Jump to content

Windows 7 "SCVHost.exe" Unwanted Ghost Trojans, Wont Go Away.


Recommended Posts

So a few days go my computer started Running more RAM then it should, here are the specs:

OS: Windows 7

Intel i3 Core @ 2.40, 2.40GHz

RAM: 4GB.

Now, Normally when im running this computer CPU Usage is at 1-10% and the Ram Usage is around 5%.

For the past few days its been going 80% even 99%. and it laggs and slows down my PC.

n't go away,

I ran Malwarebytes and it said i had Trojans in SVCHost, so i went and scanned and deleted them, well they did never go away, i searched all over google to try and figure out how to get rid of them downloading Anti-virus after Anti-virus following tutorials but nothing works, only other option i have is to reformat the hard-drive.

Before i do that does anyone know how to get rid of these?.

Last hope x:.

post-115936-0-01196800-1344005596.png

Link to post
Share on other sites

Hello Garrett,

Please do as much as possible of the following. If you have a questions, please stop and ask.

Do not run any other tools or apps by yourself.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Now, turn off your antivirus program.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Keep your firewall on.

  1. Close any/all open internet browsers. Save any open documents you have open & close programs you started.
  2. Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware Chameleon
    On Windows 7, press Windows-key, then start typing in text box
    Malwarebytes

    then select/click Malwarebytes Anti-Malware Chameleon

  3. Once the Help file opens, click on a Chameleon button (starting with #1)
  4. If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.
  5. You should see a black Command-prompt-window that remains open and says MBAM-chameleon ver. 1.62 at the top
  6. Press any key to continue as it says in the window {space-bar will do}
  7. If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).
  8. Have infinite patience during this process
  9. Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
  10. Once the update completes and it says your database is updated, click on OK button so that process can continue :excl:
  11. Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
  12. After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
  13. A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
  14. Once the scan is complete, click on Show Results and remove any threats that are found by clicking Remove Selected
  15. If prompted to restart your computer to complete the removal process, click Yes :excl:
  16. If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.
  17. After your computer restarts, open Malwarebytes Anti-Malware and perform one last Quick scan to verify that there are no remaining threats

Step 4

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 5

Please read carefully and follow these steps.

  • Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  • Download TDSSKiller and save it to your Desktop.
  • If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
    If on Windows XP, double-click to start.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan

When the scan is done, it will display a summary screen.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Re-enable your antivirus program.

Copy and paste the contents of logs inside the main body of the reply box.

Post the logs, and tell me, How is the system now ?

Link to post
Share on other sites

Well, i followed all the steps and the RAM is still being eaten up 70%+.

I ran Malwarebytes and clicked remove like i was told to then restarted and ran another scan, the same 2 things came up again.

2u4ts7k.png

Here are the Logs Files From aswMBR and TDSSKILLER

LOG aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-03 11:56:58

-----------------------------

11:56:58.681 OS Version: Windows x64 6.1.7601 Service Pack 1

11:56:58.681 Number of processors: 4 586 0x2505

11:56:58.681 ComputerName: MOMANDDAD-HP UserName: MomandDad

11:57:05.901 Initialize success

11:58:16.951 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

11:58:16.951 Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 3

11:58:16.951 Device \Driver\iaStor -> MajorFunction fffffa80076ad5e8

11:58:16.951 Disk 0 MBR read successfully

11:58:16.961 Disk 0 MBR scan

11:58:16.991 Disk 0 Windows 7 default MBR code

11:58:17.011 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048

11:58:17.061 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 596070 MB offset 409600

11:58:17.121 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14106 MB offset 1221160960

11:58:17.191 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048

11:58:17.251 Disk 0 scanning C:\Windows\system32\drivers

11:58:33.391 Service scanning

11:59:03.041 Modules scanning

11:59:03.041 Scan finished successfully

11:59:42.901 Disk 0 MBR has been saved successfully to "C:\Users\MomandDad\Desktop\New folder\MBR.dat"

11:59:42.911 The log file has been saved successfully to "C:\Users\MomandDad\Desktop\New folder\aswMBR.txt"

Log TDSSKILLER:

12:00:28.0285 0528 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

12:00:28.0585 0528 ============================================================

12:00:28.0585 0528 Current date / time: 2012/08/03 12:00:28.0585

12:00:28.0585 0528 SystemInfo:

12:00:28.0585 0528

12:00:28.0585 0528 OS Version: 6.1.7601 ServicePack: 1.0

12:00:28.0585 0528 Product type: Workstation

12:00:28.0585 0528 ComputerName: MOMANDDAD-HP

12:00:28.0585 0528 UserName: MomandDad

12:00:28.0585 0528 Windows directory: C:\Windows

12:00:28.0585 0528 System windows directory: C:\Windows

12:00:28.0585 0528 Running under WOW64

12:00:28.0585 0528 Processor architecture: Intel x64

12:00:28.0585 0528 Number of processors: 4

12:00:28.0585 0528 Page size: 0x1000

12:00:28.0585 0528 Boot type: Normal boot

12:00:28.0585 0528 ============================================================

12:00:30.0865 0528 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

12:00:30.0895 0528 ============================================================

12:00:30.0895 0528 \Device\Harddisk0\DR0:

12:00:30.0905 0528 MBR partitions:

12:00:30.0905 0528 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

12:00:30.0905 0528 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48C33000

12:00:30.0905 0528 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48C97000, BlocksNum 0x1B8D000

12:00:30.0905 0528 ============================================================

12:00:30.0995 0528 C: <-> \Device\Harddisk0\DR0\Partition1

12:00:31.0145 0528 D: <-> \Device\Harddisk0\DR0\Partition2

12:00:31.0145 0528 ============================================================

12:00:31.0145 0528 Initialize success

12:00:31.0145 0528 ============================================================

12:00:46.0485 2548 ============================================================

12:00:46.0485 2548 Scan started

12:00:46.0485 2548 Mode: Manual; SigCheck; TDLFS;

12:00:46.0485 2548 ============================================================

12:00:48.0225 2548 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

12:00:48.0525 2548 1394ohci - ok

12:00:48.0645 2548 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

12:00:48.0675 2548 ACPI - ok

12:00:48.0775 2548 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

12:00:48.0855 2548 AcpiPmi - ok

12:00:49.0135 2548 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

12:00:49.0145 2548 AdobeARMservice - ok

12:00:49.0845 2548 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

12:00:49.0865 2548 AdobeFlashPlayerUpdateSvc - ok

12:00:50.0335 2548 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

12:00:50.0375 2548 adp94xx - ok

12:00:50.0505 2548 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

12:00:50.0535 2548 adpahci - ok

12:00:50.0635 2548 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

12:00:50.0685 2548 adpu320 - ok

12:00:50.0815 2548 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

12:00:51.0035 2548 AeLookupSvc - ok

12:00:51.0235 2548 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

12:00:51.0345 2548 AFD - ok

12:00:51.0475 2548 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

12:00:51.0515 2548 agp440 - ok

12:00:51.0595 2548 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

12:00:51.0705 2548 ALG - ok

12:00:51.0755 2548 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

12:00:51.0775 2548 aliide - ok

12:00:51.0815 2548 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

12:00:51.0835 2548 amdide - ok

12:00:51.0935 2548 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

12:00:51.0965 2548 AmdK8 - ok

12:00:51.0985 2548 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

12:00:52.0015 2548 AmdPPM - ok

12:00:52.0105 2548 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

12:00:52.0115 2548 amdsata - ok

12:00:52.0205 2548 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

12:00:52.0335 2548 amdsbs - ok

12:00:52.0385 2548 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

12:00:52.0405 2548 amdxata - ok

12:00:52.0475 2548 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

12:00:52.0705 2548 AppID - ok

12:00:52.0735 2548 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

12:00:52.0805 2548 AppIDSvc - ok

12:00:52.0875 2548 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

12:00:52.0975 2548 Appinfo - ok

12:00:53.0325 2548 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

12:00:53.0345 2548 arc - ok

12:00:53.0405 2548 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

12:00:53.0415 2548 arcsas - ok

12:00:53.0525 2548 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

12:00:53.0575 2548 AsyncMac - ok

12:00:53.0875 2548 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

12:00:53.0905 2548 atapi - ok

12:00:54.0145 2548 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

12:00:54.0245 2548 AudioEndpointBuilder - ok

12:00:54.0255 2548 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

12:00:54.0315 2548 AudioSrv - ok

12:00:54.0385 2548 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

12:00:54.0475 2548 AxInstSV - ok

12:00:54.0585 2548 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

12:00:54.0695 2548 b06bdrv - ok

12:00:54.0805 2548 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

12:00:54.0855 2548 b57nd60a - ok

12:00:55.0115 2548 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys

12:00:55.0165 2548 BCM43XX - ok

12:00:55.0215 2548 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

12:00:55.0275 2548 BDESVC - ok

12:00:55.0375 2548 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

12:00:55.0445 2548 Beep - ok

12:00:55.0625 2548 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

12:00:55.0725 2548 BFE - ok

12:00:55.0865 2548 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

12:00:56.0035 2548 BITS - ok

12:00:56.0135 2548 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

12:00:56.0175 2548 blbdrive - ok

12:00:56.0325 2548 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

12:00:56.0435 2548 bowser - ok

12:00:56.0525 2548 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

12:00:56.0555 2548 BrFiltLo - ok

12:00:56.0575 2548 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

12:00:56.0595 2548 BrFiltUp - ok

12:00:56.0745 2548 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

12:00:56.0805 2548 BridgeMP - ok

12:00:56.0895 2548 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

12:00:56.0965 2548 Browser - ok

12:00:57.0225 2548 Browser Defender Update Service (7effccd7b6ea4d3428f5b3ace8de8f5a) C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

12:00:57.0275 2548 Browser Defender Update Service - ok

12:00:57.0345 2548 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

12:00:57.0435 2548 Brserid - ok

12:00:57.0485 2548 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

12:00:57.0515 2548 BrSerWdm - ok

12:00:57.0565 2548 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

12:00:57.0605 2548 BrUsbMdm - ok

12:00:57.0645 2548 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

12:00:57.0695 2548 BrUsbSer - ok

12:00:57.0755 2548 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

12:00:57.0795 2548 BTHMODEM - ok

12:00:57.0835 2548 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

12:00:57.0895 2548 bthserv - ok

12:00:57.0935 2548 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

12:00:58.0015 2548 cdfs - ok

12:00:58.0095 2548 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

12:00:58.0125 2548 cdrom - ok

12:00:58.0195 2548 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

12:00:58.0285 2548 CertPropSvc - ok

12:00:58.0325 2548 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

12:00:58.0365 2548 circlass - ok

12:00:58.0405 2548 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

12:00:58.0435 2548 CLFS - ok

12:00:58.0525 2548 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:00:58.0555 2548 clr_optimization_v2.0.50727_32 - ok

12:00:58.0675 2548 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

12:00:58.0755 2548 clr_optimization_v2.0.50727_64 - ok

12:00:58.0875 2548 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:00:58.0885 2548 clr_optimization_v4.0.30319_32 - ok

12:00:59.0135 2548 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

12:00:59.0175 2548 clr_optimization_v4.0.30319_64 - ok

12:00:59.0215 2548 clwvd - ok

12:00:59.0265 2548 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

12:00:59.0295 2548 CmBatt - ok

12:00:59.0345 2548 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

12:00:59.0365 2548 cmdide - ok

12:00:59.0515 2548 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

12:00:59.0545 2548 CNG - ok

12:00:59.0645 2548 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

12:00:59.0655 2548 Compbatt - ok

12:00:59.0705 2548 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

12:00:59.0725 2548 CompositeBus - ok

12:00:59.0755 2548 COMSysApp - ok

12:00:59.0835 2548 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

12:00:59.0855 2548 crcdisk - ok

12:00:59.0935 2548 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

12:01:00.0025 2548 CryptSvc - ok

12:01:00.0125 2548 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

12:01:00.0195 2548 DcomLaunch - ok

12:01:00.0265 2548 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

12:01:00.0325 2548 defragsvc - ok

12:01:00.0395 2548 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

12:01:00.0455 2548 DfsC - ok

12:01:00.0575 2548 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

12:01:00.0725 2548 Dhcp - ok

12:01:00.0805 2548 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

12:01:00.0895 2548 discache - ok

12:01:01.0035 2548 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

12:01:01.0055 2548 Disk - ok

12:01:01.0175 2548 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

12:01:01.0265 2548 Dnscache - ok

12:01:01.0325 2548 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

12:01:01.0395 2548 dot3svc - ok

12:01:01.0435 2548 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

12:01:01.0495 2548 DPS - ok

12:01:01.0545 2548 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

12:01:01.0585 2548 drmkaud - ok

12:01:01.0665 2548 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

12:01:01.0695 2548 DXGKrnl - ok

12:01:01.0715 2548 EagleX64 - ok

12:01:01.0755 2548 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

12:01:01.0825 2548 EapHost - ok

12:01:02.0655 2548 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

12:01:02.0775 2548 ebdrv - ok

12:01:03.0045 2548 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

12:01:03.0155 2548 EFS - ok

12:01:03.0385 2548 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

12:01:03.0445 2548 ehRecvr - ok

12:01:03.0495 2548 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

12:01:03.0535 2548 ehSched - ok

12:01:03.0935 2548 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

12:01:03.0955 2548 elxstor - ok

12:01:04.0025 2548 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

12:01:04.0095 2548 ErrDev - ok

12:01:04.0255 2548 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

12:01:04.0395 2548 EventSystem - ok

12:01:04.0485 2548 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

12:01:04.0535 2548 exfat - ok

12:01:04.0565 2548 ezSharedSvc - ok

12:01:04.0635 2548 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

12:01:04.0695 2548 fastfat - ok

12:01:04.0765 2548 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

12:01:04.0875 2548 Fax - ok

12:01:05.0115 2548 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

12:01:05.0155 2548 fdc - ok

12:01:05.0275 2548 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

12:01:05.0335 2548 fdPHost - ok

12:01:05.0395 2548 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

12:01:05.0475 2548 FDResPub - ok

12:01:05.0575 2548 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

12:01:05.0595 2548 FileInfo - ok

12:01:05.0655 2548 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

12:01:05.0735 2548 Filetrace - ok

12:01:05.0765 2548 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

12:01:05.0785 2548 flpydisk - ok

12:01:06.0045 2548 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

12:01:06.0075 2548 FltMgr - ok

12:01:06.0605 2548 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

12:01:06.0745 2548 FontCache - ok

12:01:06.0885 2548 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

12:01:06.0895 2548 FontCache3.0.0.0 - ok

12:01:06.0995 2548 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

12:01:07.0015 2548 FsDepends - ok

12:01:07.0115 2548 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

12:01:07.0145 2548 Fs_Rec - ok

12:01:07.0225 2548 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

12:01:07.0245 2548 fvevol - ok

12:01:07.0315 2548 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

12:01:07.0325 2548 gagp30kx - ok

12:01:07.0415 2548 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

12:01:07.0435 2548 GamesAppService - ok

12:01:07.0565 2548 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

12:01:07.0645 2548 gpsvc - ok

12:01:07.0675 2548 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

12:01:07.0735 2548 hcw85cir - ok

12:01:07.0995 2548 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

12:01:08.0045 2548 HdAudAddService - ok

12:01:08.0275 2548 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

12:01:08.0315 2548 HDAudBus - ok

12:01:08.0485 2548 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

12:01:08.0595 2548 HECIx64 - ok

12:01:08.0705 2548 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

12:01:08.0745 2548 HidBatt - ok

12:01:08.0795 2548 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

12:01:08.0845 2548 HidBth - ok

12:01:08.0875 2548 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

12:01:08.0895 2548 HidIr - ok

12:01:08.0935 2548 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

12:01:09.0005 2548 hidserv - ok

12:01:09.0145 2548 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

12:01:09.0165 2548 HidUsb - ok

12:01:09.0235 2548 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

12:01:09.0325 2548 hkmsvc - ok

12:01:09.0415 2548 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

12:01:09.0475 2548 HomeGroupListener - ok

12:01:09.0515 2548 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

12:01:09.0555 2548 HomeGroupProvider - ok

12:01:09.0735 2548 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

12:01:09.0765 2548 HP Support Assistant Service - ok

12:01:09.0925 2548 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

12:01:09.0955 2548 HPAuto - ok

12:01:10.0005 2548 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

12:01:10.0025 2548 HPClientSvc - ok

12:01:10.0265 2548 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

12:01:10.0305 2548 HPDrvMntSvc.exe - ok

12:01:10.0475 2548 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

12:01:10.0545 2548 hpqwmiex - ok

12:01:10.0905 2548 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

12:01:10.0915 2548 HpSAMD - ok

12:01:10.0945 2548 HPWMISVC - ok

12:01:11.0215 2548 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

12:01:11.0295 2548 HTTP - ok

12:01:11.0325 2548 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

12:01:11.0345 2548 hwpolicy - ok

12:01:11.0415 2548 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

12:01:11.0435 2548 i8042prt - ok

12:01:11.0675 2548 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys

12:01:11.0705 2548 iaStor - ok

12:01:11.0925 2548 IAStorDataMgrSvc (e79a8e33bd136d14bae1fa20eb2ef124) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

12:01:11.0945 2548 IAStorDataMgrSvc - ok

12:01:12.0015 2548 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

12:01:12.0035 2548 iaStorV - ok

12:01:12.0725 2548 IconMan_R (d22d82d74fd1b6c77e7556dbdc3ea9d2) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

12:01:12.0855 2548 IconMan_R ( UnsignedFile.Multi.Generic ) - warning

12:01:12.0855 2548 IconMan_R - detected UnsignedFile.Multi.Generic (1)

12:01:13.0155 2548 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

12:01:13.0195 2548 idsvc - ok

12:01:17.0105 2548 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\Windows\system32\DRIVERS\igdkmd64.sys

12:01:17.0445 2548 igfx - ok

12:01:18.0145 2548 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

12:01:18.0165 2548 iirsp - ok

12:01:18.0305 2548 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

12:01:18.0385 2548 IKEEXT - ok

12:01:18.0465 2548 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

12:01:18.0525 2548 Impcd - ok

12:01:18.0605 2548 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

12:01:18.0655 2548 IntcDAud - ok

12:01:18.0715 2548 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

12:01:18.0725 2548 intelide - ok

12:01:18.0765 2548 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

12:01:18.0795 2548 intelppm - ok

12:01:18.0855 2548 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

12:01:18.0945 2548 IPBusEnum - ok

12:01:19.0065 2548 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:01:19.0105 2548 IpFilterDriver - ok

12:01:19.0225 2548 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

12:01:19.0305 2548 iphlpsvc - ok

12:01:19.0365 2548 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

12:01:19.0405 2548 IPMIDRV - ok

12:01:19.0425 2548 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

12:01:19.0485 2548 IPNAT - ok

12:01:19.0535 2548 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

12:01:19.0555 2548 IRENUM - ok

12:01:19.0615 2548 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

12:01:19.0635 2548 isapnp - ok

12:01:19.0695 2548 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

12:01:19.0725 2548 iScsiPrt - ok

12:01:19.0765 2548 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

12:01:19.0775 2548 kbdclass - ok

12:01:19.0835 2548 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

12:01:19.0875 2548 kbdhid - ok

12:01:19.0905 2548 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:01:19.0925 2548 KeyIso - ok

12:01:19.0965 2548 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

12:01:19.0975 2548 KSecDD - ok

12:01:20.0015 2548 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

12:01:20.0045 2548 KSecPkg - ok

12:01:20.0115 2548 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

12:01:20.0175 2548 ksthunk - ok

12:01:20.0245 2548 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

12:01:20.0325 2548 KtmRm - ok

12:01:20.0395 2548 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

12:01:20.0465 2548 LanmanServer - ok

12:01:20.0525 2548 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

12:01:20.0585 2548 LanmanWorkstation - ok

12:01:20.0705 2548 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

12:01:20.0785 2548 lltdio - ok

12:01:20.0855 2548 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

12:01:20.0945 2548 lltdsvc - ok

12:01:20.0985 2548 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

12:01:21.0045 2548 lmhosts - ok

12:01:21.0405 2548 LMS (0405f4bcd1c7a7b309f620fe0b5de5e6) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

12:01:21.0425 2548 LMS - ok

12:01:21.0585 2548 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

12:01:21.0605 2548 LSI_FC - ok

12:01:21.0755 2548 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

12:01:21.0775 2548 LSI_SAS - ok

12:01:21.0895 2548 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

12:01:21.0915 2548 LSI_SAS2 - ok

12:01:22.0125 2548 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

12:01:22.0165 2548 LSI_SCSI - ok

12:01:22.0225 2548 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

12:01:22.0305 2548 luafv - ok

12:01:22.0385 2548 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

12:01:22.0405 2548 MBAMProtector - ok

12:01:22.0555 2548 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

12:01:22.0575 2548 MBAMService - ok

12:01:22.0595 2548 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

12:01:22.0615 2548 Mcx2Svc - ok

12:01:22.0705 2548 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

12:01:22.0725 2548 megasas - ok

12:01:22.0845 2548 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

12:01:22.0865 2548 MegaSR - ok

12:01:23.0045 2548 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

12:01:23.0145 2548 MMCSS - ok

12:01:23.0205 2548 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

12:01:23.0255 2548 Modem - ok

12:01:23.0285 2548 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

12:01:23.0325 2548 monitor - ok

12:01:23.0495 2548 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

12:01:23.0515 2548 mouclass - ok

12:01:23.0565 2548 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

12:01:23.0605 2548 mouhid - ok

12:01:23.0645 2548 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

12:01:23.0665 2548 mountmgr - ok

12:01:23.0885 2548 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

12:01:23.0915 2548 MozillaMaintenance - ok

12:01:24.0045 2548 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

12:01:24.0095 2548 MpFilter - ok

12:01:24.0235 2548 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

12:01:24.0265 2548 mpio - ok

12:01:24.0335 2548 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

12:01:24.0375 2548 mpsdrv - ok

12:01:24.0655 2548 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

12:01:24.0815 2548 MpsSvc - ok

12:01:24.0835 2548 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

12:01:24.0895 2548 MRxDAV - ok

12:01:24.0955 2548 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

12:01:25.0005 2548 mrxsmb - ok

12:01:25.0065 2548 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:01:25.0095 2548 mrxsmb10 - ok

12:01:25.0125 2548 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:01:25.0135 2548 mrxsmb20 - ok

12:01:25.0165 2548 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

12:01:25.0175 2548 msahci - ok

12:01:25.0265 2548 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

12:01:25.0285 2548 msdsm - ok

12:01:25.0335 2548 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

12:01:25.0365 2548 MSDTC - ok

12:01:25.0425 2548 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

12:01:25.0465 2548 Msfs - ok

12:01:25.0485 2548 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

12:01:25.0575 2548 mshidkmdf - ok

12:01:25.0625 2548 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

12:01:25.0645 2548 msisadrv - ok

12:01:25.0695 2548 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

12:01:25.0775 2548 MSiSCSI - ok

12:01:25.0775 2548 msiserver - ok

12:01:25.0875 2548 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

12:01:25.0935 2548 MSKSSRV - ok

12:01:26.0045 2548 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe

12:01:26.0065 2548 MsMpSvc - ok

12:01:26.0105 2548 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

12:01:26.0165 2548 MSPCLOCK - ok

12:01:26.0185 2548 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

12:01:26.0245 2548 MSPQM - ok

12:01:26.0285 2548 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

12:01:26.0305 2548 MsRPC - ok

12:01:26.0365 2548 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

12:01:26.0375 2548 mssmbios - ok

12:01:26.0475 2548 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

12:01:26.0525 2548 MSTEE - ok

12:01:26.0585 2548 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

12:01:26.0615 2548 MTConfig - ok

12:01:26.0725 2548 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

12:01:26.0745 2548 Mup - ok

12:01:26.0905 2548 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

12:01:26.0975 2548 napagent - ok

12:01:27.0035 2548 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

12:01:27.0075 2548 NativeWifiP - ok

12:01:27.0175 2548 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

12:01:27.0205 2548 NDIS - ok

12:01:27.0285 2548 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

12:01:27.0335 2548 NdisCap - ok

12:01:27.0385 2548 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

12:01:27.0435 2548 NdisTapi - ok

12:01:27.0515 2548 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

12:01:27.0585 2548 Ndisuio - ok

12:01:27.0635 2548 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

12:01:27.0695 2548 NdisWan - ok

12:01:27.0785 2548 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

12:01:27.0835 2548 NDProxy - ok

12:01:27.0865 2548 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

12:01:27.0925 2548 NetBIOS - ok

12:01:27.0995 2548 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

12:01:28.0035 2548 NetBT - ok

12:01:28.0075 2548 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:01:28.0095 2548 Netlogon - ok

12:01:28.0165 2548 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

12:01:28.0235 2548 Netman - ok

12:01:28.0315 2548 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

12:01:28.0385 2548 netprofm - ok

12:01:28.0765 2548 netr28x (31609b481cc202bfb441e37febcdea05) C:\Windows\system32\DRIVERS\netr28x.sys

12:01:28.0815 2548 netr28x - ok

12:01:29.0095 2548 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:01:29.0115 2548 NetTcpPortSharing - ok

12:01:29.0365 2548 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

12:01:29.0375 2548 nfrd960 - ok

12:01:29.0575 2548 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

12:01:29.0605 2548 NisDrv - ok

12:01:29.0885 2548 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

12:01:29.0925 2548 NisSrv - ok

12:01:29.0995 2548 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

12:01:30.0045 2548 NlaSvc - ok

12:01:30.0105 2548 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

12:01:30.0145 2548 Npfs - ok

12:01:30.0185 2548 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

12:01:30.0245 2548 nsi - ok

12:01:30.0275 2548 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

12:01:30.0345 2548 nsiproxy - ok

12:01:30.0755 2548 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

12:01:30.0805 2548 Ntfs - ok

12:01:31.0135 2548 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

12:01:31.0205 2548 Null - ok

12:01:31.0275 2548 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

12:01:31.0315 2548 NVENETFD - ok

12:01:31.0405 2548 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

12:01:31.0425 2548 nvraid - ok

12:01:31.0465 2548 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

12:01:31.0485 2548 nvstor - ok

12:01:31.0655 2548 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

12:01:31.0665 2548 nv_agp - ok

12:01:31.0885 2548 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

12:01:31.0905 2548 ohci1394 - ok

12:01:32.0095 2548 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

12:01:32.0175 2548 p2pimsvc - ok

12:01:32.0375 2548 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

12:01:32.0405 2548 p2psvc - ok

12:01:32.0455 2548 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

12:01:32.0465 2548 Parport - ok

12:01:32.0515 2548 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

12:01:32.0535 2548 partmgr - ok

12:01:32.0645 2548 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

12:01:32.0705 2548 PcaSvc - ok

12:01:32.0755 2548 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

12:01:32.0775 2548 pci - ok

12:01:32.0805 2548 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

12:01:32.0825 2548 pciide - ok

12:01:32.0965 2548 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

12:01:32.0985 2548 pcmcia - ok

12:01:33.0015 2548 PCTBD (a87932ff09593ba8d197667a13e2a628) C:\Windows\system32\Drivers\PCTBD64.sys

12:01:33.0035 2548 PCTBD - ok

12:01:33.0125 2548 PCTCore (876fd95b7a3b7fe6179fbd16e7a6486c) C:\Windows\system32\drivers\PCTCore64.sys

12:01:33.0165 2548 PCTCore - ok

12:01:33.0215 2548 pctDS (ba1f42a42f405f62ceff6b69a2797f7c) C:\Windows\system32\drivers\pctDS64.sys

12:01:33.0245 2548 pctDS - ok

12:01:33.0415 2548 pctEFA (146cc91c93ced13e7fe40e8d8615be39) C:\Windows\system32\drivers\pctEFA64.sys

12:01:33.0445 2548 pctEFA - ok

12:01:33.0515 2548 pctgntdi (2734c67950c2eccf46d2709db6cffc20) C:\Windows\System32\drivers\pctgntdi64.sys

12:01:33.0545 2548 pctgntdi - ok

12:01:33.0585 2548 pctplsg (8131a2c7b6d39a995dc73e20c31bc177) C:\Windows\System32\drivers\pctplsg64.sys

12:01:33.0605 2548 pctplsg - ok

12:01:33.0735 2548 PCTSD (c4775e7f54f3cc6307b73462b1b802c6) C:\Windows\system32\Drivers\PCTSD64.sys

12:01:33.0765 2548 PCTSD - ok

12:01:33.0805 2548 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

12:01:33.0825 2548 pcw - ok

12:01:33.0915 2548 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

12:01:33.0995 2548 PEAUTH - ok

12:01:34.0225 2548 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

12:01:34.0265 2548 PerfHost - ok

12:01:34.0385 2548 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

12:01:34.0455 2548 pla - ok

12:01:34.0545 2548 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

12:01:34.0595 2548 PlugPlay - ok

12:01:34.0715 2548 PnkBstrA - ok

12:01:34.0765 2548 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

12:01:34.0795 2548 PNRPAutoReg - ok

12:01:34.0835 2548 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

12:01:34.0855 2548 PNRPsvc - ok

12:01:34.0945 2548 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

12:01:35.0025 2548 PolicyAgent - ok

12:01:35.0085 2548 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

12:01:35.0175 2548 Power - ok

12:01:35.0355 2548 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

12:01:35.0415 2548 PptpMiniport - ok

12:01:35.0485 2548 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

12:01:35.0515 2548 Processor - ok

12:01:35.0605 2548 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

12:01:35.0705 2548 ProfSvc - ok

12:01:35.0775 2548 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:01:35.0795 2548 ProtectedStorage - ok

12:01:35.0945 2548 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

12:01:36.0015 2548 Psched - ok

12:01:36.0465 2548 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

12:01:36.0505 2548 ql2300 - ok

12:01:37.0115 2548 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

12:01:37.0135 2548 ql40xx - ok

12:01:37.0175 2548 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

12:01:37.0225 2548 QWAVE - ok

12:01:37.0255 2548 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

12:01:37.0305 2548 QWAVEdrv - ok

12:01:37.0325 2548 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

12:01:37.0385 2548 RasAcd - ok

12:01:37.0425 2548 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

12:01:37.0475 2548 RasAgileVpn - ok

12:01:37.0515 2548 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

12:01:37.0575 2548 RasAuto - ok

12:01:37.0745 2548 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

12:01:37.0835 2548 Rasl2tp - ok

12:01:37.0975 2548 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

12:01:38.0045 2548 RasMan - ok

12:01:38.0095 2548 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

12:01:38.0175 2548 RasPppoe - ok

12:01:38.0215 2548 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

12:01:38.0285 2548 RasSstp - ok

12:01:38.0395 2548 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

12:01:38.0455 2548 rdbss - ok

12:01:38.0505 2548 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

12:01:38.0535 2548 rdpbus - ok

12:01:38.0545 2548 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

12:01:38.0605 2548 RDPCDD - ok

12:01:38.0675 2548 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

12:01:38.0725 2548 RDPENCDD - ok

12:01:38.0775 2548 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

12:01:38.0835 2548 RDPREFMP - ok

12:01:38.0885 2548 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

12:01:38.0925 2548 RDPWD - ok

12:01:38.0975 2548 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

12:01:38.0995 2548 rdyboost - ok

12:01:39.0035 2548 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

12:01:39.0115 2548 RemoteAccess - ok

12:01:39.0355 2548 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

12:01:39.0425 2548 RemoteRegistry - ok

12:01:39.0655 2548 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

12:01:39.0685 2548 RoxioNow Service - ok

12:01:39.0785 2548 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

12:01:39.0855 2548 RpcEptMapper - ok

12:01:39.0905 2548 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

12:01:39.0925 2548 RpcLocator - ok

12:01:40.0215 2548 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

12:01:40.0265 2548 RpcSs - ok

12:01:40.0365 2548 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys

12:01:40.0385 2548 RSPCIESTOR - ok

12:01:40.0455 2548 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

12:01:40.0495 2548 rspndr - ok

12:01:40.0645 2548 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys

12:01:40.0675 2548 RTL8167 - ok

12:01:40.0785 2548 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:01:40.0815 2548 SamSs - ok

12:01:40.0865 2548 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

12:01:40.0875 2548 sbp2port - ok

12:01:40.0935 2548 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

12:01:40.0985 2548 SCardSvr - ok

12:01:41.0015 2548 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

12:01:41.0085 2548 scfilter - ok

12:01:41.0205 2548 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

12:01:41.0295 2548 Schedule - ok

12:01:41.0355 2548 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

12:01:41.0415 2548 SCPolicySvc - ok

12:01:41.0665 2548 sdAuxService (cfeb26a26452d5337c2f3aadd8218fc3) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe

12:01:41.0685 2548 sdAuxService - ok

12:01:41.0845 2548 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys

12:01:41.0885 2548 sdbus - ok

12:01:42.0125 2548 sdCoreService (b906c04f469060f2dd7fcb84706b4493) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe

12:01:42.0155 2548 sdCoreService - ok

12:01:42.0235 2548 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

12:01:42.0315 2548 SDRSVC - ok

12:01:42.0425 2548 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

12:01:42.0495 2548 secdrv - ok

12:01:42.0535 2548 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

12:01:42.0575 2548 seclogon - ok

12:01:42.0595 2548 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

12:01:42.0665 2548 SENS - ok

12:01:42.0705 2548 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

12:01:42.0775 2548 SensrSvc - ok

12:01:42.0835 2548 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

12:01:42.0865 2548 Serenum - ok

12:01:42.0925 2548 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

12:01:42.0965 2548 Serial - ok

12:01:43.0005 2548 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

12:01:43.0045 2548 sermouse - ok

12:01:43.0105 2548 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

12:01:43.0165 2548 SessionEnv - ok

12:01:43.0205 2548 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

12:01:43.0245 2548 sffdisk - ok

12:01:43.0285 2548 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

12:01:43.0335 2548 sffp_mmc - ok

12:01:43.0365 2548 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

12:01:43.0395 2548 sffp_sd - ok

12:01:43.0455 2548 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

12:01:43.0475 2548 sfloppy - ok

12:01:43.0525 2548 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

12:01:43.0575 2548 SharedAccess - ok

12:01:43.0645 2548 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

12:01:43.0725 2548 ShellHWDetection - ok

12:01:43.0745 2548 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

12:01:43.0765 2548 SiSRaid2 - ok

12:01:43.0855 2548 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

12:01:43.0875 2548 SiSRaid4 - ok

12:01:44.0025 2548 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe

12:01:44.0045 2548 SkypeUpdate - ok

12:01:44.0115 2548 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

12:01:44.0175 2548 Smb - ok

12:01:44.0275 2548 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

12:01:44.0335 2548 SNMPTRAP - ok

12:01:44.0385 2548 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

12:01:44.0395 2548 spldr - ok

12:01:44.0535 2548 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

12:01:44.0615 2548 Spooler - ok

12:01:46.0285 2548 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

12:01:46.0475 2548 sppsvc - ok

12:01:46.0785 2548 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

12:01:46.0845 2548 sppuinotify - ok

12:01:47.0135 2548 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

12:01:47.0195 2548 srv - ok

12:01:47.0245 2548 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

12:01:47.0275 2548 srv2 - ok

12:01:47.0345 2548 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

12:01:47.0365 2548 SrvHsfHDA - ok

12:01:47.0585 2548 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

12:01:47.0645 2548 SrvHsfV92 - ok

12:01:48.0225 2548 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

12:01:48.0285 2548 SrvHsfWinac - ok

12:01:48.0385 2548 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

12:01:48.0405 2548 srvnet - ok

12:01:48.0525 2548 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

12:01:48.0585 2548 SSDPSRV - ok

12:01:48.0625 2548 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

12:01:48.0675 2548 SstpSvc - ok

12:01:48.0885 2548 STacSV (7bf818b11c1fedc3e76d233124470a30) C:\Program Files\IDT\WDM\STacSV64.exe

12:01:49.0005 2548 STacSV - ok

12:01:49.0045 2548 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

12:01:49.0065 2548 stexstor - ok

12:01:49.0215 2548 STHDA (ebc1a5e076a9be314d3d9e8ed19abb0a) C:\Windows\system32\DRIVERS\stwrt64.sys

12:01:49.0255 2548 STHDA - ok

12:01:49.0435 2548 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

12:01:49.0505 2548 stisvc - ok

12:01:49.0545 2548 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

12:01:49.0565 2548 swenum - ok

12:01:49.0655 2548 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

12:01:49.0725 2548 swprv - ok

12:01:49.0825 2548 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys

12:01:49.0845 2548 SynTP - ok

12:01:50.0225 2548 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

12:01:50.0365 2548 SysMain - ok

12:01:50.0575 2548 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

12:01:50.0615 2548 TabletInputService - ok

12:01:50.0695 2548 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

12:01:50.0775 2548 TapiSrv - ok

12:01:50.0815 2548 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

12:01:50.0865 2548 TBS - ok

12:01:51.0115 2548 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

12:01:51.0165 2548 Tcpip - ok

12:01:51.0725 2548 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

12:01:51.0775 2548 TCPIP6 - ok

12:01:52.0065 2548 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

12:01:52.0125 2548 tcpipreg - ok

12:01:52.0165 2548 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

12:01:52.0195 2548 TDPIPE - ok

12:01:52.0235 2548 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

12:01:52.0295 2548 TDTCP - ok

12:01:52.0375 2548 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

12:01:52.0415 2548 tdx - ok

12:01:52.0455 2548 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

12:01:52.0475 2548 TermDD - ok

12:01:52.0545 2548 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

12:01:52.0625 2548 TermService - ok

12:01:52.0735 2548 TfFsMon (9cd5c339754e2310790ca27dbbd31f88) C:\Windows\system32\drivers\TfFsMon.sys

12:01:52.0745 2548 TfFsMon - ok

12:01:52.0805 2548 TfNetMon (00809507fafa1be93dbbace5029f27bb) C:\Windows\system32\drivers\TfNetMon.sys

12:01:52.0825 2548 TfNetMon - ok

12:01:53.0125 2548 TFSysMon (3593a7b1264fba24fe9e097a99b3e848) C:\Windows\system32\drivers\TfSysMon.sys

12:01:53.0175 2548 TFSysMon - ok

12:01:53.0245 2548 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

12:01:53.0345 2548 Themes - ok

12:01:53.0395 2548 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

12:01:53.0475 2548 THREADORDER - ok

12:01:53.0605 2548 ThreatFire - ok

12:01:53.0715 2548 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

12:01:53.0775 2548 TrkWks - ok

12:01:53.0955 2548 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

12:01:54.0015 2548 TrustedInstaller - ok

12:01:54.0065 2548 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

12:01:54.0115 2548 tssecsrv - ok

12:01:54.0165 2548 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

12:01:54.0195 2548 TsUsbFlt - ok

12:01:54.0265 2548 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

12:01:54.0335 2548 TsUsbGD - ok

12:01:54.0495 2548 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

12:01:54.0545 2548 tunnel - ok

12:01:54.0595 2548 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

12:01:54.0615 2548 uagp35 - ok

12:01:54.0755 2548 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

12:01:54.0815 2548 udfs - ok

12:01:54.0855 2548 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

12:01:54.0875 2548 UI0Detect - ok

12:01:54.0925 2548 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

12:01:54.0945 2548 uliagpkx - ok

12:01:55.0105 2548 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

12:01:55.0135 2548 umbus - ok

12:01:55.0215 2548 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

12:01:55.0255 2548 UmPass - ok

12:01:56.0005 2548 UNS (6f895ca96552069b3d3ef5b4f6e90d3e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

12:01:56.0175 2548 UNS - ok

12:01:56.0355 2548 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

12:01:56.0415 2548 upnphost - ok

12:01:56.0495 2548 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

12:01:56.0545 2548 usbccgp - ok

12:01:56.0595 2548 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

12:01:56.0615 2548 usbcir - ok

12:01:56.0725 2548 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

12:01:56.0775 2548 usbehci - ok

12:01:56.0875 2548 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

12:01:56.0915 2548 usbhub - ok

12:01:56.0945 2548 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

12:01:56.0985 2548 usbohci - ok

12:01:57.0035 2548 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

12:01:57.0095 2548 usbprint - ok

12:01:57.0115 2548 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

12:01:57.0175 2548 USBSTOR - ok

12:01:57.0195 2548 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

12:01:57.0245 2548 usbuhci - ok

12:01:57.0325 2548 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

12:01:57.0345 2548 usbvideo - ok

12:01:57.0375 2548 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

12:01:57.0435 2548 UxSms - ok

12:01:57.0465 2548 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:01:57.0495 2548 VaultSvc - ok

12:01:57.0515 2548 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

12:01:57.0535 2548 vdrvroot - ok

12:01:57.0595 2548 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

12:01:57.0685 2548 vds - ok

12:01:57.0765 2548 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

12:01:57.0785 2548 vga - ok

12:01:57.0805 2548 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

12:01:57.0855 2548 VgaSave - ok

12:01:57.0905 2548 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

12:01:57.0925 2548 vhdmp - ok

12:01:57.0985 2548 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

12:01:58.0005 2548 viaide - ok

12:01:58.0055 2548 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

12:01:58.0075 2548 volmgr - ok

12:01:58.0165 2548 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

12:01:58.0195 2548 volmgrx - ok

12:01:58.0255 2548 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

12:01:58.0275 2548 volsnap - ok

12:01:58.0395 2548 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

12:01:58.0425 2548 vsmraid - ok

12:01:58.0675 2548 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

12:01:58.0855 2548 VSS - ok

12:01:58.0905 2548 vtany - ok

12:01:59.0255 2548 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

12:01:59.0305 2548 vwifibus - ok

12:01:59.0355 2548 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

12:01:59.0385 2548 vwififlt - ok

12:01:59.0505 2548 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

12:01:59.0555 2548 W32Time - ok

12:01:59.0655 2548 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

12:01:59.0705 2548 WacomPen - ok

12:01:59.0765 2548 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

12:01:59.0815 2548 WANARP - ok

12:01:59.0835 2548 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

12:01:59.0875 2548 Wanarpv6 - ok

12:02:00.0065 2548 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

12:02:00.0125 2548 WatAdminSvc - ok

12:02:00.0445 2548 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

12:02:00.0525 2548 wbengine - ok

12:02:00.0705 2548 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

12:02:00.0755 2548 WbioSrvc - ok

12:02:00.0845 2548 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

12:02:00.0885 2548 wcncsvc - ok

12:02:00.0935 2548 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

12:02:01.0005 2548 WcsPlugInService - ok

12:02:01.0085 2548 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

12:02:01.0095 2548 Wd - ok

12:02:01.0255 2548 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

12:02:01.0285 2548 Wdf01000 - ok

12:02:01.0305 2548 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

12:02:01.0425 2548 WdiServiceHost - ok

12:02:01.0425 2548 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

12:02:01.0455 2548 WdiSystemHost - ok

12:02:01.0555 2548 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

12:02:01.0605 2548 WebClient - ok

12:02:01.0675 2548 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

12:02:01.0765 2548 Wecsvc - ok

12:02:01.0825 2548 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

12:02:01.0865 2548 wercplsupport - ok

12:02:01.0925 2548 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

12:02:01.0985 2548 WerSvc - ok

12:02:02.0065 2548 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

12:02:02.0115 2548 WfpLwf - ok

12:02:02.0195 2548 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

12:02:02.0215 2548 WIMMount - ok

12:02:02.0245 2548 WinDefend - ok

12:02:02.0255 2548 WinHttpAutoProxySvc - ok

12:02:02.0335 2548 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

12:02:02.0395 2548 Winmgmt - ok

12:02:02.0655 2548 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

12:02:02.0775 2548 WinRM - ok

12:02:03.0025 2548 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

12:02:03.0045 2548 WinUsb - ok

12:02:03.0305 2548 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

12:02:03.0415 2548 Wlansvc - ok

12:02:03.0505 2548 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

12:02:03.0535 2548 wlcrasvc - ok

12:02:04.0125 2548 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

12:02:04.0285 2548 wlidsvc - ok

12:02:04.0615 2548 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

12:02:04.0685 2548 WmiAcpi - ok

12:02:04.0785 2548 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

12:02:04.0905 2548 wmiApSrv - ok

12:02:04.0945 2548 WMPNetworkSvc - ok

12:02:04.0985 2548 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

12:02:05.0005 2548 WPCSvc - ok

12:02:05.0045 2548 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

12:02:05.0085 2548 WPDBusEnum - ok

12:02:05.0115 2548 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

12:02:05.0165 2548 ws2ifsl - ok

12:02:05.0235 2548 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

12:02:05.0275 2548 wscsvc - ok

12:02:05.0285 2548 WSearch - ok

12:02:05.0805 2548 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

12:02:05.0905 2548 wuauserv - ok

12:02:06.0325 2548 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

12:02:06.0385 2548 WudfPf - ok

12:02:06.0445 2548 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

12:02:06.0505 2548 WUDFRd - ok

12:02:06.0545 2548 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

12:02:06.0615 2548 wudfsvc - ok

12:02:06.0725 2548 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

12:02:06.0795 2548 WwanSvc - ok

12:02:06.0815 2548 xsherlock - ok

12:02:06.0825 2548 xspirit - ok

12:02:06.0855 2548 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

12:02:06.0925 2548 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

12:02:06.0925 2548 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

12:02:07.0005 2548 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

12:02:07.0005 2548 \Device\Harddisk0\DR0 - detected TDSS File System (1)

12:02:07.0015 2548 Boot (0x1200) (9d52f359bb28484530a2d81512342e5b) \Device\Harddisk0\DR0\Partition0

12:02:07.0015 2548 \Device\Harddisk0\DR0\Partition0 - ok

12:02:07.0035 2548 Boot (0x1200) (e1273c40462a5aac1ce067f911bbccd4) \Device\Harddisk0\DR0\Partition1

12:02:07.0055 2548 \Device\Harddisk0\DR0\Partition1 - ok

12:02:07.0085 2548 Boot (0x1200) (d9d921401dc68312279d79e426002e28) \Device\Harddisk0\DR0\Partition2

12:02:07.0115 2548 \Device\Harddisk0\DR0\Partition2 - ok

12:02:07.0115 2548 ============================================================

12:02:07.0115 2548 Scan finished

12:02:07.0115 2548 ============================================================

12:02:07.0125 2628 Detected object count: 3

12:02:07.0125 2628 Actual detected object count: 3

12:02:32.0715 2628 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user

12:02:32.0715 2628 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:02:34.0855 2628 \Device\Harddisk0\DR0\# - copied to quarantine

12:02:35.0115 2628 \Device\Harddisk0\DR0 - copied to quarantine

12:02:36.0885 2628 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

12:02:37.0265 2628 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

12:02:37.0315 2628 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

12:02:37.0375 2628 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

12:02:38.0715 2628 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

12:02:38.0865 2628 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

12:02:38.0915 2628 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

12:02:38.0945 2628 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

12:02:39.0165 2628 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

12:02:39.0385 2628 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

12:02:39.0405 2628 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

12:02:39.0425 2628 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

12:02:39.0425 2628 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

12:02:39.0585 2628 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

12:02:39.0835 2628 \Device\Harddisk0\DR0 - ok

12:02:42.0385 2628 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

12:02:42.0385 2628 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

12:02:42.0385 2628 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

12:03:41.0955 5260 Deinitialize success

Link to post
Share on other sites

In future, I do not need a screen-image of MBAM. What I would need, is the actual contents of MBAM scan log. Kindly remember that in future.

You have a serious TDLS infection.

This system had some serious backdoor trojans, spyware, and likely, a rookit.

This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh. While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspx

Help: I Got Hacked. Now What Do I Do? http://www.microsoft...gmt/sm0504.mspx

Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft...gmt/sm0704.mspx

Microsoft Says Recovery from Malware Becoming Impossible http://www.eweek.com...,1945808,00.asp

Your options are: 1) IF you have full-image-backups of the system on offline media from before the infection, use those backups to restore the system.

2) Do a wipe/reformat of HD, and a new-clean install of Windows + antivirus + all applications (losing personal files, documents)

3) Continue to try cleaning and removal.

Let me know affirmatively what you have decided to do.

IF you have decide to try removal & cleaning, then do this:

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Garrettberger only. If you are a casual viewer, do NOT try this on your system!

If you are not and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Start TDSSKILLER once again. Then mark just this for Deletion

12:02:42.0385 2628 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

12:02:42.0385 2628 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

When run is finished, copy and paste the log file into a reply.

Then, next, Logoff and Restart the system fresh.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :!:

Reply & attach the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Edited by Maurice Naggar
Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.