Inactive [In Progress] AVG detecting Trojan Horse Crypt.AQLW

W

willydp

Posts: 6   +0
Hi, seems I have the same problem a bit as described on 23 feb 2012 by Steph19.
I just get the popups by AVG about the different threats always in system32.
I always put them in quarantine, but they keep coming up.
Hope Broni or someone else can check result and help me further to clean the notebook.
Thanks.

Willy

So will start TDDSKiller and put the result below.
 
TDSSKiller result

21:04:25.0464 4672 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
21:04:25.0682 4672 ============================================================
21:04:25.0682 4672 Current date / time: 2012/04/14 21:04:25.0682
21:04:25.0682 4672 SystemInfo:
21:04:25.0698 4672
21:04:25.0698 4672 OS Version: 6.1.7601 ServicePack: 1.0
21:04:25.0698 4672 Product type: Workstation
21:04:25.0698 4672 ComputerName: TERESA-PC
21:04:25.0698 4672 UserName: Teresa
21:04:25.0698 4672 Windows directory: C:\Windows
21:04:25.0698 4672 System windows directory: C:\Windows
21:04:25.0698 4672 Processor architecture: Intel x86
21:04:25.0698 4672 Number of processors: 2
21:04:25.0698 4672 Page size: 0x1000
21:04:25.0698 4672 Boot type: Normal boot
21:04:25.0698 4672 ============================================================
21:04:28.0100 4672 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:04:28.0116 4672 Drive \Device\Harddisk1\DR1 - Size: 0xF3E00000 (3.81 Gb), SectorSize: 0x200, Cylinders: 0x1F1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:04:28.0132 4672 \Device\Harddisk0\DR0:
21:04:28.0132 4672 MBR used
21:04:28.0132 4672 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x11109000
21:04:28.0132 4672 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x11109800, BlocksNum 0x18AA800
21:04:28.0132 4672 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x129B4000, BlocksNum 0x64800
21:04:28.0132 4672 \Device\Harddisk1\DR1:
21:04:28.0132 4672 MBR used
21:04:28.0132 4672 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x2000, BlocksNum 0x79D000
21:04:28.0256 4672 Initialize success
21:04:28.0256 4672 ============================================================
21:04:30.0518 1340 ============================================================
21:04:30.0518 1340 Scan started
21:04:30.0518 1340 Mode: Manual;
21:04:30.0518 1340 ============================================================
21:04:31.0408 1340 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:04:31.0423 1340 1394ohci - ok
21:04:31.0548 1340 ACDaemon (769db4f484957cc98153b3c1b5d1162f) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:04:31.0548 1340 ACDaemon - ok
21:04:31.0704 1340 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:04:31.0704 1340 ACPI - ok
21:04:31.0798 1340 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:04:31.0813 1340 AcpiPmi - ok
21:04:31.0954 1340 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:04:31.0969 1340 AdobeFlashPlayerUpdateSvc - ok
21:04:32.0110 1340 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:04:32.0125 1340 adp94xx - ok
21:04:32.0234 1340 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:04:32.0250 1340 adpahci - ok
21:04:32.0359 1340 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:04:32.0375 1340 adpu320 - ok
21:04:32.0515 1340 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:04:32.0531 1340 AeLookupSvc - ok
21:04:32.0687 1340 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe
21:04:32.0687 1340 AESTFilters - ok
21:04:32.0827 1340 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:04:32.0843 1340 AFD - ok
21:04:32.0952 1340 AFGMp50 - ok
21:04:33.0030 1340 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:04:33.0046 1340 agp440 - ok
21:04:33.0202 1340 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:04:33.0217 1340 aic78xx - ok
21:04:33.0280 1340 alcxsens - ok
21:04:33.0467 1340 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:04:33.0482 1340 ALG - ok
21:04:33.0576 1340 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:04:33.0576 1340 aliide - ok
21:04:33.0685 1340 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:04:33.0685 1340 amdagp - ok
21:04:33.0748 1340 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:04:33.0763 1340 amdide - ok
21:04:33.0841 1340 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:04:33.0841 1340 AmdK8 - ok
21:04:33.0982 1340 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:04:33.0982 1340 AmdPPM - ok
21:04:34.0153 1340 AmDriver (78e14de4d1579f897c1593d34bb05193) C:\Windows\system32\AMDriver.sys
21:04:34.0153 1340 AmDriver - ok
21:04:34.0231 1340 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:04:34.0231 1340 amdsata - ok
21:04:34.0325 1340 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:04:34.0340 1340 amdsbs - ok
21:04:34.0403 1340 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:04:34.0403 1340 amdxata - ok
21:04:34.0481 1340 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:04:34.0496 1340 AppID - ok
21:04:34.0637 1340 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:04:34.0652 1340 AppIDSvc - ok
21:04:34.0793 1340 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:04:34.0793 1340 Appinfo - ok
21:04:34.0886 1340 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:04:34.0902 1340 Apple Mobile Device - ok
21:04:35.0027 1340 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:04:35.0027 1340 arc - ok
21:04:35.0089 1340 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:04:35.0105 1340 arcsas - ok
21:04:35.0198 1340 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:04:35.0198 1340 AsyncMac - ok
21:04:35.0354 1340 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:04:35.0354 1340 atapi - ok
21:04:35.0510 1340 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
21:04:35.0542 1340 athr - ok
21:04:35.0682 1340 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:04:35.0713 1340 AudioEndpointBuilder - ok
21:04:35.0776 1340 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:04:35.0791 1340 Audiosrv - ok
21:04:35.0994 1340 AVG Security Toolbar Service (ee651d98b03fe3c075ccc58ab61c9287) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
21:04:36.0010 1340 AVG Security Toolbar Service - ok
21:04:36.0322 1340 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
21:04:36.0462 1340 AVGIDSAgent - ok
21:04:36.0587 1340 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
21:04:36.0602 1340 AVGIDSDriver - ok
21:04:36.0696 1340 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
21:04:36.0696 1340 AVGIDSEH - ok
21:04:36.0899 1340 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
21:04:36.0914 1340 AVGIDSFilter - ok
21:04:37.0102 1340 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
21:04:37.0117 1340 AVGIDSShim - ok
21:04:37.0273 1340 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
21:04:37.0289 1340 Avgldx86 - ok
21:04:37.0414 1340 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
21:04:37.0429 1340 Avgmfx86 - ok
21:04:37.0538 1340 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
21:04:37.0538 1340 Avgrkx86 - ok
21:04:37.0663 1340 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
21:04:37.0679 1340 Avgtdix - ok
21:04:37.0789 1340 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
21:04:37.0805 1340 avgwd - ok
21:04:37.0987 1340 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:04:37.0987 1340 AxInstSV - ok
21:04:38.0102 1340 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:04:38.0120 1340 b06bdrv - ok
21:04:38.0249 1340 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:04:38.0262 1340 b57nd60x - ok
21:04:38.0415 1340 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
21:04:38.0424 1340 BBSvc - ok
21:04:38.0652 1340 BCM43XX (b9e94d37fc08525d893b632a0ca2e18c) C:\Windows\system32\DRIVERS\bcmwl6.sys
21:04:38.0698 1340 BCM43XX - ok
21:04:38.0859 1340 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:04:38.0864 1340 BDESVC - ok
21:04:39.0002 1340 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:04:39.0018 1340 Beep - ok
21:04:39.0174 1340 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
21:04:39.0190 1340 BITS - ok
21:04:39.0314 1340 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:04:39.0314 1340 blbdrive - ok
21:04:39.0408 1340 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:04:39.0424 1340 Bonjour Service - ok
21:04:39.0533 1340 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:04:39.0548 1340 bowser - ok
21:04:39.0642 1340 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:04:39.0642 1340 BrFiltLo - ok
21:04:39.0720 1340 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:04:39.0720 1340 BrFiltUp - ok
21:04:39.0798 1340 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:04:39.0814 1340 Browser - ok
21:04:39.0892 1340 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:04:39.0892 1340 Brserid - ok
21:04:39.0970 1340 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:04:39.0970 1340 BrSerWdm - ok
21:04:40.0032 1340 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:04:40.0032 1340 BrUsbMdm - ok
21:04:40.0157 1340 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:04:40.0157 1340 BrUsbSer - ok
21:04:40.0297 1340 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
21:04:40.0313 1340 BthEnum - ok
21:04:40.0406 1340 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:04:40.0406 1340 BTHMODEM - ok
21:04:40.0516 1340 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
21:04:40.0516 1340 BthPan - ok
21:04:40.0672 1340 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
21:04:40.0687 1340 BTHPORT - ok
21:04:40.0781 1340 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:04:40.0781 1340 bthserv - ok
21:04:40.0874 1340 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
21:04:40.0874 1340 BTHUSB - ok
21:04:40.0921 1340 CADlink - ok
21:04:40.0999 1340 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:04:41.0015 1340 cdfs - ok
21:04:41.0140 1340 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:04:41.0140 1340 cdrom - ok
21:04:41.0296 1340 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:04:41.0311 1340 CertPropSvc - ok
21:04:41.0389 1340 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:04:41.0389 1340 circlass - ok
21:04:41.0467 1340 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:04:41.0483 1340 CLFS - ok
21:04:41.0592 1340 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:04:41.0608 1340 clr_optimization_v2.0.50727_32 - ok
21:04:41.0748 1340 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:04:41.0764 1340 clr_optimization_v4.0.30319_32 - ok
21:04:41.0873 1340 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:04:41.0873 1340 CmBatt - ok
21:04:41.0982 1340 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:04:41.0982 1340 cmdide - ok
21:04:42.0138 1340 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:04:42.0138 1340 CNG - ok
21:04:42.0263 1340 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:04:42.0263 1340 Compbatt - ok
21:04:42.0341 1340 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:04:42.0341 1340 CompositeBus - ok
21:04:42.0403 1340 COMSysApp - ok
21:04:42.0466 1340 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:04:42.0481 1340 crcdisk - ok
21:04:42.0575 1340 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
21:04:42.0575 1340 CryptSvc - ok
21:04:42.0746 1340 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:04:42.0762 1340 DcomLaunch - ok
21:04:42.0840 1340 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:04:42.0840 1340 defragsvc - ok
21:04:42.0949 1340 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:04:42.0965 1340 DfsC - ok
21:04:43.0090 1340 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:04:43.0090 1340 Dhcp - ok
21:04:43.0168 1340 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:04:43.0168 1340 discache - ok
21:04:43.0246 1340 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:04:43.0261 1340 Disk - ok
21:04:43.0324 1340 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:04:43.0339 1340 Dnscache - ok
21:04:43.0386 1340 dnsexit - ok
21:04:43.0480 1340 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:04:43.0495 1340 dot3svc - ok
21:04:43.0573 1340 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:04:43.0589 1340 DPS - ok
21:04:43.0729 1340 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:04:43.0729 1340 drmkaud - ok
21:04:43.0792 1340 DVMIO (6368d6a6dda2e44eecc592eb50950463) C:\SPLASH.SYS\config\dvmio.sys
21:04:43.0792 1340 DVMIO - ok
21:04:43.0885 1340 DvmMDES (577582d57d90fb64276acfee958dbfd3) C:\SPLASH.SYS\config\DVMExportService.exe
21:04:43.0901 1340 DvmMDES - ok
21:04:44.0057 1340 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:04:44.0088 1340 DXGKrnl - ok
21:04:44.0213 1340 Dyn Updater (c3cdc19b715514200f5cec8be5b9c9a8) C:\Program Files\DynDNS Updater\DynUpSvc.exe
21:04:44.0228 1340 Dyn Updater - ok
21:04:44.0306 1340 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:04:44.0306 1340 EapHost - ok
21:04:44.0572 1340 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:04:44.0665 1340 ebdrv - ok
21:04:44.0774 1340 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:04:44.0774 1340 EFS - ok
21:04:44.0899 1340 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:04:44.0915 1340 elxstor - ok
21:04:45.0024 1340 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:04:45.0024 1340 ErrDev - ok
21:04:45.0149 1340 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:04:45.0164 1340 EventSystem - ok
21:04:45.0227 1340 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:04:45.0227 1340 exfat - ok
21:04:45.0305 1340 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:04:45.0320 1340 fastfat - ok
21:04:45.0445 1340 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:04:45.0461 1340 Fax - ok
21:04:45.0523 1340 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:04:45.0523 1340 fdc - ok
21:04:45.0586 1340 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:04:45.0601 1340 fdPHost - ok
21:04:45.0664 1340 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:04:45.0664 1340 FDResPub - ok
21:04:45.0757 1340 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:04:45.0773 1340 FileInfo - ok
21:04:45.0866 1340 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:04:45.0866 1340 Filetrace - ok
21:04:45.0991 1340 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:04:45.0991 1340 flpydisk - ok
21:04:46.0100 1340 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:04:46.0116 1340 FltMgr - ok
21:04:46.0194 1340 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:04:46.0241 1340 FontCache - ok
21:04:46.0319 1340 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:04:46.0319 1340 FontCache3.0.0.0 - ok
21:04:46.0397 1340 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:04:46.0412 1340 FsDepends - ok
21:04:46.0475 1340 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:04:46.0490 1340 Fs_Rec - ok
21:04:46.0600 1340 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:04:46.0631 1340 fvevol - ok
21:04:46.0756 1340 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:04:46.0771 1340 gagp30kx - ok
21:04:46.0849 1340 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
21:04:46.0880 1340 GameConsoleService - ok
21:04:46.0974 1340 GBFSHook - ok
21:04:47.0068 1340 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:04:47.0099 1340 GEARAspiWDM - ok
21:04:47.0208 1340 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:04:47.0270 1340 gpsvc - ok
21:04:47.0364 1340 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:04:47.0364 1340 hcw85cir - ok
21:04:47.0442 1340 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:04:47.0473 1340 HdAudAddService - ok
21:04:47.0551 1340 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:04:47.0598 1340 HDAudBus - ok
21:04:47.0645 1340 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:04:47.0660 1340 HidBatt - ok
21:04:47.0723 1340 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:04:47.0738 1340 HidBth - ok
21:04:47.0832 1340 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:04:47.0848 1340 HidIr - ok
21:04:47.0910 1340 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
21:04:47.0926 1340 hidserv - ok
21:04:48.0004 1340 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
21:04:48.0019 1340 HidUsb - ok
21:04:48.0113 1340 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:04:48.0144 1340 hkmsvc - ok
21:04:48.0253 1340 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:04:48.0284 1340 HomeGroupListener - ok
21:04:48.0347 1340 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:04:48.0378 1340 HomeGroupProvider - ok
21:04:48.0518 1340 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:04:48.0534 1340 HP Support Assistant Service - ok
21:04:48.0612 1340 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
21:04:48.0612 1340 HPDrvMntSvc.exe - ok
21:04:48.0737 1340 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
21:04:48.0784 1340 hpqwmiex - ok
21:04:48.0893 1340 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:04:48.0908 1340 HpSAMD - ok
21:04:49.0111 1340 hshld (b7cfe93627e7796624004687125a729f) C:\Program Files\Hotspot Shield\bin\openvpnas.exe
21:04:49.0111 1340 hshld - ok
21:04:49.0236 1340 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys
21:04:49.0252 1340 HssDrv - ok
21:04:49.0454 1340 HssSrv (2cfea9c337b699aca38487e8a7438f35) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
21:04:49.0470 1340 HssSrv - ok
21:04:49.0657 1340 HssTrayService (b3c6eeeff5c5ea3235b7d84317c1fb3f) C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
21:04:49.0673 1340 HssTrayService - ok
21:04:49.0704 1340 HssWd - ok
21:04:49.0891 1340 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:04:49.0922 1340 HTTP - ok
21:04:49.0985 1340 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:04:50.0032 1340 hwpolicy - ok
21:04:50.0188 1340 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:04:50.0203 1340 i8042prt - ok
21:04:50.0312 1340 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
21:04:50.0312 1340 iaStor - ok
21:04:50.0390 1340 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:04:50.0406 1340 iaStorV - ok
21:04:50.0515 1340 IBM_LLC2 - ok
21:04:50.0656 1340 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:04:50.0718 1340 idsvc - ok
21:04:51.0109 1340 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:04:51.0359 1340 igfx - ok
21:04:51.0499 1340 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:04:51.0515 1340 iirsp - ok
21:04:51.0655 1340 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:04:51.0702 1340 IKEEXT - ok
21:04:51.0858 1340 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:04:51.0873 1340 intelide - ok
21:04:51.0967 1340 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:04:51.0983 1340 intelppm - ok
21:04:52.0123 1340 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:04:52.0139 1340 IPBusEnum - ok
21:04:52.0217 1340 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:04:52.0217 1340 IpFilterDriver - ok
21:04:52.0326 1340 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:04:52.0341 1340 IPMIDRV - ok
21:04:52.0388 1340 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:04:52.0404 1340 IPNAT - ok
21:04:52.0544 1340 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
21:04:52.0591 1340 iPod Service - ok
21:04:52.0700 1340 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:04:52.0716 1340 IRENUM - ok
21:04:52.0794 1340 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:04:52.0809 1340 isapnp - ok
21:04:52.0919 1340 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:04:52.0934 1340 iScsiPrt - ok
21:04:53.0059 1340 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
21:04:53.0106 1340 kbdclass - ok
21:04:53.0184 1340 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
21:04:53.0199 1340 kbdhid - ok
21:04:53.0309 1340 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:04:53.0309 1340 KeyIso - ok
21:04:53.0402 1340 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:04:53.0418 1340 KSecDD - ok
21:04:53.0543 1340 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:04:53.0558 1340 KSecPkg - ok
21:04:53.0683 1340 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:04:53.0714 1340 KtmRm - ok
21:04:53.0823 1340 L1C (f6665df2db33703020193c81f4824c39) C:\Windows\system32\DRIVERS\L1C62x86.sys
21:04:53.0823 1340 L1C - ok
21:04:53.0964 1340 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
21:04:53.0995 1340 LanmanServer - ok
21:04:54.0135 1340 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:04:54.0167 1340 LanmanWorkstation - ok
21:04:54.0291 1340 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:04:54.0307 1340 lltdio - ok
21:04:54.0401 1340 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:04:54.0416 1340 lltdsvc - ok
21:04:54.0510 1340 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:04:54.0525 1340 lmhosts - ok
21:04:54.0588 1340 logmein - ok
21:04:54.0697 1340 lp6nds35 - ok
21:04:54.0759 1340 lsdiorw - ok
21:04:54.0853 1340 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:04:54.0869 1340 LSI_FC - ok
21:04:54.0947 1340 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:04:54.0962 1340 LSI_SAS - ok
21:04:55.0009 1340 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:04:55.0040 1340 LSI_SAS2 - ok
21:04:55.0103 1340 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:04:55.0118 1340 LSI_SCSI - ok
21:04:55.0181 1340 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:04:55.0227 1340 luafv - ok
21:04:55.0305 1340 lvmvdrv - ok
21:04:55.0368 1340 lxdj_device - ok
21:04:55.0446 1340 MaxtorFrontPanel1 - ok
21:04:55.0524 1340 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:04:55.0539 1340 megasas - ok
21:04:55.0633 1340 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:04:55.0664 1340 MegaSR - ok
21:04:55.0773 1340 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:04:55.0789 1340 MMCSS - ok
21:04:55.0914 1340 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:04:55.0929 1340 Modem - ok
21:04:56.0007 1340 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:04:56.0007 1340 monitor - ok
21:04:56.0101 1340 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:04:56.0101 1340 mouclass - ok
21:04:56.0179 1340 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:04:56.0195 1340 mouhid - ok
21:04:56.0257 1340 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:04:56.0304 1340 mountmgr - ok
21:04:56.0382 1340 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:04:56.0413 1340 mpio - ok
21:04:56.0475 1340 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:04:56.0491 1340 mpsdrv - ok
21:04:56.0585 1340 mrpostman - ok
21:04:56.0678 1340 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:04:56.0694 1340 MRxDAV - ok
21:04:56.0787 1340 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:04:56.0834 1340 mrxsmb - ok
21:04:56.0928 1340 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:04:56.0943 1340 mrxsmb10 - ok
21:04:57.0037 1340 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:04:57.0053 1340 mrxsmb20 - ok
21:04:57.0131 1340 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:04:57.0131 1340 msahci - ok
21:04:57.0224 1340 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:04:57.0224 1340 msdsm - ok
21:04:57.0333 1340 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:04:57.0365 1340 MSDTC - ok
21:04:57.0489 1340 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:04:57.0505 1340 Msfs - ok
21:04:57.0583 1340 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:04:57.0599 1340 mshidkmdf - ok
21:04:57.0678 1340 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:04:57.0693 1340 msisadrv - ok
21:04:57.0865 1340 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:04:57.0919 1340 MSiSCSI - ok
21:04:57.0989 1340 msiserver - ok
21:04:58.0067 1340 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:04:58.0083 1340 MSKSSRV - ok
21:04:58.0145 1340 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:04:58.0145 1340 MSPCLOCK - ok
21:04:58.0215 1340 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:04:58.0224 1340 MSPQM - ok
21:04:58.0293 1340 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:04:58.0327 1340 MsRPC - ok
21:04:58.0443 1340 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:04:58.0455 1340 mssmbios - ok
21:04:58.0526 1340 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:04:58.0536 1340 MSTEE - ok
21:04:58.0606 1340 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:04:58.0616 1340 MTConfig - ok
21:04:58.0673 1340 MTDVC2 - ok
21:04:58.0749 1340 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:04:58.0759 1340 Mup - ok
21:04:58.0822 1340 MxlW2k - ok
21:04:58.0947 1340 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:04:58.0993 1340 napagent - ok
21:04:59.0134 1340 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:04:59.0182 1340 NativeWifiP - ok
21:04:59.0306 1340 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:04:59.0384 1340 NDIS - ok
21:04:59.0525 1340 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:04:59.0540 1340 NdisCap - ok
21:04:59.0618 1340 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:04:59.0618 1340 NdisTapi - ok
21:04:59.0696 1340 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:04:59.0712 1340 Ndisuio - ok
21:04:59.0806 1340 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:04:59.0821 1340 NdisWan - ok
21:04:59.0884 1340 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:04:59.0899 1340 NDProxy - ok
21:05:00.0024 1340 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
21:05:00.0086 1340 Netaapl - ok
21:05:00.0211 1340 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:05:00.0211 1340 NetBIOS - ok
21:05:00.0305 1340 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:05:00.0320 1340 NetBT - ok
21:05:00.0398 1340 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:05:00.0414 1340 Netlogon - ok
21:05:00.0508 1340 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:05:00.0554 1340 Netman - ok
21:05:00.0664 1340 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:05:00.0742 1340 netprofm - ok
21:05:00.0835 1340 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:05:00.0851 1340 NetTcpPortSharing - ok
21:05:00.0944 1340 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:05:00.0960 1340 nfrd960 - ok
21:05:00.0991 1340 ngserver - ok
21:05:01.0085 1340 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:05:01.0116 1340 NlaSvc - ok
21:05:01.0256 1340 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
21:05:01.0303 1340 nmservice - ok
21:05:01.0412 1340 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:05:01.0444 1340 Npfs - ok
21:05:01.0537 1340 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:05:01.0568 1340 nsi - ok
21:05:01.0646 1340 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:05:01.0662 1340 nsiproxy - ok
21:05:01.0865 1340 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:05:01.0927 1340 Ntfs - ok
21:05:02.0083 1340 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:05:02.0083 1340 Null - ok
21:05:02.0192 1340 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
21:05:02.0224 1340 NVENETFD - ok
21:05:02.0348 1340 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:05:02.0364 1340 nvraid - ok
21:05:02.0426 1340 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:05:02.0458 1340 nvstor - ok
21:05:02.0582 1340 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:05:02.0598 1340 nv_agp - ok
21:05:02.0660 1340 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:05:02.0676 1340 ohci1394 - ok
21:05:02.0801 1340 oracledbconsoleorcl - ok
21:05:02.0894 1340 oracleorahomehttpserver - ok
21:05:03.0019 1340 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:05:03.0066 1340 p2pimsvc - ok
21:05:03.0144 1340 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:05:03.0191 1340 p2psvc - ok
21:05:03.0316 1340 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:05:03.0316 1340 Parport - ok
21:05:03.0425 1340 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
21:05:03.0487 1340 partmgr - ok
21:05:03.0550 1340 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:05:03.0565 1340 Parvdm - ok
21:05:03.0659 1340 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:05:03.0690 1340 PcaSvc - ok
21:05:03.0768 1340 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:05:03.0768 1340 pci - ok
21:05:03.0830 1340 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:05:03.0846 1340 pciide - ok
21:05:03.0940 1340 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:05:03.0955 1340 pcmcia - ok
21:05:04.0018 1340 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:05:04.0033 1340 pcw - ok
21:05:04.0096 1340 pdlndoem - ok
21:05:04.0221 1340 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:05:04.0253 1340 PEAUTH - ok
21:05:04.0487 1340 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:05:04.0580 1340 pla - ok
21:05:04.0721 1340 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:05:04.0752 1340 PlugPlay - ok
21:05:04.0877 1340 pnarp (8092d881311b313c99099870f663f888) C:\Windows\system32\DRIVERS\pnarp.sys
21:05:04.0877 1340 pnarp - ok
21:05:04.0970 1340 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:05:05.0001 1340 PNRPAutoReg - ok
21:05:05.0048 1340 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:05:05.0079 1340 PNRPsvc - ok
21:05:05.0142 1340 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:05:05.0189 1340 PolicyAgent - ok
21:05:05.0298 1340 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:05:05.0360 1340 Power - ok
21:05:05.0501 1340 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:05:05.0516 1340 PptpMiniport - ok
21:05:05.0563 1340 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:05:05.0579 1340 Processor - ok
21:05:05.0657 1340 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
21:05:05.0672 1340 ProfSvc - ok
21:05:05.0719 1340 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:05:05.0719 1340 ProtectedStorage - ok
21:05:05.0781 1340 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:05:05.0797 1340 Psched - ok
21:05:05.0875 1340 purendis (9715050608550825b23507213cae0208) C:\Windows\system32\DRIVERS\purendis.sys
21:05:05.0891 1340 purendis - ok
21:05:06.0000 1340 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:05:06.0078 1340 ql2300 - ok
21:05:06.0156 1340 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:05:06.0171 1340 ql40xx - ok
21:05:06.0234 1340 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:05:06.0265 1340 QWAVE - ok
21:05:06.0327 1340 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:05:06.0343 1340 QWAVEdrv - ok
21:05:06.0374 1340 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:05:06.0390 1340 RasAcd - ok
21:05:06.0452 1340 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:05:06.0468 1340 RasAgileVpn - ok
21:05:06.0546 1340 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:05:06.0577 1340 RasAuto - ok
21:05:06.0639 1340 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:05:06.0655 1340 Rasl2tp - ok
21:05:06.0733 1340 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:05:06.0780 1340 RasMan - ok
21:05:06.0842 1340 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:05:06.0842 1340 RasPppoe - ok
21:05:06.0905 1340 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:05:06.0920 1340 RasSstp - ok
21:05:06.0998 1340 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:05:06.0998 1340 rdbss - ok
21:05:07.0061 1340 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:05:07.0076 1340 rdpbus - ok
21:05:07.0123 1340 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:05:07.0123 1340 RDPCDD - ok
21:05:07.0201 1340 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:05:07.0217 1340 RDPENCDD - ok
21:05:07.0280 1340 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:05:07.0280 1340 RDPREFMP - ok
21:05:07.0389 1340 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
21:05:07.0389 1340 RDPWD - ok
21:05:07.0498 1340 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:05:07.0514 1340 rdyboost - ok
21:05:07.0592 1340 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:05:07.0608 1340 RemoteAccess - ok
21:05:07.0654 1340 remotelyanywhere - ok
21:05:07.0732 1340 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:05:07.0764 1340 RemoteRegistry - ok
21:05:07.0842 1340 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
21:05:07.0857 1340 RFCOMM - ok
21:05:07.0920 1340 rnadirectory - ok
21:05:07.0998 1340 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:05:08.0013 1340 RpcEptMapper - ok
21:05:08.0060 1340 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:05:08.0076 1340 RpcLocator - ok
21:05:08.0138 1340 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:05:08.0154 1340 RpcSs - ok
21:05:08.0216 1340 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:05:08.0232 1340 rspndr - ok
21:05:08.0311 1340 RSUSBSTOR (96f8dd546677aa5102150acc140377b3) C:\Windows\system32\Drivers\RtsUStor.sys
21:05:08.0342 1340 RSUSBSTOR - ok
21:05:08.0435 1340 RtsUIR - ok
21:05:08.0513 1340 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:05:08.0529 1340 SamSs - ok
21:05:08.0685 1340 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:05:08.0716 1340 sbp2port - ok
21:05:08.0810 1340 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:05:08.0841 1340 SCardSvr - ok
21:05:08.0903 1340 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:05:08.0935 1340 scfilter - ok
21:05:09.0028 1340 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:05:09.0075 1340 Schedule - ok
21:05:09.0122 1340 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:05:09.0122 1340 SCPolicySvc - ok
21:05:09.0215 1340 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
21:05:09.0215 1340 sdbus - ok
21:05:09.0293 1340 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:05:09.0340 1340 SDRSVC - ok
21:05:09.0449 1340 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
21:05:09.0481 1340 SeaPort - ok
21:05:09.0574 1340 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:05:09.0590 1340 secdrv - ok
21:05:09.0652 1340 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:05:09.0652 1340 seclogon - ok
21:05:09.0699 1340 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
21:05:09.0730 1340 SENS - ok
21:05:09.0777 1340 sentinel - ok
21:05:09.0824 1340 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:05:09.0839 1340 Serenum - ok
21:05:09.0886 1340 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:05:09.0902 1340 Serial - ok
21:05:09.0949 1340 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:05:09.0949 1340 sermouse - ok
21:05:10.0027 1340 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:05:10.0058 1340 SessionEnv - ok
21:05:10.0105 1340 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:05:10.0105 1340 sffdisk - ok
21:05:10.0136 1340 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:05:10.0151 1340 sffp_mmc - ok
21:05:10.0183 1340 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:05:10.0198 1340 sffp_sd - ok
21:05:10.0229 1340 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:05:10.0245 1340 sfloppy - ok
21:05:10.0307 1340 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:05:10.0339 1340 SharedAccess - ok
21:05:10.0385 1340 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:05:10.0417 1340 ShellHWDetection - ok
21:05:10.0479 1340 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:05:10.0510 1340 sisagp - ok
21:05:10.0573 1340 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:05:10.0573 1340 SiSRaid2 - ok
21:05:10.0619 1340 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:05:10.0635 1340 SiSRaid4 - ok
21:05:10.0697 1340 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
21:05:10.0697 1340 SkypeUpdate - ok
21:05:10.0807 1340 slabser - ok
21:05:10.0869 1340 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:05:10.0900 1340 Smb - ok
21:05:10.0978 1340 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:05:10.0994 1340 SNMPTRAP - ok
21:05:11.0025 1340 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:05:11.0025 1340 spldr - ok
21:05:11.0072 1340 spmd - ok
21:05:11.0150 1340 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:05:11.0181 1340 Spooler - ok
 
part2

21:05:11.0337 1340 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:05:11.0477 1340 sppsvc - ok
21:05:11.0540 1340 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:05:11.0555 1340 sppuinotify - ok
21:05:11.0587 1340 SQLWriter - ok
21:05:11.0649 1340 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:05:11.0665 1340 srv - ok
21:05:11.0711 1340 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:05:11.0727 1340 srv2 - ok
21:05:11.0789 1340 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:05:11.0805 1340 SrvHsfHDA - ok
21:05:11.0867 1340 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:05:11.0930 1340 SrvHsfV92 - ok
21:05:11.0992 1340 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:05:12.0023 1340 SrvHsfWinac - ok
21:05:12.0070 1340 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:05:12.0086 1340 srvnet - ok
21:05:12.0133 1340 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:05:12.0164 1340 SSDPSRV - ok
21:05:12.0211 1340 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:05:12.0226 1340 SstpSvc - ok
21:05:12.0305 1340 STacSV (7437646782eb51cc0846a8fd3ea58989) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe
21:05:12.0321 1340 STacSV - ok
21:05:12.0368 1340 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:05:12.0368 1340 stexstor - ok
21:05:12.0414 1340 STHDA (ffe2d0a09c9c806b005c97076cc1034c) C:\Windows\system32\DRIVERS\stwrt.sys
21:05:12.0446 1340 STHDA - ok
21:05:12.0524 1340 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:05:12.0555 1340 StiSvc - ok
21:05:12.0602 1340 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:05:12.0602 1340 swenum - ok
21:05:12.0664 1340 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:05:12.0680 1340 swprv - ok
21:05:12.0758 1340 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
21:05:12.0758 1340 SynTP - ok
21:05:12.0836 1340 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
21:05:12.0914 1340 SysMain - ok
21:05:12.0960 1340 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
21:05:12.0976 1340 TabletInputService - ok
21:05:13.0038 1340 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
21:05:13.0038 1340 taphss - ok
21:05:13.0101 1340 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
21:05:13.0132 1340 TapiSrv - ok
21:05:13.0179 1340 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:05:13.0194 1340 TBS - ok
21:05:13.0288 1340 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
21:05:13.0335 1340 Tcpip - ok
21:05:13.0444 1340 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
21:05:13.0475 1340 TCPIP6 - ok
21:05:13.0538 1340 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:05:13.0553 1340 tcpipreg - ok
21:05:13.0616 1340 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:05:13.0616 1340 TDPIPE - ok
21:05:13.0694 1340 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
21:05:13.0709 1340 TDTCP - ok
21:05:13.0865 1340 tdx (9fa960482064908d2466c2f6d999a00e) C:\Windows\system32\DRIVERS\tdx.sys
21:05:13.0881 1340 tdx - ok
21:05:14.0068 1340 TeamViewer7 (de09282b3abef632917ebedc4dcdfb56) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
21:05:14.0177 1340 TeamViewer7 - ok
21:05:14.0255 1340 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:05:14.0271 1340 TermDD - ok
21:05:14.0333 1340 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
21:05:14.0364 1340 TermService - ok
21:05:14.0427 1340 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:05:14.0442 1340 Themes - ok
21:05:14.0489 1340 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:05:14.0489 1340 THREADORDER - ok
21:05:14.0520 1340 tones - ok
21:05:14.0583 1340 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:05:14.0583 1340 TrkWks - ok
21:05:14.0645 1340 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
21:05:14.0645 1340 TrustedInstaller - ok
21:05:14.0692 1340 tsmapip - ok
21:05:14.0754 1340 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:05:14.0786 1340 tssecsrv - ok
21:05:14.0895 1340 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:05:14.0910 1340 TsUsbFlt - ok
21:05:15.0082 1340 TuneUp.UtilitiesSvc (65217cb56f60561fbfd00e7c3273deba) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
21:05:15.0129 1340 TuneUp.UtilitiesSvc - ok
21:05:15.0222 1340 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
21:05:15.0238 1340 TuneUpUtilitiesDrv - ok
21:05:15.0364 1340 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:05:15.0364 1340 tunnel - ok
21:05:15.0426 1340 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:05:15.0426 1340 uagp35 - ok
21:05:15.0535 1340 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:05:15.0535 1340 udfs - ok
21:05:15.0613 1340 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:05:15.0629 1340 UI0Detect - ok
21:05:15.0645 1340 uiusys - ok
21:05:15.0723 1340 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:05:15.0723 1340 uliagpkx - ok
21:05:15.0785 1340 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
21:05:15.0801 1340 umbus - ok
21:05:15.0847 1340 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:05:15.0847 1340 UmPass - ok
21:05:15.0910 1340 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:05:15.0925 1340 upnphost - ok
21:05:16.0050 1340 USB28xxBGA (9be2c659ca510d905cbe2b9f1f84e728) C:\Windows\system32\DRIVERS\emBDA.sys
21:05:16.0066 1340 USB28xxBGA - ok
21:05:16.0128 1340 USB28xxOEM (3f90a05fbbc1649f33889b5ddbdea167) C:\Windows\system32\DRIVERS\emOEM.sys
21:05:16.0144 1340 USB28xxOEM - ok
21:05:16.0300 1340 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
21:05:16.0300 1340 USBAAPL - ok
21:05:16.0378 1340 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
21:05:16.0378 1340 usbaudio - ok
21:05:16.0440 1340 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:05:16.0440 1340 usbccgp - ok
21:05:16.0534 1340 USBCCID - ok
21:05:16.0596 1340 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:05:16.0612 1340 usbcir - ok
21:05:16.0659 1340 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:05:16.0674 1340 usbehci - ok
21:05:16.0752 1340 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:05:16.0752 1340 usbhub - ok
21:05:16.0815 1340 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:05:16.0815 1340 usbohci - ok
21:05:16.0893 1340 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:05:16.0893 1340 usbprint - ok
21:05:16.0939 1340 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:05:16.0955 1340 USBSTOR - ok
21:05:17.0002 1340 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:05:17.0002 1340 usbuhci - ok
21:05:17.0064 1340 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
21:05:17.0080 1340 usbvideo - ok
21:05:17.0127 1340 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:05:17.0142 1340 UxSms - ok
21:05:17.0236 1340 UxTuneUp (6f81dccd90e56b0e2b677feadb34681c) C:\Windows\System32\uxtuneup.dll
21:05:17.0251 1340 UxTuneUp - ok
21:05:17.0298 1340 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:05:17.0314 1340 VaultSvc - ok
21:05:17.0376 1340 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:05:17.0376 1340 vdrvroot - ok
21:05:17.0470 1340 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
21:05:17.0501 1340 vds - ok
21:05:17.0563 1340 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:05:17.0563 1340 vga - ok
21:05:17.0657 1340 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:05:17.0673 1340 VgaSave - ok
21:05:17.0749 1340 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:05:17.0749 1340 vhdmp - ok
21:05:17.0847 1340 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:05:17.0847 1340 viaagp - ok
21:05:17.0909 1340 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:05:17.0909 1340 ViaC7 - ok
21:05:17.0956 1340 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:05:17.0956 1340 viaide - ok
21:05:18.0003 1340 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:05:18.0018 1340 volmgr - ok
21:05:18.0065 1340 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:05:18.0081 1340 volmgrx - ok
21:05:18.0132 1340 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:05:18.0148 1340 volsnap - ok
21:05:18.0193 1340 vpcnfltr - ok
21:05:18.0266 1340 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:05:18.0300 1340 vsmraid - ok
21:05:18.0387 1340 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
21:05:18.0440 1340 VSS - ok
21:05:18.0593 1340 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
21:05:18.0710 1340 vToolbarUpdater10.2.0 - ok
21:05:18.0841 1340 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
21:05:18.0848 1340 vwifibus - ok
21:05:18.0894 1340 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:05:18.0894 1340 vwififlt - ok
21:05:18.0988 1340 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
21:05:18.0988 1340 vwifimp - ok
21:05:19.0050 1340 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:05:19.0082 1340 W32Time - ok
21:05:19.0144 1340 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:05:19.0144 1340 WacomPen - ok
21:05:19.0206 1340 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:05:19.0206 1340 WANARP - ok
21:05:19.0222 1340 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:05:19.0222 1340 Wanarpv6 - ok
21:05:19.0316 1340 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
21:05:19.0409 1340 wbengine - ok
21:05:19.0472 1340 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:05:19.0487 1340 WbioSrvc - ok
21:05:19.0550 1340 Wbutton - ok
21:05:19.0612 1340 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
21:05:19.0643 1340 wcncsvc - ok
21:05:19.0706 1340 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:05:19.0721 1340 WcsPlugInService - ok
21:05:19.0784 1340 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:05:19.0784 1340 Wd - ok
21:05:19.0862 1340 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:05:19.0877 1340 Wdf01000 - ok
21:05:19.0924 1340 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:05:19.0940 1340 WdiServiceHost - ok
21:05:19.0971 1340 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:05:19.0971 1340 WdiSystemHost - ok
21:05:20.0049 1340 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
21:05:20.0064 1340 WebClient - ok
21:05:20.0111 1340 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:05:20.0127 1340 Wecsvc - ok
21:05:20.0189 1340 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:05:20.0205 1340 wercplsupport - ok
21:05:20.0267 1340 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:05:20.0267 1340 WerSvc - ok
21:05:20.0362 1340 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:05:20.0362 1340 WfpLwf - ok
21:05:20.0393 1340 WIBUKEY - ok
21:05:20.0455 1340 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:05:20.0471 1340 WIMMount - ok
21:05:20.0502 1340 WinHttpAutoProxySvc - ok
21:05:20.0596 1340 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:05:20.0596 1340 Winmgmt - ok
21:05:20.0705 1340 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
21:05:20.0814 1340 WinRM - ok
21:05:20.0908 1340 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
21:05:20.0923 1340 WinUsb - ok
21:05:21.0048 1340 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:05:21.0095 1340 Wlansvc - ok
21:05:21.0235 1340 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:05:21.0267 1340 wlidsvc - ok
21:05:21.0392 1340 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:05:21.0408 1340 WmiAcpi - ok
21:05:21.0517 1340 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:05:21.0548 1340 wmiApSrv - ok
21:05:21.0658 1340 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:05:21.0673 1340 WMPNetworkSvc - ok
21:05:21.0767 1340 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:05:21.0798 1340 WPCSvc - ok
21:05:21.0860 1340 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
21:05:21.0860 1340 WPDBusEnum - ok
21:05:21.0985 1340 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:05:21.0985 1340 ws2ifsl - ok
21:05:22.0016 1340 WSearch - ok
21:05:22.0157 1340 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
21:05:22.0250 1340 wuauserv - ok
21:05:22.0297 1340 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:05:22.0344 1340 WudfPf - ok
21:05:22.0422 1340 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:05:22.0422 1340 WUDFRd - ok
21:05:22.0500 1340 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
21:05:22.0500 1340 wudfsvc - ok
21:05:22.0578 1340 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:05:22.0609 1340 WwanSvc - ok
21:05:22.0718 1340 MBR (0x1B8) (aed292c311a05fe632655e091278d486) \Device\Harddisk0\DR0
21:05:22.0750 1340 \Device\Harddisk0\DR0 - ok
21:05:22.0765 1340 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
21:05:22.0921 1340 \Device\Harddisk1\DR1 - ok
21:05:22.0937 1340 Boot (0x1200) (c36f7b21c2bd6e59dc1d64d4bdf04084) \Device\Harddisk0\DR0\Partition0
21:05:22.0952 1340 \Device\Harddisk0\DR0\Partition0 - ok
21:05:22.0984 1340 Boot (0x1200) (755764cd170c9e0a5a1af286c9620f6e) \Device\Harddisk0\DR0\Partition1
21:05:22.0984 1340 \Device\Harddisk0\DR0\Partition1 - ok
21:05:23.0015 1340 Boot (0x1200) (462d4e4096c296d8fd39d448e06d84ff) \Device\Harddisk0\DR0\Partition2
21:05:23.0015 1340 \Device\Harddisk0\DR0\Partition2 - ok
21:05:23.0030 1340 Boot (0x1200) (adc4d8c38330f93a30a1cfcd2768cd1d) \Device\Harddisk1\DR1\Partition0
21:05:23.0030 1340 \Device\Harddisk1\DR1\Partition0 - ok
21:05:23.0046 1340 ============================================================
21:05:23.0046 1340 Scan finished
21:05:23.0046 1340 ============================================================
21:05:23.0077 5808 Detected object count: 0
21:05:23.0077 5808 Actual detected object count: 0
 
Notebook keps blocking from time to time.
Cutting power and restart is necessary :-(
Got Trojan IDP something too.

First attempt for executing aswMBR didn't, work,stopped immediatly

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-14 21:42:02
-----------------------------
21:42:02.290 OS Version: Windows 6.1.7601 Service Pack 1
21:42:02.290 Number of processors: 2 586 0x1C02
21:42:02.306 ComputerName: TERESA-PC UserName: Teresa
21:43:47.189 Initialze error C000010E - driver not loaded
21:45:52.589 AVAST engine defs: 12041401
21:47:36.491 Scan error: Fonction incorrecte. <------------------was red color
21:48:31.366 The log file has been saved successfully to "C:\Users\Teresa\Desktop\aswMBR.txt"

Second Attempt, but blocked due to trojan activity popups :-(


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-14 21:54:19
-----------------------------
21:54:19.358 OS Version: Windows 6.1.7601 Service Pack 1
21:54:19.358 Number of processors: 2 586 0x1C02
21:54:19.420 ComputerName: TERESA-PC UserName: Teresa
21:54:21.074 Initialize success
21:54:39.190 AVAST engine defs: 12041401
21:54:44.028 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:54:44.043 Disk 0 Vendor: ST916031 0005 Size: 152627MB BusType: 3
21:54:44.075 Disk 0 MBR read successfully
21:54:44.075 Disk 0 MBR scan
21:54:44.121 Disk 0 unknown MBR code
21:54:44.137 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 139794 MB offset 2048
21:54:44.184 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12629 MB offset 286300160
21:54:44.215 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 201 MB offset 312164352
21:54:44.246 Disk 0 scanning sectors +312576000
21:54:44.324 Disk 0 scanning C:\Windows\system32\drivers
21:55:08.370 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Rootkit-gen [Rtk]
21:55:13.560 Disk 0 trace - called modules:
21:55:13.606 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8514dfd0]<<
21:55:13.653 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84e4e2f8]
21:55:13.684 3 CLASSPNP.SYS[86b8b59e] -> nt!IofCallDriver -> [0x850e7b10]
21:55:13.700 \Driver\00000737[0x850e7c48] -> IRP_MJ_CREATE -> 0x8514dfd0
21:55:23.016 AVAST engine scan C:\Windows
21:55:33.569 AVAST engine scan C:\Windows\system32
22:11:54.740 AVAST engine scan C:\Windows\system32\drivers
22:12:23.655 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Rootkit-gen [Rtk]
22:12:33.494 AVAST engine scan C:\Users\Teresa
22:22:38.713 Disk 0 MBR has been saved successfully to "C:\Users\Teresa\Desktop\MBR.dat"
22:22:38.791 The log file has been saved successfully to "C:\Users\Teresa\Desktop\aswMBR2.txt"
 
Second attempt, same result, blocking after some time ...


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-14 22:32:44
-----------------------------
22:32:44.943 OS Version: Windows 6.1.7601 Service Pack 1
22:32:44.943 Number of processors: 2 586 0x1C02
22:32:44.943 ComputerName: TERESA-PC UserName: Teresa
22:32:47.704 Initialize success
22:33:05.702 AVAST engine defs: 12041401
22:33:57.574 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:33:57.574 Disk 0 Vendor: ST916031 0005 Size: 152627MB BusType: 3
22:33:57.605 Disk 0 MBR read successfully
22:33:57.621 Disk 0 MBR scan
22:33:57.730 Disk 0 unknown MBR code
22:33:57.793 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 139794 MB offset 2048
22:33:57.839 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12629 MB offset 286300160
22:33:58.105 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 201 MB offset 312164352
22:33:58.167 Disk 0 scanning sectors +312576000
22:33:58.401 Disk 0 scanning C:\Windows\system32\drivers
22:34:38.253 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Rootkit-gen [Rtk]
22:34:46.385 Disk 0 trace - called modules:
22:34:46.463 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8514dfd0]<<
22:34:46.495 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84e4e2f8]
22:34:46.510 3 CLASSPNP.SYS[86b8b59e] -> nt!IofCallDriver -> [0x850e7b10]
22:34:46.541 \Driver\00000737[0x850e7c48] -> IRP_MJ_CREATE -> 0x8514dfd0
22:34:52.551 AVAST engine scan C:\Windows
22:35:09.619 AVAST engine scan C:\Windows\system32
22:46:46.449 AVAST engine scan C:\Windows\system32\drivers
22:47:20.985 File: C:\Windows\system32\drivers\tdx.sys **INFECTED** Win32:Rootkit-gen [Rtk]
22:47:32.898 AVAST engine scan C:\Users\Teresa
23:19:58.030 Disk 0 MBR has been saved successfully to "C:\Users\Teresa\Desktop\MBR.dat"
23:19:58.030 The log file has been saved successfully to "C:\Users\Teresa\Desktop\aswMBR3.txt"

Infected with Win32:Rootkit-gen [Rtk]
What next???????
 
Did you run the scan I asked you to in the messge I sent yesterdy? It appears that you are following someone els's directions.

If you would like us to check the system for malware, please follow these steps: Preliminary Virus and Malware Removal.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
===================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.
 
You must log in or register to reply here.

Similar threads

midian182
Ad for a cheap BMW was used as Trojan horse in Russian cyberattack on Ukrainian diplomats
Replies
1
Views
332
Jaabaaar
Jaabaaar
midian182
Windows 10 sees resurgence in Steam survey, English is no longer the top language
Replies
8
Views
315
ZedRM
ZedRM
A
New tool claims it can identify AI-written science papers 99% of the time
Replies
6
Views
584
kiwigraeme
K

Latest posts

Back