w- C:\windows\System32\browserchoice.exe
2012-08-03 23:26:37 -------- d-----w- C:\Users\Surroy Samsung\AppData\Roaming\TeraCopy
2012-08-03 23:26:30 -------- d-----w- C:\Program Files\TeraCopy
2012-08-03 18:40:14 -------- d-----w- C:\Program Files (x86)\PANDORA.TV
2012-08-03 18:39:45 -------- d-----w- C:\Program Files (x86)\The KMPlayer
2012-08-03 18:39:33 -------- d-----w- C:\ProgramData\Ask
2012-08-03 18:00:04 -------- d-----w- C:\Users\Surroy Samsung\AppData\Local\CRE
2012-08-03 17:59:55 -------- d-----w- C:\Program Files (x86)\Conduit
2012-08-03 17:59:52 -------- d-----w- C:\Users\Surroy Samsung\AppData\Local\Conduit
2012-08-03 17:59:29 -------- d-----w- C:\Program Files (x86)\BitTorrent
2012-08-03 17:56:29 -------- d-----w- C:\Users\Surroy Samsung\AppData\Roaming\BitTorrent
2012-08-03 17:52:09 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-08-03 17:52:07 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-08-03 17:52:07 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-07-17 07:36:16 29048 ----a-r- C:\windows\SysWow64\IS3XDat5.dll
.
==================== Find3M ====================
.
2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
.
============= FINISH: 14:04:17.10 ===============

Edited by roy2012, 06 August 2012 - 11:18 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:12 AM

Posted 08 August 2012 - 08:18 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:12 AM

Posted 11 August 2012 - 12:33 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 roy2012

roy2012
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 11 August 2012 - 09:24 AM

hello gringo ,
i am sorry for forgetting about this post but i have been busy .
i will carry out the instructions you gave me as soon as possible.
thanks ,
roy

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:12 AM

Posted 11 August 2012 - 10:17 AM

No problem and hope to see you soon



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 roy2012

roy2012
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 11 August 2012 - 03:45 PM

checkup.txt contents :


Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Internet Security 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 22
Java version out of Date!
Adobe Reader X (10.1.1)
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 20.0.1132.47
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:12 AM

Posted 11 August 2012 - 03:53 PM

I will be around for when the combofix report is ready


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 roy2012

roy2012
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 11 August 2012 - 04:02 PM

the combofix window closed and there has been nothing happening since. what should i do now?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:12 AM

Posted 11 August 2012 - 04:06 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 roy2012

roy2012
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 11 August 2012 - 04:12 PM

sorry , i dont know if you saw my previous message ... the combofix window closed and i could find no report . should i just move onto the next instruction you gave me ?
thanks ,

#11 roy2012

roy2012
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 11 August 2012 - 04:17 PM

TDSS KILLER REPORT



22:15:26.0453 4488 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:15:27.0633 4488 ============================================================
22:15:27.0633 4488 Current date / time: 2012/08/11 22:15:27.0633
22:15:27.0633 4488 SystemInfo:
22:15:27.0633 4488
22:15:27.0633 4488 OS Version: 6.1.7601 ServicePack: 1.0
22:15:27.0633 4488 Product type: Workstation
22:15:27.0633 4488 ComputerName: SURROYSAMSUNG
22:15:27.0634 4488 UserName: Surroy Samsung
22:15:27.0634 4488 Windows directory: C:\windows
22:15:27.0634 4488 System windows directory: C:\windows
22:15:27.0634 4488 Running under WOW64
22:15:27.0634 4488 Processor architecture: Intel x64
22:15:27.0634 4488 Number of processors: 2
22:15:27.0634 4488 Page size: 0x1000
22:15:27.0634 4488 Boot type: Normal boot
22:15:27.0634 4488 ============================================================
22:15:28.0312 4488 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:15:28.0319 4488 ============================================================
22:15:28.0320 4488 \Device\Harddisk0\DR0:
22:15:28.0320 4488 MBR partitions:
22:15:28.0320 4488 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:15:28.0320 4488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1CC00000
22:15:28.0340 4488 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1CC33000, BlocksNum 0x2AE01000
22:15:28.0340 4488 ============================================================
22:15:28.0382 4488 C: <-> \Device\Harddisk0\DR0\Partition1
22:15:28.0422 4488 D: <-> \Device\Harddisk0\DR0\Partition2
22:15:28.0422 4488 ============================================================
22:15:28.0422 4488 Initialize success
22:15:28.0422 4488 ============================================================
22:15:43.0131 0528 ============================================================
22:15:43.0131 0528 Scan started
22:15:43.0131 0528 Mode: Manual;
22:15:43.0131 0528 ============================================================
22:15:45.0268 0528 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
22:15:45.0284 0528 1394ohci - ok
22:15:45.0374 0528 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
22:15:45.0380 0528 ACPI - ok
22:15:45.0411 0528 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
22:15:45.0413 0528 AcpiPmi - ok
22:15:45.0631 0528 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:15:45.0633 0528 AdobeARMservice - ok
22:15:45.0750 0528 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:15:45.0755 0528 AdobeFlashPlayerUpdateSvc - ok
22:15:45.0816 0528 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
22:15:45.0867 0528 adp94xx - ok
22:15:45.0930 0528 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
22:15:45.0977 0528 adpahci - ok
22:15:46.0030 0528 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
22:15:46.0034 0528 adpu320 - ok
22:15:46.0069 0528 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
22:15:46.0071 0528 AeLookupSvc - ok
22:15:46.0174 0528 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
22:15:46.0192 0528 AFD - ok
22:15:46.0260 0528 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
22:15:46.0262 0528 agp440 - ok
22:15:46.0303 0528 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
22:15:46.0306 0528 ALG - ok
22:15:46.0339 0528 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
22:15:46.0341 0528 aliide - ok
22:15:46.0370 0528 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
22:15:46.0371 0528 amdide - ok
22:15:46.0417 0528 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
22:15:46.0420 0528 AmdK8 - ok
22:15:46.0433 0528 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
22:15:46.0436 0528 AmdPPM - ok
22:15:46.0476 0528 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
22:15:46.0479 0528 amdsata - ok
22:15:46.0523 0528 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
22:15:46.0528 0528 amdsbs - ok
22:15:46.0555 0528 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
22:15:46.0556 0528 amdxata - ok
22:15:46.0628 0528 AMPPAL (9921e78bc29634235f4bf5809e7e8cde) C:\windows\system32\DRIVERS\AMPPAL.sys
22:15:46.0636 0528 AMPPAL - ok
22:15:46.0659 0528 AMPPALP (9921e78bc29634235f4bf5809e7e8cde) C:\windows\system32\DRIVERS\amppal.sys
22:15:46.0664 0528 AMPPALP - ok
22:15:46.0852 0528 AMPPALR3 (83a0e7ba4ae616d3654e700d9c5ff9db) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
22:15:46.0870 0528 AMPPALR3 - ok
22:15:47.0036 0528 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
22:15:47.0039 0528 AppID - ok
22:15:47.0068 0528 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
22:15:47.0070 0528 AppIDSvc - ok
22:15:47.0110 0528 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
22:15:47.0112 0528 Appinfo - ok
22:15:47.0279 0528 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:15:47.0282 0528 Apple Mobile Device - ok
22:15:47.0346 0528 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
22:15:47.0350 0528 arc - ok
22:15:47.0363 0528 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
22:15:47.0366 0528 arcsas - ok
22:15:47.0422 0528 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
22:15:47.0425 0528 AsyncMac - ok
22:15:47.0454 0528 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
22:15:47.0455 0528 atapi - ok
22:15:47.0536 0528 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:15:47.0547 0528 AudioEndpointBuilder - ok
22:15:47.0565 0528 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:15:47.0575 0528 AudioSrv - ok
22:15:47.0665 0528 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\windows\system32\DRIVERS\avgfwd6a.sys
22:15:47.0667 0528 Avgfwfd - ok
22:15:47.0908 0528 avgfws (bd5d11cedbcde4fa97d2387e7069b1ff) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
22:15:47.0942 0528 avgfws - ok
22:15:48.0359 0528 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
22:15:48.0434 0528 AVGIDSAgent - ok
22:15:48.0577 0528 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
22:15:48.0579 0528 AVGIDSDriver - ok
22:15:48.0602 0528 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
22:15:48.0604 0528 AVGIDSFilter - ok
22:15:48.0654 0528 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
22:15:48.0655 0528 AVGIDSHA - ok
22:15:48.0696 0528 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
22:15:48.0701 0528 Avgldx64 - ok
22:15:48.0749 0528 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
22:15:48.0751 0528 Avgmfx64 - ok
22:15:48.0820 0528 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
22:15:48.0821 0528 Avgrkx64 - ok
22:15:48.0859 0528 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
22:15:48.0865 0528 Avgtdia - ok
22:15:48.0997 0528 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
22:15:49.0001 0528 avgwd - ok
22:15:49.0045 0528 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
22:15:49.0049 0528 AxInstSV - ok
22:15:49.0109 0528 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
22:15:49.0120 0528 b06bdrv - ok
22:15:49.0210 0528 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
22:15:49.0217 0528 b57nd60a - ok
22:15:49.0305 0528 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
22:15:49.0311 0528 BBSvc - ok
22:15:49.0385 0528 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
22:15:49.0388 0528 BDESVC - ok
22:15:49.0432 0528 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
22:15:49.0434 0528 Beep - ok
22:15:49.0502 0528 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
22:15:49.0516 0528 BFE - ok
22:15:49.0617 0528 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
22:15:49.0619 0528 blbdrive - ok
22:15:49.0798 0528 Bluetooth Device Monitor (55b0c8441de7d91a819a39d0351154a2) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
22:15:49.0813 0528 Bluetooth Device Monitor - ok
22:15:49.0930 0528 Bluetooth Media Service (7e262330df0c4be4ece853b59b9cbe4c) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
22:15:49.0950 0528 Bluetooth Media Service - ok
22:15:50.0049 0528 Bluetooth OBEX Service (8bf4b9956e13871a88a3810074e2e110) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
22:15:50.0064 0528 Bluetooth OBEX Service - ok
22:15:50.0199 0528 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:15:50.0206 0528 Bonjour Service - ok
22:15:50.0344 0528 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
22:15:50.0346 0528 bowser - ok
22:15:50.0380 0528 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
22:15:50.0382 0528 BrFiltLo - ok
22:15:50.0388 0528 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
22:15:50.0390 0528 BrFiltUp - ok
22:15:50.0412 0528 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
22:15:50.0414 0528 BridgeMP - ok
22:15:50.0452 0528 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
22:15:50.0455 0528 Browser - ok
22:15:50.0494 0528 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
22:15:50.0501 0528 Brserid - ok
22:15:50.0516 0528 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
22:15:50.0519 0528 BrSerWdm - ok
22:15:50.0536 0528 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
22:15:50.0539 0528 BrUsbMdm - ok
22:15:50.0577 0528 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
22:15:50.0579 0528 BrUsbSer - ok
22:15:50.0663 0528 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
22:15:50.0665 0528 BthEnum - ok
22:15:50.0695 0528 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
22:15:50.0698 0528 BTHMODEM - ok
22:15:50.0728 0528 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
22:15:50.0730 0528 BthPan - ok
22:15:50.0803 0528 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
22:15:50.0812 0528 BTHPORT - ok
22:15:50.0856 0528 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
22:15:50.0858 0528 bthserv - ok
22:15:50.0978 0528 BTHSSecurityMgr (a5b3e8b2b78c7b3da56a0de490e6718c) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
22:15:50.0981 0528 BTHSSecurityMgr - ok
22:15:50.0999 0528 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
22:15:51.0002 0528 BTHUSB - ok
22:15:51.0067 0528 btmaux (270fba230e78e25726d065a924589a72) C:\windows\system32\DRIVERS\btmaux.sys
22:15:51.0069 0528 btmaux - ok
22:15:51.0103 0528 btmhsf (0010a54571f525a97eed8c091e96eaa9) C:\windows\system32\DRIVERS\btmhsf.sys
22:15:51.0108 0528 btmhsf - ok
22:15:51.0146 0528 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
22:15:51.0149 0528 cdfs - ok
22:15:51.0193 0528 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
22:15:51.0197 0528 cdrom - ok
22:15:51.0234 0528 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:15:51.0238 0528 CertPropSvc - ok
22:15:51.0274 0528 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
22:15:51.0276 0528 circlass - ok
22:15:51.0307 0528 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
22:15:51.0314 0528 CLFS - ok
22:15:51.0405 0528 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:15:51.0409 0528 clr_optimization_v2.0.50727_32 - ok
22:15:51.0455 0528 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:15:51.0458 0528 clr_optimization_v2.0.50727_64 - ok
22:15:51.0531 0528 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:15:51.0535 0528 clr_optimization_v4.0.30319_32 - ok
22:15:51.0588 0528 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:15:51.0592 0528 clr_optimization_v4.0.30319_64 - ok
22:15:51.0628 0528 clwvd (e13a438f9e51dd034730678e33b73290) C:\windows\system32\DRIVERS\clwvd.sys
22:15:51.0629 0528 clwvd - ok
22:15:51.0647 0528 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
22:15:51.0648 0528 CmBatt - ok
22:15:51.0679 0528 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
22:15:51.0681 0528 cmdide - ok
22:15:51.0737 0528 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
22:15:51.0747 0528 CNG - ok
22:15:51.0819 0528 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
22:15:51.0820 0528 Compbatt - ok
22:15:51.0840 0528 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
22:15:51.0842 0528 CompositeBus - ok
22:15:51.0855 0528 COMSysApp - ok
22:15:51.0890 0528 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
22:15:51.0892 0528 crcdisk - ok
22:15:51.0948 0528 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
22:15:51.0952 0528 CryptSvc - ok
22:15:52.0138 0528 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:15:52.0150 0528 cvhsvc - ok
22:15:52.0250 0528 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:15:52.0261 0528 DcomLaunch - ok
22:15:52.0337 0528 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
22:15:52.0345 0528 defragsvc - ok
22:15:52.0446 0528 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
22:15:52.0449 0528 DfsC - ok
22:15:52.0498 0528 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
22:15:52.0504 0528 Dhcp - ok
22:15:52.0588 0528 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
22:15:52.0590 0528 discache - ok
22:15:52.0636 0528 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
22:15:52.0638 0528 Disk - ok
22:15:52.0684 0528 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
22:15:52.0688 0528 Dnscache - ok
22:15:52.0761 0528 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
22:15:52.0768 0528 dot3svc - ok
22:15:52.0796 0528 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
22:15:52.0801 0528 DPS - ok
22:15:52.0838 0528 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
22:15:52.0839 0528 drmkaud - ok
22:15:52.0933 0528 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
22:15:52.0948 0528 DXGKrnl - ok
22:15:52.0997 0528 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
22:15:53.0000 0528 EapHost - ok
22:15:53.0257 0528 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
22:15:53.0355 0528 ebdrv - ok
22:15:53.0491 0528 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
22:15:53.0494 0528 EFS - ok
22:15:53.0567 0528 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
22:15:53.0581 0528 ehRecvr - ok
22:15:53.0604 0528 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
22:15:53.0608 0528 ehSched - ok
22:15:53.0701 0528 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
22:15:53.0712 0528 elxstor - ok
22:15:53.0755 0528 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
22:15:53.0757 0528 ErrDev - ok
22:15:53.0816 0528 ETD (98b103d1d5c426a10219437e36e03fe8) C:\windows\system32\DRIVERS\ETD.sys
22:15:53.0820 0528 ETD - ok
22:15:53.0927 0528 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
22:15:53.0935 0528 EventSystem - ok
22:15:53.0967 0528 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
22:15:53.0972 0528 exfat - ok
22:15:54.0002 0528 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
22:15:54.0008 0528 fastfat - ok
22:15:54.0078 0528 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
22:15:54.0092 0528 Fax - ok
22:15:54.0145 0528 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
22:15:54.0147 0528 fdc - ok
22:15:54.0188 0528 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
22:15:54.0190 0528 fdPHost - ok
22:15:54.0246 0528 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
22:15:54.0249 0528 FDResPub - ok
22:15:54.0260 0528 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
22:15:54.0261 0528 FileInfo - ok
22:15:54.0283 0528 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
22:15:54.0286 0528 Filetrace - ok
22:15:54.0297 0528 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
22:15:54.0299 0528 flpydisk - ok
22:15:54.0333 0528 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
22:15:54.0338 0528 FltMgr - ok
22:15:54.0402 0528 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
22:15:54.0425 0528 FontCache - ok
22:15:54.0515 0528 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:15:54.0517 0528 FontCache3.0.0.0 - ok
22:15:54.0612 0528 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
22:15:54.0615 0528 FsDepends - ok
22:15:54.0641 0528 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
22:15:54.0642 0528 Fs_Rec - ok
22:15:54.0714 0528 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
22:15:54.0720 0528 fvevol - ok
22:15:54.0756 0528 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
22:15:54.0759 0528 gagp30kx - ok
22:15:54.0891 0528 GameConsoleService (521a469caf61f00e1de081cc2099c1d6) C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
22:15:54.0897 0528 GameConsoleService - ok
22:15:54.0925 0528 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
22:15:54.0927 0528 GEARAspiWDM - ok
22:15:54.0986 0528 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
22:15:55.0000 0528 gpsvc - ok
22:15:55.0125 0528 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:15:55.0128 0528 gupdate - ok
22:15:55.0154 0528 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:15:55.0157 0528 gupdatem - ok
22:15:55.0230 0528 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
22:15:55.0232 0528 hcw85cir - ok
22:15:55.0262 0528 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
22:15:55.0270 0528 HdAudAddService - ok
22:15:55.0294 0528 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
22:15:55.0297 0528 HDAudBus - ok
22:15:55.0304 0528 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
22:15:55.0307 0528 HidBatt - ok
22:15:55.0335 0528 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
22:15:55.0338 0528 HidBth - ok
22:15:55.0348 0528 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
22:15:55.0350 0528 HidIr - ok
22:15:55.0378 0528 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
22:15:55.0381 0528 hidserv - ok
22:15:55.0408 0528 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
22:15:55.0413 0528 HidUsb - ok
22:15:55.0482 0528 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
22:15:55.0486 0528 hkmsvc - ok
22:15:55.0515 0528 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
22:15:55.0523 0528 HomeGroupListener - ok
22:15:55.0588 0528 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
22:15:55.0595 0528 HomeGroupProvider - ok
22:15:55.0638 0528 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
22:15:55.0642 0528 HpSAMD - ok
22:15:55.0692 0528 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
22:15:55.0703 0528 HTTP - ok
22:15:55.0725 0528 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
22:15:55.0726 0528 hwpolicy - ok
22:15:55.0761 0528 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
22:15:55.0764 0528 i8042prt - ok
22:15:55.0848 0528 iaStor (53cc5bf8b5a219119953c7abb19a7705) C:\windows\system32\DRIVERS\iaStor.sys
22:15:55.0856 0528 iaStor - ok
22:15:55.0912 0528 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
22:15:55.0921 0528 iaStorV - ok
22:15:55.0956 0528 iBtFltCoex (de9e40baee2e48fd1e3eb423074c014c) C:\windows\system32\DRIVERS\iBtFltCoex.sys
22:15:55.0959 0528 iBtFltCoex - ok
22:15:56.0106 0528 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:15:56.0123 0528 idsvc - ok
22:15:56.0671 0528 igfx (8cb8667f5a3b5515f2585f3254f3aaf7) C:\windows\system32\DRIVERS\igdkmd64.sys
22:15:57.0005 0528 igfx - ok
22:15:57.0115 0528 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
22:15:57.0117 0528 iirsp - ok
22:15:57.0266 0528 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
22:15:57.0268 0528 IJPLMSVC - ok
22:15:57.0347 0528 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
22:15:57.0365 0528 IKEEXT - ok
22:15:57.0509 0528 IntcAzAudAddService (8e05adb4b809b478b2ec65a1a1633deb) C:\windows\system32\drivers\RTKVHD64.sys
22:15:57.0552 0528 IntcAzAudAddService - ok
22:15:57.0726 0528 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
22:15:57.0733 0528 IntcDAud - ok
22:15:57.0763 0528 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
22:15:57.0765 0528 intelide - ok
22:15:57.0825 0528 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
22:15:57.0827 0528 intelppm - ok
22:15:57.0869 0528 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
22:15:57.0874 0528 IPBusEnum - ok
22:15:57.0890 0528 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:15:57.0893 0528 IpFilterDriver - ok
22:15:57.0965 0528 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
22:15:57.0978 0528 iphlpsvc - ok
22:15:58.0004 0528 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
22:15:58.0006 0528 IPMIDRV - ok
22:15:58.0101 0528 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
22:15:58.0105 0528 IPNAT - ok
22:15:58.0192 0528 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:15:58.0206 0528 iPod Service - ok
22:15:58.0259 0528 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
22:15:58.0261 0528 IRENUM - ok
22:15:58.0291 0528 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
22:15:58.0293 0528 isapnp - ok
22:15:58.0328 0528 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
22:15:58.0335 0528 iScsiPrt - ok
22:15:58.0424 0528 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\windows\system32\DRIVERS\ivusb.sys
22:15:58.0426 0528 ivusb - ok
22:15:58.0453 0528 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
22:15:58.0455 0528 kbdclass - ok
22:15:58.0476 0528 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
22:15:58.0478 0528 kbdhid - ok
22:15:58.0514 0528 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:15:58.0518 0528 KeyIso - ok
22:15:58.0711 0528 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
22:15:58.0719 0528 Kodak AiO Network Discovery Service - ok
22:15:58.0749 0528 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
22:15:58.0751 0528 KSecDD - ok
22:15:58.0813 0528 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
22:15:58.0816 0528 KSecPkg - ok
22:15:58.0845 0528 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
22:15:58.0847 0528 ksthunk - ok
22:15:58.0906 0528 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
22:15:58.0918 0528 KtmRm - ok
22:15:59.0008 0528 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
22:15:59.0015 0528 LanmanServer - ok
22:15:59.0048 0528 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
22:15:59.0054 0528 LanmanWorkstation - ok
22:15:59.0097 0528 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
22:15:59.0099 0528 lltdio - ok
22:15:59.0152 0528 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
22:15:59.0161 0528 lltdsvc - ok
22:15:59.0179 0528 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
22:15:59.0182 0528 lmhosts - ok
22:15:59.0349 0528 LMS (f4a17dcab576267c85663e64f3ace5a4) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:15:59.0355 0528 LMS - ok
22:15:59.0395 0528 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
22:15:59.0399 0528 LSI_FC - ok
22:15:59.0414 0528 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
22:15:59.0420 0528 LSI_SAS - ok
22:15:59.0430 0528 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
22:15:59.0433 0528 LSI_SAS2 - ok
22:15:59.0443 0528 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
22:15:59.0447 0528 LSI_SCSI - ok
22:15:59.0487 0528 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
22:15:59.0490 0528 luafv - ok
22:15:59.0530 0528 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
22:15:59.0535 0528 Mcx2Svc - ok
22:15:59.0557 0528 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
22:15:59.0560 0528 megasas - ok
22:15:59.0635 0528 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
22:15:59.0642 0528 MegaSR - ok
22:15:59.0681 0528 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
22:15:59.0683 0528 MEIx64 - ok
22:15:59.0765 0528 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:15:59.0769 0528 MMCSS - ok
22:15:59.0787 0528 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
22:15:59.0790 0528 Modem - ok
22:15:59.0835 0528 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
22:15:59.0836 0528 monitor - ok
22:15:59.0853 0528 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
22:15:59.0856 0528 mouclass - ok
22:15:59.0915 0528 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
22:15:59.0917 0528 mouhid - ok
22:15:59.0946 0528 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
22:15:59.0948 0528 mountmgr - ok
22:16:00.0096 0528 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:16:00.0100 0528 MozillaMaintenance - ok
22:16:00.0169 0528 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
22:16:00.0174 0528 mpio - ok
22:16:00.0201 0528 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
22:16:00.0205 0528 mpsdrv - ok
22:16:00.0239 0528 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
22:16:00.0243 0528 MRxDAV - ok
22:16:00.0277 0528 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
22:16:00.0280 0528 mrxsmb - ok
22:16:00.0312 0528 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:16:00.0317 0528 mrxsmb10 - ok
22:16:00.0340 0528 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:16:00.0343 0528 mrxsmb20 - ok
22:16:00.0370 0528 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
22:16:00.0372 0528 msahci - ok
22:16:00.0431 0528 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
22:16:00.0435 0528 msdsm - ok
22:16:00.0469 0528 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
22:16:00.0475 0528 MSDTC - ok
22:16:00.0508 0528 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
22:16:00.0510 0528 Msfs - ok
22:16:00.0522 0528 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
22:16:00.0524 0528 mshidkmdf - ok
22:16:00.0559 0528 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
22:16:00.0561 0528 msisadrv - ok
22:16:00.0608 0528 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
22:16:00.0614 0528 MSiSCSI - ok
22:16:00.0620 0528 msiserver - ok
22:16:00.0664 0528 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
22:16:00.0666 0528 MSKSSRV - ok
22:16:00.0682 0528 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
22:16:00.0684 0528 MSPCLOCK - ok
22:16:00.0690 0528 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
22:16:00.0692 0528 MSPQM - ok
22:16:00.0734 0528 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
22:16:00.0741 0528 MsRPC - ok
22:16:00.0825 0528 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
22:16:00.0826 0528 mssmbios - ok
22:16:00.0865 0528 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
22:16:00.0867 0528 MSTEE - ok
22:16:00.0895 0528 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
22:16:00.0897 0528 MTConfig - ok
22:16:00.0964 0528 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
22:16:00.0966 0528 Mup - ok
22:16:01.0022 0528 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
22:16:01.0034 0528 napagent - ok
22:16:01.0127 0528 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
22:16:01.0133 0528 NativeWifiP - ok
22:16:01.0203 0528 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
22:16:01.0221 0528 NDIS - ok
22:16:01.0262 0528 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
22:16:01.0264 0528 NdisCap - ok
22:16:01.0301 0528 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
22:16:01.0303 0528 NdisTapi - ok
22:16:01.0338 0528 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
22:16:01.0340 0528 Ndisuio - ok
22:16:01.0369 0528 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
22:16:01.0373 0528 NdisWan - ok
22:16:01.0386 0528 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
22:16:01.0388 0528 NDProxy - ok
22:16:01.0400 0528 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
22:16:01.0402 0528 NetBIOS - ok
22:16:01.0431 0528 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
22:16:01.0438 0528 NetBT - ok
22:16:01.0465 0528 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:16:01.0468 0528 Netlogon - ok
22:16:01.0570 0528 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
22:16:01.0580 0528 Netman - ok
22:16:01.0608 0528 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
22:16:01.0619 0528 netprofm - ok
22:16:01.0737 0528 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:16:01.0741 0528 NetTcpPortSharing - ok
22:16:02.0144 0528 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\windows\system32\DRIVERS\NETwNs64.sys
22:16:02.0392 0528 NETwNs64 - ok
22:16:02.0550 0528 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
22:16:02.0552 0528 nfrd960 - ok
22:16:02.0635 0528 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
22:16:02.0642 0528 NlaSvc - ok
22:16:02.0886 0528 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
22:16:02.0929 0528 NOBU - ok
22:16:03.0068 0528 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
22:16:03.0071 0528 Npfs - ok
22:16:03.0106 0528 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
22:16:03.0110 0528 nsi - ok
22:16:03.0126 0528 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
22:16:03.0127 0528 nsiproxy - ok
22:16:03.0230 0528 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
22:16:03.0255 0528 Ntfs - ok
22:16:03.0389 0528 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
22:16:03.0390 0528 Null - ok
22:16:04.0028 0528 nvlddmkm (70e89a21827b2669af906b703c7c48b5) C:\windows\system32\DRIVERS\nvlddmkm.sys
22:16:04.0377 0528 nvlddmkm - ok
22:16:04.0493 0528 nvpciflt (4b9c0c2bf78289513101eb0d44834701) C:\windows\system32\DRIVERS\nvpciflt.sys
22:16:04.0494 0528 nvpciflt - ok
22:16:04.0536 0528 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
22:16:04.0540 0528 nvraid - ok
22:16:04.0599 0528 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
22:16:04.0603 0528 nvstor - ok
22:16:04.0662 0528 NVSvc (e04fce1d149cf05c3449e3171f9c3e41) C:\windows\system32\nvvsvc.exe
22:16:04.0678 0528 NVSvc - ok
22:16:04.0856 0528 nvUpdatusService (d96ddea6c699a99832e0186057801971) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
22:16:04.0883 0528 nvUpdatusService - ok
22:16:04.0988 0528 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
22:16:04.0992 0528 nv_agp - ok
22:16:05.0078 0528 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
22:16:05.0081 0528 ohci1394 - ok
22:16:05.0195 0528 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:16:05.0199 0528 ose - ok
22:16:05.0466 0528 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:16:05.0630 0528 osppsvc - ok
22:16:05.0744 0528 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:16:05.0753 0528 p2pimsvc - ok
22:16:05.0787 0528 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
22:16:05.0799 0528 p2psvc - ok
22:16:05.0933 0528 PanService (01907300eb52206b06facb9608f369a9) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
22:16:05.0943 0528 PanService - ok
22:16:06.0046 0528 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
22:16:06.0050 0528 Parport - ok
22:16:06.0070 0528 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
22:16:06.0072 0528 partmgr - ok
22:16:06.0180 0528 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
22:16:06.0186 0528 PcaSvc - ok
22:16:06.0221 0528 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
22:16:06.0225 0528 pci - ok
22:16:06.0248 0528 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
22:16:06.0250 0528 pciide - ok
22:16:06.0286 0528 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
22:16:06.0292 0528 pcmcia - ok
22:16:06.0309 0528 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
22:16:06.0311 0528 pcw - ok
22:16:06.0357 0528 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
22:16:06.0367 0528 PEAUTH - ok
22:16:06.0438 0528 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
22:16:06.0442 0528 PerfHost - ok
22:16:06.0542 0528 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
22:16:06.0573 0528 pla - ok
22:16:06.0635 0528 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
22:16:06.0645 0528 PlugPlay - ok
22:16:06.0661 0528 PnkBstrA - ok
22:16:06.0703 0528 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
22:16:06.0708 0528 PNRPAutoReg - ok
22:16:06.0746 0528 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:16:06.0754 0528 PNRPsvc - ok
22:16:06.0813 0528 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
22:16:06.0824 0528 PolicyAgent - ok
22:16:06.0884 0528 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
22:16:06.0890 0528 Power - ok
22:16:06.0952 0528 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
22:16:06.0956 0528 PptpMiniport - ok
22:16:06.0982 0528 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
22:16:06.0986 0528 Processor - ok
22:16:07.0060 0528 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
22:16:07.0067 0528 ProfSvc - ok
22:16:07.0089 0528 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:16:07.0093 0528 ProtectedStorage - ok
22:16:07.0143 0528 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
22:16:07.0147 0528 Psched - ok
22:16:07.0234 0528 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
22:16:07.0265 0528 ql2300 - ok
22:16:07.0399 0528 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
22:16:07.0403 0528 ql40xx - ok
22:16:07.0441 0528 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
22:16:07.0451 0528 QWAVE - ok
22:16:07.0473 0528 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
22:16:07.0476 0528 QWAVEdrv - ok
22:16:07.0508 0528 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
22:16:07.0510 0528 RasAcd - ok
22:16:07.0554 0528 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
22:16:07.0557 0528 RasAgileVpn - ok
22:16:07.0590 0528 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
22:16:07.0596 0528 RasAuto - ok
22:16:07.0627 0528 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
22:16:07.0630 0528 Rasl2tp - ok
22:16:07.0663 0528 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
22:16:07.0674 0528 RasMan - ok
22:16:07.0714 0528 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
22:16:07.0717 0528 RasPppoe - ok
22:16:07.0754 0528 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
22:16:07.0757 0528 RasSstp - ok
22:16:07.0785 0528 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
22:16:07.0792 0528 rdbss - ok
22:16:07.0809 0528 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
22:16:07.0812 0528 rdpbus - ok
22:16:07.0833 0528 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
22:16:07.0834 0528 RDPCDD - ok
22:16:07.0872 0528 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
22:16:07.0873 0528 RDPENCDD - ok
22:16:07.0891 0528 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
22:16:07.0892 0528 RDPREFMP - ok
22:16:07.0938 0528 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
22:16:07.0943 0528 RDPWD - ok
22:16:07.0988 0528 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
22:16:07.0994 0528 rdyboost - ok
22:16:08.0037 0528 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
22:16:08.0044 0528 RemoteAccess - ok
22:16:08.0084 0528 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
22:16:08.0091 0528 RemoteRegistry - ok
22:16:08.0135 0528 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
22:16:08.0138 0528 RFCOMM - ok
22:16:08.0282 0528 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
22:16:08.0286 0528 RichVideo - ok
22:16:08.0325 0528 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
22:16:08.0329 0528 RpcEptMapper - ok
22:16:08.0354 0528 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
22:16:08.0358 0528 RpcLocator - ok
22:16:08.0426 0528 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:16:08.0438 0528 RpcSs - ok
22:16:08.0464 0528 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
22:16:08.0466 0528 rspndr - ok
22:16:08.0527 0528 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\windows\system32\DRIVERS\Rt64win7.sys
22:16:08.0535 0528 RTL8167 - ok
22:16:08.0634 0528 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys
22:16:08.0636 0528 rtport - ok
22:16:08.0680 0528 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
22:16:08.0682 0528 SABI - ok
22:16:08.0720 0528 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:16:08.0724 0528 SamSs - ok
22:16:08.0775 0528 sbapifs (6e342316e72f4b6fa39c99e06373a1a3) C:\windows\system32\DRIVERS\sbapifs.sys
22:16:08.0777 0528 sbapifs - ok
22:16:08.0821 0528 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
22:16:08.0825 0528 sbp2port - ok
22:16:08.0833 0528 SBRE - ok
22:16:08.0878 0528 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
22:16:08.0886 0528 SCardSvr - ok
22:16:08.0902 0528 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
22:16:08.0905 0528 scfilter - ok
22:16:08.0984 0528 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
22:16:09.0005 0528 Schedule - ok
22:16:09.0038 0528 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:16:09.0041 0528 SCPolicySvc - ok
22:16:09.0083 0528 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
22:16:09.0090 0528 SDRSVC - ok
22:16:09.0205 0528 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
22:16:09.0210 0528 SeaPort - ok
22:16:09.0263 0528 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
22:16:09.0265 0528 secdrv - ok
22:16:09.0303 0528 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
22:16:09.0308 0528 seclogon - ok
22:16:09.0321 0528 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
22:16:09.0326 0528 SENS - ok
22:16:09.0347 0528 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
22:16:09.0352 0528 SensrSvc - ok
22:16:09.0395 0528 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
22:16:09.0397 0528 Serenum - ok
22:16:09.0431 0528 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
22:16:09.0435 0528 Serial - ok
22:16:09.0462 0528 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
22:16:09.0464 0528 sermouse - ok
22:16:09.0513 0528 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
22:16:09.0520 0528 SessionEnv - ok
22:16:09.0541 0528 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
22:16:09.0543 0528 sffdisk - ok
22:16:09.0554 0528 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
22:16:09.0556 0528 sffp_mmc - ok
22:16:09.0571 0528 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
22:16:09.0573 0528 sffp_sd - ok
22:16:09.0582 0528 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
22:16:09.0584 0528 sfloppy - ok
22:16:09.0676 0528 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
22:16:09.0688 0528 Sftfs - ok
22:16:09.0806 0528 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:16:09.0815 0528 sftlist - ok
22:16:09.0864 0528 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
22:16:09.0869 0528 Sftplay - ok
22:16:09.0888 0528 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
22:16:09.0890 0528 Sftredir - ok
22:16:09.0944 0528 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
22:16:09.0946 0528 Sftvol - ok
22:16:10.0009 0528 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:16:10.0013 0528 sftvsa - ok
22:16:10.0057 0528 SGDrv (2fe1cd3aa602414841db10ad96c95a5e) C:\windows\system32\DRIVERS\SGdrv64.sys
22:16:10.0058 0528 SGDrv - ok
22:16:10.0110 0528 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
22:16:10.0118 0528 ShellHWDetection - ok
22:16:10.0158 0528 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
22:16:10.0161 0528 SiSRaid2 - ok
22:16:10.0181 0528 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
22:16:10.0184 0528 SiSRaid4 - ok
22:16:10.0206 0528 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
22:16:10.0212 0528 Smb - ok
22:16:10.0271 0528 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
22:16:10.0275 0528 SNMPTRAP - ok
22:16:10.0295 0528 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
22:16:10.0296 0528 spldr - ok
22:16:10.0344 0528 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
22:16:10.0355 0528 Spooler - ok
22:16:10.0610 0528 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
22:16:10.0712 0528 sppsvc - ok
22:16:10.0876 0528 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
22:16:10.0882 0528 sppuinotify - ok
22:16:10.0947 0528 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
22:16:10.0955 0528 srv - ok
22:16:11.0000 0528 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
22:16:11.0008 0528 srv2 - ok
22:16:11.0072 0528 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
22:16:11.0076 0528 srvnet - ok
22:16:11.0114 0528 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
22:16:11.0122 0528 SSDPSRV - ok
22:16:11.0138 0528 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
22:16:11.0145 0528 SstpSvc - ok
22:16:11.0168 0528 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
22:16:11.0170 0528 stexstor - ok
22:16:11.0259 0528 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
22:16:11.0272 0528 stisvc - ok
22:16:11.0289 0528 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
22:16:11.0291 0528 swenum - ok
22:16:11.0460 0528 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:16:11.0468 0528 SwitchBoard - ok
22:16:11.0535 0528 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
22:16:11.0549 0528 swprv - ok
22:16:11.0633 0528 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
22:16:11.0663 0528 SysMain - ok
22:16:11.0752 0528 szserver - ok
22:16:11.0861 0528 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
22:16:11.0868 0528 TabletInputService - ok
22:16:11.0900 0528 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
22:16:11.0911 0528 TapiSrv - ok
22:16:11.0932 0528 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
22:16:11.0937 0528 TBS - ok
22:16:12.0245 0528 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
22:16:12.0309 0528 Tcpip - ok
22:16:12.0532 0528 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
22:16:12.0561 0528 TCPIP6 - ok
22:16:12.0686 0528 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
22:16:12.0687 0528 tcpipreg - ok
22:16:12.0711 0528 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
22:16:12.0713 0528 TDPIPE - ok
22:16:12.0744 0528 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
22:16:12.0746 0528 TDTCP - ok
22:16:12.0787 0528 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
22:16:12.0790 0528 tdx - ok
22:16:12.0828 0528 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
22:16:12.0830 0528 TermDD - ok
22:16:12.0886 0528 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
22:16:12.0903 0528 TermService - ok
22:16:12.0957 0528 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
22:16:12.0961 0528 Themes - ok
22:16:12.0996 0528 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:16:13.0000 0528 THREADORDER - ok
22:16:13.0034 0528 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
22:16:13.0040 0528 TrkWks - ok
22:16:13.0109 0528 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
22:16:13.0113 0528 TrustedInstaller - ok
22:16:13.0141 0528 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
22:16:13.0144 0528 tssecsrv - ok
22:16:13.0161 0528 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
22:16:13.0163 0528 TsUsbFlt - ok
22:16:13.0204 0528 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
22:16:13.0206 0528 TsUsbGD - ok
22:16:13.0252 0528 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
22:16:13.0255 0528 tunnel - ok
22:16:13.0280 0528 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
22:16:13.0283 0528 uagp35 - ok
22:16:13.0316 0528 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
22:16:13.0323 0528 udfs - ok
22:16:13.0374 0528 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
22:16:13.0379 0528 UI0Detect - ok
22:16:13.0407 0528 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
22:16:13.0410 0528 uliagpkx - ok
22:16:13.0426 0528 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
22:16:13.0428 0528 umbus - ok
22:16:13.0436 0528 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
22:16:13.0438 0528 UmPass - ok
22:16:13.0690 0528 UNS (db641944f7e4b14c13c3fefc89843f69) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:16:13.0732 0528 UNS - ok
22:16:13.0864 0528 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
22:16:13.0875 0528 upnphost - ok
22:16:13.0936 0528 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
22:16:13.0939 0528 usbaudio - ok
22:16:14.0241 0528 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
22:16:14.0244 0528 usbccgp - ok
22:16:14.0282 0528 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
22:16:14.0285 0528 usbcir - ok
22:16:14.0315 0528 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
22:16:14.0317 0528 usbehci - ok
22:16:14.0381 0528 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
22:16:14.0396 0528 usbhub - ok
22:16:14.0447 0528 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
22:16:14.0449 0528 usbohci - ok
22:16:14.0487 0528 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
22:16:14.0489 0528 usbprint - ok
22:16:14.0522 0528 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
22:16:14.0524 0528 usbscan - ok
22:16:14.0569 0528 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:16:14.0572 0528 USBSTOR - ok
22:16:14.0592 0528 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
22:16:14.0596 0528 usbuhci - ok
22:16:14.0653 0528 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
22:16:14.0658 0528 usbvideo - ok
22:16:14.0700 0528 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
22:16:14.0704 0528 UxSms - ok
22:16:14.0732 0528 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:16:14.0735 0528 VaultSvc - ok
22:16:14.0765 0528 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
22:16:14.0767 0528 vdrvroot - ok
22:16:14.0813 0528 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
22:16:14.0870 0528 vds - ok
22:16:14.0936 0528 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
22:16:14.0938 0528 vga - ok
22:16:14.0952 0528 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
22:16:14.0954 0528 VgaSave - ok
22:16:14.0994 0528 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
22:16:15.0000 0528 vhdmp - ok
22:16:15.0022 0528 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
22:16:15.0024 0528 viaide - ok
22:16:15.0067 0528 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
22:16:15.0070 0528 volmgr - ok
22:16:15.0111 0528 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
22:16:15.0117 0528 volmgrx - ok
22:16:15.0180 0528 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
22:16:15.0187 0528 volsnap - ok
22:16:15.0229 0528 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
22:16:15.0234 0528 vsmraid - ok
22:16:15.0337 0528 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
22:16:15.0413 0528 VSS - ok
22:16:15.0593 0528 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
22:16:15.0610 0528 vToolbarUpdater11.2.0 - ok
22:16:15.0729 0528 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
22:16:15.0731 0528 vwifibus - ok
22:16:15.0787 0528 vwififlt (13a0decd1794de60a8427862c8669d27) C:\windows\system32\DRIVERS\vwififlt.sys
22:16:15.0790 0528 vwififlt - ok
22:16:15.0837 0528 vwifimp (49003b357d101cdc474937437ecf5abc) C:\windows\system32\DRIVERS\vwifimp.sys
22:16:15.0838 0528 vwifimp - ok
22:16:15.0893 0528 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
22:16:15.0904 0528 W32Time - ok
22:16:15.0954 0528 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
22:16:15.0957 0528 WacomPen - ok
22:16:16.0142 0528 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:16:16.0157 0528 WANARP - ok
22:16:16.0168 0528 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:16:16.0170 0528 Wanarpv6 - ok
22:16:16.0378 0528 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
22:16:16.0452 0528 WatAdminSvc - ok
22:16:16.0609 0528 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
22:16:16.0706 0528 wbengine - ok
22:16:16.0821 0528 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
22:16:16.0830 0528 WbioSrvc - ok
22:16:16.0885 0528 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
22:16:16.0897 0528 wcncsvc - ok
22:16:16.0929 0528 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
22:16:16.0935 0528 WcsPlugInService - ok
22:16:16.0987 0528 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
22:16:16.0989 0528 Wd - ok
22:16:17.0051 0528 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
22:16:17.0061 0528 Wdf01000 - ok
22:16:17.0108 0528 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:16:17.0114 0528 WdiServiceHost - ok
22:16:17.0129 0528 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:16:17.0134 0528 WdiSystemHost - ok
22:16:17.0170 0528 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
22:16:17.0180 0528 WebClient - ok
22:16:17.0231 0528 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
22:16:17.0241 0528 Wecsvc - ok
22:16:17.0262 0528 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
22:16:17.0268 0528 wercplsupport - ok
22:16:17.0319 0528 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
22:16:17.0325 0528 WerSvc - ok
22:16:17.0374 0528 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
22:16:17.0375 0528 WfpLwf - ok
22:16:17.0407 0528 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
22:16:17.0409 0528 WIMMount - ok
22:16:17.0492 0528 WinDefend - ok
22:16:17.0506 0528 WinHttpAutoProxySvc - ok
22:16:17.0595 0528 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
22:16:17.0599 0528 Winmgmt - ok
22:16:17.0737 0528 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
22:16:17.0782 0528 WinRM - ok
22:16:17.0965 0528 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
22:16:17.0967 0528 WinUsb - ok
22:16:18.0118 0528 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
22:16:18.0136 0528 Wlansvc - ok
22:16:18.0224 0528 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:16:18.0227 0528 wlcrasvc - ok
22:16:18.0457 0528 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:16:18.0492 0528 wlidsvc - ok
22:16:18.0627 0528 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
22:16:18.0629 0528 WmiAcpi - ok
22:16:18.0734 0528 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
22:16:18.0740 0528 wmiApSrv - ok
22:16:18.0831 0528 WMPNetworkSvc - ok
22:16:18.0880 0528 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
22:16:18.0886 0528 WPCSvc - ok
22:16:18.0916 0528 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
22:16:18.0922 0528 WPDBusEnum - ok
22:16:18.0949 0528 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
22:16:18.0951 0528 ws2ifsl - ok
22:16:19.0041 0528 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
22:16:19.0048 0528 wscsvc - ok
22:16:19.0060 0528 WSearch - ok
22:16:19.0233 0528 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
22:16:19.0318 0528 wuauserv - ok
22:16:19.0450 0528 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
22:16:19.0453 0528 WudfPf - ok
22:16:19.0526 0528 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
22:16:19.0531 0528 WUDFRd - ok
22:16:19.0572 0528 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
22:16:19.0578 0528 wudfsvc - ok
22:16:19.0604 0528 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
22:16:19.0614 0528 WwanSvc - ok
22:16:19.0703 0528 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
22:16:20.0052 0528 \Device\Harddisk0\DR0 - ok
22:16:20.0067 0528 Boot (0x1200) (c0074f5509a90a8a9316377ac0729464) \Device\Harddisk0\DR0\Partition0
22:16:20.0070 0528 \Device\Harddisk0\DR0\Partition0 - ok
22:16:20.0092 0528 Boot (0x1200) (910f59cef508d688ae08c7ddca3d5f7a) \Device\Harddisk0\DR0\Partition1
22:16:20.0095 0528 \Device\Harddisk0\DR0\Partition1 - ok
22:16:20.0121 0528 Boot (0x1200) (45e471a4eb075d82bda0b670c393bf61) \Device\Harddisk0\DR0\Partition2
22:16:20.0124 0528 \Device\Harddisk0\DR0\Partition2 - ok
22:16:20.0131 0528 ============================================================
22:16:20.0131 0528 Scan finished
22:16:20.0131 0528 ============================================================
22:16:20.0155 5008 Detected object count: 0
22:16:20.0155 5008 Actual detected object count: 0

#12 roy2012

roy2012
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 11 August 2012 - 04:44 PM

ASWMBR REPORT



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-11 22:18:35
-----------------------------
22:18:35.217 OS Version: Windows x64 6.1.7601 Service Pack 1
22:18:35.217 Number of processors: 2 586 0x2A07
22:18:35.219 ComputerName: SURROYSAMSUNG UserName:
22:18:38.333 Initialize success
22:22:44.324 AVAST engine defs: 12081101
22:23:26.151 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:23:26.157 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
22:23:26.169 Disk 0 MBR read successfully
22:23:26.176 Disk 0 MBR scan
22:23:26.185 Disk 0 unknown MBR code
22:23:26.200 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:23:26.225 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 235520 MB offset 206848
22:23:26.235 Disk 0 Partition - 00 0F Extended LBA 351235 MB offset 482551808
22:23:26.279 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 23624 MB offset 1201881088
22:23:26.331 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 351234 MB offset 482553856
22:23:26.394 Disk 0 scanning C:\windows\system32\drivers
22:23:39.218 Service scanning
22:24:15.516 Modules scanning
22:24:15.535 Disk 0 trace - called modules:
22:24:15.573 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:24:15.586 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008026060]
22:24:15.598 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006222050]
22:24:17.535 AVAST engine scan C:\windows
22:24:20.652 AVAST engine scan C:\windows\system32
22:27:18.959 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
22:27:22.322 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
22:29:33.156 AVAST engine scan C:\windows\system32\drivers
22:29:51.646 AVAST engine scan C:\Users\Surroy Samsung
22:34:46.075 AVAST engine scan C:\ProgramData
22:39:01.439 Scan finished successfully
22:39:59.525 Disk 0 MBR has been saved successfully to "C:\Users\Surroy Samsung\Desktop\MBR.dat"
22:39:59.537 The log file has been saved successfully to "C:\Users\Surroy Samsung\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:12 AM

Posted 11 August 2012 - 04:49 PM

did you get to run aswMBR and get a report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 roy2012

roy2012
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 11 August 2012 - 05:03 PM

The aswMBR report is the post above yours

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:12 AM

Posted 11 August 2012 - 05:17 PM

Hello

I hate it when that happens!!

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users