Solved

Help please - Virus - Trojan Horse PSW.Banker6.UHV

Posted on 2012-04-01
18
1,483 Views
Last Modified: 2013-11-22
Hello and thanks for everyone's help in advance.

My laptop has caught the following virus and I can't seem to get rid of it.  

Trojan Horse PSW.Banker6.UHV

I ran AVG Internet Security 2012 in safe mode and it is still showing up.  

My computer is running windows XP, home edition, 2002, service pack 3.

Please advise.
0
Comment
Question by:rsmitty12
  • 6
  • 4
  • 3
  • +4
18 Comments
 
LVL 6

Assisted Solution

by:awaggoner
awaggoner earned 200 total points
Comment Utility
http://wiki.answers.com/Q/How_do_you_remove_the_virus_psw.banker.6.bc

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy:Win32/Bancos.AER

The best answer is to reformat and reinstall, otherwise be sure to check for root kits as well after cleaning the detected virus.
http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx
http://support.kaspersky.com/faq/?qid=208283363

Please note that this virus can go after banking and personal information.  Take appropriate steps to safeguard your banking and credit card information
0
 
LVL 3

Assisted Solution

by:BobRalph
BobRalph earned 100 total points
Comment Utility
The PSW.Banker viruses lodge themselves pretty deep in the operating system. Manually removing it is very difficult and you run the risk of messing up your PC if you delete the wrong files or registry entries. I suggest trying a program called Malwarebytes. It's free to manually scan and remove malware (the paid upgrade adds real time protection). Make sure to shut off your AVG real-time protection while you scan with Malwarebytes. If the software is unable to remove the virus, then reformatting and re-installing Windows is your best and safest option.

Like awaggoner suggested, please keep a close eye on your banking or other account info that you log into using your computer. This virus specializes in stealing personal data.

http://www.malwarebytes.org/products/malwarebytes_free
0
 

Author Comment

by:rsmitty12
Comment Utility
So is the best answer for me to format my hard drive?  I was hoping I could avoid that.

Does anyone have a step by step procedure that I could follow to fix this?
0
 
LVL 38

Accepted Solution

by:
younghv earned 100 total points
Comment Utility
No, you should not have to format/reinstall.

I have a couple of EE Articles that give you detailed steps to take. Please be sure to post the log files generated by each of the scanner/tools you use.

Rogue-Killer-What-a-great-name
Stop-the-Bleeding-First-Aid-for-Malware

You can substitute "TheKiller" for "RogueKiller", but follow the same sequence.

Download TheKiller to your Desktop
http://maliprog.geekstogo.com/explorer.exe

Note that TheKiller is renamed as explorer.exe
Run it by double click
Press OK button after program finish
Do not restart your system after this step, but immediately run the next scan: MalwareBytes, TDSSKiller, ComboFix
0
 
LVL 3

Expert Comment

by:BobRalph
Comment Utility
No, reformatting should be your last resort. Try the Malwarebytes program that I gave a link to. Just install the program and scan your computer, and try in safe mode as well. If it is unable to remove the virus, then I suggest either trying a few other malware removers or reinstalling Windows from scratch as a last resort. I don't recommend trying to manually hunt down all parts of the virus in the registry and system files, as you can easily delete the wrong thing or miss parts of the virus.

Here is a Malwarebytes walkthrough:
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial
0
 
LVL 38

Expert Comment

by:younghv
Comment Utility
It is not a good idea to simply try to 'run malwarebytes'. Many of the current malware variants will block it running or affect its scans. This is the whole purpose of programs such as "RogueKiller" or "TheKiller".

All of the tools you need to run are listed in the EE Articles and no, you should not need to take any 'manual' actions.

The Malwarebytes scan you select should only be the "Quick Scan" - no need for the full when you start.

Read here for a whole list of reasons why you should not do a "Safe Mode" scan - if - your system will boot to "Normal Mode":

Malware Fighting – Best Practices
0
 
LVL 3

Expert Comment

by:BobRalph
Comment Utility
Younghv, the end of the walkthrough that I posted shows what to do in the event that Malwarebytes is unable to install or scan. I'm simply showing the easiest way to take care of viruses like these and trying to keep it simple by recommending the best well established program for the job and giving a helpful link with the procedure outlined in detail.

IMHO, the best idea for a dangerous virus like this is a complete reformat/reinstall of the operating system. That is the course of action that I take for peace of mind whenever I have a stubborn virus that is know to steal personal info.
0
 

Author Comment

by:rsmitty12
Comment Utility
Thank you so much for everyones help.  I'm hoping to avoid it but I have a feeling I'm going to be doing a fresh install of windows.  We'll see.

Here is what I've done so far:

I ran Rogue Killer.  I also ran Rkill.

After I ran both of those programs I ran malwarebytes.  Then I re-started the computer.

I've attached the logs for your review.

Please advise.

thanks
rkill-log.txt
mbam-log-2012-04-01--19-28-07-.txt
RKreport-3-.txt
0
 

Expert Comment

by:saedz
Comment Utility
It is very important to turn off the "system restore" since some malware make a backup there, boot with an updated rescue disk and scan all drives.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 38

Expert Comment

by:younghv
Comment Utility
"It is very important to turn off the "system restore..."

NOT TRUE! (and never has been).
Infected restore points are dormant and cannot reinfect the OS unless they are actually used.

Read this: Viruses in System Volume Information (System Restore)

@BobRalph - you might do well to join up on the Malwarebytes forum and start learning something before you presume to lecture anyone about how it works.
**************

@rsmitty12 - I see that you just joined EE yesterday, so first of all welcome.

EE does not require any kind of qualification process before allowing "Experts" to post advice. Unfortunately we have those whose expertise involves nothing more than their ability to use Google to search out keywords and post the links they find.

If you want to find out more about those posting suggestions to you, simply click on their "Expert Name" in the Title Bar of any comment and review the information in their profiles. I've posted links to some EE Articles I've written about malware and suggest that you read them and follow the advice. You would also do well to read the EE Articles published by 'rpggamergirl' (http://www.experts-exchange.com/M_3598771.html) the most prolific expert in all of the "Virus & Spyware" topic areas.

The advice and comments in this question have degenerated to the point where I will be doing best to stop monitoring (and responding) and will not see any further responses.

I wish you well with this situation and hope that I can help you with some problem in the future.
0
 
LVL 29

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 100 total points
Comment Utility
@rsmitty12

As per RogueKiller, there are many processes and driver files which are HOOKED with the infection.

SSDT[111] : NtNotifyChangeKey @ 0x806262DE -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xA9B77004)
SSDT[112] : NtNotifyChangeMultipleKeys @ 0x80624F12 -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xA9B770D4)
SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xA9B76D76)
SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xA9B76E1E)
SSDT[258] : NtTerminateThread @ 0x805D2BDC -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xA9B76EBA)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43CC -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xA9B76F56)
S_SSDT[383] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xA9B7759E)
S_SSDT[414] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xA9B7750A)
S_SSDT[416] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xA9B7754A)
S_SSDT[549] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\avgidsshimx.sys @ 0xA9B7749C)
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E4B40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E4B40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E4B40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E4B40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E4B40)
IRP[IRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF72E4B40)

Some process were also terminated by RKill

Processes terminated by Rkill or while it was running:

MalwareBytes has detected and removed many files
Folders Detected: 1
C:\WINDOWS\system32\xmldm (Stolen.Data) -> Quarantined and deleted successfully.

Files Detected: 21
C:\Documents and Settings\Demir\Local Settings\Temp\2.tmp (Trojan.FakeAlert.FS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Demir\Local Settings\Temp\BB74A725A8.tmp (Backdoor.Agent.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP305\A0054249.exe (Backdoor.Agent.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP305\A0054272.exe (Trojan.Downloader.FA) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP321\A0055248.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP322\A0055271.dll (Trojan.Banker.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP322\A0055280.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP330\A0056258.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{64534B76-601D-4598-8429-4DF73C537AF3}\RP330\A0056259.exe (Hacktool.WGAFix) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\srvblck2.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AcroIEHelpe.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\540_0000001650.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\656_0000001715.pst (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\656_0000001716.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\656_0000001717.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\656_0000001718.pst (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\656_0000001719.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\656_0000001720.htm (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\656_0000001721.pst (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\656_0000001722.key (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\656_0000001723.htm (Stolen.Data) -> Quarantined and deleted successfully.

(end)

However we would still need to fix those HOOKED processes. For this I would recommend TDSSKiller.


Download TDSSKiller and save it to your desktop.

    Extract (unzip) its contents to your desktop.
    Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    If an infected file is detected, the default action will be Cure, click on Continue.
    If a suspicious file is detected, the default action will be Skip, click on Continue.
    It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

TdssKiller
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
or
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Tutorial on TDSSKiller:
http://support.kaspersky.com/viruses/solutions?qid=208280684

Sudeep
0
 
LVL 3

Expert Comment

by:Willy Van den Houten
Comment Utility
0
 

Author Comment

by:rsmitty12
Comment Utility
@younghv

Thank you for your help and insight.  I hope you will continue to monitor the problem I'm having and chime in.

@ssharma

Thank you for your help. Below is the report of tdsskiller.  No re-boot was required.



09:10:12.0000 3000      TDSS rootkit removing tool 2.7.24.0 Apr  2 2012 10:31:48
09:10:13.0640 3000      ============================================================
09:10:13.0640 3000      Current date / time: 2012/04/02 09:10:13.0640
09:10:13.0640 3000      SystemInfo:
09:10:13.0640 3000      
09:10:13.0640 3000      OS Version: 5.1.2600 ServicePack: 3.0
09:10:13.0640 3000      Product type: Workstation
09:10:13.0640 3000      ComputerName: SHOT
09:10:13.0640 3000      UserName: Demir
09:10:13.0640 3000      Windows directory: C:\WINDOWS
09:10:13.0640 3000      System windows directory: C:\WINDOWS
09:10:13.0640 3000      Processor architecture: Intel x86
09:10:13.0640 3000      Number of processors: 2
09:10:13.0640 3000      Page size: 0x1000
09:10:13.0640 3000      Boot type: Normal boot
09:10:13.0640 3000      ============================================================
09:10:17.0250 3000      Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:10:17.0250 3000      \Device\Harddisk0\DR0:
09:10:17.0250 3000      MBR used
09:10:17.0250 3000      \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1167D6B0
09:10:17.0296 3000      Initialize success
09:10:17.0296 3000      ============================================================
09:10:31.0953 1796      ============================================================
09:10:31.0953 1796      Scan started
09:10:31.0953 1796      Mode: Manual;
09:10:31.0953 1796      ============================================================
09:10:32.0265 1796      Abiosdsk - ok
09:10:32.0328 1796      abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:10:32.0328 1796      abp480n5 - ok
09:10:32.0375 1796      ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:10:32.0375 1796      ACPI - ok
09:10:32.0390 1796      ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:10:32.0390 1796      ACPIEC - ok
09:10:32.0437 1796      adfs            (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
09:10:32.0468 1796      adfs - ok
09:10:32.0625 1796      adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:10:32.0625 1796      adpu160m - ok
09:10:32.0671 1796      aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:10:32.0687 1796      aec - ok
09:10:32.0734 1796      AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:10:32.0921 1796      AFD - ok
09:10:33.0062 1796      agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:10:33.0062 1796      agp440 - ok
09:10:33.0078 1796      agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:10:33.0093 1796      agpCPQ - ok
09:10:33.0093 1796      Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:10:33.0109 1796      Aha154x - ok
09:10:33.0125 1796      aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:10:33.0125 1796      aic78u2 - ok
09:10:33.0140 1796      aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:10:33.0140 1796      aic78xx - ok
09:10:33.0203 1796      Alerter         (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:10:33.0203 1796      Alerter - ok
09:10:33.0328 1796      ALG             (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:10:33.0328 1796      ALG - ok
09:10:33.0375 1796      AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:10:33.0375 1796      AliIde - ok
09:10:33.0390 1796      alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:10:33.0390 1796      alim1541 - ok
09:10:33.0468 1796      Ambfilt         (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
09:10:33.0531 1796      Ambfilt - ok
09:10:33.0671 1796      amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:10:33.0671 1796      amdagp - ok
09:10:33.0687 1796      amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:10:33.0687 1796      amsint - ok
09:10:33.0703 1796      AppMgmt - ok
09:10:33.0718 1796      asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:10:33.0718 1796      asc - ok
09:10:33.0750 1796      asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:10:33.0750 1796      asc3350p - ok
09:10:33.0765 1796      asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:10:33.0765 1796      asc3550 - ok
09:10:33.0859 1796      aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:10:33.0921 1796      aspnet_state - ok
09:10:34.0046 1796      AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:10:34.0046 1796      AsyncMac - ok
09:10:34.0093 1796      atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:10:34.0093 1796      atapi - ok
09:10:34.0109 1796      Atdisk - ok
09:10:34.0125 1796      Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:10:34.0140 1796      Atmarpc - ok
09:10:34.0312 1796      AudioSrv        (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:10:34.0312 1796      AudioSrv - ok
09:10:34.0375 1796      audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:10:34.0390 1796      audstub - ok
09:10:34.0421 1796      Avgfwdx         (8be661c16fbf84a73bcec84b6b4a9db5) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
09:10:34.0421 1796      Avgfwdx - ok
09:10:34.0437 1796      Avgfwfd         (8be661c16fbf84a73bcec84b6b4a9db5) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
09:10:34.0437 1796      Avgfwfd - ok
09:10:34.0609 1796      avgfws          (c0b5a964c1c329ed19e5a4b6e49ea1fe) C:\Program Files\AVG\AVG2012\avgfws.exe
09:10:34.0671 1796      avgfws - ok
09:10:34.0921 1796      AVGIDSAgent     (f5689fba4360be50839999882e0a9d99) C:\Program Files\AVG\AVG2012\avgidsagent.exe
09:10:35.0093 1796      AVGIDSAgent - ok
09:10:35.0281 1796      AVGIDSDriver    (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
09:10:35.0281 1796      AVGIDSDriver - ok
09:10:35.0312 1796      AVGIDSEH        (f4050c31e6a83cf1e4cdc80d165f7f08) C:\WINDOWS\system32\DRIVERS\avgidsehx.sys
09:10:35.0328 1796      AVGIDSEH - ok
09:10:35.0359 1796      AVGIDSFilter    (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
09:10:35.0375 1796      AVGIDSFilter - ok
09:10:35.0515 1796      AVGIDSShim      (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
09:10:35.0531 1796      AVGIDSShim - ok
09:10:35.0562 1796      Avgldx86        (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
09:10:35.0562 1796      Avgldx86 - ok
09:10:35.0609 1796      Avgmfx86        (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
09:10:35.0609 1796      Avgmfx86 - ok
09:10:35.0640 1796      Avgrkx86        (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
09:10:35.0656 1796      Avgrkx86 - ok
09:10:35.0781 1796      Avgtdix         (b2fc9d4de6a2e57a4dfb5a11440c5b85) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
09:10:35.0812 1796      Avgtdix - ok
09:10:35.0906 1796      avgwd           (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
09:10:35.0906 1796      avgwd - ok
09:10:36.0093 1796      BCM43XX         (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
09:10:36.0109 1796      BCM43XX - ok
09:10:36.0296 1796      Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:10:36.0296 1796      Beep - ok
09:10:36.0359 1796      BITS            (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:10:36.0406 1796      BITS - ok
09:10:36.0562 1796      Browser         (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:10:36.0562 1796      Browser - ok
09:10:36.0609 1796      cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:10:36.0609 1796      cbidf - ok
09:10:36.0625 1796      cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:10:36.0625 1796      cbidf2k - ok
09:10:36.0671 1796      CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:10:36.0671 1796      CCDECODE - ok
09:10:36.0796 1796      cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:10:36.0796 1796      cd20xrnt - ok
09:10:36.0843 1796      Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:10:36.0843 1796      Cdaudio - ok
09:10:36.0875 1796      Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:10:36.0875 1796      Cdfs - ok
09:10:36.0906 1796      Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:10:36.0906 1796      Cdrom - ok
09:10:37.0015 1796      Changer - ok
09:10:37.0156 1796      CiSvc           (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:10:37.0187 1796      CiSvc - ok
09:10:37.0453 1796      ClipSrv         (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:10:37.0515 1796      ClipSrv - ok
09:10:37.0796 1796      clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:10:37.0937 1796      clr_optimization_v2.0.50727_32 - ok
09:10:38.0281 1796      CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:10:38.0296 1796      CmBatt - ok
09:10:38.0671 1796      CmdIde          (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:10:38.0687 1796      CmdIde - ok
09:10:38.0859 1796      Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:10:38.0859 1796      Compbatt - ok
09:10:38.0875 1796      COMSysApp - ok
09:10:38.0921 1796      Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:10:38.0921 1796      Cpqarray - ok
09:10:38.0984 1796      CryptSvc        (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:10:38.0984 1796      CryptSvc - ok
09:10:39.0125 1796      CtClsFlt        (b27d15c551a6678137c6b751b160756d) C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys
09:10:39.0171 1796      CtClsFlt - ok
09:10:39.0218 1796      dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:10:39.0234 1796      dac2w2k - ok
09:10:39.0328 1796      dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:10:39.0328 1796      dac960nt - ok
09:10:39.0406 1796      DcomLaunch      (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:10:39.0421 1796      DcomLaunch - ok
09:10:39.0593 1796      Dhcp            (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:10:39.0593 1796      Dhcp - ok
09:10:39.0671 1796      Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:10:39.0671 1796      Disk - ok
09:10:39.0687 1796      dmadmin - ok
09:10:39.0750 1796      dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:10:39.0765 1796      dmboot - ok
09:10:39.0890 1796      dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:10:39.0906 1796      dmio - ok
09:10:39.0921 1796      dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:10:39.0921 1796      dmload - ok
09:10:39.0953 1796      dmserver        (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:10:39.0953 1796      dmserver - ok
09:10:40.0125 1796      DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:10:40.0125 1796      DMusic - ok
09:10:40.0187 1796      Dnscache        (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:10:40.0187 1796      Dnscache - ok
09:10:40.0250 1796      Dot3svc         (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:10:40.0250 1796      Dot3svc - ok
09:10:40.0406 1796      dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:10:40.0406 1796      dpti2o - ok
09:10:40.0453 1796      drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:10:40.0468 1796      drmkaud - ok
09:10:40.0578 1796      EapHost         (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:10:40.0593 1796      EapHost - ok
09:10:40.0640 1796      EMSC            (a6da3468ffafbdce403ef2973ff03865) C:\WINDOWS\system32\DRIVERS\EMSC.SYS
09:10:40.0750 1796      EMSC - ok
09:10:40.0859 1796      ERSvc           (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:10:40.0859 1796      ERSvc - ok
09:10:40.0937 1796      Eventlog        (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:10:40.0953 1796      Eventlog - ok
09:10:41.0078 1796      EventSystem     (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:10:41.0093 1796      EventSystem - ok
09:10:41.0187 1796      Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:10:41.0187 1796      Fastfat - ok
09:10:41.0312 1796      FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:10:41.0328 1796      FastUserSwitchingCompatibility - ok
09:10:41.0406 1796      Fax             (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
09:10:41.0421 1796      Fax - ok
09:10:41.0546 1796      Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:10:41.0546 1796      Fdc - ok
09:10:41.0625 1796      Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:10:41.0625 1796      Fips - ok
09:10:41.0750 1796      FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:10:41.0781 1796      FLEXnet Licensing Service - ok
09:10:41.0937 1796      Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:10:41.0953 1796      Flpydisk - ok
09:10:41.0984 1796      FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:10:41.0984 1796      FltMgr - ok
09:10:42.0156 1796      FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:10:42.0187 1796      FontCache3.0.0.0 - ok
09:10:42.0312 1796      Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:10:42.0312 1796      Fs_Rec - ok
09:10:42.0406 1796      Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:10:42.0406 1796      Ftdisk - ok
09:10:42.0484 1796      Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:10:42.0484 1796      Gpc - ok
09:10:42.0546 1796      HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:10:42.0562 1796      HDAudBus - ok
09:10:42.0609 1796      helpsvc         (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:10:42.0625 1796      helpsvc - ok
09:10:42.0718 1796      HidServ         (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
09:10:42.0734 1796      HidServ - ok
09:10:42.0796 1796      hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:10:42.0812 1796      hidusb - ok
09:10:42.0921 1796      hkmsvc          (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:10:42.0937 1796      hkmsvc - ok
09:10:42.0984 1796      hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:10:42.0984 1796      hpn - ok
09:10:43.0140 1796      hpqcxs08        (390920e11d7729a7b98799ebe20e38fb) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
09:10:43.0343 1796      hpqcxs08 - ok
09:10:43.0500 1796      HPSLPSVC        (107a4d4e76beba6219a88b09a801e843) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
09:10:43.0531 1796      HPSLPSVC - ok
09:10:43.0656 1796      HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:10:43.0656 1796      HPZid412 - ok
09:10:43.0734 1796      HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:10:43.0796 1796      HPZipr12 - ok
09:10:43.0906 1796      HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:10:43.0937 1796      HPZius12 - ok
09:10:44.0078 1796      HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:10:44.0093 1796      HTTP - ok
09:10:44.0218 1796      HTTPFilter      (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:10:44.0234 1796      HTTPFilter - ok
09:10:44.0296 1796      i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:10:44.0296 1796      i2omgmt - ok
09:10:44.0390 1796      i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:10:44.0406 1796      i2omp - ok
09:10:44.0468 1796      i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:10:44.0468 1796      i8042prt - ok
09:10:44.0812 1796      ialm            (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:10:45.0125 1796      ialm - ok
09:10:45.0250 1796      IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:10:45.0406 1796      IDriverT - ok
09:10:45.0609 1796      idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:10:45.0640 1796      idsvc - ok
09:10:45.0734 1796      Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:10:45.0750 1796      Imapi - ok
09:10:45.0859 1796      ImapiService    (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:10:45.0875 1796      ImapiService - ok
09:10:45.0937 1796      ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:10:45.0937 1796      ini910u - ok
09:10:46.0250 1796      IntcAzAudAddService (cb1113029fae50c685198eabd9885161) C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:10:46.0453 1796      IntcAzAudAddService - ok
09:10:46.0609 1796      IntelIde        (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:10:46.0609 1796      IntelIde - ok
09:10:46.0656 1796      intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:10:46.0656 1796      intelppm - ok
09:10:46.0687 1796      Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:10:46.0687 1796      Ip6Fw - ok
09:10:46.0734 1796      IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:10:46.0734 1796      IpFilterDriver - ok
09:10:46.0875 1796      IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:10:46.0875 1796      IpInIp - ok
09:10:46.0921 1796      IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:10:46.0937 1796      IpNat - ok
09:10:47.0109 1796      IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:10:47.0125 1796      IPSec - ok
09:10:47.0171 1796      IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:10:47.0171 1796      IRENUM - ok
09:10:47.0234 1796      isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:10:47.0234 1796      isapnp - ok
09:10:47.0390 1796      JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
09:10:47.0406 1796      JavaQuickStarterService - ok
09:10:47.0546 1796      Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:10:47.0562 1796      Kbdclass - ok
09:10:47.0640 1796      kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:10:47.0656 1796      kbdhid - ok
09:10:47.0718 1796      kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:10:47.0718 1796      kmixer - ok
09:10:47.0812 1796      KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:10:47.0843 1796      KSecDD - ok
09:10:47.0953 1796      LanmanServer    (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:10:47.0968 1796      LanmanServer - ok
09:10:48.0062 1796      lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:10:48.0062 1796      lanmanworkstation - ok
09:10:48.0156 1796      lbrtfdc - ok
09:10:48.0296 1796      LmHosts         (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:10:48.0296 1796      LmHosts - ok
09:10:48.0359 1796      lxdx_device - ok
09:10:48.0468 1796      MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
09:10:48.0468 1796      MBAMProtector - ok
09:10:48.0609 1796      MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:10:48.0625 1796      MBAMService - ok
09:10:48.0750 1796      Messenger       (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:10:48.0750 1796      Messenger - ok
09:10:48.0906 1796      Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:10:48.0921 1796      Microsoft Office Groove Audit Service - ok
09:10:49.0062 1796      mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:10:49.0078 1796      mnmdd - ok
09:10:49.0140 1796      mnmsrvc         (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:10:49.0156 1796      mnmsrvc - ok
09:10:49.0234 1796      Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:10:49.0234 1796      Modem - ok
09:10:49.0343 1796      Monfilt         (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
09:10:49.0390 1796      Monfilt - ok
09:10:49.0562 1796      Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:10:49.0562 1796      Mouclass - ok
09:10:49.0609 1796      mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:10:49.0625 1796      mouhid - ok
09:10:49.0671 1796      MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:10:49.0671 1796      MountMgr - ok
09:10:49.0843 1796      mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:10:49.0859 1796      mraid35x - ok
09:10:49.0906 1796      MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:10:49.0921 1796      MRxDAV - ok
09:10:50.0078 1796      MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:10:50.0390 1796      MRxSmb - ok
09:10:50.0546 1796      MSDTC           (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:10:50.0562 1796      MSDTC - ok
09:10:50.0593 1796      Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:10:50.0609 1796      Msfs - ok
09:10:50.0625 1796      MSIServer - ok
09:10:50.0671 1796      MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:10:50.0671 1796      MSKSSRV - ok
09:10:50.0734 1796      MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:10:50.0734 1796      MSPCLOCK - ok
09:10:50.0765 1796      MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:10:50.0781 1796      MSPQM - ok
09:10:50.0953 1796      mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:10:50.0953 1796      mssmbios - ok
09:10:51.0015 1796      MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:10:51.0031 1796      MSTEE - ok
09:10:51.0203 1796      Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:10:51.0234 1796      Mup - ok
09:10:51.0296 1796      NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:10:51.0296 1796      NABTSFEC - ok
09:10:51.0453 1796      napagent        (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:10:51.0468 1796      napagent - ok
09:10:51.0531 1796      NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:10:51.0546 1796      NDIS - ok
09:10:51.0703 1796      NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:10:51.0703 1796      NdisIP - ok
09:10:51.0765 1796      NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:10:51.0875 1796      NdisTapi - ok
09:10:52.0046 1796      Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:10:52.0046 1796      Ndisuio - ok
09:10:52.0078 1796      NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:10:52.0093 1796      NdisWan - ok
09:10:52.0171 1796      NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:10:52.0218 1796      NDProxy - ok
09:10:52.0375 1796      Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
09:10:52.0375 1796      Net Driver HPZ12 - ok
09:10:52.0421 1796      NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:10:52.0437 1796      NetBIOS - ok
09:10:52.0484 1796      NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:10:52.0484 1796      NetBT - ok
09:10:52.0656 1796      NetDDE          (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:10:52.0671 1796      NetDDE - ok
09:10:52.0687 1796      NetDDEdsdm      (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:10:52.0687 1796      NetDDEdsdm - ok
09:10:52.0750 1796      Netlogon        (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:10:52.0765 1796      Netlogon - ok
09:10:52.0796 1796      Netman          (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:10:52.0812 1796      Netman - ok
09:10:53.0000 1796      NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:10:53.0000 1796      NetTcpPortSharing - ok
09:10:53.0125 1796      Nla             (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:10:53.0140 1796      Nla - ok
09:10:53.0265 1796      Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:10:53.0265 1796      Npfs - ok
09:10:53.0328 1796      Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:10:53.0390 1796      Ntfs - ok
09:10:53.0515 1796      NtLmSsp         (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:10:53.0515 1796      NtLmSsp - ok
09:10:53.0593 1796      NtmsSvc         (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:10:53.0625 1796      NtmsSvc - ok
09:10:53.0750 1796      Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:10:53.0750 1796      Null - ok
09:10:53.0812 1796      NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:10:53.0812 1796      NwlnkFlt - ok
09:10:53.0906 1796      NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:10:53.0921 1796      NwlnkFwd - ok
09:10:53.0937 1796      nxvmsuha - ok
09:10:54.0000 1796      OA012Afx        (ec528056b89d15755abb624e55949e44) C:\WINDOWS\system32\Drivers\OA012Afx.sys
09:10:54.0031 1796      OA012Afx - ok
09:10:54.0203 1796      OA012Ufd        (9f4a5990f326f91f4d2fcdd869b15ff4) C:\WINDOWS\system32\DRIVERS\OA012Ufd.sys
09:10:54.0218 1796      OA012Ufd - ok
09:10:54.0296 1796      OA012Vid        (e9a75e5816651ad4a4b5d98389060568) C:\WINDOWS\system32\DRIVERS\OA012Vid.sys
09:10:54.0312 1796      OA012Vid - ok
09:10:54.0468 1796      odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:10:54.0484 1796      odserv - ok
09:10:54.0531 1796      ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:10:54.0562 1796      ose - ok
09:10:54.0734 1796      Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
09:10:54.0734 1796      Parport - ok
09:10:54.0781 1796      PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:10:54.0796 1796      PartMgr - ok
09:10:54.0812 1796      ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:10:54.0812 1796      ParVdm - ok
09:10:54.0843 1796      PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:10:54.0843 1796      PCI - ok
09:10:54.0859 1796      PCIDump - ok
09:10:54.0921 1796      PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:10:54.0921 1796      PCIIde - ok
09:10:55.0062 1796      Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:10:55.0078 1796      Pcmcia - ok
09:10:55.0093 1796      PDCOMP - ok
09:10:55.0125 1796      PDFRAME - ok
09:10:55.0140 1796      PDRELI - ok
09:10:55.0171 1796      PDRFRAME - ok
09:10:55.0218 1796      perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:10:55.0218 1796      perc2 - ok
09:10:55.0375 1796      perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:10:55.0375 1796      perc2hib - ok
09:10:55.0468 1796      PlugPlay        (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:10:55.0484 1796      PlugPlay - ok
09:10:55.0656 1796      Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
09:10:55.0656 1796      Pml Driver HPZ12 - ok
09:10:55.0734 1796      PolicyAgent     (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:10:55.0734 1796      PolicyAgent - ok
09:10:55.0812 1796      PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:10:55.0812 1796      PptpMiniport - ok
09:10:55.0968 1796      ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:10:55.0968 1796      ProtectedStorage - ok
09:10:56.0046 1796      PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:10:56.0046 1796      PSched - ok
09:10:56.0171 1796      Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:10:56.0171 1796      Ptilink - ok
09:10:56.0234 1796      ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:10:56.0234 1796      ql1080 - ok
09:10:56.0281 1796      Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:10:56.0281 1796      Ql10wnt - ok
09:10:56.0437 1796      ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:10:56.0437 1796      ql12160 - ok
09:10:56.0484 1796      ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:10:56.0484 1796      ql1240 - ok
09:10:56.0640 1796      ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:10:56.0640 1796      ql1280 - ok
09:10:56.0687 1796      RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:10:56.0703 1796      RasAcd - ok
09:10:56.0750 1796      RasAuto         (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:10:56.0765 1796      RasAuto - ok
09:10:56.0937 1796      Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:10:56.0937 1796      Rasl2tp - ok
09:10:57.0015 1796      RasMan          (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:10:57.0031 1796      RasMan - ok
09:10:57.0203 1796      RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:10:57.0218 1796      RasPppoe - ok
09:10:57.0234 1796      Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:10:57.0234 1796      Raspti - ok
09:10:57.0281 1796      Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:10:57.0281 1796      Rdbss - ok
09:10:57.0468 1796      RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:10:57.0468 1796      RDPCDD - ok
09:10:57.0515 1796      rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:10:57.0531 1796      rdpdr - ok
09:10:57.0656 1796      RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:10:57.0828 1796      RDPWD - ok
09:10:57.0984 1796      RDSessMgr       (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:10:58.0000 1796      RDSessMgr - ok
09:10:58.0078 1796      redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:10:58.0078 1796      redbook - ok
09:10:58.0218 1796      RemoteAccess    (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:10:58.0234 1796      RemoteAccess - ok
09:10:58.0265 1796      RpcLocator      (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:10:58.0281 1796      RpcLocator - ok
09:10:58.0343 1796      RpcSs           (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:10:58.0359 1796      RpcSs - ok
09:10:58.0546 1796      RSUSBSTOR       (7ffa9821b1c5e0e0667e0a2685cfb89f) C:\WINDOWS\system32\Drivers\RtsUStor.sys
09:10:58.0546 1796      RSUSBSTOR - ok
09:10:58.0609 1796      RSVP            (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:10:58.0625 1796      RSVP - ok
09:10:58.0796 1796      RTLE8023xp      (6e7470477d08f6e47e91016d6a1c5a5f) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
09:10:58.0812 1796      RTLE8023xp - ok
09:10:58.0875 1796      SamSs           (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:10:58.0890 1796      SamSs - ok
09:10:59.0062 1796      SCardSvr        (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:10:59.0078 1796      SCardSvr - ok
09:10:59.0125 1796      Schedule        (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:10:59.0140 1796      Schedule - ok
09:10:59.0187 1796      Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:10:59.0203 1796      Secdrv - ok
09:10:59.0359 1796      seclogon        (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:10:59.0359 1796      seclogon - ok
09:10:59.0390 1796      SENS            (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:10:59.0406 1796      SENS - ok
09:10:59.0562 1796      Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
09:10:59.0578 1796      Serial - ok
09:10:59.0640 1796      Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:10:59.0656 1796      Sfloppy - ok
09:10:59.0734 1796      SharedAccess    (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:10:59.0750 1796      SharedAccess - ok
09:10:59.0906 1796      ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:10:59.0921 1796      ShellHWDetection - ok
09:10:59.0937 1796      Simbad - ok
09:11:00.0000 1796      sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:11:00.0015 1796      sisagp - ok
09:11:00.0171 1796      SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:11:00.0171 1796      SLIP - ok
09:11:00.0234 1796      Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:11:00.0250 1796      Sparrow - ok
09:11:00.0296 1796      splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:11:00.0296 1796      splitter - ok
09:11:00.0484 1796      Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:11:00.0484 1796      Spooler - ok
09:11:00.0578 1796      sptd            (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\system32\Drivers\sptd.sys
09:11:00.0781 1796      Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
09:11:00.0781 1796      sptd ( LockedFile.Multi.Generic ) - warning
09:11:00.0781 1796      sptd - detected LockedFile.Multi.Generic (1)
09:11:00.0937 1796      sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:11:00.0953 1796      sr - ok
09:11:01.0031 1796      srservice       (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:11:01.0046 1796      srservice - ok
09:11:01.0250 1796      Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:11:01.0250 1796      Srv - ok
09:11:01.0328 1796      SSDPSRV         (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:11:01.0328 1796      SSDPSRV - ok
09:11:01.0453 1796      StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
09:11:01.0468 1796      StarWindServiceAE - ok
09:11:01.0593 1796      StillCam        (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
09:11:01.0625 1796      StillCam - ok
09:11:01.0734 1796      stisvc          (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:11:01.0750 1796      stisvc - ok
09:11:01.0843 1796      streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:11:01.0843 1796      streamip - ok
09:11:01.0921 1796      swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:11:01.0937 1796      swenum - ok
09:11:02.0031 1796      swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:11:02.0031 1796      swmidi - ok
09:11:02.0109 1796      SwPrv - ok
09:11:02.0203 1796      symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:11:02.0218 1796      symc810 - ok
09:11:02.0328 1796      symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:11:02.0343 1796      symc8xx - ok
09:11:02.0437 1796      sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:11:02.0453 1796      sym_hi - ok
09:11:02.0531 1796      sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:11:02.0531 1796      sym_u3 - ok
09:11:02.0671 1796      SynTP           (a10d781153bb23036b474ffedb448266) C:\WINDOWS\system32\DRIVERS\SynTP.sys
09:11:02.0671 1796      SynTP - ok
09:11:02.0828 1796      sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:11:02.0828 1796      sysaudio - ok
09:11:02.0984 1796      SysmonLog       (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:11:03.0000 1796      SysmonLog - ok
09:11:03.0156 1796      TapiSrv         (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:11:03.0171 1796      TapiSrv - ok
09:11:03.0234 1796      Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:11:03.0265 1796      Tcpip - ok
09:11:03.0296 1796      TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:11:03.0296 1796      TDPIPE - ok
09:11:03.0437 1796      TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:11:03.0437 1796      TDTCP - ok
09:11:03.0484 1796      TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:11:03.0484 1796      TermDD - ok
09:11:03.0562 1796      TermService     (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:11:03.0578 1796      TermService - ok
09:11:03.0734 1796      Themes          (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:11:03.0750 1796      Themes - ok
09:11:03.0781 1796      TosIde          (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:11:03.0781 1796      TosIde - ok
09:11:03.0921 1796      TrkWks          (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:11:03.0937 1796      TrkWks - ok
09:11:03.0984 1796      Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:11:03.0984 1796      Udfs - ok
09:11:04.0125 1796      ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:11:04.0125 1796      ultra - ok
09:11:04.0203 1796      UMWdf           (49501c6be752d5043ada8667ac774f7a) C:\WINDOWS\system32\wdfmgr.exe
09:11:04.0203 1796      UMWdf - ok
09:11:04.0296 1796      Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:11:04.0312 1796      Update - ok
09:11:04.0468 1796      upnphost        (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:11:04.0484 1796      upnphost - ok
09:11:04.0515 1796      UPS             (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:11:04.0515 1796      UPS - ok
09:11:04.0687 1796      usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
09:11:04.0687 1796      usbaudio - ok
09:11:04.0734 1796      usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:11:04.0750 1796      usbccgp - ok
09:11:04.0812 1796      usbehci         (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:11:04.0843 1796      usbehci - ok
09:11:04.0968 1796      usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:11:04.0968 1796      usbhub - ok
09:11:05.0046 1796      usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:11:05.0062 1796      usbprint - ok
09:11:05.0125 1796      usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:11:05.0125 1796      usbscan - ok
09:11:05.0250 1796      USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:11:05.0250 1796      USBSTOR - ok
09:11:05.0328 1796      usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:11:05.0343 1796      usbuhci - ok
09:11:05.0375 1796      usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
09:11:05.0390 1796      usbvideo - ok
09:11:05.0546 1796      VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:11:05.0546 1796      VgaSave - ok
09:11:05.0593 1796      viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:11:05.0593 1796      viaagp - ok
09:11:05.0625 1796      ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:11:05.0625 1796      ViaIde - ok
09:11:05.0656 1796      VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:11:05.0656 1796      VolSnap - ok
09:11:05.0828 1796      VSS             (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:11:05.0843 1796      VSS - ok
09:11:05.0875 1796      w32time         (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:11:05.0890 1796      w32time - ok
09:11:06.0062 1796      Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:11:06.0062 1796      Wanarp - ok
09:11:06.0140 1796      Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
09:11:06.0203 1796      Wdf01000 - ok
09:11:06.0312 1796      WDICA - ok
09:11:06.0390 1796      wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:11:06.0390 1796      wdmaud - ok
09:11:06.0453 1796      WebClient       (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:11:06.0453 1796      WebClient - ok
09:11:06.0640 1796      winmgmt         (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:11:06.0656 1796      winmgmt - ok
09:11:06.0750 1796      WinRM           (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
09:11:06.0796 1796      WinRM - ok
09:11:06.0921 1796      wltrysvc - ok
09:11:06.0984 1796      WmdmPmSN        (c9bf4bc4d24a3a25e4a4894499fd9a6a) C:\WINDOWS\system32\MsPMSNSv.dll
09:11:06.0984 1796      WmdmPmSN - ok
09:11:07.0046 1796      WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:11:07.0046 1796      WmiAcpi - ok
09:11:07.0234 1796      WmiApSrv        (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:11:07.0250 1796      WmiApSrv - ok
09:11:07.0281 1796      WpdUsb          (05d10cf85b78d81530e7d8b0ef443349) C:\WINDOWS\system32\Drivers\wpdusb.sys
09:11:07.0281 1796      WpdUsb - ok
09:11:07.0453 1796      wscsvc          (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:11:07.0453 1796      wscsvc - ok
09:11:07.0468 1796      WSearch - ok
09:11:07.0515 1796      WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:11:07.0515 1796      WSTCODEC - ok
09:11:07.0546 1796      wuauserv        (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:11:07.0562 1796      wuauserv - ok
09:11:07.0625 1796      WZCSVC          (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:11:07.0640 1796      WZCSVC - ok
09:11:07.0781 1796      xmlprov         (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:11:07.0781 1796      xmlprov - ok
09:11:07.0828 1796      MBR (0x1B8)     (7b53936afa31aa818ddee1f13c3004e3) \Device\Harddisk0\DR0
09:11:07.0859 1796      \Device\Harddisk0\DR0 - ok
09:11:07.0890 1796      Boot (0x1200)   (e873be929de0d3c55169d44db9a99033) \Device\Harddisk0\DR0\Partition0
09:11:07.0890 1796      \Device\Harddisk0\DR0\Partition0 - ok
09:11:07.0890 1796      ============================================================
09:11:07.0890 1796      Scan finished
09:11:07.0890 1796      ============================================================
09:11:07.0906 0312      Detected object count: 1
09:11:07.0906 0312      Actual detected object count: 1
09:12:24.0562 0312      sptd ( LockedFile.Multi.Generic ) - skipped by user
09:12:24.0562 0312      sptd ( LockedFile.Multi.Generic ) - User select action: Skip
0
 
LVL 3

Expert Comment

by:BobRalph
Comment Utility
"@BobRalph - you might do well to join up on the Malwarebytes forum and start learning something before you presume to lecture anyone about how it works"

Younghv, the only one I see lecturing anybody is you. I don't know why on earth you feel the need to belittle people that are only trying to help. I enjoy working together with others in a civil manner, so I'll leave you to finish helping rsmitty so I can avoid reading your unpleasant comments.

Rsmitty12, I hope I was able to help a little! I hope that virus is gone for good!
0
 

Author Comment

by:rsmitty12
Comment Utility
I do not know if the virus is gone since I don't have any comments on my recent log or if I need to do something else to make sure it's gone.  Any advice would be appreciated.
0
 
LVL 6

Assisted Solution

by:awaggoner
awaggoner earned 200 total points
Comment Utility
This is my personal opinion only, but I would have reinstalled the machine.  I don't like messing around with malware than sends back personal information.  Pretty much all of the scanners are relying on signature based detection.  In other words, they can't detect anything new that they haven't already analyzed from someone elses infection.

Compare the amount of time spent analyzing and cleaning the computer with the amount of time to format and reinstall.  Plus, with a format and reinstall, you would be much more likely to have completely eliminated the malware.  There would not be lingering doubt that you missed something.

For me, the peace of mind is worth a little more effort.

Some people will say with 100% certainty that if you clean that one virus you detect from your machine, your computer will be secure.  There is no way to be sure your computer does not have any other malware installed.  Many types of malware will attempt to automatically download other malware.

Of course, there are BIOS and firmware resident malware, but that is much more targeted and you would have an extremely low risk on being infected with one of them.
0
 

Author Comment

by:rsmitty12
Comment Utility
Well.  Right now, I can't find any virus. However, I don't know if it's really gone or not.  In addition, I'm so paranoid by so many people tellilng me to format my hard drive that I'm going to go ahead and do it.  Thank you all for your help.
0
 

Author Closing Comment

by:rsmitty12
Comment Utility
Formatting hard drive.  Not the best solution but will always get the job done.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now