Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus c:\windows\svchost.exe


  • Please log in to reply
25 replies to this topic

#1 WalkingAtNight

WalkingAtNight

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 29 October 2012 - 11:10 PM

i ran malwarebytes and deleted this virus.. i forgot the name of the trojan.. but i think i remember it is rootkit alureon..
now everytime i run malwarebytes, it keeps deleting c:\windows\svchost.exe.. even combofix. so i'm at a roadblock cause it seems that c:\windows\svchost.exe comes back everytime after reboot.

any help is apreciated.

Edited by Orange Blossom, 29 October 2012 - 11:25 PM.
Moved to AII from Windows 7. ~ OB


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:54 AM

Posted 29 October 2012 - 11:20 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 WalkingAtNight

WalkingAtNight
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 29 October 2012 - 11:24 PM

TDSSKiller.2.8.13.0_29.10.2012_21.21.24_log

#4 WalkingAtNight

WalkingAtNight
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 29 October 2012 - 11:26 PM

fyi, tdsskiller after scanning is giving me an option to press "continue" i haven't pressed continue..
should i?

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:54 AM

Posted 29 October 2012 - 11:36 PM

Do not attach logs.Copy,paste the contents here

Make sure to select following options before clicking on CONTINUE

21:22:06.0929 3324 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - CURE

21:22:06.0976 3324 \Device\Harddisk0\DR0 ( TDSS File System ) - DELETE

Restart the PC and run TDSSkiller again and post the new log.

#6 WalkingAtNight

WalkingAtNight
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 29 October 2012 - 11:43 PM

second log from tdss came out clean.

21:40:04.0221 2420 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
21:40:05.0375 2420 ============================================================
21:40:05.0375 2420 Current date / time: 2012/10/29 21:40:05.0375
21:40:05.0375 2420 SystemInfo:
21:40:05.0375 2420
21:40:05.0375 2420 OS Version: 6.1.7601 ServicePack: 1.0
21:40:05.0375 2420 Product type: Workstation
21:40:05.0375 2420 ComputerName: ESPERANZA-PC
21:40:05.0375 2420 UserName: Esperanza
21:40:05.0375 2420 Windows directory: C:\Windows
21:40:05.0375 2420 System windows directory: C:\Windows
21:40:05.0375 2420 Running under WOW64
21:40:05.0375 2420 Processor architecture: Intel x64
21:40:05.0375 2420 Number of processors: 4
21:40:05.0375 2420 Page size: 0x1000
21:40:05.0375 2420 Boot type: Normal boot
21:40:05.0375 2420 ============================================================
21:40:06.0951 2420 BG loaded
21:40:07.0294 2420 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
21:40:07.0310 2420 ============================================================
21:40:07.0310 2420 \Device\Harddisk0\DR0:
21:40:07.0310 2420 MBR partitions:
21:40:07.0310 2420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:40:07.0310 2420 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000
21:40:07.0310 2420 ============================================================
21:40:07.0341 2420 C: <-> \Device\Harddisk0\DR0\Partition2
21:40:07.0341 2420 ============================================================
21:40:07.0341 2420 Initialize success
21:40:07.0341 2420 ============================================================
21:40:24.0915 3468 ============================================================
21:40:24.0915 3468 Scan started
21:40:24.0915 3468 Mode: Manual;
21:40:24.0915 3468 ============================================================
21:40:25.0867 3468 ================ Scan system memory ========================
21:40:25.0867 3468 System memory - ok
21:40:25.0867 3468 ================ Scan services =============================
21:40:25.0960 3468 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:40:25.0960 3468 1394ohci - ok
21:40:25.0991 3468 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:40:25.0991 3468 ACPI - ok
21:40:26.0023 3468 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:40:26.0023 3468 AcpiPmi - ok
21:40:26.0101 3468 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:40:26.0101 3468 AdobeFlashPlayerUpdateSvc - ok
21:40:26.0116 3468 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:40:26.0132 3468 adp94xx - ok
21:40:26.0147 3468 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:40:26.0179 3468 adpahci - ok
21:40:26.0179 3468 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:40:26.0179 3468 adpu320 - ok
21:40:26.0210 3468 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:40:26.0210 3468 AeLookupSvc - ok
21:40:26.0241 3468 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:40:26.0257 3468 AFD - ok
21:40:26.0257 3468 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:40:26.0272 3468 agp440 - ok
21:40:26.0288 3468 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:40:26.0288 3468 ALG - ok
21:40:26.0288 3468 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:40:26.0303 3468 aliide - ok
21:40:26.0303 3468 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:40:26.0303 3468 amdide - ok
21:40:26.0319 3468 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:40:26.0319 3468 AmdK8 - ok
21:40:26.0335 3468 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:40:26.0335 3468 AmdPPM - ok
21:40:26.0350 3468 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:40:26.0350 3468 amdsata - ok
21:40:26.0350 3468 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:40:26.0350 3468 amdsbs - ok
21:40:26.0366 3468 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:40:26.0366 3468 amdxata - ok
21:40:26.0397 3468 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:40:26.0397 3468 AppID - ok
21:40:26.0397 3468 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:40:26.0413 3468 AppIDSvc - ok
21:40:26.0428 3468 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:40:26.0428 3468 Appinfo - ok
21:40:26.0491 3468 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:40:26.0491 3468 Apple Mobile Device - ok
21:40:26.0522 3468 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:40:26.0522 3468 AppMgmt - ok
21:40:26.0537 3468 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:40:26.0537 3468 arc - ok
21:40:26.0553 3468 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:40:26.0553 3468 arcsas - ok
21:40:26.0584 3468 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:40:26.0584 3468 AsyncMac - ok
21:40:26.0584 3468 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:40:26.0584 3468 atapi - ok
21:40:26.0615 3468 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:40:26.0631 3468 AudioEndpointBuilder - ok
21:40:26.0678 3468 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:40:26.0678 3468 AudioSrv - ok
21:40:26.0693 3468 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:40:26.0693 3468 AxInstSV - ok
21:40:26.0725 3468 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:40:26.0740 3468 b06bdrv - ok
21:40:26.0756 3468 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:40:26.0771 3468 b57nd60a - ok
21:40:26.0787 3468 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:40:26.0787 3468 BDESVC - ok
21:40:26.0803 3468 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:40:26.0803 3468 Beep - ok
21:40:26.0834 3468 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:40:26.0834 3468 BFE - ok
21:40:26.0865 3468 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
21:40:26.0896 3468 BITS - ok
21:40:26.0927 3468 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:40:26.0927 3468 blbdrive - ok
21:40:26.0990 3468 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:40:26.0990 3468 Bonjour Service - ok
21:40:27.0021 3468 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:40:27.0021 3468 bowser - ok
21:40:27.0021 3468 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:40:27.0021 3468 BrFiltLo - ok
21:40:27.0037 3468 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:40:27.0037 3468 BrFiltUp - ok
21:40:27.0052 3468 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:40:27.0052 3468 BridgeMP - ok
21:40:27.0083 3468 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:40:27.0083 3468 Browser - ok
21:40:27.0115 3468 [ E5E9B1625A767CEB6F319C12D33EAB78 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
21:40:27.0130 3468 BrSerIb - ok
21:40:27.0146 3468 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:40:27.0146 3468 Brserid - ok
21:40:27.0161 3468 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:40:27.0161 3468 BrSerWdm - ok
21:40:27.0161 3468 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:40:27.0161 3468 BrUsbMdm - ok
21:40:27.0177 3468 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:40:27.0177 3468 BrUsbSer - ok
21:40:27.0193 3468 [ D9F6B30AD93CBD165EC71FADF51DF25E ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
21:40:27.0193 3468 BrUsbSIb - ok
21:40:27.0208 3468 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:40:27.0208 3468 BTHMODEM - ok
21:40:27.0239 3468 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:40:27.0239 3468 bthserv - ok
21:40:27.0255 3468 catchme - ok
21:40:27.0286 3468 [ 797C36E597F9FC4EFD88E6E0E98ABE37 ] CAXHWBS2 C:\Windows\system32\DRIVERS\CAXHWBS2.sys
21:40:27.0286 3468 CAXHWBS2 - ok
21:40:27.0302 3468 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:40:27.0302 3468 cdfs - ok
21:40:27.0333 3468 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:40:27.0333 3468 cdrom - ok
21:40:27.0364 3468 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:40:27.0364 3468 CertPropSvc - ok
21:40:27.0380 3468 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:40:27.0380 3468 circlass - ok
21:40:27.0395 3468 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:40:27.0411 3468 CLFS - ok
21:40:27.0458 3468 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:40:27.0458 3468 clr_optimization_v2.0.50727_32 - ok
21:40:27.0505 3468 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:40:27.0505 3468 clr_optimization_v2.0.50727_64 - ok
21:40:27.0551 3468 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:40:27.0567 3468 clr_optimization_v4.0.30319_32 - ok
21:40:27.0598 3468 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:40:27.0598 3468 clr_optimization_v4.0.30319_64 - ok
21:40:27.0614 3468 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:40:27.0614 3468 CmBatt - ok
21:40:27.0629 3468 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:40:27.0629 3468 cmdide - ok
21:40:27.0661 3468 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:40:27.0676 3468 CNG - ok
21:40:27.0692 3468 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:40:27.0692 3468 Compbatt - ok
21:40:27.0707 3468 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:40:27.0707 3468 CompositeBus - ok
21:40:27.0723 3468 COMSysApp - ok
21:40:27.0723 3468 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:40:27.0723 3468 crcdisk - ok
21:40:27.0754 3468 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:40:27.0770 3468 CryptSvc - ok
21:40:27.0801 3468 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
21:40:27.0801 3468 CSC - ok
21:40:27.0817 3468 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
21:40:27.0817 3468 CscService - ok
21:40:27.0848 3468 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
21:40:27.0863 3468 dc3d - ok
21:40:27.0879 3468 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:40:27.0879 3468 DcomLaunch - ok
21:40:27.0910 3468 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:40:27.0910 3468 defragsvc - ok
21:40:27.0941 3468 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:40:27.0941 3468 DfsC - ok
21:40:27.0957 3468 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:40:27.0957 3468 Dhcp - ok
21:40:27.0973 3468 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:40:27.0973 3468 discache - ok
21:40:28.0004 3468 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:40:28.0004 3468 Disk - ok
21:40:28.0019 3468 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:40:28.0035 3468 Dnscache - ok
21:40:28.0051 3468 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:40:28.0051 3468 dot3svc - ok
21:40:28.0066 3468 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:40:28.0082 3468 DPS - ok
21:40:28.0097 3468 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:40:28.0113 3468 drmkaud - ok
21:40:28.0144 3468 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:40:28.0144 3468 DXGKrnl - ok
21:40:28.0175 3468 [ 96DB74631F87B0A07BA6F6E8AF95560D ] e1express C:\Windows\system32\DRIVERS\e1e6232e.sys
21:40:28.0175 3468 e1express - ok
21:40:28.0207 3468 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:40:28.0207 3468 EapHost - ok
21:40:28.0487 3468 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:40:28.0534 3468 ebdrv - ok
21:40:28.0565 3468 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:40:28.0565 3468 EFS - ok
21:40:28.0612 3468 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:40:28.0628 3468 ehRecvr - ok
21:40:28.0643 3468 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:40:28.0659 3468 ehSched - ok
21:40:28.0706 3468 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:40:28.0721 3468 elxstor - ok
21:40:28.0737 3468 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:40:28.0753 3468 ErrDev - ok
21:40:28.0784 3468 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:40:28.0784 3468 EventSystem - ok
21:40:28.0799 3468 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:40:28.0799 3468 exfat - ok
21:40:28.0815 3468 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:40:28.0815 3468 fastfat - ok
21:40:28.0846 3468 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:40:28.0846 3468 Fax - ok
21:40:28.0877 3468 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:40:28.0893 3468 fdc - ok
21:40:28.0893 3468 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:40:28.0893 3468 fdPHost - ok
21:40:28.0909 3468 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:40:28.0909 3468 FDResPub - ok
21:40:28.0924 3468 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:40:28.0924 3468 FileInfo - ok
21:40:28.0924 3468 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:40:28.0924 3468 Filetrace - ok
21:40:28.0940 3468 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:40:28.0940 3468 flpydisk - ok
21:40:28.0955 3468 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:40:28.0955 3468 FltMgr - ok
21:40:29.0002 3468 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:40:29.0002 3468 FontCache - ok
21:40:29.0065 3468 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:40:29.0080 3468 FontCache3.0.0.0 - ok
21:40:29.0096 3468 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:40:29.0096 3468 FsDepends - ok
21:40:29.0111 3468 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:40:29.0111 3468 Fs_Rec - ok
21:40:29.0143 3468 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:40:29.0143 3468 fvevol - ok
21:40:29.0174 3468 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:40:29.0174 3468 gagp30kx - ok
21:40:29.0189 3468 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:40:29.0189 3468 GEARAspiWDM - ok
21:40:29.0236 3468 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:40:29.0252 3468 gpsvc - ok
21:40:29.0267 3468 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:40:29.0267 3468 hcw85cir - ok
21:40:29.0299 3468 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:40:29.0314 3468 HdAudAddService - ok
21:40:29.0330 3468 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:40:29.0330 3468 HDAudBus - ok
21:40:29.0330 3468 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:40:29.0345 3468 HidBatt - ok
21:40:29.0345 3468 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:40:29.0345 3468 HidBth - ok
21:40:29.0361 3468 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:40:29.0377 3468 HidIr - ok
21:40:29.0392 3468 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:40:29.0392 3468 hidserv - ok
21:40:29.0423 3468 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:40:29.0423 3468 HidUsb - ok
21:40:29.0439 3468 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:40:29.0439 3468 hkmsvc - ok
21:40:29.0470 3468 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:40:29.0470 3468 HomeGroupListener - ok
21:40:29.0486 3468 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:40:29.0501 3468 HomeGroupProvider - ok
21:40:29.0501 3468 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:40:29.0501 3468 HpSAMD - ok
21:40:29.0548 3468 [ 1E260B33F6555146A0B826F047238C00 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
21:40:29.0564 3468 HSF_DPV - ok
21:40:29.0595 3468 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:40:29.0611 3468 HTTP - ok
21:40:29.0657 3468 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:40:29.0657 3468 hwpolicy - ok
21:40:29.0689 3468 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:40:29.0689 3468 i8042prt - ok
21:40:29.0704 3468 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:40:29.0720 3468 iaStorV - ok
21:40:29.0751 3468 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:40:29.0767 3468 idsvc - ok
21:40:29.0860 3468 [ 24CC43ECDEEFD4C19FBBEE4951B647F1 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:40:29.0907 3468 igfx - ok
21:40:29.0938 3468 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:40:29.0938 3468 iirsp - ok
21:40:29.0969 3468 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:40:30.0001 3468 IKEEXT - ok
21:40:30.0110 3468 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:40:30.0125 3468 IntcAzAudAddService - ok
21:40:30.0172 3468 [ FE098EF3DB8E8064CF6BE4CA6DD1FDF0 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
21:40:30.0172 3468 Intel® PROSet Monitoring Service - ok
21:40:30.0188 3468 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:40:30.0188 3468 intelide - ok
21:40:30.0203 3468 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:40:30.0203 3468 intelppm - ok
21:40:30.0235 3468 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:40:30.0235 3468 IPBusEnum - ok
21:40:30.0250 3468 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:40:30.0250 3468 IpFilterDriver - ok
21:40:30.0281 3468 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:40:30.0281 3468 iphlpsvc - ok
21:40:30.0297 3468 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:40:30.0297 3468 IPMIDRV - ok
21:40:30.0313 3468 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:40:30.0313 3468 IPNAT - ok
21:40:30.0359 3468 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:40:30.0375 3468 iPod Service - ok
21:40:30.0406 3468 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:40:30.0406 3468 IRENUM - ok
21:40:30.0422 3468 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:40:30.0422 3468 isapnp - ok
21:40:30.0437 3468 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:40:30.0437 3468 iScsiPrt - ok
21:40:30.0453 3468 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:40:30.0453 3468 kbdclass - ok
21:40:30.0469 3468 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:40:30.0469 3468 kbdhid - ok
21:40:30.0484 3468 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:40:30.0484 3468 KeyIso - ok
21:40:30.0500 3468 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:40:30.0500 3468 KSecDD - ok
21:40:30.0531 3468 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:40:30.0531 3468 KSecPkg - ok
21:40:30.0547 3468 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:40:30.0547 3468 ksthunk - ok
21:40:30.0578 3468 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:40:30.0578 3468 KtmRm - ok
21:40:30.0593 3468 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:40:30.0609 3468 LanmanServer - ok
21:40:30.0625 3468 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:40:30.0625 3468 LanmanWorkstation - ok
21:40:30.0656 3468 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:40:30.0656 3468 lltdio - ok
21:40:30.0671 3468 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:40:30.0671 3468 lltdsvc - ok
21:40:30.0687 3468 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:40:30.0687 3468 lmhosts - ok
21:40:30.0734 3468 [ 98B0FCC176DFB711B67651BECB88C445 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
21:40:30.0749 3468 LMIGuardianSvc - ok
21:40:30.0749 3468 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
21:40:30.0749 3468 LMIInfo - ok
21:40:30.0765 3468 [ B712511029CBD68645A90A241FD6AE43 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
21:40:30.0765 3468 LMIMaint - ok
21:40:30.0781 3468 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
21:40:30.0781 3468 lmimirr - ok
21:40:30.0796 3468 LMIRfsClientNP - ok
21:40:30.0827 3468 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
21:40:30.0827 3468 LMIRfsDriver - ok
21:40:30.0859 3468 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
21:40:30.0859 3468 LogMeIn - ok
21:40:30.0890 3468 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:40:30.0890 3468 LSI_FC - ok
21:40:30.0905 3468 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:40:30.0905 3468 LSI_SAS - ok
21:40:30.0905 3468 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:40:30.0905 3468 LSI_SAS2 - ok
21:40:30.0921 3468 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:40:30.0921 3468 LSI_SCSI - ok
21:40:30.0937 3468 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:40:30.0937 3468 luafv - ok
21:40:30.0968 3468 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:40:30.0968 3468 MBAMProtector - ok
21:40:30.0999 3468 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:40:31.0015 3468 MBAMScheduler - ok
21:40:31.0061 3468 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:40:31.0061 3468 MBAMService - ok
21:40:31.0093 3468 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:40:31.0093 3468 Mcx2Svc - ok
21:40:31.0124 3468 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:40:31.0124 3468 mdmxsdk - ok
21:40:31.0139 3468 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:40:31.0139 3468 megasas - ok
21:40:31.0155 3468 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:40:31.0155 3468 MegaSR - ok
21:40:31.0202 3468 Microsoft SharePoint Workspace Audit Service - ok
21:40:31.0217 3468 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:40:31.0217 3468 MMCSS - ok
21:40:31.0217 3468 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:40:31.0217 3468 Modem - ok
21:40:31.0249 3468 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:40:31.0249 3468 monitor - ok
21:40:31.0249 3468 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:40:31.0249 3468 mouclass - ok
21:40:31.0264 3468 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:40:31.0264 3468 mouhid - ok
21:40:31.0295 3468 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:40:31.0295 3468 mountmgr - ok
21:40:31.0311 3468 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:40:31.0311 3468 mpio - ok
21:40:31.0327 3468 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:40:31.0327 3468 mpsdrv - ok
21:40:31.0373 3468 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:40:31.0373 3468 MpsSvc - ok
21:40:31.0405 3468 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:40:31.0405 3468 MRxDAV - ok
21:40:31.0436 3468 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:40:31.0436 3468 mrxsmb - ok
21:40:31.0467 3468 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:40:31.0467 3468 mrxsmb10 - ok
21:40:31.0483 3468 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:40:31.0483 3468 mrxsmb20 - ok
21:40:31.0483 3468 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:40:31.0498 3468 msahci - ok
21:40:31.0514 3468 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:40:31.0514 3468 msdsm - ok
21:40:31.0529 3468 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:40:31.0529 3468 MSDTC - ok
21:40:31.0545 3468 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:40:31.0545 3468 Msfs - ok
21:40:31.0561 3468 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:40:31.0561 3468 mshidkmdf - ok
21:40:31.0576 3468 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:40:31.0592 3468 msisadrv - ok
21:40:31.0607 3468 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:40:31.0607 3468 MSiSCSI - ok
21:40:31.0623 3468 msiserver - ok
21:40:31.0639 3468 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:40:31.0639 3468 MSKSSRV - ok
21:40:31.0639 3468 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:40:31.0639 3468 MSPCLOCK - ok
21:40:31.0639 3468 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:40:31.0639 3468 MSPQM - ok
21:40:31.0654 3468 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:40:31.0670 3468 MsRPC - ok
21:40:31.0670 3468 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:40:31.0670 3468 mssmbios - ok
21:40:31.0685 3468 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:40:31.0685 3468 MSTEE - ok
21:40:31.0685 3468 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:40:31.0685 3468 MTConfig - ok
21:40:31.0701 3468 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:40:31.0701 3468 Mup - ok
21:40:31.0732 3468 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:40:31.0748 3468 napagent - ok
21:40:31.0763 3468 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:40:31.0763 3468 NativeWifiP - ok
21:40:31.0795 3468 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:40:31.0810 3468 NDIS - ok
21:40:31.0826 3468 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:40:31.0826 3468 NdisCap - ok
21:40:31.0841 3468 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:40:31.0841 3468 NdisTapi - ok
21:40:31.0873 3468 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:40:31.0873 3468 Ndisuio - ok
21:40:31.0919 3468 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:40:31.0919 3468 NdisWan - ok
21:40:31.0935 3468 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:40:31.0935 3468 NDProxy - ok
21:40:31.0951 3468 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:40:31.0951 3468 NetBIOS - ok
21:40:31.0982 3468 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:40:31.0982 3468 NetBT - ok
21:40:31.0997 3468 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:40:31.0997 3468 Netlogon - ok
21:40:32.0044 3468 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:40:32.0044 3468 Netman - ok
21:40:32.0138 3468 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:40:32.0138 3468 netprofm - ok
21:40:32.0169 3468 [ 883269C1CA478658F1334F3C39B0C7AC ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
21:40:32.0185 3468 netr28ux - ok
21:40:32.0216 3468 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:40:32.0216 3468 NetTcpPortSharing - ok
21:40:32.0231 3468 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:40:32.0231 3468 nfrd960 - ok
21:40:32.0247 3468 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:40:32.0247 3468 NlaSvc - ok
21:40:32.0278 3468 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:40:32.0278 3468 Npfs - ok
21:40:32.0309 3468 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:40:32.0309 3468 nsi - ok
21:40:32.0309 3468 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:40:32.0309 3468 nsiproxy - ok
21:40:32.0419 3468 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:40:32.0450 3468 Ntfs - ok
21:40:32.0497 3468 [ 77EB11DA191D12D12E28D7BD8905C42C ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
21:40:32.0497 3468 NuidFltr - ok
21:40:32.0512 3468 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:40:32.0512 3468 Null - ok
21:40:32.0528 3468 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:40:32.0528 3468 nvraid - ok
21:40:32.0543 3468 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:40:32.0543 3468 nvstor - ok
21:40:32.0559 3468 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:40:32.0559 3468 nv_agp - ok
21:40:32.0575 3468 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:40:32.0575 3468 ohci1394 - ok
21:40:32.0606 3468 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:40:32.0621 3468 ose64 - ok
21:40:32.0746 3468 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:40:32.0840 3468 osppsvc - ok
21:40:32.0871 3468 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:40:32.0902 3468 p2pimsvc - ok
21:40:32.0996 3468 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:40:33.0011 3468 p2psvc - ok
21:40:33.0043 3468 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:40:33.0043 3468 Parport - ok
21:40:33.0074 3468 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:40:33.0074 3468 partmgr - ok
21:40:33.0074 3468 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:40:33.0089 3468 PcaSvc - ok
21:40:33.0105 3468 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:40:33.0105 3468 pci - ok
21:40:33.0121 3468 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:40:33.0121 3468 pciide - ok
21:40:33.0121 3468 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:40:33.0136 3468 pcmcia - ok
21:40:33.0136 3468 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:40:33.0136 3468 pcw - ok
21:40:33.0167 3468 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:40:33.0167 3468 PEAUTH - ok
21:40:33.0214 3468 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:40:33.0245 3468 PeerDistSvc - ok
21:40:33.0401 3468 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:40:33.0417 3468 PerfHost - ok
21:40:33.0479 3468 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:40:33.0495 3468 pla - ok
21:40:33.0542 3468 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:40:33.0542 3468 PlugPlay - ok
21:40:33.0557 3468 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:40:33.0573 3468 PNRPAutoReg - ok
21:40:33.0589 3468 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:40:33.0589 3468 PNRPsvc - ok
21:40:33.0635 3468 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
21:40:33.0635 3468 Point64 - ok
21:40:33.0667 3468 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:40:33.0682 3468 PolicyAgent - ok
21:40:33.0713 3468 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:40:33.0713 3468 Power - ok
21:40:33.0713 3468 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:40:33.0713 3468 PptpMiniport - ok
21:40:33.0729 3468 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:40:33.0729 3468 Processor - ok
21:40:33.0760 3468 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:40:33.0760 3468 ProfSvc - ok
21:40:33.0776 3468 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:40:33.0776 3468 ProtectedStorage - ok
21:40:33.0807 3468 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:40:33.0807 3468 Psched - ok
21:40:33.0869 3468 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:40:33.0901 3468 ql2300 - ok
21:40:33.0901 3468 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:40:33.0916 3468 ql40xx - ok
21:40:33.0932 3468 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:40:33.0932 3468 QWAVE - ok
21:40:33.0947 3468 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:40:33.0947 3468 QWAVEdrv - ok
21:40:33.0947 3468 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:40:33.0947 3468 RasAcd - ok
21:40:33.0979 3468 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:40:33.0979 3468 RasAgileVpn - ok
21:40:33.0979 3468 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:40:33.0994 3468 RasAuto - ok
21:40:34.0010 3468 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:40:34.0010 3468 Rasl2tp - ok
21:40:34.0041 3468 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:40:34.0041 3468 RasMan - ok
21:40:34.0057 3468 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:40:34.0057 3468 RasPppoe - ok
21:40:34.0072 3468 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:40:34.0072 3468 RasSstp - ok
21:40:34.0088 3468 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:40:34.0088 3468 rdbss - ok
21:40:34.0088 3468 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:40:34.0103 3468 rdpbus - ok
21:40:34.0119 3468 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:40:34.0119 3468 RDPCDD - ok
21:40:34.0150 3468 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:40:34.0150 3468 RDPDR - ok
21:40:34.0166 3468 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:40:34.0166 3468 RDPENCDD - ok
21:40:34.0181 3468 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:40:34.0181 3468 RDPREFMP - ok
21:40:34.0213 3468 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:40:34.0213 3468 RdpVideoMiniport - ok
21:40:34.0228 3468 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:40:34.0228 3468 RDPWD - ok
21:40:34.0244 3468 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:40:34.0244 3468 rdyboost - ok
21:40:34.0259 3468 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:40:34.0259 3468 RemoteAccess - ok
21:40:34.0291 3468 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:40:34.0291 3468 RemoteRegistry - ok
21:40:34.0306 3468 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:40:34.0306 3468 RpcEptMapper - ok
21:40:34.0337 3468 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:40:34.0337 3468 RpcLocator - ok
21:40:34.0353 3468 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:40:34.0369 3468 RpcSs - ok
21:40:34.0400 3468 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:40:34.0400 3468 rspndr - ok
21:40:34.0415 3468 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:40:34.0415 3468 s3cap - ok
21:40:34.0431 3468 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:40:34.0431 3468 SamSs - ok
21:40:34.0447 3468 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:40:34.0447 3468 sbp2port - ok
21:40:34.0462 3468 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:40:34.0462 3468 SCardSvr - ok
21:40:34.0493 3468 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:40:34.0493 3468 scfilter - ok
21:40:34.0525 3468 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:40:34.0540 3468 Schedule - ok
21:40:34.0571 3468 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:40:34.0571 3468 SCPolicySvc - ok
21:40:34.0587 3468 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:40:34.0587 3468 SDRSVC - ok
21:40:34.0603 3468 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:40:34.0603 3468 secdrv - ok
21:40:34.0634 3468 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:40:34.0634 3468 seclogon - ok
21:40:34.0649 3468 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:40:34.0649 3468 SENS - ok
21:40:34.0665 3468 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:40:34.0665 3468 SensrSvc - ok
21:40:34.0665 3468 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:40:34.0665 3468 Serenum - ok
21:40:34.0681 3468 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:40:34.0681 3468 Serial - ok
21:40:34.0696 3468 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:40:34.0696 3468 sermouse - ok
21:40:34.0727 3468 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:40:34.0727 3468 SessionEnv - ok
21:40:34.0743 3468 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:40:34.0743 3468 sffdisk - ok
21:40:34.0759 3468 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:40:34.0759 3468 sffp_mmc - ok
21:40:34.0774 3468 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:40:34.0774 3468 sffp_sd - ok
21:40:34.0774 3468 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:40:34.0774 3468 sfloppy - ok
21:40:34.0805 3468 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:40:34.0805 3468 SharedAccess - ok
21:40:34.0837 3468 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:40:34.0837 3468 ShellHWDetection - ok
21:40:34.0837 3468 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:40:34.0837 3468 SiSRaid2 - ok
21:40:34.0868 3468 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:40:34.0868 3468 SiSRaid4 - ok
21:40:34.0883 3468 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:40:34.0883 3468 Smb - ok
21:40:34.0915 3468 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:40:34.0915 3468 SNMPTRAP - ok
21:40:34.0930 3468 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:40:34.0930 3468 spldr - ok
21:40:34.0977 3468 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:40:34.0977 3468 Spooler - ok
21:40:35.0055 3468 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:40:35.0117 3468 sppsvc - ok
21:40:35.0133 3468 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:40:35.0133 3468 sppuinotify - ok
21:40:35.0149 3468 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:40:35.0149 3468 srv - ok
21:40:35.0164 3468 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:40:35.0164 3468 srv2 - ok
21:40:35.0195 3468 [ 93132C69394A99D992095D8CFE464801 ] SrvHsfPCI C:\Windows\system32\DRIVERS\VSTBS26.SYS
21:40:35.0211 3468 SrvHsfPCI - ok
21:40:35.0258 3468 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:40:35.0305 3468 SrvHsfV92 - ok
21:40:35.0336 3468 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:40:35.0351 3468 SrvHsfWinac - ok
21:40:35.0367 3468 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:40:35.0367 3468 srvnet - ok
21:40:35.0383 3468 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:40:35.0383 3468 SSDPSRV - ok
21:40:35.0414 3468 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:40:35.0414 3468 SstpSvc - ok
21:40:35.0429 3468 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:40:35.0429 3468 stexstor - ok
21:40:35.0461 3468 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:40:35.0461 3468 stisvc - ok
21:40:35.0476 3468 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:40:35.0492 3468 storflt - ok
21:40:35.0507 3468 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:40:35.0507 3468 storvsc - ok
21:40:35.0523 3468 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:40:35.0523 3468 swenum - ok
21:40:35.0539 3468 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:40:35.0554 3468 swprv - ok
21:40:35.0570 3468 Synth3dVsc - ok
21:40:35.0617 3468 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:40:35.0632 3468 SysMain - ok
21:40:35.0648 3468 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:40:35.0648 3468 TabletInputService - ok
21:40:35.0663 3468 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:40:35.0663 3468 TapiSrv - ok
21:40:35.0679 3468 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:40:35.0679 3468 TBS - ok
21:40:35.0741 3468 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:40:35.0788 3468 Tcpip - ok
21:40:35.0819 3468 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:40:35.0835 3468 TCPIP6 - ok
21:40:35.0851 3468 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:40:35.0851 3468 tcpipreg - ok
21:40:35.0866 3468 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:40:35.0882 3468 TDPIPE - ok
21:40:35.0897 3468 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:40:35.0913 3468 TDTCP - ok
21:40:35.0929 3468 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:40:35.0929 3468 tdx - ok
21:40:35.0944 3468 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:40:35.0944 3468 TermDD - ok
21:40:35.0975 3468 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:40:35.0991 3468 TermService - ok
21:40:36.0022 3468 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:40:36.0022 3468 Themes - ok
21:40:36.0038 3468 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:40:36.0038 3468 THREADORDER - ok
21:40:36.0053 3468 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:40:36.0053 3468 TrkWks - ok
21:40:36.0100 3468 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:40:36.0100 3468 TrustedInstaller - ok
21:40:36.0131 3468 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:40:36.0131 3468 tssecsrv - ok
21:40:36.0147 3468 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:40:36.0147 3468 TsUsbFlt - ok
21:40:36.0163 3468 tsusbhub - ok
21:40:36.0194 3468 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:40:36.0194 3468 tunnel - ok
21:40:36.0209 3468 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:40:36.0209 3468 uagp35 - ok
21:40:36.0241 3468 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:40:36.0241 3468 udfs - ok
21:40:36.0272 3468 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:40:36.0272 3468 UI0Detect - ok
21:40:36.0287 3468 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:40:36.0287 3468 uliagpkx - ok
21:40:36.0303 3468 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:40:36.0303 3468 umbus - ok
21:40:36.0303 3468 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:40:36.0319 3468 UmPass - ok
21:40:36.0334 3468 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
21:40:36.0334 3468 UmRdpService - ok
21:40:36.0350 3468 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:40:36.0365 3468 upnphost - ok
21:40:36.0365 3468 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:40:36.0365 3468 usbccgp - ok
21:40:36.0397 3468 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:40:36.0397 3468 usbcir - ok
21:40:36.0412 3468 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:40:36.0412 3468 usbehci - ok
21:40:36.0428 3468 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:40:36.0443 3468 usbhub - ok
21:40:36.0459 3468 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:40:36.0459 3468 usbohci - ok
21:40:36.0475 3468 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:40:36.0475 3468 usbprint - ok
21:40:36.0506 3468 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:40:36.0506 3468 usbscan - ok
21:40:36.0521 3468 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:40:36.0521 3468 USBSTOR - ok
21:40:36.0521 3468 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:40:36.0521 3468 usbuhci - ok
21:40:36.0537 3468 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:40:36.0537 3468 UxSms - ok
21:40:36.0537 3468 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:40:36.0537 3468 VaultSvc - ok
21:40:36.0553 3468 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:40:36.0553 3468 vdrvroot - ok
21:40:36.0584 3468 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:40:36.0599 3468 vds - ok
21:40:36.0631 3468 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:40:36.0631 3468 vga - ok
21:40:36.0646 3468 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:40:36.0646 3468 VgaSave - ok
21:40:36.0662 3468 VGPU - ok
21:40:36.0677 3468 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:40:36.0677 3468 vhdmp - ok
21:40:36.0693 3468 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:40:36.0693 3468 viaide - ok
21:40:36.0709 3468 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:40:36.0709 3468 vmbus - ok
21:40:36.0724 3468 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:40:36.0724 3468 VMBusHID - ok
21:40:36.0740 3468 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:40:36.0740 3468 volmgr - ok
21:40:36.0787 3468 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:40:36.0802 3468 volmgrx - ok
21:40:36.0833 3468 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:40:36.0849 3468 volsnap - ok
21:40:36.0849 3468 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:40:36.0849 3468 vsmraid - ok
21:40:37.0021 3468 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:40:37.0052 3468 VSS - ok
21:40:37.0052 3468 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:40:37.0052 3468 vwifibus - ok
21:40:37.0052 3468 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:40:37.0052 3468 vwififlt - ok
21:40:37.0099 3468 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:40:37.0099 3468 W32Time - ok
21:40:37.0114 3468 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:40:37.0114 3468 WacomPen - ok
21:40:37.0130 3468 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:40:37.0130 3468 WANARP - ok
21:40:37.0130 3468 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:40:37.0130 3468 Wanarpv6 - ok
21:40:37.0192 3468 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:40:37.0208 3468 WatAdminSvc - ok
21:40:37.0270 3468 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:40:37.0301 3468 wbengine - ok
21:40:37.0317 3468 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:40:37.0333 3468 WbioSrvc - ok
21:40:37.0348 3468 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:40:37.0364 3468 wcncsvc - ok
21:40:37.0364 3468 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:40:37.0379 3468 WcsPlugInService - ok
21:40:37.0379 3468 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:40:37.0379 3468 Wd - ok
21:40:37.0395 3468 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:40:37.0426 3468 Wdf01000 - ok
21:40:37.0442 3468 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:40:37.0442 3468 WdiServiceHost - ok
21:40:37.0442 3468 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:40:37.0442 3468 WdiSystemHost - ok
21:40:37.0473 3468 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:40:37.0473 3468 WebClient - ok
21:40:37.0489 3468 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:40:37.0489 3468 Wecsvc - ok
21:40:37.0504 3468 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:40:37.0504 3468 wercplsupport - ok
21:40:37.0535 3468 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:40:37.0535 3468 WerSvc - ok
21:40:37.0551 3468 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:40:37.0551 3468 WfpLwf - ok
21:40:37.0551 3468 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:40:37.0551 3468 WIMMount - ok
21:40:37.0567 3468 [ CBDEB4B3B5CF8C49ACC221D45F1C50C1 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
21:40:37.0582 3468 winachsf - ok
21:40:37.0613 3468 WinDefend - ok
21:40:37.0629 3468 WinHttpAutoProxySvc - ok
21:40:37.0754 3468 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:40:37.0754 3468 Winmgmt - ok
21:40:37.0863 3468 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:40:37.0910 3468 WinRM - ok
21:40:37.0972 3468 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:40:37.0972 3468 WinUsb - ok
21:40:38.0003 3468 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:40:38.0003 3468 Wlansvc - ok
21:40:38.0066 3468 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:40:38.0081 3468 WmiAcpi - ok
21:40:38.0128 3468 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:40:38.0128 3468 wmiApSrv - ok
21:40:38.0144 3468 WMPNetworkSvc - ok
21:40:38.0159 3468 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:40:38.0159 3468 WPCSvc - ok
21:40:38.0191 3468 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:40:38.0191 3468 WPDBusEnum - ok
21:40:38.0206 3468 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:40:38.0206 3468 ws2ifsl - ok
21:40:38.0253 3468 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:40:38.0269 3468 wscsvc - ok
21:40:38.0284 3468 WSearch - ok
21:40:38.0362 3468 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:40:38.0362 3468 wuauserv - ok
21:40:38.0393 3468 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:40:38.0393 3468 WudfPf - ok
21:40:38.0425 3468 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:40:38.0425 3468 WUDFRd - ok
21:40:38.0440 3468 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:40:38.0456 3468 wudfsvc - ok
21:40:38.0471 3468 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:40:38.0471 3468 WwanSvc - ok
21:40:38.0503 3468 [ 2F2CE5E47B014F52BC722AE28B19CBF3 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
21:40:38.0503 3468 XAudio - ok
21:40:38.0518 3468 [ A337887A4E3396A3EA5D6E54FA431C84 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
21:40:38.0518 3468 XAudioService - ok
21:40:38.0534 3468 ================ Scan global ===============================
21:40:38.0549 3468 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:40:38.0581 3468 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:40:38.0596 3468 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:40:38.0612 3468 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:40:38.0674 3468 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:40:38.0674 3468 [Global] - ok
21:40:38.0674 3468 ================ Scan MBR ==================================
21:40:38.0690 3468 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:40:39.0298 3468 \Device\Harddisk0\DR0 - ok
21:40:39.0298 3468 ================ Scan VBR ==================================
21:40:39.0298 3468 [ B2B1DC29F4E845019EEE053FBDD2D402 ] \Device\Harddisk0\DR0\Partition1
21:40:39.0298 3468 \Device\Harddisk0\DR0\Partition1 - ok
21:40:39.0314 3468 [ 70B5588C4BCD6CC94C18719591121AB0 ] \Device\Harddisk0\DR0\Partition2
21:40:39.0314 3468 \Device\Harddisk0\DR0\Partition2 - ok
21:40:39.0314 3468 ============================================================
21:40:39.0314 3468 Scan finished
21:40:39.0314 3468 ============================================================
21:40:39.0329 3428 Detected object count: 0
21:40:39.0329 3428 Actual detected object count: 0

running aswMBR now..

#7 WalkingAtNight

WalkingAtNight
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 29 October 2012 - 11:53 PM

aswMBR scan log report

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-29 21:43:19
-----------------------------
21:43:19.093 OS Version: Windows x64 6.1.7601 Service Pack 1
21:43:19.093 Number of processors: 4 586 0xF0B
21:43:19.093 ComputerName: ESPERANZA-PC UserName: Esperanza
21:43:20.139 Initialize success
21:43:29.655 AVAST engine defs: 12102901
21:43:34.647 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-0
21:43:34.662 Disk 0 Vendor: WDC_WD6400AAKS-22A7B0 01.03B01 Size: 610480MB BusType: 3
21:43:34.662 Disk 0 MBR read successfully
21:43:34.662 Disk 0 MBR scan
21:43:34.678 Disk 0 Windows 7 default MBR code
21:43:34.678 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:43:34.693 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 610378 MB offset 206848
21:43:34.709 Disk 0 scanning C:\Windows\system32\drivers
21:43:40.965 Service scanning
21:43:58.332 Modules scanning
21:43:58.332 Disk 0 trace - called modules:
21:43:58.348 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:43:58.348 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80062ac060]
21:43:58.348 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8005ce8580]
21:43:58.364 5 ACPI.sys[fffff88000f797a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-0[0xfffffa8005cea060]
21:43:59.752 AVAST engine scan C:\Windows
21:44:01.764 AVAST engine scan C:\Windows\system32
21:46:09.709 AVAST engine scan C:\Windows\system32\drivers
21:46:23.269 AVAST engine scan C:\Users\Esperanza
21:47:53.530 AVAST engine scan C:\ProgramData
21:48:06.806 Scan finished successfully
21:51:14.786 Disk 0 MBR has been saved successfully to "C:\Users\Esperanza\Desktop\MBR.dat"
21:51:14.786 The log file has been saved successfully to "C:\Users\Esperanza\Desktop\aswMBR.txt"

#8 WalkingAtNight

WalkingAtNight
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 30 October 2012 - 12:41 AM

ESET online scanner is taking its sweet time.. lol..
almost done dou.. 99% done.

#9 WalkingAtNight

WalkingAtNight
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 30 October 2012 - 12:48 AM

ESET

C:\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin\5zEIPlug.dll Win32/Toolbar.MyWebSearch application
C:\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin\5zEZSETP.dll a variant of Win32/Toolbar.MyWebSearch.Q application
C:\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin\NP5zEISb.dll Win32/Toolbar.MyWebSearch application
C:\Program Files (x86)\PDFCreator\message.exe a variant of Win32/InstallCore.A application
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.PR trojan
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.PR trojan
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan
C:\Users\Esperanza\AppData\LocalLow\CouponXplorer_5zEI\Installr\Cache\01D4419B.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\Users\Esperanza\Documents\Rooting stuff\Exploits\psneuter Android/Exploit.Lotoor.AK trojan
C:\Users\Esperanza\Downloads\batman-cobblepot.exe a variant of Win32/InstallCore.AL application

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:54 AM

Posted 30 October 2012 - 12:57 AM

Run ESET scan again and make sure to Checkmark REMOVE THREATS option,post the generated log

Update malwarebytes and run scan again and post the clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#11 WalkingAtNight

WalkingAtNight
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 30 October 2012 - 01:01 AM

thank you so much for helping me.. :)
i will continue with ur instructions.. thanks

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:54 AM

Posted 30 October 2012 - 01:08 AM

:thumbup2:

#13 WalkingAtNight

WalkingAtNight
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 30 October 2012 - 01:31 AM

ESET second scan with clean threats check-marked.

C:\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin\5zEIPlug.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin\5zEZSETP.dll a variant of Win32/Toolbar.MyWebSearch.Q application cleaned by deleting - quarantined
C:\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin\NP5zEISb.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files (x86)\PDFCreator\message.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.PR trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.PR trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.10.2012_21.21.25\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\Esperanza\AppData\LocalLow\CouponXplorer_5zEI\Installr\Cache\01D4419B.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
C:\Users\Esperanza\Documents\Rooting stuff\Exploits\psneuter Android/Exploit.Lotoor.AK trojan cleaned by deleting - quarantined
C:\Users\Esperanza\Downloads\batman-cobblepot.exe a variant of Win32/InstallCore.AL application cleaned by deleting - quarantined

#14 WalkingAtNight

WalkingAtNight
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 30 October 2012 - 01:32 AM

Also, before i continue..
there is a check-mark option for delete quarantine files.
should i check-mark it before clicking on finish?

Edited by JaureguiRoberto, 30 October 2012 - 01:32 AM.


#15 WalkingAtNight

WalkingAtNight
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:54 AM

Posted 30 October 2012 - 02:05 AM

Malwarebytes found svchost.exe again.

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.29.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Esperanza :: ESPERANZA-PC [administrator]

Protection: Enabled

10/29/2012 11:39:55 PM
mbam-log-2012-10-29 (23-39-55).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 362874
Time elapsed: 23 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users