Root Kit Alert from Avast

system · April 25, 2012, 3:35am

Hello,

I am of course new to the forum and am have been using Avast free fro my home computers for about 2 years. I have since recommended the program to friends and relatives. I am pleased with the program and believe that it is the best free virus protection program available. I have a friend that I am trying to help out with a possible issue. I don’t know whether it is false positive or whether it was an actual rootkit so I will need your assistance in helping me to help him. Here is my friend’s configuration and other pertinent information. Thanks in advance.

Lenovo laptop, Windows 7 Home Premium 64-bit, 4 GB Ram, 314 GB HD, with restore partition
Comodo firewall. (Unfortunately comodo now requires that you download and install geek buddy and comodo dragon. I will be looking for another leak proof firewall or suggest that my friends and/or clients utilize the onerous windows firewall rather than to be forced to download and install products that they do not want or need.)
Malewarebytes
Spywareblaster
Winpatrol
Spybot

I’m the family and friends tech guy and we market some refurbished equipment. However we very seldom do this type of work. We usually send the computers away for any problems.

Avast Alerts me of “dragor rootkit” on 042312. I’m pretty sure that it was called “dragor.” I was unable to save a picture of my desktop before the computer shut down.
Avast Scan log didn’t state that it removed rootkit either time. Stated that there are not any problems.
I’ve not been able to find anything on the Internet called “dragor rootkit.”
Avast boot level scan is clean ran once when it alerted me and once after downloading new definitions.
Didn’t see anything in hijack this that alarmed me
Didn’t see anything in processor exployer that alarmed me
Ran Malwarebytes nothing
Ran Spybot, nothing

However, my skill-set is not at an expert level so it is possible that it is before my in hijack this and i am missing it. I noticed that hijack this is not one of the requested scans that you guys use, is there a reason why?
Mcaffe expired but friend states that he didn’t do “that much” surfing on the net since the expiration. I uninstalled Mcaffe and installed Avast free. Stated that someone told him as long as he didn’t download anything that he would be fine…I know, what tech-guy of any knowledge would say that when you are running a Windows product? I’m assuming that this was a tech guy that you received this advice from.

I received the root-kit alert 15-30 minutes after installing Avast. Again thanks for any help you can give me.

Pondus · April 25, 2012, 4:19am

follow this guide, and attach ( not copy and paste) the logs form malwarebytes / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0

then one of the removal specialists will help you when they arrive

system · April 25, 2012, 6:56am

Much appreciated. Here are the logs that you requested. After running second scan–aswMBR–there was a file created on the desktop, MBR.dat. Did you need that file as well? In addition, I want to add that I do not see any degradation of my friend’s system. It seems to run as well as it did 3 months ago. Here is the Mbytes scan results:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.22.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Stan Davis :: STANDAVIS-PC [administrator]

4/25/2012 12:05:04 AM
mbam-log-2012-04-25 (00-05-04).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

system · April 25, 2012, 7:04am

BTW, I’m on Central Standard Time. Just in case I don’t reply quickly.

system · April 25, 2012, 12:01pm

Central Standard Time as well here… Let me look over the logs and I will return shortly.

system · April 25, 2012, 6:26pm

Thanks jeffce,

BTW, I noticed that Windows Defender was on his machine. As far as I know, I didn’t put it on the machine and he stated that he did not or had anyone to put it on his computer. Maybe it comes loaded with 7. Maybe this is useless information but I do know that sometimes Microsoft security products do not play nice with others. I would only use their security products with their other security products except maybe a firewall.

Again very appreciative that you are taking a look.

system · April 25, 2012, 6:37pm

Hi,

Yes Windows Defender is just preinstalled now.

Please download TDSSKiller.zip

[*]Extract it to your desktop
[*]Double click TDSSKiller.exe
[*]when the window opens, click on Change Parameters
[*]under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
[*]click OK
[*]Press Start Scan

[*]Only if Malicious objects are found then ensure Cure is selected
[*]Then click Continue > Reboot now

[*]Copy and paste the log in your next reply

[*]A copy of the log will be saved automatically to the root of the drive (typically C:)

system · April 25, 2012, 11:24pm

Sorry, I had to put out a “fire” with my college. I will be back and forth until I’m sure that the embers are cool. I noticed when I booted his computer that there were two “desktop.ini” files on the desktop. This was not the case before we started running scans. There was also the dat file that I mentioned before. Any idea as to why they were created? Is it OK to delete them from the desktop?

Attachment is at the end of posts.

system · April 25, 2012, 11:30pm

18:09:09.0111 3344 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
18:09:09.0151 3344 ============================================================
18:09:09.0151 3344 Current date / time: 2012/04/25 18:09:09.0151
18:09:09.0151 3344 SystemInfo:
18:09:09.0161 3344
18:09:09.0161 3344 OS Version: 6.1.7601 ServicePack: 1.0
18:09:09.0161 3344 Product type: Workstation
18:09:09.0161 3344 ComputerName: STANDAVIS-PC
18:09:09.0161 3344 UserName: Stan Davis
18:09:09.0161 3344 Windows directory: C:\windows
18:09:09.0161 3344 System windows directory: C:\windows
18:09:09.0161 3344 Running under WOW64
18:09:09.0161 3344 Processor architecture: Intel x64
18:09:09.0161 3344 Number of processors: 4
18:09:09.0161 3344 Page size: 0x1000
18:09:09.0161 3344 Boot type: Normal boot
18:09:09.0161 3344 ============================================================
18:09:09.0641 3344 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000040
18:09:09.0661 3344 Drive \Device\Harddisk1\DR1 - Size: 0x3B200000 (0.92 Gb), SectorSize: 0x200, Cylinders: 0x78, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘W’
18:09:09.0671 3344 ============================================================
18:09:09.0671 3344 \Device\Harddisk0\DR0:
18:09:09.0671 3344 MBR partitions:
18:09:09.0671 3344 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
18:09:09.0671 3344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1FC49800
18:09:09.0701 3344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1FCAE800, BlocksNum 0x39FD800
18:09:09.0701 3344 \Device\Harddisk1\DR1:
18:09:09.0701 3344 MBR partitions:
18:09:09.0701 3344 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x1D8FE0
18:09:09.0701 3344 ============================================================
18:09:09.0811 3344 C: ↔ \Device\Harddisk0\DR0\Partition1
18:09:09.0961 3344 D: ↔ \Device\Harddisk0\DR0\Partition2
18:09:09.0961 3344 ============================================================
18:09:09.0961 3344 Initialize success
18:09:09.0961 3344 ============================================================
18:09:36.0065 3316 ============================================================
18:09:36.0065 3316 Scan started
18:09:36.0065 3316 Mode: Manual; TDLFS;
18:09:36.0065 3316 ============================================================
18:09:40.0714 3316 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
18:09:40.0761 3316 1394ohci - ok
18:09:40.0870 3316 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
18:09:40.0885 3316 ACPI - ok
18:09:40.0917 3316 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
18:09:40.0917 3316 AcpiPmi - ok
18:09:40.0979 3316 ACPIVPC (5bbff8b826ec38d32c26334e079c7efc) C:\windows\system32\DRIVERS\AcpiVpc.sys
18:09:40.0979 3316 ACPIVPC - ok
18:09:41.0073 3316 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:09:41.0088 3316 AdobeARMservice - ok
18:09:41.0182 3316 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
18:09:41.0197 3316 adp94xx - ok
18:09:41.0275 3316 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
18:09:41.0275 3316 adpahci - ok
18:09:41.0338 3316 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
18:09:41.0338 3316 adpu320 - ok
18:09:41.0400 3316 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
18:09:41.0400 3316 AeLookupSvc - ok
18:09:41.0525 3316 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
18:09:41.0556 3316 AFD - ok
18:09:41.0619 3316 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
18:09:41.0619 3316 agp440 - ok
18:09:41.0650 3316 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
18:09:41.0650 3316 ALG - ok
18:09:41.0681 3316 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
18:09:41.0681 3316 aliide - ok
18:09:41.0697 3316 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
18:09:41.0712 3316 amdide - ok
18:09:41.0743 3316 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
18:09:41.0759 3316 AmdK8 - ok
18:09:41.0775 3316 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
18:09:41.0775 3316 AmdPPM - ok
18:09:41.0821 3316 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
18:09:41.0821 3316 amdsata - ok
18:09:41.0853 3316 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
18:09:41.0868 3316 amdsbs - ok
18:09:41.0884 3316 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
18:09:41.0884 3316 amdxata - ok
18:09:41.0931 3316 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
18:09:41.0931 3316 AppID - ok
18:09:41.0993 3316 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
18:09:42.0040 3316 AppIDSvc - ok
18:09:42.0133 3316 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

system · April 25, 2012, 11:34pm

18:09:42.0149 3316 Appinfo - ok
18:09:42.0336 3316 Apple 18:09:42.0336 3316 Apple 18:09:42.0399 3316 arc 18:09:42.0399 3316 arc - ok
18:09:42.0430 3316 arcsas 18:09:42.0430 3316 arcsas - ok
18:09:42.0523 3316 aswFsBlk 18:09:42.0539 3316 aswFsBlk - ok
18:09:42.0601 3316 aswMonFlt 18:09:42.0601 3316 aswMonFlt - ok
18:09:42.0664 3316 aswRdr 18:09:42.0679 3316 aswRdr - ok
18:09:42.0804 3316 aswSnx 18:09:42.0820 3316 aswSnx - ok
18:09:42.0913 3316 aswSP 18:09:42.0913 3316 aswSP - ok
18:09:42.0960 3316 aswTdi 18:09:42.0960 3316 aswTdi - ok
18:09:43.0007 3316 AsyncMac 18:09:43.0007 3316 AsyncMac - ok
18:09:43.0054 3316 atapi 18:09:43.0054 3316 atapi - ok
18:09:43.0179 3316 AudioEndpointBuilder 18:09:43.0194 3316 AudioEndpointBuilder 18:09:43.0210 3316 AudioSrv 18:09:43.0225 3316 AudioSrv - ok
18:09:43.0350 3316 avast! 18:09:43.0350 3316 avast! 18:09:43.0381 3316 AxInstSV 18:09:43.0397 3316 AxInstSV - ok
18:09:43.0491 3316 b06bdrv 18:09:43.0522 3316 b06bdrv - ok
18:09:43.0600 3316 b57nd60a 18:09:43.0615 3316 b57nd60a - ok
18:09:44.0317 3316 BCM43XX 18:09:44.0364 3316 BCM43XX - ok
18:09:44.0614 3316 BDESVC 18:09:44.0629 3316 BDESVC - ok
18:09:44.0692 3316 Beep 18:09:44.0707 3316 Beep - ok
18:09:44.0848 3316 BFE 18:09:44.0863 3316 BFE - ok
18:09:44.0988 3316 BITS 18:09:45.0019 3316 BITS - ok
18:09:45.0097 3316 blbdrive 18:09:45.0113 3316 blbdrive - ok
18:09:45.0253 3316 Bonjour 18:09:45.0253 3316 Bonjour 18:09:45.0316 3316 bowser 18:09:45.0331 3316 bowser - ok
18:09:45.0394 3316 BPntDrv 18:09:45.0394 3316 BPntDrv - ok
18:09:45.0425 3316 BrFiltLo 18:09:45.0441 3316 BrFiltLo - ok
18:09:45.0441 3316 BrFiltUp 18:09:45.0441 3316 BrFiltUp - ok
18:09:45.0487 3316 Browser 18:09:45.0503 3316 Browser - ok
18:09:45.0534 3316 Brserid 18:09:45.0550 3316 Brserid - ok
18:09:45.0550 3316 BrSerWdm 18:09:45.0550 3316 BrSerWdm - ok
18:09:45.0565 3316 BrUsbMdm 18:09:45.0565 3316 BrUsbMdm - ok
18:09:45.0581 3316 BrUsbSer 18:09:45.0581 3316 BrUsbSer - ok
18:09:45.0643 3316 BthEnum 18:09:45.0643 3316 BthEnum - ok
18:09:45.0659 3316 BTHMODEM 18:09:45.0659 3316 BTHMODEM - ok
18:09:45.0706 3316 BthPan 18:09:45.0706 3316 BthPan - ok
18:09:45.0799 3316 BTHPORT 18:09:45.0831 3316 BTHPORT - ok
18:09:45.0862 3316 bthserv 18:09:45.0893 3316 bthserv - ok
18:09:45.0909 3316 BTHUSB 18:09:45.0909 3316 BTHUSB - ok
18:09:46.0002 3316 cdfs 18:09:46.0002 3316 cdfs - ok
18:09:46.0065 3316 cdrom 18:09:46.0096 3316 cdrom - ok
18:09:46.0143 3316 CertPropSvc 18:09:46.0143 3316 CertPropSvc - ok
18:09:46.0158 3316 circlass 18:09:46.0158 3316 circlass - ok
18:09:46.0221 3316 CLFS 18:09:46.0236 3316 CLFS - ok
18:09:46.0470 3316 clr_opt 18:09:46.0533 3316 clr_opt 18:09:46.0611 3316 clr_opt 18:09:46.0611 3316 clr_opt 18:09:46.0735 3316 clr_opt 18:09:46.0735 3316 clr_opt 18:09:46.0813 3316 clr_opt 18:09:46.0829 3316 clr_opt 18:09:46.0876 3316 clwvd 18:09:46.0876 3316 clwvd - ok
18:09:46.0923 3316 CmBatt 18:09:46.0923 3316 CmBatt - ok
18:09:47.0375 3316 cmdAgent 18:09:47.0406 3316 cmdAgent - ok
18:09:47.0718 3316 cmdGuard 18:09:47.0734 3316 cmdGuard - ok
18:09:47.0765 3316 cmdHlp 18:09:47.0781 3316 cmdHlp - ok
18:09:47.0827 3316 cmdide 18:09:47.0827 3316 cmdide - ok
18:09:47.0952 3316 CNG 18:09:47.0952 3316 CNG - ok
18:09:48.0015 3316 Compbatt 18:09:48.0015 3316 Compbatt - ok
18:09:48.0030 3316 CompositeBus 18:09:48.0030 3316 CompositeBus 18:09:48.0046 3316 COMSysApp - ok
18:09:48.0077 3316 crcdisk 18:09:48.0077 3316 crcdisk - ok
18:09:48.0139 3316 CryptSvc Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Mobile Device - ok
(c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
(019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
(b9da213b5271db5fce962d827e6d620d) C:\windows\system32\drivers\aswFsBlk.sys
(21c9835d0e5ad2ff0f16134bcb32cc71) C:\windows\system32\drivers\aswMonFlt.sys
(1b96a5867abd4fa6135d8298fcccf9c6) C:\windows\System32\Drivers\aswrdr2.sys
(6e98bb288696777a3a8a07a52b0eaee9) C:\windows\system32\drivers\aswSnx.sys
(d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\windows\system32\drivers\aswSP.sys
(7352bb9a564b94bbd7c9cbf165f55006) C:\windows\system32\drivers\aswTdi.sys
(769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
(02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
(f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
- ok
(f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
Antivirus - ok
(a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
(3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
(b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
(b5d54119ce0bb77872c33a717cb76386) C:\windows\system32\DRIVERS\bcmwl664.sys
(fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
(16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
(82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
(1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
(61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
Service - ok
(6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
(aaa4f992f879977a000fe8b8c730cd2c) C:\windows\system32\drivers\BPntDrv.sys
(f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
(b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
(8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
(43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
(a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
(b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
(a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
(cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
(9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
(02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
(64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
(95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
(f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
(b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
(f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
(f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
(d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
(fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
imization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
imization_v2.0.50727_32 - ok
imization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
imization_v2.0.50727_64 - ok
imization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
imization_v4.0.30319_32 - ok
imization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
imization_v4.0.30319_64 - ok
(50f92c943f18b070f166d019dfab3d9a) C:\windows\system32\DRIVERS\clwvd.sys
(0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
(cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(0599d5a458d4e0e37ab84e9d1c5c73e5) C:\windows\system32\DRIVERS\cmdguard.sys
(2d3e08c7106f748f9eff3dec14142d3e) C:\windows\system32\DRIVERS\cmdhlp.sys
(e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
(c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
(102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
(03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
- ok
(1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
(15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll

system · April 25, 2012, 11:36pm

18:09:48.0139 3316 CryptSvc - ok
18:09:48.0389 3316 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:09:48.0389 3316 cvhsvc - ok
18:09:48.0514 3316 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
18:09:48.0545 3316 DcomLaunch - ok
18:09:48.0623 3316 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
18:09:48.0654 3316 defragsvc - ok
18:09:48.0748 3316 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
18:09:48.0748 3316 DfsC - ok
18:09:48.0810 3316 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
18:09:48.0826 3316 Dhcp - ok
18:09:48.0841 3316 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
18:09:48.0841 3316 discache - ok
18:09:48.0873 3316 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
18:09:48.0888 3316 Disk - ok
18:09:48.0919 3316 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
18:09:48.0935 3316 Dnscache - ok
18:09:48.0982 3316 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
18:09:48.0997 3316 dot3svc - ok
18:09:49.0029 3316 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
18:09:49.0029 3316 DPS - ok
18:09:49.0075 3316 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
18:09:49.0075 3316 drmkaud - ok
18:09:49.0200 3316 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
18:09:49.0216 3316 DXGKrnl - ok
18:09:49.0278 3316 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
18:09:49.0278 3316 EapHost - ok
18:09:49.0731 3316 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
18:09:49.0824 3316 ebdrv - ok
18:09:50.0152 3316 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
18:09:50.0167 3316 EFS - ok
18:09:50.0386 3316 EgisTec Service (2c1a297638e4319179a1112d4d6522b8) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
18:09:50.0401 3316 EgisTec Service - ok
18:09:50.0495 3316 EgisTec Service Help (0ac3baa7df250c76dd9bcfc51565cb5f) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
18:09:50.0511 3316 EgisTec Service Help - ok
18:09:50.0698 3316 EgisTec Ticket Service (7745aaffb61438c28c75e18ce98d4e64) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
18:09:50.0713 3316 EgisTec Ticket Service - ok
18:09:51.0088 3316 EgisTecFF (33708c6d915f8de734cf3abb0731515b) C:\windows\system32\DRIVERS\EgisTecFF.sys
18:09:51.0103 3316 EgisTecFF - ok
18:09:51.0259 3316 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
18:09:51.0275 3316 ehRecvr - ok
18:09:51.0306 3316 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
18:09:51.0337 3316 ehSched - ok
18:09:51.0447 3316 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
18:09:51.0478 3316 elxstor - ok
18:09:51.0493 3316 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
18:09:51.0493 3316 ErrDev - ok
18:09:51.0587 3316 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
18:09:51.0634 3316 EventSystem - ok
18:09:51.0712 3316 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
18:09:51.0743 3316 exfat - ok
18:09:51.0774 3316 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
18:09:51.0790 3316 fastfat - ok
18:09:51.0883 3316 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
18:09:51.0899 3316 Fax - ok
18:09:51.0930 3316 fbfmon (3191aca33088ee2481044fc0db736442) C:\windows\system32\drivers\fbfmon.sys
18:09:51.0930 3316 fbfmon - ok
18:09:51.0961 3316 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
18:09:51.0961 3316 fdc - ok
18:09:51.0993 3316 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
18:09:51.0993 3316 fdPHost - ok
18:09:52.0008 3316 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

system · April 25, 2012, 11:37pm

18:09:53.0537 3316 HomeGroupProvider - ok
18:09:53.0568 3316 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
18:09:53.0568 3316 HpSAMD - ok
18:09:53.0693 3316 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
18:09:53.0709 3316 HTTP - ok
18:09:53.0740 3316 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
18:09:53.0755 3316 hwpolicy - ok
18:09:53.0771 3316 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
18:09:53.0787 3316 i8042prt - ok
18:09:53.0865 3316 iaStor (53cc5bf8b5a219119953c7abb19a7705) C:\windows\system32\DRIVERS\iaStor.sys
18:09:53.0880 3316 iaStor - ok
18:09:53.0958 3316 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
18:09:53.0974 3316 iaStorV - ok
18:09:54.0192 3316 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:09:54.0223 3316 idsvc - ok
18:09:55.0846 3316 igfx (0089b53f1befd34b7d8ca4ab021335fa) C:\windows\system32\DRIVERS\igdkmd64.sys
18:09:56.0096 3316 igfx - ok
18:09:56.0486 3316 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
18:09:56.0486 3316 iirsp - ok
18:09:56.0704 3316 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
18:09:56.0720 3316 IKEEXT - ok
18:09:56.0782 3316 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\windows\system32\DRIVERS\inspect.sys
18:09:56.0798 3316 inspect - ok
18:09:57.0203 3316 IntcAzAudAddService (03076f51af9f78a272cccde03e9340ce) C:\windows\system32\drivers\RTKVHD64.sys
18:09:57.0234 3316 IntcAzAudAddService - ok
18:09:57.0484 3316 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
18:09:57.0515 3316 IntcDAud - ok
18:09:57.0531 3316 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
18:09:57.0531 3316 intelide - ok
18:09:57.0578 3316 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
18:09:57.0578 3316 intelppm - ok
18:09:57.0624 3316 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
18:09:57.0687 3316 IPBusEnum - ok
18:09:57.0702 3316 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
18:09:57.0702 3316 IpFilterDriver - ok
18:09:57.0796 3316 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
18:09:57.0812 3316 iphlpsvc - ok
18:09:57.0827 3316 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
18:09:57.0858 3316 IPMIDRV - ok
18:09:57.0874 3316 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
18:09:57.0890 3316 IPNAT - ok
18:09:58.0046 3316 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
18:09:58.0061 3316 iPod Service - ok
18:09:58.0092 3316 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
18:09:58.0092 3316 IRENUM - ok
18:09:58.0108 3316 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
18:09:58.0108 3316 isapnp - ok
18:09:58.0155 3316 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
18:09:58.0170 3316 iScsiPrt - ok
18:09:58.0217 3316 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
18:09:58.0217 3316 kbdclass - ok
18:09:58.0233 3316 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
18:09:58.0233 3316 kbdhid - ok
18:09:58.0280 3316 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:09:58.0280 3316 KeyIso - ok
18:09:58.0295 3316 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
18:09:58.0311 3316 KSecDD - ok
18:09:58.0342 3316 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
18:09:58.0342 3316 KSecPkg - ok
18:09:58.0358 3316 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
18:09:58.0373 3316 ksthunk - ok
18:09:58.0436 3316 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
18:09:58.0467 3316 KtmRm - ok
18:09:58.0545 3316 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
18:09:58.0560 3316 LanmanServer - ok
18:09:58.0607 3316 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
18:09:58.0623 3316 LanmanWorkstation - ok
18:09:58.0623 3316 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys
18:09:58.0638 3316 LHDmgr - ok
18:09:58.0670 3316 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
18:09:58.0670 3316 lltdio - ok
18:09:58.0732 3316 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
18:09:58.0748 3316 lltdsvc - ok
18:09:58.0763 3316 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
18:09:58.0763 3316 lmhosts - ok
18:09:58.0888 3316 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:09:58.0904 3316 LMS - ok
18:09:58.0935 3316 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
18:09:58.0935 3316 LSI_FC - ok
18:09:58.0966 3316 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
18:09:58.0966 3316 LSI_SAS - ok
18:09:58.0982 3316 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
18:09:58.0982 3316 LSI_SAS2 - ok
18:09:58.0997 3316 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
18:09:59.0013 3316 LSI_SCSI - ok
18:09:59.0028 3316 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
18:09:59.0028 3316 luafv - ok
18:09:59.0091 3316 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
18:09:59.0122 3316 Mcx2Svc - ok
18:09:59.0138 3316 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
18:09:59.0138 3316 megasas - ok
18:09:59.0184 3316 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
18:09:59.0200 3316 MegaSR - ok
18:09:59.0231 3316 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
18:09:59.0247 3316 MEIx64 - ok
18:09:59.0294 3316 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:09:59.0309 3316 MMCSS - ok
18:09:59.0309 3316 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
18:09:59.0309 3316 Modem - ok
18:09:59.0340 3316 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
18:09:59.0340 3316 monitor - ok
18:09:59.0356 3316 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
18:09:59.0356 3316 mouclass - ok
18:09:59.0372 3316 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
18:09:59.0372 3316 mouhid - ok
18:09:59.0403 3316 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
18:09:59.0403 3316 mountmgr - ok
18:09:59.0418 3316 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
18:09:59.0434 3316 mpio - ok
18:09:59.0450 3316 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
18:09:59.0450 3316 mpsdrv - ok
18:09:59.0543 3316 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll

system · April 25, 2012, 11:38pm

18:09:59.0559 3316 MpsSvc - ok
18:09:59.0590 3316 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
18:09:59.0590 3316 MRxDAV - ok
18:09:59.0621 3316 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
18:09:59.0621 3316 mrxsmb - ok
18:09:59.0684 3316 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
18:09:59.0699 3316 mrxsmb10 - ok
18:09:59.0730 3316 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
18:09:59.0730 3316 mrxsmb20 - ok
18:09:59.0730 3316 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
18:09:59.0746 3316 msahci - ok
18:09:59.0762 3316 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
18:09:59.0762 3316 msdsm - ok
18:09:59.0793 3316 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
18:09:59.0808 3316 MSDTC - ok
18:09:59.0840 3316 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
18:09:59.0840 3316 Msfs - ok
18:09:59.0871 3316 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
18:09:59.0871 3316 mshidkmdf - ok
18:09:59.0886 3316 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
18:09:59.0886 3316 msisadrv - ok
18:09:59.0949 3316 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
18:09:59.0980 3316 MSiSCSI - ok
18:09:59.0980 3316 msiserver - ok
18:10:00.0011 3316 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
18:10:00.0011 3316 MSKSSRV - ok
18:10:00.0027 3316 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
18:10:00.0027 3316 MSPCLOCK - ok
18:10:00.0042 3316 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
18:10:00.0042 3316 MSPQM - ok
18:10:00.0105 3316 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
18:10:00.0105 3316 MsRPC - ok
18:10:00.0136 3316 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
18:10:00.0136 3316 mssmbios - ok
18:10:00.0152 3316 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
18:10:00.0152 3316 MSTEE - ok
18:10:00.0167 3316 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
18:10:00.0183 3316 MTConfig - ok
18:10:00.0183 3316 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
18:10:00.0198 3316 Mup - ok
18:10:00.0198 3316 mwlPSDFilter (9b1eac6faf6f37305e822f5588dc8056) C:\windows\system32\DRIVERS\mwlPSDFilter.sys
18:10:00.0214 3316 mwlPSDFilter - ok
18:10:00.0230 3316 mwlPSDNServ (ad55c1524b296280ed9c6e0d730d35da) C:\windows\system32\DRIVERS\mwlPSDNServ.sys
18:10:00.0230 3316 mwlPSDNServ - ok
18:10:00.0245 3316 mwlPSDVDisk (2b599e6ec8843637bdd62e7f8f3ba201) C:\windows\system32\DRIVERS\mwlPSDVDisk.sys
18:10:00.0261 3316 mwlPSDVDisk - ok
18:10:00.0401 3316 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

system · April 25, 2012, 11:39pm

18:10:00.0448 3316 napagent - ok
18:10:00.0526 3316 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
18:10:00.0557 3316 NativeWifiP - ok
18:10:00.0744 3316 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
18:10:00.0760 3316 NDIS - ok
18:10:00.0791 3316 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
18:10:00.0807 3316 NdisCap - ok
18:10:00.0822 3316 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
18:10:00.0822 3316 NdisTapi - ok
18:10:00.0854 3316 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
18:10:00.0854 3316 Ndisuio - ok
18:10:00.0900 3316 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
18:10:00.0900 3316 NdisWan - ok
18:10:00.0916 3316 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
18:10:00.0916 3316 NDProxy - ok
18:10:00.0932 3316 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
18:10:00.0932 3316 NetBIOS - ok
18:10:00.0963 3316 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
18:10:00.0963 3316 NetBT - ok
18:10:00.0994 3316 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:10:01.0010 3316 Netlogon - ok
18:10:01.0103 3316 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
18:10:01.0134 3316 Netman - ok
18:10:01.0197 3316 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
18:10:01.0244 3316 netprofm - ok
18:10:01.0322 3316 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:10:01.0337 3316 NetTcpPortSharing - ok
18:10:01.0384 3316 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
18:10:01.0384 3316 nfrd960 - ok
18:10:01.0446 3316 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
18:10:01.0478 3316 NlaSvc - ok
18:10:01.0478 3316 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
18:10:01.0493 3316 Npfs - ok
18:10:01.0509 3316 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
18:10:01.0524 3316 nsi - ok
18:10:01.0524 3316 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
18:10:01.0540 3316 nsiproxy - ok
18:10:01.0805 3316 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
18:10:01.0868 3316 Ntfs - ok
18:10:02.0148 3316 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
18:10:02.0148 3316 Null - ok
18:10:02.0195 3316 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
18:10:02.0226 3316 nvraid - ok
18:10:02.0242 3316 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
18:10:02.0242 3316 nvstor - ok
18:10:02.0273 3316 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
18:10:02.0289 3316 nv_agp - ok
18:10:02.0320 3316 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
18:10:02.0320 3316 ohci1394 - ok
18:10:02.0398 3316 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:10:02.0429 3316 ose - ok
18:10:03.0116 3316 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:10:03.0240 3316 osppsvc - ok
18:10:03.0599 3316 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:10:03.0630 3316 p2pimsvc - ok
18:10:03.0786 3316 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

system · April 25, 2012, 11:41pm

18:10:03.0833 3316 p2psvc - ok
18:10:03.0958 3316 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
18:10:04.0005 3316 Parport - ok
18:10:04.0020 3316 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
18:10:04.0036 3316 partmgr - ok
18:10:04.0067 3316 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
18:10:04.0098 3316 PcaSvc - ok
18:10:04.0145 3316 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
18:10:04.0145 3316 pci - ok
18:10:04.0176 3316 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
18:10:04.0176 3316 pciide - ok
18:10:04.0208 3316 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
18:10:04.0208 3316 pcmcia - ok
18:10:04.0239 3316 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
18:10:04.0254 3316 pcw - ok
18:10:04.0317 3316 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
18:10:04.0332 3316 PEAUTH - ok
18:10:04.0457 3316 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
18:10:04.0473 3316 PerfHost - ok
18:10:04.0738 3316 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
18:10:04.0800 3316 pla - ok
18:10:04.0941 3316 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
18:10:04.0956 3316 PlugPlay - ok
18:10:05.0003 3316 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
18:10:05.0003 3316 PNRPAutoReg - ok
18:10:05.0050 3316 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
18:10:05.0066 3316 PNRPsvc - ok
18:10:05.0237 3316 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
18:10:05.0268 3316 PolicyAgent - ok
18:10:05.0315 3316 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
18:10:05.0346 3316 Power - ok
18:10:05.0424 3316 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
18:10:05.0456 3316 PptpMiniport - ok
18:10:05.0502 3316 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
18:10:05.0502 3316 Processor - ok
18:10:05.0565 3316 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
18:10:05.0596 3316 ProfSvc - ok
18:10:05.0612 3316 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:10:05.0627 3316 ProtectedStorage - ok
18:10:05.0674 3316 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
18:10:05.0674 3316 Psched - ok
18:10:05.0939 3316 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
18:10:05.0986 3316 ql2300 - ok
18:10:06.0298 3316 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
18:10:06.0298 3316 ql40xx - ok
18:10:06.0376 3316 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
18:10:06.0407 3316 QWAVE - ok
18:10:06.0438 3316 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
18:10:06.0470 3316 QWAVEdrv - ok
18:10:06.0485 3316 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
18:10:06.0485 3316 RasAcd - ok
18:10:06.0532 3316 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
18:10:06.0532 3316 RasAgileVpn - ok
18:10:06.0548 3316 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
18:10:06.0563 3316 RasAuto - ok
18:10:06.0641 3316 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
18:10:06.0657 3316 Rasl2tp - ok
18:10:06.0750 3316 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
18:10:06.0782 3316 RasMan - ok
18:10:06.0828 3316 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
18:10:06.0844 3316 RasPppoe - ok
18:10:06.0860 3316 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
18:10:06.0860 3316 RasSstp - ok
18:10:06.0906 3316 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
18:10:06.0922 3316 rdbss - ok
18:10:06.0969 3316 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
18:10:06.0969 3316 rdpbus - ok
18:10:07.0000 3316 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
18:10:07.0000 3316 RDPCDD - ok
18:10:07.0016 3316 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
18:10:07.0016 3316 RDPENCDD - ok
18:10:07.0031 3316 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
18:10:07.0031 3316 RDPREFMP - ok
18:10:07.0094 3316 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
18:10:07.0109 3316 RDPWD - ok
18:10:07.0172 3316 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
18:10:07.0172 3316 rdyboost - ok
18:10:07.0234 3316 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
18:10:07.0265 3316 RemoteAccess - ok
18:10:07.0328 3316 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
18:10:07.0343 3316 RemoteRegistry - ok
18:10:07.0359 3316 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
18:10:07.0374 3316 RFCOMM - ok
18:10:07.0406 3316 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
18:10:07.0421 3316 RpcEptMapper - ok
18:10:07.0437 3316 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
18:10:07.0452 3316 RpcLocator - ok
18:10:07.0530 3316 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
18:10:07.0546 3316 RpcSs - ok
18:10:07.0593 3316 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
18:10:07.0593 3316 rspndr - ok
18:10:07.0671 3316 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RtsUVStor.sys
18:10:07.0686 3316 RSUSBVSTOR - ok
18:10:07.0780 3316 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\windows\system32\DRIVERS\Rt64win7.sys
18:10:07.0780 3316 RTL8167 - ok
18:10:07.0827 3316 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:10:07.0842 3316 SamSs - ok
18:10:07.0889 3316 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
18:10:07.0889 3316 sbp2port - ok
18:10:08.0139 3316 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
18:10:08.0154 3316 SBSDWSCService - ok
18:10:08.0264 3316 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
18:10:08.0295 3316 SCardSvr - ok
18:10:08.0388 3316 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
18:10:08.0388 3316 scfilter - ok
18:10:08.0576 3316 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
18:10:08.0607 3316 Schedule - ok
18:10:08.0654 3316 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
18:10:08.0654 3316 SCPolicySvc - ok
18:10:08.0732 3316 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
18:10:08.0763 3316 SDRSVC - ok
18:10:08.0841 3316 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
18:10:08.0841 3316 secdrv - ok
18:10:08.0856 3316 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
18:10:08.0903 3316 seclogon - ok
18:10:08.0919 3316 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
18:10:08.0950 3316 SENS - ok
18:10:08.0981 3316 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
18:10:09.0012 3316 SensrSvc - ok
18:10:09.0044 3316 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
18:10:09.0044 3316 Serenum - ok
18:10:09.0075 3316 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
18:10:09.0075 3316 Serial - ok
18:10:09.0090 3316 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
18:10:09.0090 3316 sermouse - ok
18:10:09.0122 3316 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

system · April 25, 2012, 11:42pm

18:10:09.0137 3316 SessionEnv - ok
18:10:09.0153 3316 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
18:10:09.0153 3316 sffdisk - ok
18:10:09.0153 3316 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
18:10:09.0153 3316 sffp_mmc - ok
18:10:09.0168 3316 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
18:10:09.0168 3316 sffp_sd - ok
18:10:09.0168 3316 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
18:10:09.0184 3316 sfloppy - ok
18:10:09.0324 3316 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
18:10:09.0340 3316 Sftfs - ok
18:10:09.0730 3316 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:10:09.0746 3316 sftlist - ok
18:10:09.0870 3316 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
18:10:09.0870 3316 Sftplay - ok
18:10:09.0902 3316 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
18:10:09.0902 3316 Sftredir - ok
18:10:09.0948 3316 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
18:10:09.0948 3316 Sftvol - ok
18:10:10.0026 3316 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:10:10.0026 3316 sftvsa - ok
18:10:10.0120 3316 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
18:10:10.0151 3316 SharedAccess - ok
18:10:10.0229 3316 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
18:10:10.0245 3316 ShellHWDetection - ok
18:10:10.0307 3316 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
18:10:10.0307 3316 SiSRaid2 - ok
18:10:10.0323 3316 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
18:10:10.0338 3316 SiSRaid4 - ok
18:10:10.0370 3316 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
18:10:10.0370 3316 Smb - ok
18:10:10.0448 3316 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
18:10:10.0479 3316 SNMPTRAP - ok
18:10:10.0479 3316 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
18:10:10.0494 3316 spldr - ok
18:10:10.0760 3316 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
18:10:10.0791 3316 Spooler - ok
18:10:11.0399 3316 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
18:10:11.0430 3316 sppsvc - ok
18:10:11.0805 3316 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
18:10:11.0836 3316 sppuinotify - ok
18:10:12.0148 3316 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
18:10:12.0179 3316 srv - ok
18:10:12.0273 3316 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
18:10:12.0304 3316 srv2 - ok
18:10:12.0335 3316 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
18:10:12.0351 3316 srvnet - ok
18:10:12.0413 3316 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
18:10:12.0429 3316 SSDPSRV - ok
18:10:12.0460 3316 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
18:10:12.0507 3316 SstpSvc - ok
18:10:12.0569 3316 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
18:10:12.0569 3316 stexstor - ok
18:10:12.0694 3316 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
18:10:12.0725 3316 stisvc - ok
18:10:12.0725 3316 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
18:10:12.0725 3316 swenum - ok
18:10:12.0803 3316 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
18:10:12.0819 3316 swprv - ok
18:10:13.0006 3316 SynTP (08425cd92972c6430f350a9697f4a553) C:\windows\system32\DRIVERS\SynTP.sys
18:10:13.0037 3316 SynTP - ok
18:10:13.0786 3316 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
18:10:13.0864 3316 SysMain - ok
18:10:14.0238 3316 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
18:10:14.0254 3316 TabletInputService - ok
18:10:14.0301 3316 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
18:10:14.0332 3316 TapiSrv - ok
18:10:14.0348 3316 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
18:10:14.0379 3316 TBS - ok
18:10:14.0722 3316 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
18:10:14.0784 3316 Tcpip - ok
18:10:15.0424 3316 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
18:10:15.0455 3316 TCPIP6 - ok
18:10:15.0767 3316 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
18:10:15.0767 3316 tcpipreg - ok
18:10:15.0783 3316 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
18:10:15.0798 3316 TDPIPE - ok
18:10:15.0830 3316 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
18:10:15.0830 3316 TDTCP - ok
18:10:15.0876 3316 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
18:10:15.0876 3316 tdx - ok
18:10:15.0892 3316 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
18:10:15.0892 3316 TermDD - ok
18:10:16.0001 3316 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
18:10:16.0032 3316 TermService - ok
18:10:16.0064 3316 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
18:10:16.0079 3316 Themes - ok
18:10:16.0126 3316 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
18:10:16.0142 3316 THREADORDER - ok
18:10:16.0173 3316 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
18:10:16.0188 3316 TrkWks - ok
18:10:16.0282 3316 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
18:10:16.0298 3316 TrustedInstaller - ok
18:10:16.0329 3316 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
18:10:16.0329 3316 tssecsrv - ok
18:10:16.0360 3316 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
18:10:16.0376 3316 TsUsbFlt - ok
18:10:16.0391 3316 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
18:10:16.0407 3316 TsUsbGD - ok
18:10:16.0438 3316 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
18:10:16.0454 3316 tunnel - ok
18:10:16.0469 3316 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
18:10:16.0469 3316 uagp35 - ok
18:10:16.0500 3316 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
18:10:16.0547 3316 udfs - ok
18:10:16.0578 3316 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
18:10:16.0625 3316 UI0Detect - ok
18:10:16.0641 3316 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
18:10:16.0641 3316 uliagpkx - ok
18:10:16.0672 3316 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
18:10:16.0672 3316 umbus - ok
18:10:16.0703 3316 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
18:10:16.0703 3316 UmPass - ok
18:10:17.0140 3316 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:10:17.0171 3316 UNS - ok
18:10:17.0608 3316 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
18:10:17.0655 3316 upnphost - ok
18:10:17.0842 3316 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
18:10:17.0873 3316 USBAAPL64 - ok
18:10:17.0936 3316 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
18:10:17.0951 3316 usbccgp - ok
18:10:17.0982 3316 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
18:10:17.0998 3316 usbcir - ok
18:10:18.0014 3316 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
18:10:18.0029 3316 usbehci - ok
18:10:18.0107 3316 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
18:10:18.0123 3316 usbhub - ok
18:10:18.0154 3316 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
18:10:18.0154 3316 usbohci - ok
18:10:18.0170 3316 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
18:10:18.0170 3316 usbprint - ok
18:10:18.0185 3316 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
18:10:18.0201 3316 USBSTOR - ok
18:10:18.0216 3316 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
18:10:18.0216 3316 usbuhci - ok
18:10:18.0263 3316 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
18:10:18.0263 3316 usbvideo - ok
18:10:18.0310 3316 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

system · April 25, 2012, 11:43pm

18:10:18.0326 3316 UxSms - ok
18:10:18.0357 3316 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
18:10:18.0372 3316 VaultSvc - ok
18:10:18.0404 3316 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
18:10:18.0404 3316 vdrvroot - ok
18:10:18.0497 3316 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
18:10:18.0544 3316 vds - ok
18:10:18.0575 3316 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
18:10:18.0591 3316 vga - ok
18:10:18.0591 3316 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
18:10:18.0606 3316 VgaSave - ok
18:10:18.0622 3316 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
18:10:18.0638 3316 vhdmp - ok
18:10:18.0653 3316 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
18:10:18.0669 3316 viaide - ok
18:10:18.0700 3316 vm2uvcflt (5cb80afa98111fc6ed6e8702a0d7ac5b) C:\windows\system32\Drivers\vm2uvcflt.sys
18:10:18.0700 3316 vm2uvcflt - ok
18:10:18.0762 3316 vm332avs (d8bd0784aadce2aaee8f8e2c57a0bc7c) C:\windows\system32\Drivers\vm332avs.sys
18:10:18.0762 3316 vm332avs - ok
18:10:18.0794 3316 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
18:10:18.0794 3316 volmgr - ok
18:10:18.0840 3316 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
18:10:18.0856 3316 volmgrx - ok
18:10:18.0887 3316 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
18:10:18.0903 3316 volsnap - ok
18:10:18.0950 3316 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
18:10:18.0965 3316 vsmraid - ok
18:10:19.0215 3316 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
18:10:19.0308 3316 VSS - ok
18:10:19.0574 3316 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
18:10:19.0574 3316 vwifibus - ok
18:10:19.0605 3316 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
18:10:19.0636 3316 vwififlt - ok
18:10:19.0667 3316 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
18:10:19.0683 3316 vwifimp - ok
18:10:19.0776 3316 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
18:10:19.0823 3316 W32Time - ok
18:10:19.0839 3316 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
18:10:19.0839 3316 WacomPen - ok
18:10:19.0886 3316 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:10:19.0901 3316 WANARP - ok
18:10:19.0917 3316 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:10:19.0917 3316 Wanarpv6 - ok
18:10:20.0151 3316 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
18:10:20.0213 3316 WatAdminSvc - ok
18:10:20.0463 3316 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
18:10:20.0541 3316 wbengine - ok
18:10:20.0744 3316 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
18:10:20.0775 3316 WbioSrvc - ok
18:10:20.0806 3316 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
18:10:20.0853 3316 wcncsvc - ok
18:10:20.0884 3316 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
18:10:20.0915 3316 WcsPlugInService - ok
18:10:20.0993 3316 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
18:10:20.0993 3316 Wd - ok
18:10:21.0087 3316 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
18:10:21.0102 3316 Wdf01000 - ok
18:10:21.0165 3316 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
18:10:21.0180 3316 WdiServiceHost - ok
18:10:21.0196 3316 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
18:10:21.0212 3316 WdiSystemHost - ok
18:10:21.0274 3316 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
18:10:21.0321 3316 WebClient - ok
18:10:21.0368 3316 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
18:10:21.0399 3316 Wecsvc - ok
18:10:21.0414 3316 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
18:10:21.0446 3316 wercplsupport - ok
18:10:21.0461 3316 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
18:10:21.0477 3316 WerSvc - ok
18:10:21.0602 3316 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
18:10:21.0633 3316 WfpLwf - ok
18:10:21.0664 3316 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
18:10:21.0664 3316 WIMMount - ok
18:10:21.0711 3316 WinDefend - ok
18:10:21.0726 3316 WinHttpAutoProxySvc - ok
18:10:22.0054 3316 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
18:10:22.0101 3316 Winmgmt - ok
18:10:22.0678 3316 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
18:10:22.0772 3316 WinRM - ok
18:10:23.0021 3316 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
18:10:23.0037 3316 WinUsb - ok
18:10:23.0162 3316 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
18:10:23.0193 3316 Wlansvc - ok
18:10:23.0318 3316 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:10:23.0333 3316 wlcrasvc - ok
18:10:23.0645 3316 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:10:23.0676 3316 wlidsvc - ok
18:10:23.0988 3316 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
18:10:24.0004 3316 WmiAcpi - ok
18:10:24.0222 3316 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
18:10:24.0238 3316 wmiApSrv - ok
18:10:24.0332 3316 WMPNetworkSvc - ok
18:10:24.0363 3316 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
18:10:24.0410 3316 WPCSvc - ok
18:10:24.0441 3316 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
18:10:24.0456 3316 WPDBusEnum - ok
18:10:24.0488 3316 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
18:10:24.0503 3316 ws2ifsl - ok
18:10:24.0534 3316 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
18:10:24.0550 3316 wscsvc - ok
18:10:24.0566 3316 WSearch - ok
18:10:24.0612 3316 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
18:10:24.0628 3316 wsvd - ok
18:10:24.0956 3316 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
18:10:25.0049 3316 wuauserv - ok
18:10:25.0502 3316 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
18:10:25.0517 3316 WudfPf - ok
18:10:25.0548 3316 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
18:10:25.0564 3316 WUDFRd - ok
18:10:25.0611 3316 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
18:10:25.0626 3316 wudfsvc - ok
18:10:25.0673 3316 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
18:10:25.0720 3316 WwanSvc - ok
18:10:25.0782 3316 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:10:25.0985 3316 \Device\Harddisk0\DR0 - ok
18:10:26.0001 3316 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR1
18:10:26.0578 3316 \Device\Harddisk1\DR1 - ok
18:10:26.0594 3316 Boot (0x1200) (471486cf3072b8c282cdbe3e18f33447) \Device\Harddisk0\DR0\Partition0
18:10:26.0594 3316 \Device\Harddisk0\DR0\Partition0 - ok
18:10:26.0609 3316 Boot (0x1200) (1496664edb638fbc2fe6d1fe9351680e) \Device\Harddisk0\DR0\Partition1
18:10:26.0625 3316 \Device\Harddisk0\DR0\Partition1 - ok
18:10:26.0672 3316 Boot (0x1200) (9f2b6ed3278b5e713b72037452ebd838) \Device\Harddisk0\DR0\Partition2
18:10:26.0672 3316 \Device\Harddisk0\DR0\Partition2 - ok
18:10:26.0672 3316 Boot (0x1200) (7b53f90634eca4f0f8e34521105bcc38) \Device\Harddisk1\DR1\Partition0
18:10:26.0687 3316 \Device\Harddisk1\DR1\Partition0 - ok
18:10:26.0687 3316 ============================================================
18:10:26.0687 3316 Scan finished
18:10:26.0687 3316 ============================================================
18:10:26.0703 3936 Detected object count: 0
18:10:26.0703 3936 Actual detected object count: 0
18:13:55.0996 2528 Deinitialize success

system · April 25, 2012, 11:45pm

Here is the attachment as well.

system · April 26, 2012, 5:36pm

Hi,

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

Note: It is important that it is saved directly to your desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
[*]Please post the C:\ComboFix.txt for further review.

system · April 26, 2012, 9:30pm

jeffce

I will have to do it tomorrow since I have to save it directly to his laptop. My only option here is to download it on my laptop and transfer it over since he doesn’t have a dial-up modem on his machine and I do not have a broadband connection. Talk to you tomorrow or later.

Root Kit Alert from Avast

Announcements