Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Plural viruses but all attempts to fix/identify it are thwarted.


  • Please log in to reply
7 replies to this topic

#1 Mary Faerie

Mary Faerie

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 11 January 2013 - 06:53 PM

Hello everyone at Bleeping Computer, I'm new here and joining in the hope of finding some much needed help. My boyfriend's laptop has viruses. Plural. It's running Windows Vista.

When trying to access Windows Firewall we get the message "Due to an unidentified problem Windows cannot display Firewall settings. Also the Security Centre service is turned off and message says it can't be started.
AVG and Malwarebytes would not run.
We tried to download other anti-virus software and rootkit software but were prevented.
It's also been running slower.

We think this began possibly 3 days ago after downloading from free wallpaper sites.

From my laptop I downloaded several anti-virus and antirootkit programmes onto a flash drive and ran them on the sick machine. These were: TDSSkiller which only found 4 unsigned files (which my boyfriend deleted); Stinger from McAfee which found nothing; Avast Antirootkit which found nothing; Malwarebytes (installed by saving onto the desktop and renaming before running) which has now found 2 registry keys and 4 registry data items which it says were repaired successfully (see below). But we still have the same symptoms; no Security Centre and can't download any anti virus.

Any help at this point would be most appreciated.

Mary


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.11.14

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
tinderbox :: TINDERBOX-PC [administrator]

11/01/2013 21:31:14
mbam-log-2013-01-11 (21-31-14).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 330461
Time elapsed: 1 hour(s), 14 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 4
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,,C:\Users\tinderbox\AppData\Local\merlqmqy\ukjxbpam.exe) Good: (userinit.exe) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:17 PM

Posted 11 January 2013 - 07:36 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Mary Faerie

Mary Faerie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 12 January 2013 - 10:36 AM

Oh thanks so much for helping! We will work on that now...

14:16:36.0638 2664 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:16:37.0715 2664 ============================================================
14:16:37.0715 2664 Current date / time: 2013/01/12 14:16:37.0715
14:16:37.0715 2664 SystemInfo:
14:16:37.0715 2664
14:16:37.0715 2664 OS Version: 6.0.6002 ServicePack: 2.0
14:16:37.0715 2664 Product type: Workstation
14:16:37.0715 2664 ComputerName: TINDERBOX-PC
14:16:37.0715 2664 UserName: tinderbox
14:16:37.0715 2664 Windows directory: C:\Windows
14:16:37.0715 2664 System windows directory: C:\Windows
14:16:37.0715 2664 Processor architecture: Intel x86
14:16:37.0715 2664 Number of processors: 2
14:16:37.0715 2664 Page size: 0x1000
14:16:37.0715 2664 Boot type: Normal boot
14:16:37.0715 2664 ============================================================
14:16:38.0931 2664 BG loaded
14:16:39.0477 2664 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:16:39.0493 2664 Drive \Device\Harddisk1\DR1 - Size: 0x774488000 (29.82 Gb), SectorSize: 0x200, Cylinders: 0xF34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:16:39.0493 2664 ============================================================
14:16:39.0493 2664 \Device\Harddisk0\DR0:
14:16:39.0493 2664 MBR partitions:
14:16:39.0493 2664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1389000, BlocksNum 0x11690000
14:16:39.0493 2664 \Device\Harddisk1\DR1:
14:16:39.0493 2664 MBR partitions:
14:16:39.0493 2664 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x3BA2420
14:16:39.0493 2664 ============================================================
14:16:39.0727 2664 C: <-> \Device\Harddisk0\DR0\Partition1
14:16:39.0727 2664 ============================================================
14:16:39.0727 2664 Initialize success
14:16:39.0727 2664 ============================================================
14:16:53.0907 2752 ============================================================
14:16:53.0907 2752 Scan started
14:16:53.0907 2752 Mode: Manual; TDLFS;
14:16:53.0907 2752 ============================================================
14:16:54.0641 2752 ================ Scan system memory ========================
14:16:54.0641 2752 System memory - ok
14:16:54.0641 2752 ================ Scan services =============================
14:16:55.0655 2752 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
14:16:55.0655 2752 ACPI - ok
14:16:55.0733 2752 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:16:55.0733 2752 AdobeFlashPlayerUpdateSvc - ok
14:16:55.0795 2752 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:16:55.0795 2752 adp94xx - ok
14:16:55.0842 2752 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:16:55.0842 2752 adpahci - ok
14:16:55.0857 2752 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:16:55.0857 2752 adpu160m - ok
14:16:55.0920 2752 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:16:55.0920 2752 adpu320 - ok
14:16:56.0029 2752 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:16:56.0029 2752 AeLookupSvc - ok
14:16:56.0060 2752 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
14:16:56.0076 2752 AFD - ok
14:16:56.0107 2752 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:16:56.0107 2752 agp440 - ok
14:16:56.0138 2752 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:16:56.0138 2752 aic78xx - ok
14:16:56.0169 2752 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
14:16:56.0169 2752 aliide - ok
14:16:56.0201 2752 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:16:56.0201 2752 amdagp - ok
14:16:56.0216 2752 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
14:16:56.0216 2752 amdide - ok
14:16:56.0247 2752 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
14:16:56.0247 2752 AmdK7 - ok
14:16:56.0279 2752 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:16:56.0279 2752 AmdK8 - ok
14:16:56.0887 2752 [ D89562A6AE8E07A457452E5B5560EB43 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:16:56.0887 2752 AntiVirSchedulerService - ok
14:16:56.0949 2752 [ E953EB70B3C4F0BA108C35D45420B86B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:16:56.0949 2752 AntiVirService - ok
14:16:57.0059 2752 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
14:16:57.0059 2752 Appinfo - ok
14:16:57.0090 2752 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
14:16:57.0090 2752 arc - ok
14:16:57.0121 2752 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:16:57.0121 2752 arcsas - ok
14:16:57.0168 2752 [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP C:\Program Files\ATKGFNEX\ASMMAP.sys
14:16:57.0168 2752 ASMMAP - ok
14:16:57.0199 2752 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:16:57.0199 2752 AsyncMac - ok
14:16:57.0246 2752 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
14:16:57.0246 2752 atapi - ok
14:16:57.0324 2752 [ 44362605F5FFF00C9B7696B47680A8C5 ] athr C:\Windows\system32\DRIVERS\athr.sys
14:16:57.0339 2752 athr - ok
14:16:57.0402 2752 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:16:57.0402 2752 AudioEndpointBuilder - ok
14:16:57.0417 2752 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:16:57.0433 2752 Audiosrv - ok
14:16:57.0527 2752 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:16:57.0527 2752 avgntflt - ok
14:16:57.0761 2752 [ 0189056DDBF23C7DEF09D2B5999C5405 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:16:57.0761 2752 avipbb - ok
14:16:57.0807 2752 [ C304F287CE162CBA8AAF3CF1D31A64BD ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:16:57.0807 2752 avkmgr - ok
14:16:57.0885 2752 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
14:16:57.0885 2752 Beep - ok
14:16:57.0917 2752 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
14:16:57.0932 2752 BFE - ok
14:16:58.0041 2752 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
14:16:58.0057 2752 BITS - ok
14:16:58.0104 2752 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:16:58.0104 2752 blbdrive - ok
14:16:58.0182 2752 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:16:58.0182 2752 Bonjour Service - ok
14:16:58.0229 2752 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:16:58.0229 2752 bowser - ok
14:16:58.0291 2752 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:16:58.0291 2752 BrFiltLo - ok
14:16:58.0322 2752 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:16:58.0322 2752 BrFiltUp - ok
14:16:58.0353 2752 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
14:16:58.0353 2752 Browser - ok
14:16:58.0385 2752 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
14:16:58.0385 2752 Brserid - ok
14:16:58.0416 2752 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:16:58.0416 2752 BrSerWdm - ok
14:16:58.0447 2752 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:16:58.0447 2752 BrUsbMdm - ok
14:16:58.0541 2752 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:16:58.0541 2752 BrUsbSer - ok
14:16:58.0650 2752 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:16:58.0650 2752 BTHMODEM - ok
14:16:58.0697 2752 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:16:58.0697 2752 cdfs - ok
14:16:58.0728 2752 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:16:58.0728 2752 cdrom - ok
14:16:58.0775 2752 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
14:16:58.0775 2752 CertPropSvc - ok
14:16:58.0790 2752 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
14:16:58.0806 2752 circlass - ok
14:16:58.0899 2752 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
14:16:58.0899 2752 CLFS - ok
14:16:59.0211 2752 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:16:59.0211 2752 clr_optimization_v2.0.50727_32 - ok
14:16:59.0289 2752 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:16:59.0289 2752 clr_optimization_v4.0.30319_32 - ok
14:16:59.0321 2752 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:16:59.0321 2752 CmBatt - ok
14:16:59.0336 2752 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:16:59.0336 2752 cmdide - ok
14:16:59.0367 2752 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:16:59.0367 2752 Compbatt - ok
14:16:59.0383 2752 COMSysApp - ok
14:16:59.0399 2752 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:16:59.0399 2752 crcdisk - ok
14:16:59.0555 2752 [ D18893845AE1C5833B5B2EA9B7F5C670 ] CRFILTER C:\Windows\system32\DRIVERS\CRFILTER.sys
14:16:59.0555 2752 CRFILTER - ok
14:16:59.0648 2752 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
14:16:59.0648 2752 Crusoe - ok
14:16:59.0804 2752 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:16:59.0804 2752 CryptSvc - ok
14:17:00.0116 2752 [ EEDBAB8486E358CDD6687E666941B30C ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
14:17:00.0147 2752 CVPND - ok
14:17:00.0210 2752 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:17:00.0225 2752 DcomLaunch - ok
14:17:00.0335 2752 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:17:00.0335 2752 DfsC - ok
14:17:00.0537 2752 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
14:17:00.0569 2752 DFSR - ok
14:17:00.0662 2752 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
14:17:00.0662 2752 Dhcp - ok
14:17:00.0725 2752 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
14:17:00.0725 2752 disk - ok
14:17:00.0756 2752 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:17:00.0771 2752 Dnscache - ok
14:17:00.0818 2752 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:17:00.0818 2752 dot3svc - ok
14:17:00.0912 2752 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
14:17:00.0912 2752 DPS - ok
14:17:01.0005 2752 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:17:01.0005 2752 drmkaud - ok
14:17:01.0068 2752 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:17:01.0083 2752 DXGKrnl - ok
14:17:01.0115 2752 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
14:17:01.0115 2752 E1G60 - ok
14:17:01.0193 2752 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
14:17:01.0193 2752 EapHost - ok
14:17:01.0286 2752 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
14:17:01.0286 2752 Ecache - ok
14:17:01.0427 2752 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:17:01.0427 2752 ehRecvr - ok
14:17:01.0458 2752 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
14:17:01.0458 2752 ehSched - ok
14:17:01.0676 2752 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
14:17:01.0676 2752 ehstart - ok
14:17:01.0879 2752 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:17:01.0879 2752 elxstor - ok
14:17:02.0066 2752 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
14:17:02.0066 2752 EMDMgmt - ok
14:17:02.0160 2752 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:17:02.0160 2752 ErrDev - ok
14:17:02.0253 2752 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
14:17:02.0269 2752 EventSystem - ok
14:17:02.0409 2752 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
14:17:02.0409 2752 exfat - ok
14:17:02.0503 2752 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:17:02.0503 2752 fastfat - ok
14:17:02.0550 2752 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:17:02.0550 2752 fdc - ok
14:17:02.0659 2752 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
14:17:02.0659 2752 fdPHost - ok
14:17:02.0706 2752 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
14:17:02.0706 2752 FDResPub - ok
14:17:02.0721 2752 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:17:02.0721 2752 FileInfo - ok
14:17:02.0753 2752 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:17:02.0753 2752 Filetrace - ok
14:17:02.0784 2752 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:17:02.0784 2752 flpydisk - ok
14:17:02.0893 2752 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:17:02.0909 2752 FltMgr - ok
14:17:03.0080 2752 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
14:17:03.0096 2752 FontCache - ok
14:17:03.0174 2752 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:17:03.0174 2752 FontCache3.0.0.0 - ok
14:17:03.0221 2752 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:17:03.0221 2752 Fs_Rec - ok
14:17:03.0299 2752 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:17:03.0299 2752 gagp30kx - ok
14:17:03.0657 2752 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
14:17:03.0673 2752 gpsvc - ok
14:17:03.0782 2752 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:17:03.0782 2752 gupdate - ok
14:17:03.0798 2752 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:17:03.0813 2752 gupdatem - ok
14:17:03.0860 2752 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:17:03.0860 2752 HdAudAddService - ok
14:17:04.0047 2752 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:17:04.0063 2752 HDAudBus - ok
14:17:04.0110 2752 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:17:04.0110 2752 HidBth - ok
14:17:04.0141 2752 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
14:17:04.0141 2752 HidIr - ok
14:17:04.0250 2752 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
14:17:04.0266 2752 hidserv - ok
14:17:04.0359 2752 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:17:04.0359 2752 HidUsb - ok
14:17:04.0406 2752 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:17:04.0406 2752 hkmsvc - ok
14:17:04.0453 2752 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:17:04.0453 2752 HpCISSs - ok
14:17:04.0531 2752 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:17:04.0547 2752 HTTP - ok
14:17:04.0593 2752 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
14:17:04.0593 2752 i2omp - ok
14:17:04.0671 2752 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:17:04.0671 2752 i8042prt - ok
14:17:04.0687 2752 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
14:17:04.0703 2752 iaStorV - ok
14:17:05.0093 2752 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:17:05.0108 2752 idsvc - ok
14:17:05.0155 2752 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:17:05.0155 2752 iirsp - ok
14:17:05.0295 2752 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
14:17:05.0295 2752 IKEEXT - ok
14:17:05.0592 2752 [ 0557AAEE4C86E2C333ACD2BAF42A7619 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:17:05.0623 2752 IntcAzAudAddService - ok
14:17:05.0701 2752 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
14:17:05.0701 2752 intelide - ok
14:17:05.0748 2752 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:17:05.0748 2752 intelppm - ok
14:17:05.0763 2752 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:17:05.0779 2752 IPBusEnum - ok
14:17:05.0826 2752 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:17:05.0826 2752 IpFilterDriver - ok
14:17:05.0904 2752 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:17:05.0904 2752 iphlpsvc - ok
14:17:05.0935 2752 IpInIp - ok
14:17:05.0966 2752 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:17:05.0966 2752 IPMIDRV - ok
14:17:05.0997 2752 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:17:05.0997 2752 IPNAT - ok
14:17:06.0091 2752 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:17:06.0091 2752 IRENUM - ok
14:17:06.0107 2752 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:17:06.0107 2752 isapnp - ok
14:17:06.0200 2752 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:17:06.0200 2752 iScsiPrt - ok
14:17:06.0247 2752 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:17:06.0247 2752 iteatapi - ok
14:17:06.0325 2752 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
14:17:06.0341 2752 iteraid - ok
14:17:06.0372 2752 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:17:06.0387 2752 kbdclass - ok
14:17:06.0403 2752 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:17:06.0403 2752 kbdhid - ok
14:17:06.0450 2752 [ 27BD4AC228EF6C0D490617C32E86A672 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
14:17:06.0450 2752 kbfiltr - ok
14:17:06.0481 2752 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
14:17:06.0481 2752 KeyIso - ok
14:17:06.0590 2752 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:17:06.0606 2752 KSecDD - ok
14:17:06.0746 2752 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:17:06.0746 2752 KtmRm - ok
14:17:06.0777 2752 L6UX2 - ok
14:17:06.0824 2752 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
14:17:06.0840 2752 LanmanServer - ok
14:17:06.0871 2752 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:17:06.0887 2752 LanmanWorkstation - ok
14:17:06.0996 2752 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:17:06.0996 2752 lltdio - ok
14:17:07.0058 2752 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:17:07.0058 2752 lltdsvc - ok
14:17:07.0089 2752 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:17:07.0089 2752 lmhosts - ok
14:17:07.0152 2752 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:17:07.0152 2752 LSI_FC - ok
14:17:07.0199 2752 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:17:07.0199 2752 LSI_SAS - ok
14:17:07.0323 2752 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:17:07.0323 2752 LSI_SCSI - ok
14:17:07.0370 2752 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
14:17:07.0370 2752 luafv - ok
14:17:07.0401 2752 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:17:07.0417 2752 Mcx2Svc - ok
14:17:07.0433 2752 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
14:17:07.0433 2752 megasas - ok
14:17:07.0573 2752 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
14:17:07.0573 2752 MegaSR - ok
14:17:07.0807 2752 Micorsoft Windows Service - ok
14:17:07.0854 2752 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
14:17:07.0869 2752 MMCSS - ok
14:17:07.0885 2752 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
14:17:07.0885 2752 Modem - ok
14:17:07.0947 2752 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:17:07.0947 2752 monitor - ok
14:17:07.0963 2752 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:17:07.0979 2752 mouclass - ok
14:17:08.0010 2752 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:17:08.0010 2752 mouhid - ok
14:17:08.0025 2752 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:17:08.0025 2752 MountMgr - ok
14:17:08.0088 2752 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
14:17:08.0088 2752 mpio - ok
14:17:08.0119 2752 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:17:08.0119 2752 mpsdrv - ok
14:17:08.0150 2752 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:17:08.0150 2752 Mraid35x - ok
14:17:08.0228 2752 MREMP50 - ok
14:17:08.0228 2752 MREMPR5 - ok
14:17:08.0244 2752 MRENDIS5 - ok
14:17:08.0259 2752 MRESP50 - ok
14:17:08.0322 2752 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:17:08.0322 2752 MRxDAV - ok
14:17:08.0384 2752 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:17:08.0384 2752 mrxsmb - ok
14:17:08.0478 2752 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:17:08.0478 2752 mrxsmb10 - ok
14:17:08.0540 2752 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:17:08.0540 2752 mrxsmb20 - ok
14:17:08.0696 2752 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
14:17:08.0696 2752 msahci - ok
14:17:08.0727 2752 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:17:08.0727 2752 msdsm - ok
14:17:08.0852 2752 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
14:17:08.0868 2752 MSDTC - ok
14:17:08.0915 2752 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:17:08.0915 2752 Msfs - ok
14:17:08.0946 2752 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:17:08.0946 2752 msisadrv - ok
14:17:08.0993 2752 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:17:08.0993 2752 MSiSCSI - ok
14:17:09.0008 2752 msiserver - ok
14:17:09.0055 2752 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:17:09.0055 2752 MSKSSRV - ok
14:17:09.0086 2752 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:17:09.0086 2752 MSPCLOCK - ok
14:17:09.0102 2752 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:17:09.0102 2752 MSPQM - ok
14:17:09.0149 2752 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:17:09.0149 2752 MsRPC - ok
14:17:09.0195 2752 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:17:09.0195 2752 mssmbios - ok
14:17:09.0211 2752 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:17:09.0211 2752 MSTEE - ok
14:17:09.0258 2752 [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys
14:17:09.0258 2752 MTsensor - ok
14:17:09.0273 2752 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
14:17:09.0273 2752 Mup - ok
14:17:09.0445 2752 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
14:17:09.0461 2752 napagent - ok
14:17:09.0523 2752 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:17:09.0523 2752 NativeWifiP - ok
14:17:09.0585 2752 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:17:09.0585 2752 NDIS - ok
14:17:09.0632 2752 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:17:09.0632 2752 NdisTapi - ok
14:17:09.0726 2752 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:17:09.0726 2752 Ndisuio - ok
14:17:09.0773 2752 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:17:09.0773 2752 NdisWan - ok
14:17:09.0819 2752 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:17:09.0819 2752 NDProxy - ok
14:17:09.0851 2752 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:17:09.0851 2752 NetBIOS - ok
14:17:09.0882 2752 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
14:17:09.0882 2752 netbt - ok
14:17:09.0929 2752 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
14:17:09.0929 2752 Netlogon - ok
14:17:09.0975 2752 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
14:17:09.0975 2752 Netman - ok
14:17:10.0038 2752 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
14:17:10.0038 2752 netprofm - ok
14:17:10.0100 2752 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:17:10.0100 2752 NetTcpPortSharing - ok
14:17:10.0225 2752 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:17:10.0225 2752 nfrd960 - ok
14:17:10.0272 2752 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:17:10.0287 2752 NlaSvc - ok
14:17:10.0287 2752 NMIndexingService - ok
14:17:10.0334 2752 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:17:10.0350 2752 Npfs - ok
14:17:10.0365 2752 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
14:17:10.0365 2752 nsi - ok
14:17:10.0428 2752 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:17:10.0428 2752 nsiproxy - ok
14:17:10.0615 2752 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:17:10.0631 2752 Ntfs - ok
14:17:10.0724 2752 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
14:17:10.0724 2752 ntrigdigi - ok
14:17:10.0755 2752 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
14:17:10.0755 2752 Null - ok
14:17:10.0833 2752 [ ADB84B1E6B837C45443AA25ABE9E7012 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:17:10.0849 2752 NVENETFD - ok
14:17:10.0880 2752 [ 2C7AC27710E8D41C1EB7D1599187D237 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
14:17:10.0880 2752 NVHDA - ok
14:17:11.0442 2752 [ B5D2B15D3EBA77BEF9392FBEFB3DDDA0 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:17:11.0535 2752 nvlddmkm - ok
14:17:11.0582 2752 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:17:11.0582 2752 nvraid - ok
14:17:11.0629 2752 [ 736054614AB962D4EC01EF4ABCE115F1 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
14:17:11.0629 2752 nvsmu - ok
14:17:11.0707 2752 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:17:11.0707 2752 nvstor - ok
14:17:11.0738 2752 [ C7D36F2077360216D1DB16B1B8F5AEA3 ] nvsvc C:\Windows\system32\nvvsvc.exe
14:17:11.0754 2752 nvsvc - ok
14:17:11.0769 2752 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:17:11.0769 2752 nv_agp - ok
14:17:11.0785 2752 NwlnkFlt - ok
14:17:11.0801 2752 NwlnkFwd - ok
14:17:11.0847 2752 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:17:11.0847 2752 ohci1394 - ok
14:17:11.0910 2752 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
14:17:11.0925 2752 p2pimsvc - ok
14:17:11.0941 2752 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
14:17:11.0957 2752 p2psvc - ok
14:17:11.0988 2752 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
14:17:11.0988 2752 Parport - ok
14:17:12.0066 2752 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:17:12.0066 2752 partmgr - ok
14:17:12.0081 2752 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
14:17:12.0081 2752 Parvdm - ok
14:17:12.0222 2752 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
14:17:12.0222 2752 PcaSvc - ok
14:17:12.0300 2752 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
14:17:12.0300 2752 pci - ok
14:17:12.0331 2752 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
14:17:12.0331 2752 pciide - ok
14:17:12.0440 2752 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:17:12.0440 2752 pcmcia - ok
14:17:12.0581 2752 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:17:12.0596 2752 PEAUTH - ok
14:17:12.0908 2752 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
14:17:12.0939 2752 pla - ok
14:17:13.0002 2752 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:17:13.0017 2752 PlugPlay - ok
14:17:13.0111 2752 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:17:13.0127 2752 PNRPAutoReg - ok
14:17:13.0267 2752 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
14:17:13.0283 2752 PNRPsvc - ok
14:17:13.0407 2752 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:17:13.0423 2752 PolicyAgent - ok
14:17:13.0470 2752 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:17:13.0470 2752 PptpMiniport - ok
14:17:13.0501 2752 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
14:17:13.0501 2752 Processor - ok
14:17:13.0548 2752 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
14:17:13.0563 2752 ProfSvc - ok
14:17:13.0595 2752 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:17:13.0595 2752 ProtectedStorage - ok
14:17:13.0657 2752 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
14:17:13.0657 2752 PSched - ok
14:17:13.0907 2752 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:17:13.0922 2752 ql2300 - ok
14:17:13.0938 2752 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:17:13.0953 2752 ql40xx - ok
14:17:13.0969 2752 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
14:17:13.0985 2752 QWAVE - ok
14:17:14.0063 2752 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:17:14.0063 2752 QWAVEdrv - ok
14:17:14.0141 2752 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:17:14.0141 2752 RasAcd - ok
14:17:14.0250 2752 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
14:17:14.0250 2752 RasAuto - ok
14:17:14.0265 2752 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:17:14.0281 2752 Rasl2tp - ok
14:17:14.0328 2752 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
14:17:14.0343 2752 RasMan - ok
14:17:14.0359 2752 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:17:14.0359 2752 RasPppoe - ok
14:17:14.0515 2752 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:17:14.0515 2752 RasSstp - ok
14:17:14.0593 2752 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:17:14.0593 2752 rdbss - ok
14:17:14.0624 2752 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:17:14.0624 2752 RDPCDD - ok
14:17:14.0671 2752 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
14:17:14.0671 2752 rdpdr - ok
14:17:14.0687 2752 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:17:14.0687 2752 RDPENCDD - ok
14:17:14.0796 2752 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:17:14.0796 2752 RDPWD - ok
14:17:14.0843 2752 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:17:14.0843 2752 RemoteAccess - ok
14:17:14.0889 2752 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:17:14.0889 2752 RemoteRegistry - ok
14:17:14.0967 2752 [ EEC7EE5675294B03E88AA868540007C1 ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
14:17:14.0983 2752 RMCAST - ok
14:17:15.0030 2752 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
14:17:15.0045 2752 RpcLocator - ok
14:17:15.0123 2752 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
14:17:15.0139 2752 RpcSs - ok
14:17:15.0186 2752 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:17:15.0186 2752 rspndr - ok
14:17:15.0233 2752 [ E24113FC13B8737C94CF4E3415488C76 ] s115mdfl C:\Windows\system32\DRIVERS\s115mdfl.sys
14:17:15.0233 2752 s115mdfl - ok
14:17:15.0295 2752 [ 4029E49E7C673AA0670BD206B0AF1B5B ] s115mdm C:\Windows\system32\DRIVERS\s115mdm.sys
14:17:15.0311 2752 s115mdm - ok
14:17:15.0357 2752 [ EB02AB4CA8BCCECFDE236CAD8FC6E135 ] s115mgmt C:\Windows\system32\DRIVERS\s115mgmt.sys
14:17:15.0357 2752 s115mgmt - ok
14:17:15.0404 2752 [ 089869DB9FFD2AC807FA87FE82AC7761 ] s115obex C:\Windows\system32\DRIVERS\s115obex.sys
14:17:15.0404 2752 s115obex - ok
14:17:15.0467 2752 [ 815445F4676CC96BC9AEEC303C727E19 ] s116bus C:\Windows\system32\DRIVERS\s116bus.sys
14:17:15.0467 2752 s116bus - ok
14:17:15.0529 2752 [ 06847AA6F3A9BF7C44134D00A2E578C0 ] s125bus C:\Windows\system32\DRIVERS\s125bus.sys
14:17:15.0529 2752 s125bus - ok
14:17:15.0560 2752 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
14:17:15.0560 2752 SamSs - ok
14:17:15.0623 2752 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:17:15.0623 2752 sbp2port - ok
14:17:15.0732 2752 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
14:17:15.0747 2752 SBSDWSCService - ok
14:17:15.0857 2752 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:17:15.0857 2752 SCardSvr - ok
14:17:15.0919 2752 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
14:17:15.0935 2752 Schedule - ok
14:17:16.0013 2752 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:17:16.0013 2752 SCPolicySvc - ok
14:17:16.0122 2752 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
14:17:16.0122 2752 sdbus - ok
14:17:16.0247 2752 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:17:16.0247 2752 SDRSVC - ok
14:17:16.0278 2752 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:17:16.0278 2752 secdrv - ok
14:17:16.0309 2752 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
14:17:16.0325 2752 seclogon - ok
14:17:16.0449 2752 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
14:17:16.0465 2752 SENS - ok
14:17:16.0496 2752 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
14:17:16.0496 2752 Serenum - ok
14:17:16.0527 2752 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
14:17:16.0527 2752 Serial - ok
14:17:16.0559 2752 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:17:16.0559 2752 sermouse - ok
14:17:16.0637 2752 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
14:17:16.0652 2752 SessionEnv - ok
14:17:16.0683 2752 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:17:16.0683 2752 sffdisk - ok
14:17:16.0715 2752 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:17:16.0715 2752 sffp_mmc - ok
14:17:16.0793 2752 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:17:16.0793 2752 sffp_sd - ok
14:17:16.0824 2752 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:17:16.0824 2752 sfloppy - ok
14:17:16.0871 2752 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:17:16.0886 2752 ShellHWDetection - ok
14:17:16.0917 2752 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:17:16.0933 2752 sisagp - ok
14:17:16.0964 2752 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:17:16.0964 2752 SiSRaid2 - ok
14:17:16.0995 2752 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:17:16.0995 2752 SiSRaid4 - ok
14:17:17.0073 2752 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:17:17.0089 2752 SkypeUpdate - ok
14:17:17.0463 2752 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
14:17:17.0510 2752 slsvc - ok
14:17:17.0573 2752 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
14:17:17.0588 2752 SLUINotify - ok
14:17:17.0619 2752 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:17:17.0619 2752 Smb - ok
14:17:17.0729 2752 [ C8A58FC905C9184FA70E37F71060C64D ] smserial C:\Windows\system32\DRIVERS\smserial.sys
14:17:17.0744 2752 smserial - ok
14:17:17.0869 2752 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:17:17.0869 2752 SNMPTRAP - ok
14:17:17.0963 2752 [ 85DA7B2A2F248C8C69D7D0A526342683 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
14:17:17.0978 2752 SNP2UVC - ok
14:17:18.0025 2752 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
14:17:18.0025 2752 spldr - ok
14:17:18.0087 2752 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
14:17:18.0103 2752 Spooler - ok
14:17:18.0228 2752 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:17:18.0228 2752 srv - ok
14:17:18.0306 2752 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:17:18.0306 2752 srv2 - ok
14:17:18.0337 2752 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:17:18.0337 2752 srvnet - ok
14:17:18.0477 2752 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:17:18.0477 2752 SSDPSRV - ok
14:17:18.0555 2752 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
14:17:18.0555 2752 ssmdrv - ok
14:17:18.0618 2752 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:17:18.0618 2752 SstpSvc - ok
14:17:18.0680 2752 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
14:17:18.0696 2752 stisvc - ok
14:17:18.0743 2752 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:17:18.0743 2752 swenum - ok
14:17:18.0883 2752 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
14:17:18.0899 2752 swprv - ok
14:17:18.0961 2752 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:17:18.0961 2752 Symc8xx - ok
14:17:18.0992 2752 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:17:18.0992 2752 Sym_hi - ok
14:17:19.0039 2752 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:17:19.0039 2752 Sym_u3 - ok
14:17:19.0070 2752 [ DB835C324CD488A86E9BFC2C3FD29CD8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:17:19.0086 2752 SynTP - ok
14:17:19.0133 2752 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
14:17:19.0148 2752 SysMain - ok
14:17:19.0179 2752 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:17:19.0195 2752 TabletInputService - ok
14:17:19.0320 2752 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:17:19.0335 2752 TapiSrv - ok
14:17:19.0429 2752 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
14:17:19.0445 2752 TBS - ok
14:17:19.0694 2752 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:17:19.0694 2752 Tcpip - ok
14:17:19.0881 2752 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:17:19.0897 2752 Tcpip6 - ok
14:17:19.0944 2752 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:17:19.0944 2752 tcpipreg - ok
14:17:19.0991 2752 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:17:19.0991 2752 TDPIPE - ok
14:17:20.0069 2752 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:17:20.0069 2752 TDTCP - ok
14:17:20.0162 2752 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:17:20.0162 2752 tdx - ok
14:17:20.0225 2752 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:17:20.0225 2752 TermDD - ok
14:17:20.0490 2752 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
14:17:20.0505 2752 TermService - ok
14:17:20.0599 2752 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
14:17:20.0615 2752 Themes - ok
14:17:20.0677 2752 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
14:17:20.0677 2752 THREADORDER - ok
14:17:20.0724 2752 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
14:17:20.0724 2752 TrkWks - ok
14:17:20.0771 2752 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:17:20.0786 2752 TrustedInstaller - ok
14:17:20.0927 2752 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:17:20.0927 2752 tssecsrv - ok
14:17:20.0958 2752 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:17:20.0958 2752 tunmp - ok
14:17:20.0989 2752 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:17:20.0989 2752 tunnel - ok
14:17:21.0020 2752 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:17:21.0020 2752 uagp35 - ok
14:17:21.0051 2752 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:17:21.0067 2752 udfs - ok
14:17:21.0145 2752 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:17:21.0161 2752 UI0Detect - ok
14:17:21.0192 2752 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:17:21.0192 2752 uliagpkx - ok
14:17:21.0223 2752 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
14:17:21.0223 2752 uliahci - ok
14:17:21.0285 2752 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
14:17:21.0285 2752 UlSata - ok
14:17:21.0348 2752 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:17:21.0348 2752 ulsata2 - ok
14:17:21.0379 2752 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:17:21.0379 2752 umbus - ok
14:17:21.0504 2752 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
14:17:21.0504 2752 upnphost - ok
14:17:21.0582 2752 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:17:21.0582 2752 usbaudio - ok
14:17:21.0644 2752 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:17:21.0644 2752 usbccgp - ok
14:17:21.0691 2752 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:17:21.0691 2752 usbcir - ok
14:17:21.0753 2752 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:17:21.0753 2752 usbehci - ok
14:17:21.0894 2752 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:17:21.0894 2752 usbhub - ok
14:17:22.0034 2752 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:17:22.0034 2752 usbohci - ok
14:17:22.0065 2752 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:17:22.0065 2752 usbprint - ok
14:17:22.0112 2752 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:17:22.0112 2752 usbscan - ok
14:17:22.0143 2752 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:17:22.0143 2752 USBSTOR - ok
14:17:22.0206 2752 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:17:22.0206 2752 usbuhci - ok
14:17:22.0299 2752 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:17:22.0315 2752 usbvideo - ok
14:17:22.0377 2752 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
14:17:22.0377 2752 UxSms - ok
14:17:22.0518 2752 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
14:17:22.0518 2752 vds - ok
14:17:22.0565 2752 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:17:22.0565 2752 vga - ok
14:17:22.0596 2752 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
14:17:22.0596 2752 VgaSave - ok
14:17:22.0627 2752 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:17:22.0627 2752 viaagp - ok
14:17:22.0643 2752 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:17:22.0643 2752 ViaC7 - ok
14:17:22.0674 2752 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
14:17:22.0674 2752 viaide - ok
14:17:22.0721 2752 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:17:22.0721 2752 volmgr - ok
14:17:22.0799 2752 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:17:22.0799 2752 volmgrx - ok
14:17:22.0908 2752 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:17:22.0923 2752 volsnap - ok
14:17:22.0955 2752 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:17:22.0955 2752 vsmraid - ok
14:17:23.0048 2752 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
14:17:23.0064 2752 VSS - ok
14:17:23.0142 2752 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
14:17:23.0157 2752 W32Time - ok
14:17:23.0173 2752 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:17:23.0173 2752 WacomPen - ok
14:17:23.0204 2752 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:17:23.0220 2752 Wanarp - ok
14:17:23.0220 2752 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:17:23.0220 2752 Wanarpv6 - ok
14:17:23.0298 2752 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:17:23.0313 2752 wcncsvc - ok
14:17:23.0360 2752 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:17:23.0376 2752 WcsPlugInService - ok
14:17:23.0391 2752 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
14:17:23.0391 2752 Wd - ok
14:17:23.0501 2752 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:17:23.0501 2752 Wdf01000 - ok
14:17:23.0532 2752 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:17:23.0547 2752 WdiServiceHost - ok
14:17:23.0547 2752 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:17:23.0563 2752 WdiSystemHost - ok
14:17:23.0703 2752 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
14:17:23.0719 2752 WebClient - ok
14:17:23.0813 2752 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:17:23.0828 2752 Wecsvc - ok
14:17:23.0937 2752 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:17:23.0953 2752 wercplsupport - ok
14:17:24.0015 2752 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
14:17:24.0031 2752 WerSvc - ok
14:17:24.0125 2752 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:17:24.0140 2752 WinDefend - ok
14:17:24.0140 2752 WinHttpAutoProxySvc - ok
14:17:24.0405 2752 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:17:24.0405 2752 Winmgmt - ok
14:17:24.0405 2752 WinRing0_1_2_0 - ok
14:17:24.0702 2752 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
14:17:24.0733 2752 WinRM - ok
14:17:24.0873 2752 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:17:24.0889 2752 Wlansvc - ok
14:17:24.0983 2752 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:17:24.0983 2752 WmiAcpi - ok
14:17:25.0123 2752 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:17:25.0123 2752 wmiApSrv - ok
14:17:25.0295 2752 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:17:25.0310 2752 WMPNetworkSvc - ok
14:17:25.0404 2752 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:17:25.0404 2752 WPCSvc - ok
14:17:25.0435 2752 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:17:25.0435 2752 WPDBusEnum - ok
14:17:25.0482 2752 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
14:17:25.0482 2752 WpdUsb - ok
14:17:26.0090 2752 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:17:26.0090 2752 WPFFontCache_v0400 - ok
14:17:26.0231 2752 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:17:26.0231 2752 ws2ifsl - ok
14:17:26.0246 2752 WSearch - ok
14:17:26.0621 2752 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
14:17:26.0652 2752 wuauserv - ok
14:17:26.0745 2752 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:17:26.0745 2752 WudfPf - ok
14:17:26.0823 2752 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:17:26.0823 2752 WUDFRd - ok
14:17:26.0917 2752 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:17:26.0933 2752 wudfsvc - ok
14:17:27.0026 2752 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
14:17:27.0042 2752 yukonwlh - ok
14:17:27.0089 2752 ================ Scan global ===============================
14:17:27.0135 2752 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:17:27.0213 2752 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:17:27.0338 2752 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:17:27.0525 2752 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
14:17:27.0541 2752 [Global] - ok
14:17:27.0541 2752 ================ Scan MBR ==================================
14:17:27.0603 2752 [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk0\DR0
14:17:28.0820 2752 \Device\Harddisk0\DR0 - ok
14:17:28.0820 2752 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
14:17:28.0945 2752 \Device\Harddisk1\DR1 - ok
14:17:28.0945 2752 ================ Scan VBR ==================================
14:17:28.0976 2752 [ 7386C3DC46AC7A733B2DB17C329EDB00 ] \Device\Harddisk0\DR0\Partition1
14:17:28.0992 2752 \Device\Harddisk0\DR0\Partition1 - ok
14:17:28.0992 2752 [ 6DE64DA495A7A7F82FC5FD4B2E62BDFE ] \Device\Harddisk1\DR1\Partition1
14:17:28.0992 2752 \Device\Harddisk1\DR1\Partition1 - ok
14:17:28.0992 2752 ============================================================
14:17:28.0992 2752 Scan finished
14:17:28.0992 2752 ============================================================
14:17:29.0023 3952 Detected object count: 0
14:17:29.0023 3952 Actual detected object count: 0
14:21:18.0951 2652 Deinitialize success

#4 Mary Faerie

Mary Faerie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 12 January 2013 - 11:25 AM

aswMBR

As the virus is stopping the machine from either running or downloading antivirus programmes we are trying to run this from a flash drive. When we try to download the latest Avast virus definitions we get this;

16:13:16.901 Initialize success
16:13:24.420 AVAST engine download error: 0

This was the same in safe mode.

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:17 PM

Posted 12 January 2013 - 01:58 PM

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#6 Mary Faerie

Mary Faerie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 17 January 2013 - 04:32 PM

DEVELOPMENT. BANK ACCOUNT EMPTIED!

Thank you so much for your help so far. I became worried that transferring data from his laptop to mine via the flash drive might infect my machine. So my boyfriend decided it might just be safer and easier to wipe his laptop back to factory settings. So he saved his wanted files on the flash drive, completed the wipe, and successfully updated Windows and installed AVAST antivirus free edition and some antirootkit programmes. He then ran a virus and rootkit check and everything came up clean. So he put his files back on his laptop and ran a virus and rootkit check again and everything came up clean.

My boyfriend's bank had prevented him accessing his account on line when he had the virus as their antivirus spotted the infection. They told him it was the GOZI virus which steals information. After wiping his laptop he used his bank account on line and now his bank account has been emptied by purchases in stores which he did not make.

Is it possible the virus survived wiping his hard drive? And is it possible that the files he saved could have carried the virus to my machine via the flash drive? I'm so worried.

I will post his results from Farbar Service scanner in the next box... and thanks again for your support with this so far.

#7 Mary Faerie

Mary Faerie
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 17 January 2013 - 04:36 PM

This is the Farbar log after the wipe:


Farbar Service Scanner Version: 16-01-2013
Ran by Tinderbox Creations (administrator) on 17-01-2013 at 21:25:17
Running from "C:\Users\Tinderbox Creations\Downloads"
Windows Vista ™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-01-14 18:41] - [2011-04-21 13:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-01-14 18:31] - [2010-06-16 15:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\system32\dnsrslvr.dll
[2013-01-14 18:42] - [2011-03-02 14:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2008-01-21 02:24] - [2008-01-21 02:24] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2008-01-21 02:23] - [2008-01-21 02:23] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-21 02:23] - [2008-01-21 02:23] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-01-21 02:23] - [2008-01-21 02:23] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-21 02:24] - [2008-01-21 02:24] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll
[2008-01-21 02:25] - [2008-01-21 02:25] - 1695232 ____A (Microsoft Corporation) D79538B67FA641E986855DEF651E78FE

C:\Windows\system32\qmgr.dll
[2008-01-21 02:25] - [2008-01-21 02:25] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2008-11-11 00:48] - [2008-04-18 05:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-01-21 02:24] - [2008-01-21 02:24] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll
[2013-01-14 18:53] - [2010-02-18 14:11] - 0190464 ____A (Microsoft Corporation) 6A35D233693EDC29A12742049BC5E37F

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2013-01-14 18:50] - [2009-03-03 04:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:17 PM

Posted 17 January 2013 - 05:03 PM

Gozi will not survive a reinstall but make sure to change your bank accounts from further damage.

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users