Jump to content

More Help Needed: Can't update MBAM

lnr123bsr
 Share

Recommended Posts

lnr123bsr

lnr123bsr

Posted
Posted

I thought my problems were solved, but I'm stilling having problems. I tried to reinstall MBAM but I'm getting Access Denied. I tried Roguekiller but I the program stops working even after renaming it. Here are my most recent Attach and DDS files. Thanks.

Attach:

S SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

.

==== Disk Partitions =========================

.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Adobe Acrobat 9 Standard - English, Français, Deutsch

Adobe Acrobat 9.1.2 - CPSID_49166

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.1.2

AIO_Scan

Aleks 3.15

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

BufferChm

C7200

C7200_Help

Canon DIGITAL CAMERA Solution Disk Software Guide

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon MovieEdit Task for ZoomBrowser EX

Canon Personal Printing Guide

Canon PowerShot SX120 IS Camera User Guide

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC

Canon Utilities CameraWindow DC 8

Canon Utilities MyCamera

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Copy

Dell Backup and Recovery Manager

Dell Edoc Viewer

Destinations

DeviceDiscovery

DocProc

Dropbox

Fax

GPBaseService2

HP Imaging Device Functions 13.0

HP Photosmart All-In-One Driver Software 13.0 Rel. 2

HP Photosmart Essential 3.5

HP Smart Web Printing 4.51

HP Solution Center 13.0

HP Update

HPPhotoGadget

HPPhotoSmartDiscLabel_PaperLabel

HPPhotoSmartDiscLabel_PrintOnDisc

HPPhotoSmartDiscLabelContent1

hpphotosmartdisclabelplugin

HPPhotosmartEssential

HPProductAssistant

Intel® Graphics Media Accelerator Driver

Intel® TV Wizard

Intel® Matrix Storage Manager

iTunes

Java 6 Update 17

Junk Mail filter update

LiveReg (Symantec Corporation)

LiveUpdate 1.80 (Symantec Corporation)

Malwarebytes Anti-Malware version 1.60.1.1000

MFCLOC

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office Basic 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual Studio 2005 Tools for Office Runtime

Mozilla Firefox 8.0.1 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Network

OCR Software by I.R.I.S. 13.0

PowerDVD DX

PS_AIO_02_ProductContext

PS_AIO_02_Software

PS_AIO_02_Software_Min

QuickBooks

QuickBooks Pro 2010

QuickTime

Realtek High Definition Audio Driver

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE 10.3

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Scan

Skype Toolbars

Skype™ 4.2

SmartWebPrinting

SolutionCenter

Status

Symantec pcAnywhere

Toolbox

TrayApp

UnloadSupport

ViewChoice

WebReg

Where in the World Is Carmen Sandiego? Treasures of Knowledge

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7601.17514

Run by Leslie at 11:00:26 on 2012-03-30

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{6CE5E210-CC52-41B7-AF91-12C5C703AB63} : DhcpNameServer = 192.168.1.1

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: igfxcui - igfxdev.dll

Notify: PCANotify - PCANotify.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\leslie\appdata\roaming\mozilla\firefox\profiles\bgknw8eh.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2012-03-30 14:39:03 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2012-03-30 05:47:40 -------- d-----w- c:\program files\Testing

2012-03-30 04:04:03 99328 ---ha-w- c:\programdata\o7t15sWM.exe_

2012-03-30 03:30:53 981504 ------w- c:\windows\system32\wininet.dll

2012-03-29 02:13:01 158720 ---ha-w- c:\programdata\microsoft\windows\drm\AFFE.tmp

.

==================== Find3M ====================

.

.

============= FINISH: 11:00:56.72 ===============

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello lnr123bsr! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

I tried to reinstall MBAM but I'm getting Access Denied.

Why do you want to re-install Malwarebytes' Anti-Malware?

Please generate a new fresh DDS log files from Normal mode, not from Safe Mode.

Link to post
Share on other sites
lnr123bsr

lnr123bsr

Posted
  • Author
Posted

When I'm not in safe mode, it looks like svchost.exe is using more and more memory. Here is Attach and DDS when not in safe mode. Thanks.

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 2/16/2010 4:24:46 PM

System Uptime: 3/31/2012 12:42:24 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0CKCXH

Processor: Intel® Core2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2928/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 386.121 GiB free.

D: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP141: 2/2/2012 5:09:57 PM - Scheduled Checkpoint

RP142: 2/10/2012 12:00:02 AM - Scheduled Checkpoint

RP143: 2/26/2012 12:28:25 PM - Scheduled Checkpoint

RP144: 3/5/2012 8:16:16 AM - Scheduled Checkpoint

RP145: 3/13/2012 8:43:01 AM - Scheduled Checkpoint

RP146: 3/21/2012 7:36:08 PM - Scheduled Checkpoint

RP147: 3/29/2012 2:24:18 PM - Scheduled Checkpoint

RP148: 3/29/2012 11:29:56 PM - Windows Update

RP150: 3/30/2012 10:20:46 AM - Windows Update

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Adobe Acrobat 9 Standard - English, Français, Deutsch

Adobe Acrobat 9.1.2 - CPSID_49166

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.1.2

AIO_Scan

Aleks 3.15

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

BufferChm

C7200

C7200_Help

Canon DIGITAL CAMERA Solution Disk Software Guide

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon MovieEdit Task for ZoomBrowser EX

Canon Personal Printing Guide

Canon PowerShot SX120 IS Camera User Guide

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC

Canon Utilities CameraWindow DC 8

Canon Utilities MyCamera

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Copy

Dell Backup and Recovery Manager

Dell Edoc Viewer

Destinations

DeviceDiscovery

DocProc

Dropbox

Fax

GPBaseService2

HP Imaging Device Functions 13.0

HP Photosmart All-In-One Driver Software 13.0 Rel. 2

HP Photosmart Essential 3.5

HP Smart Web Printing 4.51

HP Solution Center 13.0

HP Update

HPPhotoGadget

HPPhotoSmartDiscLabel_PaperLabel

HPPhotoSmartDiscLabel_PrintOnDisc

HPPhotoSmartDiscLabelContent1

hpphotosmartdisclabelplugin

HPPhotosmartEssential

HPProductAssistant

Intel® Graphics Media Accelerator Driver

Intel® TV Wizard

Intel® Matrix Storage Manager

iTunes

Java 6 Update 17

Junk Mail filter update

LiveReg (Symantec Corporation)

LiveUpdate 1.80 (Symantec Corporation)

Malwarebytes Anti-Malware version 1.60.1.1000

MFCLOC

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office Basic 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual Studio 2005 Tools for Office Runtime

Mozilla Firefox 8.0.1 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Network

OCR Software by I.R.I.S. 13.0

PowerDVD DX

PS_AIO_02_ProductContext

PS_AIO_02_Software

PS_AIO_02_Software_Min

QuickBooks

QuickBooks Pro 2010

QuickTime

Realtek High Definition Audio Driver

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE 10.3

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Scan

Skype Toolbars

Skype™ 4.2

SmartWebPrinting

SolutionCenter

Status

Symantec pcAnywhere

Toolbox

TrayApp

UnloadSupport

ViewChoice

WebReg

Where in the World Is Carmen Sandiego? Treasures of Knowledge

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

3/31/2012 12:41:13 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

3/31/2012 12:32:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

3/31/2012 11:45:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/30/2012 9:54:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

3/30/2012 9:54:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

3/30/2012 9:07:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

3/30/2012 12:30:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

3/30/2012 12:30:05 AM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The service has not been started.

3/30/2012 12:29:58 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x00000004, 0x00000002, 0x00000000, 0x831317ff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 033012-55848-01.

3/30/2012 12:29:57 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Plug and Play service to connect.

3/30/2012 12:29:57 AM, Error: Service Control Manager [7001] - The Windows Driver Foundation - User-mode Driver Framework service depends on the Plug and Play service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

3/30/2012 12:29:57 AM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 12:29:57 AM, Error: Service Control Manager [7001] - The Windows Audio Endpoint Builder service depends on the Plug and Play service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

3/30/2012 12:29:57 AM, Error: Service Control Manager [7000] - The Plug and Play service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/30/2012 12:19:30 AM, Error: Service Control Manager [7000] - The 5762 service failed to start due to the following error: The system cannot find the file specified.

3/30/2012 12:18:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

3/30/2012 12:18:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

3/30/2012 12:00:17 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

3/30/2012 11:45:15 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 11:45:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/30/2012 11:45:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/30/2012 11:44:22 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: awlegacy ctxusbm discache spldr Wanarpv6

3/30/2012 11:40:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.

3/30/2012 11:40:38 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/30/2012 11:39:08 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: A thread could not be created for the service.

3/30/2012 11:36:11 AM, Error: Service Control Manager [7023] - The Multimedia Class Scheduler service terminated with the following error: Not enough storage is available to process this command.

3/30/2012 10:21:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004005: Realtek - Network - Realtek PCIe GBE Family Controller.

3/30/2012 10:21:05 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB2639308).

3/30/2012 10:21:05 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004005: Intel Corporation - Display - Intel® G45/G43 Express Chipset.

3/30/2012 1:39:45 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TCP/IP NetBIOS Helper service to connect.

3/30/2012 1:39:45 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Network Store Interface Service service to connect.

3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Server service depends on the Security Accounts Manager service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Print Spooler service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Intel® Matrix Storage Event Monitor service depends on the Windows Management Instrumentation service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The HP CUE DeviceDiscovery Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Distributed Link Tracking Client service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Cryptographic Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Base Filtering Engine service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:39:45 AM, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/30/2012 1:39:45 AM, Error: Service Control Manager [7000] - The Network Store Interface Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/30/2012 1:39:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Event Log service to connect.

3/30/2012 1:39:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Driver Foundation - User-mode Driver Framework service to connect.

3/30/2012 1:39:44 AM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:39:44 AM, Error: Service Control Manager [7001] - The User Profile Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:39:44 AM, Error: Service Control Manager [7001] - The System Event Notification Service service depends on the COM+ Event System service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:39:44 AM, Error: Service Control Manager [7001] - The Security Accounts Manager service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:39:44 AM, Error: Service Control Manager [7001] - The Group Policy Client service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:39:44 AM, Error: Service Control Manager [7001] - The COM+ Event System service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:39:44 AM, Error: Service Control Manager [7000] - The Windows Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/30/2012 1:39:44 AM, Error: Service Control Manager [7000] - The Windows Driver Foundation - User-mode Driver Framework service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/30/2012 1:39:43 AM, Error: Service Control Manager [7001] - The Remote Procedure Call (RPC) service depends on the DCOM Server Process Launcher service which failed to start because of the following error: The client of a component requested an operation which is not valid given the state of the component instance.

3/30/2012 1:39:42 AM, Error: Service Control Manager [7000] - The DCOM Server Process Launcher service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.

3/30/2012 1:29:30 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

3/30/2012 1:27:30 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).

3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/30/2012 1:19:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

3/29/2012 9:59:03 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR8.

3/29/2012 9:58:53 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR7.

3/29/2012 9:58:29 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR6.

3/29/2012 9:57:21 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR5.

3/29/2012 9:57:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

3/29/2012 9:54:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

3/29/2012 9:51:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.

3/29/2012 9:05:45 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4.

3/29/2012 8:33:30 PM, Error: AeLookupSvc [1] - The Application Experience Lookup service failed to initialize.

3/29/2012 8:33:01 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.

3/29/2012 6:31:13 PM, Error: Service Control Manager [7023] - The Problem Reports and Solutions Control Panel Support service terminated with the following error: Not enough storage is available to process this command.

3/29/2012 5:47:16 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A thread could not be created for the service.

3/29/2012 5:25:24 PM, Error: Service Control Manager [7023] - The Application Experience service terminated with the following error: Not enough storage is available to process this command.

3/29/2012 4:47:35 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

3/29/2012 4:47:35 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

3/29/2012 11:52:46 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

3/29/2012 10:44:03 PM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: The system cannot find the file specified.

3/29/2012 10:42:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr

3/29/2012 10:41:56 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.

3/29/2012 10:41:56 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.

3/29/2012 10:24:16 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

3/29/2012 10:23:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

3/29/2012 10:23:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

3/29/2012 10:23:44 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/29/2012 10:23:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD awlegacy ctxusbm DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf

3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The client of a component requested an operation which is not valid given the state of the component instance.

3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The Intel® Matrix Storage Event Monitor service depends on the Windows Management Instrumentation service which failed to start because of the following error: The client of a component requested an operation which is not valid given the state of the component instance.

3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/29/2012 10:15:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Multimedia Class Scheduler service to connect.

3/29/2012 10:15:59 PM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Multimedia Class Scheduler service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

3/29/2012 10:15:59 PM, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.

3/29/2012 10:15:59 PM, Error: Service Control Manager [7000] - The Desktop Window Manager Session Manager service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.

3/29/2012 10:10:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.

3/29/2012 10:09:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.

3/29/2012 1:17:28 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Leslie-PC\Leslie SID (S-1-5-21-4099890314-3804951730-309443565-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

3/28/2012 7:25:58 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

3/28/2012 10:42:46 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.

3/27/2012 1:10:08 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

.

==== End Of File ===========================

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7601.17514

Run by Leslie at 12:47:47 on 2012-03-31

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.1695 [GMT -4:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{6CE5E210-CC52-41B7-AF91-12C5C703AB63} : DhcpNameServer = 192.168.1.1

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: igfxcui - igfxdev.dll

Notify: PCANotify - PCANotify.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\leslie\appdata\roaming\mozilla\firefox\profiles\bgknw8eh.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]

R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-12-3 81920]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-3 167936]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-13 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-13 1343400]

S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [2010-10-4 486176]

.

=============== Created Last 30 ================

.

2012-03-30 17:24:43 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2012-03-30 05:47:40 -------- d-----w- c:\program files\Testing

2012-03-30 04:04:03 99328 ---ha-w- c:\programdata\o7t15sWM.exe_

2012-03-30 03:30:53 981504 ------w- c:\windows\system32\wininet.dll

2012-03-29 02:13:01 158720 ---ha-w- c:\programdata\microsoft\windows\drm\AFFE.tmp

.

==================== Find3M ====================

.

.

============= FINISH: 12:49:53.95 ===============

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted
Before I sent you the last DDS and Attach screens I was able to successfully run Malwarebytes and nothing was found.

With the latest updates?

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Thanks for your information!

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites
lnr123bsr

lnr123bsr

Posted
  • Author
Posted

I ran TDSSKiller in Safe Mode. When I ran it, some threats were marked as Cure and some as Skip. I did not change anything. Here are the results:

09:17:47.0319 1596 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

09:17:47.0684 1596 ============================================================

09:17:47.0684 1596 Current date / time: 2012/04/01 09:17:47.0684

09:17:47.0684 1596 SystemInfo:

09:17:47.0684 1596

09:17:47.0684 1596 OS Version: 6.1.7601 ServicePack: 1.0

09:17:47.0684 1596 Product type: Workstation

09:17:47.0684 1596 ComputerName: LESLIE-PC

09:17:47.0685 1596 UserName: Leslie

09:17:47.0685 1596 Windows directory: C:\Windows

09:17:47.0685 1596 System windows directory: C:\Windows

09:17:47.0685 1596 Processor architecture: Intel x86

09:17:47.0685 1596 Number of processors: 2

09:17:47.0685 1596 Page size: 0x1000

09:17:47.0685 1596 Boot type: Safe boot with network

09:17:47.0685 1596 ============================================================

09:17:47.0975 1596 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

09:17:47.0976 1596 \Device\Harddisk0\DR0:

09:17:47.0976 1596 MBR used

09:17:47.0976 1596 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

09:17:47.0976 1596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830

09:17:48.0066 1596 Initialize success

09:17:48.0066 1596 ============================================================

09:18:04.0073 1868 ============================================================

09:18:04.0073 1868 Scan started

09:18:04.0073 1868 Mode: Manual; SigCheck; TDLFS;

09:18:04.0073 1868 ============================================================

09:18:05.0423 1868 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

09:18:05.0541 1868 1394ohci - ok

09:18:05.0590 1868 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

09:18:05.0601 1868 ACPI - ok

09:18:05.0754 1868 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

09:18:05.0815 1868 AcpiPmi - ok

09:18:05.0970 1868 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

09:18:05.0983 1868 adp94xx - ok

09:18:06.0076 1868 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

09:18:06.0086 1868 adpahci - ok

09:18:06.0105 1868 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

09:18:06.0114 1868 adpu320 - ok

09:18:06.0154 1868 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

09:18:06.0194 1868 AeLookupSvc - ok

09:18:06.0283 1868 AERTFilters (7a841462ad4749f8a07b27ae8e8947b8) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

09:18:06.0351 1868 AERTFilters - ok

09:18:06.0474 1868 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

09:18:06.0605 1868 AFD - ok

09:18:06.0642 1868 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

09:18:06.0649 1868 agp440 - ok

09:18:06.0718 1868 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

09:18:06.0726 1868 aic78xx - ok

09:18:06.0842 1868 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

09:18:06.0891 1868 ALG - ok

09:18:06.0970 1868 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

09:18:06.0976 1868 aliide - ok

09:18:07.0056 1868 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

09:18:07.0063 1868 amdagp - ok

09:18:07.0125 1868 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

09:18:07.0132 1868 amdide - ok

09:18:07.0188 1868 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

09:18:07.0227 1868 AmdK8 - ok

09:18:07.0302 1868 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

09:18:07.0326 1868 AmdPPM - ok

09:18:07.0386 1868 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys

09:18:07.0394 1868 amdsata - ok

09:18:07.0477 1868 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

09:18:07.0486 1868 amdsbs - ok

09:18:07.0547 1868 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys

09:18:07.0555 1868 amdxata - ok

09:18:07.0619 1868 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

09:18:07.0725 1868 AppID - ok

09:18:07.0872 1868 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

09:18:07.0910 1868 AppIDSvc - ok

09:18:07.0974 1868 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll

09:18:08.0012 1868 Appinfo - ok

09:18:08.0179 1868 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

09:18:08.0187 1868 Apple Mobile Device - ok

09:18:08.0322 1868 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

09:18:08.0330 1868 arc - ok

09:18:08.0350 1868 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

09:18:08.0388 1868 arcsas - ok

09:18:08.0414 1868 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

09:18:08.0505 1868 AsyncMac - ok

09:18:08.0634 1868 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

09:18:08.0641 1868 atapi - ok

09:18:08.0708 1868 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

09:18:08.0732 1868 AudioEndpointBuilder - ok

09:18:08.0739 1868 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

09:18:08.0760 1868 Audiosrv - ok

09:18:08.0872 1868 awhost32 (958038b812e2b6ab998e115194b8d2b7) C:\Program Files\Symantec\pcAnywhere\awhost32.exe

09:18:08.0895 1868 awhost32 ( UnsignedFile.Multi.Generic ) - warning

09:18:08.0895 1868 awhost32 - detected UnsignedFile.Multi.Generic (1)

09:18:08.0973 1868 awlegacy (abfe3ab22767eeb5e7d91b1b3bb2901c) C:\Windows\System32\Drivers\awlegacy.sys

09:18:08.0991 1868 awlegacy ( UnsignedFile.Multi.Generic ) - warning

09:18:08.0991 1868 awlegacy - detected UnsignedFile.Multi.Generic (1)

09:18:09.0041 1868 AW_HOST (852d995a4b283c341a2baefaa8067671) C:\Windows\system32\drivers\aw_host5.sys

09:18:09.0054 1868 AW_HOST ( UnsignedFile.Multi.Generic ) - warning

09:18:09.0054 1868 AW_HOST - detected UnsignedFile.Multi.Generic (1)

09:18:09.0110 1868 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll

09:18:09.0155 1868 AxInstSV - ok

09:18:09.0408 1868 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

09:18:09.0456 1868 b06bdrv - ok

09:18:09.0518 1868 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

09:18:09.0537 1868 b57nd60x - ok

09:18:09.0627 1868 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

09:18:09.0664 1868 BDESVC - ok

09:18:09.0774 1868 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

09:18:09.0812 1868 Beep - ok

09:18:09.0948 1868 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll

09:18:09.0996 1868 BFE - ok

09:18:10.0051 1868 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll

09:18:10.0111 1868 BITS - ok

09:18:10.0184 1868 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

09:18:10.0208 1868 blbdrive - ok

09:18:10.0309 1868 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

09:18:10.0319 1868 Bonjour Service - ok

09:18:10.0409 1868 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

09:18:10.0426 1868 bowser - ok

09:18:10.0450 1868 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

09:18:10.0488 1868 BrFiltLo - ok

09:18:10.0505 1868 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

09:18:10.0529 1868 BrFiltUp - ok

09:18:10.0679 1868 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

09:18:10.0717 1868 BridgeMP - ok

09:18:10.0785 1868 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll

09:18:10.0819 1868 Browser - ok

09:18:10.0846 1868 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

09:18:10.0872 1868 Brserid - ok

09:18:10.0939 1868 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

09:18:10.0963 1868 BrSerWdm - ok

09:18:10.0969 1868 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

09:18:10.0997 1868 BrUsbMdm - ok

09:18:11.0017 1868 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

09:18:11.0058 1868 BrUsbSer - ok

09:18:11.0115 1868 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

09:18:11.0138 1868 BTHMODEM - ok

09:18:11.0192 1868 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

09:18:11.0221 1868 bthserv - ok

09:18:11.0265 1868 BVRPMPR5 (6598d078d5446197aed6b46c6a2a3431) C:\Windows\system32\drivers\BVRPMPR5.SYS

09:18:11.0284 1868 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning

09:18:11.0284 1868 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)

09:18:11.0436 1868 catchme - ok

09:18:11.0548 1868 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

09:18:11.0583 1868 cdfs - ok

09:18:11.0716 1868 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

09:18:11.0731 1868 cdrom - ok

09:18:11.0872 1868 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

09:18:11.0902 1868 CertPropSvc - ok

09:18:11.0967 1868 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

09:18:12.0012 1868 circlass - ok

09:18:12.0168 1868 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

09:18:12.0178 1868 CLFS - ok

09:18:12.0295 1868 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:18:12.0309 1868 clr_optimization_v2.0.50727_32 - ok

09:18:12.0372 1868 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

09:18:12.0395 1868 CmBatt - ok

09:18:12.0503 1868 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

09:18:12.0511 1868 cmdide - ok

09:18:12.0553 1868 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

09:18:12.0573 1868 CNG - ok

09:18:12.0625 1868 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

09:18:12.0632 1868 Compbatt - ok

09:18:12.0742 1868 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

09:18:12.0767 1868 CompositeBus - ok

09:18:12.0819 1868 COMSysApp - ok

09:18:12.0859 1868 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

09:18:12.0876 1868 crcdisk - ok

09:18:12.0966 1868 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll

09:18:13.0002 1868 CryptSvc - ok

09:18:13.0096 1868 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys

09:18:13.0109 1868 ctxusbm - ok

09:18:13.0212 1868 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

09:18:13.0249 1868 DcomLaunch - ok

09:18:13.0295 1868 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

09:18:13.0326 1868 defragsvc - ok

09:18:13.0442 1868 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

09:18:13.0490 1868 DfsC - ok

09:18:13.0578 1868 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll

09:18:13.0624 1868 Dhcp - ok

09:18:13.0704 1868 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

09:18:13.0739 1868 discache - ok

09:18:13.0800 1868 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

09:18:13.0807 1868 Disk - ok

09:18:13.0852 1868 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll

09:18:13.0890 1868 Dnscache - ok

09:18:13.0978 1868 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll

09:18:14.0025 1868 dot3svc - ok

09:18:14.0114 1868 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys

09:18:14.0183 1868 Dot4 - ok

09:18:14.0302 1868 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys

09:18:14.0323 1868 Dot4Print - ok

09:18:14.0354 1868 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys

09:18:14.0404 1868 dot4usb - ok

09:18:14.0434 1868 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll

09:18:14.0464 1868 DPS - ok

09:18:14.0704 1868 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

09:18:14.0725 1868 drmkaud - ok

09:18:14.0755 1868 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

09:18:14.0773 1868 DXGKrnl - ok

09:18:14.0815 1868 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

09:18:14.0845 1868 EapHost - ok

09:18:15.0075 1868 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

09:18:15.0125 1868 ebdrv - ok

09:18:15.0176 1868 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe

09:18:15.0210 1868 EFS - ok

09:18:15.0312 1868 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe

09:18:15.0340 1868 ehRecvr - ok

09:18:15.0386 1868 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

09:18:15.0442 1868 ehSched - ok

09:18:15.0609 1868 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

09:18:15.0623 1868 elxstor - ok

09:18:15.0692 1868 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

09:18:15.0719 1868 ErrDev - ok

09:18:15.0818 1868 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

09:18:15.0865 1868 EventSystem - ok

09:18:15.0934 1868 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

09:18:15.0970 1868 exfat - ok

09:18:16.0109 1868 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

09:18:16.0147 1868 fastfat - ok

09:18:16.0228 1868 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe

09:18:16.0276 1868 Fax - ok

09:18:16.0338 1868 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

09:18:16.0373 1868 fdc - ok

09:18:16.0434 1868 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

09:18:16.0471 1868 fdPHost - ok

09:18:16.0526 1868 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

09:18:16.0554 1868 FDResPub - ok

09:18:16.0606 1868 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

09:18:16.0627 1868 FileInfo - ok

09:18:16.0691 1868 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

09:18:16.0730 1868 Filetrace - ok

09:18:16.0953 1868 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

09:18:16.0984 1868 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

09:18:16.0985 1868 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

09:18:17.0072 1868 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

09:18:17.0103 1868 flpydisk - ok

09:18:17.0193 1868 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

09:18:17.0203 1868 FltMgr - ok

09:18:17.0264 1868 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll

09:18:17.0310 1868 FontCache - ok

09:18:17.0609 1868 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

09:18:17.0616 1868 FontCache3.0.0.0 - ok

09:18:17.0686 1868 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

09:18:17.0694 1868 FsDepends - ok

09:18:17.0758 1868 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

09:18:17.0765 1868 Fs_Rec - ok

09:18:17.0880 1868 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

09:18:17.0906 1868 fvevol - ok

09:18:17.0994 1868 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

09:18:18.0001 1868 gagp30kx - ok

09:18:18.0075 1868 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

09:18:18.0091 1868 GEARAspiWDM - ok

09:18:18.0117 1868 Gernuwa (fd25177ced6751c14de170d8282ced90) C:\Windows\system32\drivers\Gernuwa.sys

09:18:18.0129 1868 Gernuwa ( UnsignedFile.Multi.Generic ) - warning

09:18:18.0129 1868 Gernuwa - detected UnsignedFile.Multi.Generic (1)

09:18:18.0179 1868 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll

09:18:18.0223 1868 gpsvc - ok

09:18:18.0314 1868 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

09:18:18.0365 1868 hcw85cir - ok

09:18:18.0427 1868 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

09:18:18.0446 1868 HDAudBus - ok

09:18:18.0523 1868 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

09:18:18.0549 1868 HidBatt - ok

09:18:18.0568 1868 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

09:18:18.0591 1868 HidBth - ok

09:18:18.0729 1868 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

09:18:18.0780 1868 HidIr - ok

09:18:18.0826 1868 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll

09:18:18.0873 1868 hidserv - ok

09:18:19.0076 1868 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

09:18:19.0107 1868 HidUsb - ok

09:18:19.0201 1868 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll

09:18:19.0216 1868 hkmsvc - ok

09:18:19.0248 1868 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll

09:18:19.0279 1868 HomeGroupListener - ok

09:18:19.0310 1868 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll

09:18:19.0357 1868 HomeGroupProvider - ok

09:18:19.0497 1868 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

09:18:19.0528 1868 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

09:18:19.0528 1868 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

09:18:19.0528 1868 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

09:18:19.0544 1868 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

09:18:19.0544 1868 hpqddsvc - detected UnsignedFile.Multi.Generic (1)

09:18:19.0684 1868 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

09:18:19.0700 1868 HpSAMD - ok

09:18:19.0918 1868 HPSLPSVC (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL

09:18:20.0043 1868 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning

09:18:20.0043 1868 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)

09:18:20.0184 1868 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

09:18:20.0199 1868 HTTP - ok

09:18:20.0246 1868 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

09:18:20.0262 1868 hwpolicy - ok

09:18:20.0371 1868 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

09:18:20.0386 1868 i8042prt - ok

09:18:20.0511 1868 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

09:18:20.0511 1868 IAANTMON - ok

09:18:20.0620 1868 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys

09:18:20.0620 1868 iaStor - ok

09:18:20.0714 1868 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys

09:18:20.0714 1868 iaStorV - ok

09:18:20.0792 1868 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

09:18:20.0823 1868 idsvc - ok

09:18:21.0166 1868 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

09:18:21.0432 1868 igfx - ok

09:18:21.0572 1868 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

09:18:21.0588 1868 iirsp - ok

09:18:21.0775 1868 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll

09:18:21.0822 1868 IKEEXT - ok

09:18:21.0902 1868 IntcAzAudAddService (8b27c21412ae4404eb0acfe1d98579ec) C:\Windows\system32\drivers\RTKVHDA.sys

09:18:21.0953 1868 IntcAzAudAddService - ok

09:18:22.0056 1868 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

09:18:22.0063 1868 intelide - ok

09:18:22.0126 1868 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

09:18:22.0151 1868 intelppm - ok

09:18:22.0194 1868 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

09:18:22.0227 1868 IPBusEnum - ok

09:18:22.0303 1868 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:18:22.0347 1868 IpFilterDriver - ok

09:18:22.0400 1868 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll

09:18:22.0437 1868 iphlpsvc - ok

09:18:22.0461 1868 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

09:18:22.0486 1868 IPMIDRV - ok

09:18:22.0646 1868 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

09:18:22.0677 1868 IPNAT - ok

09:18:22.0884 1868 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe

09:18:22.0901 1868 iPod Service - ok

09:18:23.0003 1868 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

09:18:23.0027 1868 IRENUM - ok

09:18:23.0054 1868 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

09:18:23.0068 1868 isapnp - ok

09:18:23.0088 1868 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

09:18:23.0098 1868 iScsiPrt - ok

09:18:23.0127 1868 JRAID (d7b5b5c5130b775ec7e32edd780d737f) C:\Windows\system32\DRIVERS\jraid.sys

09:18:23.0164 1868 JRAID - ok

09:18:23.0280 1868 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

09:18:23.0287 1868 kbdclass - ok

09:18:23.0343 1868 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

09:18:23.0361 1868 kbdhid - ok

09:18:23.0391 1868 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

09:18:23.0400 1868 KeyIso - ok

09:18:23.0432 1868 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

09:18:23.0453 1868 KSecDD - ok

09:18:23.0524 1868 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

09:18:23.0533 1868 KSecPkg - ok

09:18:23.0560 1868 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

09:18:23.0598 1868 KtmRm - ok

09:18:23.0633 1868 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll

09:18:23.0672 1868 LanmanServer - ok

09:18:23.0791 1868 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll

09:18:23.0810 1868 LanmanWorkstation - ok

09:18:23.0956 1868 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

09:18:23.0984 1868 lltdio - ok

09:18:24.0011 1868 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

09:18:24.0043 1868 lltdsvc - ok

09:18:24.0102 1868 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

09:18:24.0121 1868 lmhosts - ok

09:18:24.0196 1868 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

09:18:24.0204 1868 LSI_FC - ok

09:18:24.0222 1868 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

09:18:24.0230 1868 LSI_SAS - ok

09:18:24.0239 1868 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

09:18:24.0255 1868 LSI_SAS2 - ok

09:18:24.0295 1868 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

09:18:24.0303 1868 LSI_SCSI - ok

09:18:24.0344 1868 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

09:18:24.0380 1868 luafv - ok

09:18:24.0406 1868 MaxBackServiceInt - ok

09:18:24.0483 1868 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll

09:18:24.0493 1868 Mcx2Svc - ok

09:18:24.0532 1868 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

09:18:24.0539 1868 megasas - ok

09:18:24.0584 1868 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

09:18:24.0600 1868 MegaSR - ok

09:18:24.0625 1868 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

09:18:24.0669 1868 MMCSS - ok

09:18:24.0750 1868 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

09:18:24.0768 1868 Modem - ok

09:18:24.0807 1868 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

09:18:24.0826 1868 monitor - ok

09:18:24.0887 1868 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

09:18:24.0894 1868 mouclass - ok

09:18:25.0022 1868 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

09:18:25.0031 1868 mouhid - ok

09:18:25.0069 1868 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

09:18:25.0077 1868 mountmgr - ok

09:18:25.0124 1868 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

09:18:25.0133 1868 mpio - ok

09:18:25.0151 1868 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

09:18:25.0184 1868 mpsdrv - ok

09:18:25.0264 1868 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll

09:18:25.0299 1868 MpsSvc - ok

09:18:25.0398 1868 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

09:18:25.0426 1868 MRxDAV - ok

09:18:25.0559 1868 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

09:18:25.0574 1868 mrxsmb - ok

09:18:25.0597 1868 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:18:25.0607 1868 mrxsmb10 - ok

09:18:25.0635 1868 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:18:25.0660 1868 mrxsmb20 - ok

09:18:25.0692 1868 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

09:18:25.0699 1868 msahci - ok

09:18:25.0773 1868 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

09:18:25.0781 1868 msdsm - ok

09:18:25.0815 1868 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

09:18:25.0835 1868 MSDTC - ok

09:18:25.0932 1868 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

09:18:25.0951 1868 Msfs - ok

09:18:26.0011 1868 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

09:18:26.0045 1868 mshidkmdf - ok

09:18:26.0076 1868 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

09:18:26.0083 1868 msisadrv - ok

09:18:26.0159 1868 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

09:18:26.0178 1868 MSiSCSI - ok

09:18:26.0184 1868 msiserver - ok

09:18:26.0290 1868 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

09:18:26.0325 1868 MSKSSRV - ok

09:18:26.0346 1868 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

09:18:26.0378 1868 MSPCLOCK - ok

09:18:26.0427 1868 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

09:18:26.0460 1868 MSPQM - ok

09:18:26.0541 1868 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

09:18:26.0550 1868 MsRPC - ok

09:18:26.0585 1868 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

09:18:26.0602 1868 mssmbios - ok

09:18:26.0645 1868 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

09:18:26.0664 1868 MSTEE - ok

09:18:26.0683 1868 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

09:18:26.0706 1868 MTConfig - ok

09:18:26.0778 1868 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

09:18:26.0785 1868 Mup - ok

09:18:26.0813 1868 MXOPSWD (c29f284ff7ab4ed38ce419a9424e52a2) C:\Windows\system32\DRIVERS\mxopswd.sys

09:18:26.0848 1868 MXOPSWD - ok

09:18:26.0885 1868 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll

09:18:26.0922 1868 napagent - ok

09:18:27.0036 1868 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

09:18:27.0049 1868 NativeWifiP - ok

09:18:27.0085 1868 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

09:18:27.0104 1868 NDIS - ok

09:18:27.0139 1868 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

09:18:27.0159 1868 NdisCap - ok

09:18:27.0266 1868 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

09:18:27.0298 1868 NdisTapi - ok

09:18:27.0326 1868 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

09:18:27.0358 1868 Ndisuio - ok

09:18:27.0494 1868 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

09:18:27.0512 1868 NdisWan - ok

09:18:27.0571 1868 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

09:18:27.0603 1868 NDProxy - ok

09:18:27.0674 1868 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll

09:18:27.0677 1868 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

09:18:27.0677 1868 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

09:18:27.0753 1868 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

09:18:27.0789 1868 NetBIOS - ok

09:18:27.0823 1868 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

09:18:27.0856 1868 NetBT - ok

09:18:27.0898 1868 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

09:18:27.0908 1868 Netlogon - ok

09:18:27.0984 1868 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

09:18:28.0032 1868 Netman - ok

09:18:28.0184 1868 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

09:18:28.0230 1868 netprofm - ok

09:18:28.0304 1868 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

09:18:28.0311 1868 NetTcpPortSharing - ok

09:18:28.0424 1868 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

09:18:28.0431 1868 nfrd960 - ok

09:18:28.0468 1868 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll

09:18:28.0506 1868 NlaSvc - ok

09:18:28.0551 1868 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

09:18:28.0584 1868 Npfs - ok

09:18:28.0691 1868 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

09:18:28.0710 1868 nsi - ok

09:18:28.0767 1868 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

09:18:28.0798 1868 nsiproxy - ok

09:18:28.0898 1868 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys

09:18:28.0923 1868 Ntfs - ok

09:18:29.0007 1868 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

09:18:29.0041 1868 Null - ok

09:18:29.0071 1868 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys

09:18:29.0080 1868 nvraid - ok

09:18:29.0098 1868 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys

09:18:29.0107 1868 nvstor - ok

09:18:29.0121 1868 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

09:18:29.0129 1868 nv_agp - ok

09:18:29.0260 1868 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

09:18:29.0271 1868 odserv - ok

09:18:29.0348 1868 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

09:18:29.0369 1868 ohci1394 - ok

09:18:29.0482 1868 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:18:29.0489 1868 ose - ok

09:18:29.0605 1868 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

09:18:29.0647 1868 p2pimsvc - ok

09:18:29.0704 1868 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

09:18:29.0733 1868 p2psvc - ok

09:18:29.0789 1868 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

09:18:29.0798 1868 Parport - ok

09:18:29.0853 1868 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

09:18:29.0861 1868 partmgr - ok

09:18:29.0878 1868 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

09:18:29.0904 1868 Parvdm - ok

09:18:29.0957 1868 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

09:18:29.0970 1868 PcaSvc - ok

09:18:30.0018 1868 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

09:18:30.0027 1868 pci - ok

09:18:30.0093 1868 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

09:18:30.0101 1868 pciide - ok

09:18:30.0129 1868 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

09:18:30.0138 1868 pcmcia - ok

09:18:30.0162 1868 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

09:18:30.0169 1868 pcw - ok

09:18:30.0238 1868 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

09:18:30.0283 1868 PEAUTH - ok

09:18:30.0469 1868 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix2\pev.3XE

09:18:30.0502 1868 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning

09:18:30.0502 1868 PEVSystemStart - detected UnsignedFile.Multi.Generic (1)

09:18:30.0595 1868 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll

09:18:30.0645 1868 pla - ok

09:18:30.0676 1868 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll

09:18:30.0719 1868 PlugPlay - ok

09:18:30.0924 1868 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll

09:18:30.0944 1868 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

09:18:30.0944 1868 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

09:18:30.0971 1868 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

09:18:30.0991 1868 PNRPAutoReg - ok

09:18:31.0013 1868 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

09:18:31.0025 1868 PNRPsvc - ok

09:18:31.0062 1868 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll

09:18:31.0096 1868 PolicyAgent - ok

09:18:31.0159 1868 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll

09:18:31.0194 1868 Power - ok

09:18:31.0259 1868 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

09:18:31.0288 1868 PptpMiniport - ok

09:18:31.0311 1868 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

09:18:31.0320 1868 Processor - ok

09:18:31.0428 1868 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll

09:18:31.0448 1868 ProfSvc - ok

09:18:31.0481 1868 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

09:18:31.0490 1868 ProtectedStorage - ok

09:18:31.0561 1868 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

09:18:31.0592 1868 Psched - ok

09:18:31.0696 1868 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys

09:18:31.0701 1868 PxHelp20 - ok

09:18:31.0797 1868 QBCFMonitorService (d2c73b0f27d0750887a3da3bd28f930c) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

09:18:31.0806 1868 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning

09:18:31.0806 1868 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)

09:18:31.0847 1868 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

09:18:31.0857 1868 QBFCService ( UnsignedFile.Multi.Generic ) - warning

09:18:31.0857 1868 QBFCService - detected UnsignedFile.Multi.Generic (1)

09:18:31.0963 1868 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

09:18:31.0991 1868 ql2300 - ok

09:18:32.0005 1868 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

09:18:32.0013 1868 ql40xx - ok

09:18:32.0046 1868 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

09:18:32.0073 1868 QWAVE - ok

09:18:32.0163 1868 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

09:18:32.0174 1868 QWAVEdrv - ok

09:18:32.0190 1868 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

09:18:32.0219 1868 RasAcd - ok

09:18:32.0278 1868 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

09:18:32.0308 1868 RasAgileVpn - ok

09:18:32.0380 1868 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

09:18:32.0413 1868 RasAuto - ok

09:18:32.0438 1868 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

09:18:32.0469 1868 Rasl2tp - ok

09:18:32.0531 1868 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll

09:18:32.0565 1868 RasMan - ok

09:18:32.0673 1868 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

09:18:32.0693 1868 RasPppoe - ok

09:18:32.0709 1868 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

09:18:32.0743 1868 RasSstp - ok

09:18:32.0774 1868 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

09:18:32.0808 1868 rdbss - ok

09:18:32.0897 1868 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

09:18:32.0917 1868 rdpbus - ok

09:18:32.0950 1868 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

09:18:32.0978 1868 RDPCDD - ok

09:18:33.0022 1868 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

09:18:33.0039 1868 RDPENCDD - ok

09:18:33.0110 1868 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

09:18:33.0137 1868 RDPREFMP - ok

09:18:33.0178 1868 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

09:18:33.0213 1868 RDPWD - ok

09:18:33.0305 1868 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

09:18:33.0314 1868 rdyboost - ok

09:18:33.0385 1868 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

09:18:33.0431 1868 RemoteAccess - ok

09:18:33.0466 1868 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

09:18:33.0486 1868 RemoteRegistry - ok

09:18:33.0575 1868 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

09:18:33.0605 1868 RpcEptMapper - ok

09:18:33.0638 1868 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

09:18:33.0659 1868 RpcLocator - ok

09:18:33.0691 1868 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

09:18:33.0712 1868 RpcSs - ok

09:18:33.0784 1868 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

09:18:33.0820 1868 rspndr - ok

09:18:33.0921 1868 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys

09:18:33.0964 1868 RTL8167 - ok

09:18:34.0005 1868 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

09:18:34.0016 1868 SamSs - ok

09:18:34.0124 1868 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

09:18:34.0133 1868 sbp2port - ok

09:18:34.0212 1868 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

09:18:34.0232 1868 SCardSvr - ok

09:18:34.0271 1868 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

09:18:34.0308 1868 scfilter - ok

09:18:34.0350 1868 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll

09:18:34.0394 1868 Schedule - ok

09:18:34.0577 1868 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

09:18:34.0594 1868 SCPolicySvc - ok

09:18:34.0620 1868 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll

09:18:34.0660 1868 SDRSVC - ok

09:18:34.0764 1868 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

09:18:34.0774 1868 SeaPort - ok

09:18:34.0867 1868 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

09:18:34.0905 1868 secdrv - ok

09:18:34.0929 1868 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

09:18:34.0964 1868 seclogon - ok

09:18:35.0036 1868 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll

09:18:35.0069 1868 SENS - ok

09:18:35.0112 1868 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

09:18:35.0153 1868 SensrSvc - ok

09:18:35.0188 1868 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

09:18:35.0205 1868 Serenum - ok

09:18:35.0354 1868 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

09:18:35.0363 1868 Serial - ok

09:18:35.0406 1868 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

09:18:35.0432 1868 sermouse - ok

09:18:35.0475 1868 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll

09:18:35.0509 1868 SessionEnv - ok

09:18:35.0606 1868 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

09:18:35.0625 1868 sffdisk - ok

09:18:35.0653 1868 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

09:18:35.0663 1868 sffp_mmc - ok

09:18:35.0681 1868 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

09:18:35.0718 1868 sffp_sd - ok

09:18:35.0747 1868 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

09:18:35.0756 1868 sfloppy - ok

09:18:35.0853 1868 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

09:18:35.0896 1868 SharedAccess - ok

09:18:35.0933 1868 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll

09:18:35.0964 1868 ShellHWDetection - ok

09:18:36.0027 1868 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

09:18:36.0042 1868 sisagp - ok

09:18:36.0144 1868 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

09:18:36.0152 1868 SiSRaid2 - ok

09:18:36.0196 1868 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

09:18:36.0204 1868 SiSRaid4 - ok

09:18:36.0248 1868 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

09:18:36.0276 1868 Smb - ok

09:18:36.0357 1868 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

09:18:36.0385 1868 SNMPTRAP - ok

09:18:36.0468 1868 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

09:18:36.0475 1868 spldr - ok

09:18:36.0590 1868 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe

09:18:36.0674 1868 Spooler - ok

09:18:36.0798 1868 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe

09:18:36.0899 1868 sppsvc - ok

09:18:36.0930 1868 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll

09:18:36.0949 1868 sppuinotify - ok

09:18:37.0029 1868 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

09:18:37.0067 1868 srv - ok

09:18:37.0145 1868 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

09:18:37.0156 1868 srv2 - ok

09:18:37.0183 1868 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

09:18:37.0192 1868 srvnet - ok

09:18:37.0281 1868 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

09:18:37.0303 1868 SSDPSRV - ok

09:18:37.0336 1868 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

09:18:37.0373 1868 SstpSvc - ok

09:18:37.0553 1868 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

09:18:37.0560 1868 stexstor - ok

09:18:37.0641 1868 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll

09:18:37.0676 1868 StiSvc - ok

09:18:37.0772 1868 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

09:18:37.0778 1868 stllssvr - ok

09:18:37.0841 1868 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

09:18:37.0848 1868 swenum - ok

09:18:37.0978 1868 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

09:18:38.0003 1868 swprv - ok

09:18:38.0121 1868 SymEvent (083fe6483dc16a02af2434d04b7d7aea) C:\Program Files\Symantec\SYMEVENT.SYS

09:18:38.0127 1868 SymEvent - ok

09:18:38.0223 1868 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll

09:18:38.0249 1868 SysMain - ok

09:18:38.0282 1868 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll

09:18:38.0321 1868 TabletInputService - ok

09:18:38.0382 1868 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll

09:18:38.0427 1868 TapiSrv - ok

09:18:38.0503 1868 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

09:18:38.0523 1868 TBS - ok

09:18:38.0621 1868 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys

09:18:38.0648 1868 Tcpip - ok

09:18:38.0736 1868 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys

09:18:38.0760 1868 TCPIP6 - ok

09:18:38.0844 1868 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

09:18:38.0873 1868 tcpipreg - ok

09:18:38.0921 1868 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

09:18:38.0947 1868 TDPIPE - ok

09:18:38.0977 1868 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

09:18:39.0005 1868 TDTCP - ok

09:18:39.0094 1868 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

09:18:39.0122 1868 tdx - ok

09:18:39.0152 1868 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

09:18:39.0159 1868 TermDD - ok

09:18:39.0198 1868 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll

09:18:39.0222 1868 TermService - ok

09:18:39.0295 1868 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

09:18:39.0321 1868 Themes - ok

09:18:39.0339 1868 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

09:18:39.0359 1868 THREADORDER - ok

09:18:39.0434 1868 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

09:18:39.0467 1868 TrkWks - ok

09:18:39.0603 1868 TrueSight (1512d11c1e1e37a4ae2e2b62794f0d2e) c:\windows\system32\drivers\TrueSight.sys

09:18:39.0606 1868 TrueSight ( UnsignedFile.Multi.Generic ) - warning

09:18:39.0606 1868 TrueSight - detected UnsignedFile.Multi.Generic (1)

09:18:39.0662 1868 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe

09:18:39.0698 1868 TrustedInstaller - ok

09:18:39.0714 1868 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

09:18:39.0749 1868 tssecsrv - ok

09:18:39.0845 1868 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

09:18:39.0878 1868 TsUsbFlt - ok

09:18:39.0936 1868 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

09:18:39.0972 1868 tunnel - ok

09:18:40.0006 1868 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

09:18:40.0013 1868 uagp35 - ok

09:18:40.0088 1868 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

09:18:40.0117 1868 udfs - ok

09:18:40.0154 1868 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

09:18:40.0180 1868 UI0Detect - ok

09:18:40.0225 1868 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

09:18:40.0232 1868 uliagpkx - ok

09:18:40.0334 1868 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

09:18:40.0352 1868 umbus - ok

09:18:40.0380 1868 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

09:18:40.0388 1868 UmPass - ok

09:18:40.0430 1868 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

09:18:40.0464 1868 upnphost - ok

09:18:40.0556 1868 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

09:18:40.0572 1868 USBAAPL - ok

09:18:40.0600 1868 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys

09:18:40.0622 1868 usbccgp - ok

09:18:40.0646 1868 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

09:18:40.0656 1868 usbcir - ok

09:18:40.0675 1868 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

09:18:40.0697 1868 usbehci - ok

09:18:40.0780 1868 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys

09:18:40.0792 1868 usbhub - ok

09:18:40.0808 1868 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

09:18:40.0817 1868 usbohci - ok

09:18:40.0832 1868 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

09:18:40.0841 1868 usbprint - ok

09:18:40.0875 1868 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

09:18:40.0900 1868 usbscan - ok

09:18:40.0923 1868 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

09:18:40.0932 1868 USBSTOR - ok

09:18:41.0018 1868 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

09:18:41.0026 1868 usbuhci - ok

09:18:41.0098 1868 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

09:18:41.0137 1868 UxSms - ok

09:18:41.0163 1868 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

09:18:41.0172 1868 VaultSvc - ok

09:18:41.0278 1868 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

09:18:41.0285 1868 vdrvroot - ok

09:18:41.0322 1868 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe

09:18:41.0346 1868 vds - ok

09:18:41.0380 1868 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

09:18:41.0406 1868 vga - ok

09:18:41.0477 1868 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

09:18:41.0496 1868 VgaSave - ok

09:18:41.0533 1868 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

09:18:41.0542 1868 vhdmp - ok

09:18:41.0596 1868 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

09:18:41.0603 1868 viaagp - ok

09:18:41.0639 1868 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

09:18:41.0664 1868 ViaC7 - ok

09:18:41.0735 1868 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

09:18:41.0741 1868 viaide - ok

09:18:41.0793 1868 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

09:18:41.0800 1868 volmgr - ok

09:18:41.0843 1868 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

09:18:41.0886 1868 volmgrx - ok

09:18:41.0967 1868 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

09:18:41.0977 1868 volsnap - ok

09:18:42.0041 1868 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

09:18:42.0050 1868 vsmraid - ok

09:18:42.0099 1868 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe

09:18:42.0147 1868 VSS - ok

09:18:42.0232 1868 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

09:18:42.0251 1868 vwifibus - ok

09:18:42.0307 1868 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

09:18:42.0351 1868 W32Time - ok

09:18:42.0439 1868 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

09:18:42.0467 1868 WacomPen - ok

09:18:42.0572 1868 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

09:18:42.0606 1868 WANARP - ok

09:18:42.0609 1868 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

09:18:42.0629 1868 Wanarpv6 - ok

09:18:42.0737 1868 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe

09:18:42.0765 1868 WatAdminSvc - ok

09:18:42.0812 1868 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe

09:18:42.0840 1868 wbengine - ok

09:18:42.0880 1868 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

09:18:42.0893 1868 WbioSrvc - ok

09:18:43.0065 1868 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll

09:18:43.0079 1868 wcncsvc - ok

09:18:43.0089 1868 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

09:18:43.0125 1868 WcsPlugInService - ok

09:18:43.0185 1868 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

09:18:43.0192 1868 Wd - ok

09:18:43.0227 1868 Wdf01000 (73c5809c82828e34232f9811cb51490e) C:\Windows\system32\drivers\Wdf01000.sys

09:18:43.0230 1868 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 73c5809c82828e34232f9811cb51490e, Fake md5: 9950e3d0f08141c7e89e64456ae7dc73

09:18:43.0231 1868 Wdf01000 ( Virus.Win32.Rloader.a ) - infected

09:18:43.0231 1868 Wdf01000 - detected Virus.Win32.Rloader.a (0)

09:18:43.0261 1868 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

09:18:43.0286 1868 WdiServiceHost - ok

09:18:43.0290 1868 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

09:18:43.0301 1868 WdiSystemHost - ok

09:18:43.0354 1868 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll

09:18:43.0384 1868 WebClient - ok

09:18:43.0424 1868 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

09:18:43.0446 1868 Wecsvc - ok

09:18:43.0486 1868 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

09:18:43.0505 1868 wercplsupport - ok

09:18:43.0577 1868 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

09:18:43.0628 1868 WerSvc - ok

09:18:43.0716 1868 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

09:18:43.0783 1868 WfpLwf - ok

09:18:43.0797 1868 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

09:18:43.0811 1868 WIMMount - ok

09:18:44.0003 1868 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

09:18:44.0038 1868 WinDefend - ok

09:18:44.0044 1868 WinHttpAutoProxySvc - ok

09:18:44.0148 1868 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

09:18:44.0168 1868 Winmgmt - ok

09:18:44.0218 1868 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll

09:18:44.0255 1868 WinRM - ok

09:18:44.0376 1868 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

09:18:44.0398 1868 WinUsb - ok

09:18:44.0438 1868 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

09:18:44.0473 1868 Wlansvc - ok

09:18:44.0491 1868 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

09:18:44.0500 1868 WmiAcpi - ok

09:18:44.0637 1868 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

09:18:44.0647 1868 wmiApSrv - ok

09:18:44.0752 1868 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

09:18:44.0819 1868 WMPNetworkSvc - ok

09:18:44.0883 1868 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

09:18:44.0896 1868 WPCSvc - ok

09:18:44.0928 1868 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll

09:18:44.0968 1868 WPDBusEnum - ok

09:18:45.0008 1868 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

09:18:45.0043 1868 ws2ifsl - ok

09:18:45.0210 1868 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll

09:18:45.0222 1868 wscsvc - ok

09:18:45.0228 1868 WSearch - ok

09:18:45.0286 1868 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll

09:18:45.0333 1868 wuauserv - ok

09:18:45.0381 1868 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

09:18:45.0412 1868 WudfPf - ok

09:18:45.0550 1868 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

09:18:45.0570 1868 WUDFRd - ok

09:18:45.0636 1868 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll

09:18:45.0664 1868 wudfsvc - ok

09:18:45.0701 1868 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

09:18:45.0715 1868 WwanSvc - ok

09:18:45.0830 1868 XIRLINK (246095d4fbb90fdfac8e50e37f0bbd26) C:\Windows\system32\DRIVERS\C-itnt.sys

09:18:45.0855 1868 XIRLINK ( UnsignedFile.Multi.Generic ) - warning

09:18:45.0855 1868 XIRLINK - detected UnsignedFile.Multi.Generic (1)

09:18:45.0899 1868 MBR (0x1B8) (faf3db026c90f586e5993588661e2612) \Device\Harddisk0\DR0

09:18:45.0932 1868 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

09:18:45.0932 1868 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

09:18:45.0960 1868 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

09:18:45.0960 1868 \Device\Harddisk0\DR0 - detected TDSS File System (1)

09:18:45.0988 1868 Boot (0x1200) (9d19430d8b7aa3a7c4b810714bed685f) \Device\Harddisk0\DR0\Partition0

09:18:45.0989 1868 \Device\Harddisk0\DR0\Partition0 - ok

09:18:46.0005 1868 Boot (0x1200) (1bd29860322acba25c85b6fe4f0117d3) \Device\Harddisk0\DR0\Partition1

09:18:46.0006 1868 \Device\Harddisk0\DR0\Partition1 - ok

09:18:46.0007 1868 ============================================================

09:18:46.0007 1868 Scan finished

09:18:46.0007 1868 ============================================================

09:18:46.0014 2908 Detected object count: 19

09:18:46.0014 2908 Actual detected object count: 19

09:19:41.0042 2908 awhost32 ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:41.0042 2908 awhost32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:41.0042 2908 awlegacy ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:41.0042 2908 awlegacy ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:41.0043 2908 AW_HOST ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:41.0044 2908 AW_HOST ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:41.0045 2908 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:41.0045 2908 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:41.0046 2908 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:41.0046 2908 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:41.0047 2908 Gernuwa ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:41.0047 2908 Gernuwa ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:41.0049 2908 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:41.0049 2908 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:41.0050 2908 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:41.0050 2908 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:41.0052 2908 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:41.0052 2908 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:41.0053 2908 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:41.0053 2908 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:41.0054 2908 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:41.0054 2908 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:41.0058 2908 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:41.0058 2908 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:41.0058 2908 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:41.0058 2908 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:41.0060 2908 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:41.0060 2908 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:41.0062 2908 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:41.0062 2908 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:41.0162 2908 C:\Windows\system32\drivers\Wdf01000.sys - copied to quarantine

09:19:41.0200 2908 Backup copy found, using it..

09:19:41.0211 2908 C:\Windows\system32\drivers\Wdf01000.sys - will be cured on reboot

09:19:41.0211 2908 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure

09:19:41.0213 2908 XIRLINK ( UnsignedFile.Multi.Generic ) - skipped by user

09:19:41.0213 2908 XIRLINK ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:19:41.0333 2908 \Device\Harddisk0\DR0\# - copied to quarantine

09:19:41.0333 2908 \Device\Harddisk0\DR0 - copied to quarantine

09:19:41.0360 2908 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

09:19:41.0366 2908 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

09:19:41.0368 2908 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

09:19:41.0372 2908 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

09:19:41.0380 2908 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

09:19:41.0401 2908 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

09:19:41.0408 2908 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

09:19:41.0409 2908 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

09:19:41.0410 2908 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

09:19:41.0412 2908 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

09:19:41.0413 2908 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

09:19:41.0416 2908 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

09:19:41.0448 2908 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

09:19:41.0448 2908 \Device\Harddisk0\DR0 - ok

09:19:41.0450 2908 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

09:19:41.0450 2908 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

09:19:41.0450 2908 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

09:20:04.0224 1256 Deinitialize success

Link to post
Share on other sites
lnr123bsr

lnr123bsr

Posted
  • Author
Posted

I can't uninstall Combofix. When it crashed the first time yesterday, I reinstalled it as ComboFix2 and ran that and it crashed too. Now I've tried

ComboFix /uninstall

and I get a message saying Windows cannot find 'ComboFix2.exe'

When I try

ComboFix2 /uninstall

I get 0 items in the search results.

Now when I try to download ComboFix a third time it asks me if I want to replace my existing copy or save it as a new name. What should I do? Thanks.

Link to post
Share on other sites
lnr123bsr

lnr123bsr

Posted
  • Author
Posted

Okay, I just successfully ran ComboFix in normal mode. (Now I have 3 copies of ComboFix on my desktop.) Here is the log file:

ComboFix 12-03-31.03 - Leslie 04/01/2012 10:14:55.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.2464 [GMT -4:00]

Running from: c:\users\Leslie\Desktop\ComboFix3.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\o7t15sWM.exe_

c:\users\Leslie\AppData\Local\{FB03B9CF-CCCB-4896-AD87-37B25AFDD03C}

c:\users\Leslie\AppData\Local\{FB03B9CF-CCCB-4896-AD87-37B25AFDD03C}\chrome.manifest

c:\users\Leslie\AppData\Local\{FB03B9CF-CCCB-4896-AD87-37B25AFDD03C}\chrome\content\_cfg.js

c:\users\Leslie\AppData\Local\{FB03B9CF-CCCB-4896-AD87-37B25AFDD03C}\chrome\content\overlay.xul

c:\users\Leslie\AppData\Local\{FB03B9CF-CCCB-4896-AD87-37B25AFDD03C}\install.rdf

c:\users\Leslie\AppData\Roaming\Adobe\plugs

c:\windows\$NtUninstallKB42325$

c:\windows\system32\config\systemprofile\efc1f03e-5762.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 )))))))))))))))))))))))))))))))

.

.

2012-04-01 14:21 . 2012-04-01 14:22 -------- d-----w- c:\users\Leslie\AppData\Local\temp

2012-04-01 14:21 . 2012-04-01 14:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-01 13:19 . 2012-04-01 13:19 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-01 03:18 . 2012-04-01 05:02 -------- d-----w- C:\ComboFix

2012-04-01 03:11 . 2012-04-01 03:14 -------- d-----w- C:\Leslie

2012-03-30 17:24 . 2012-03-30 17:30 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2012-03-30 05:47 . 2012-03-30 05:47 -------- d-----w- c:\program files\Testing

2012-03-30 03:31 . 2012-03-30 03:31 -------- d-----w- c:\windows\Sun

2012-03-30 03:30 . 2011-12-16 07:54 981504 ------w- c:\windows\system32\wininet.dll

2012-03-29 02:13 . 2012-03-29 02:13 158720 ---ha-w- c:\programdata\Microsoft\Windows\DRM\AFFE.tmp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-01 13:20 . 2009-07-13 23:11 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2011-11-21 04:04 . 2011-12-02 16:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2011-12-16 . BDB7450CC556F238FD973C9DA300FEB8 . 981504 . . [8.00.7600.16385] . . c:\windows\System32\wininet.dll

[7] 2011-11-05 . E49448ACD38A375E4FBCCB87056E1467 . 982016 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21085_none_1d030f43934664a3\wininet.dll

[7] 2011-11-05 . 7F5B51FACA193430346970283C50769F . 981504 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16912_none_1cc24ad279f27f22\wininet.dll

[7] 2011-11-05 . 19714FA7D7204D9BEE1EE12791DA9010 . 981504 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17720_none_1e9bd7587722d451\wininet.dll

[7] 2011-11-05 . 1903228FE0C7D402B26A217F8D7713FD . 982016 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21855_none_1f0a05d1905446a1\wininet.dll

[7] 2011-08-20 . 7570FA3FC82E08FB637E32D2D95DB41D . 981504 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21795_none_1edec43b9074b93e\wininet.dll

[7] 2011-08-20 . 1DBC7303366C0C9B80E51C4B4BECB7ED . 981504 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16869_none_1c933b567a14bf11\wininet.dll

[7] 2011-08-20 . 79FFA6C81F9F5B2244C5668D08387EA6 . 982016 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21033_none_1d371e4b931fa640\wininet.dll

[7] 2011-08-20 . DBF24E87CB605A4F6E7424DD86F7A62C . 981504 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17671_none_1e66c620774a7c36\wininet.dll

[7] 2010-12-18 . F019FCA21F609E34B79AE130681D08F7 . 981504 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16722_none_1cb7771a79faa0c5\wininet.dll

[7] 2010-12-18 . 025031C16D3A486F6AFE1C9B2FB1ADE0 . 981504 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20861_none_1d14d3eb933996fc\wininet.dll

[7] 2010-11-20 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll

[7] 2009-07-14 . 0D874F3BC751CC2198AF2E6783FB8B35 . 977920 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]

2003-05-29 16:00 8704 ----a-w- c:\windows\System32\PCANotify.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2009-02-27 18:14 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]

2009-02-27 22:54 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 23:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]

2010-10-12 21:24 304568 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2010-08-25 23:45 171032 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2008-07-22 22:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2009-06-05 01:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2010-08-25 23:45 136216 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]

2011-02-22 07:28 1497352 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-11-13 05:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2012-01-13 18:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2012-01-13 18:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

2009-06-25 02:19 140520 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2010-08-25 23:45 170520 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2009-05-23 08:22 7514656 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-13 1343400]

R3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys [2000-09-26 486176]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\bgknw8eh.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-42492281.sys

MSConfigStartUp-MaxtorOneTouch - c:\program files\Maxtor\OneTouch\utils\OneTouch.exe

MSConfigStartUp-mxomssmenu - c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-04-01 10:24:06

ComboFix-quarantined-files.txt 2012-04-01 14:24

.

Pre-Run: 414,448,537,600 bytes free

Post-Run: 414,391,406,592 bytes free

.

- - End Of File - - 11EA22BF5B5B008D935E12264E4FAE68

Link to post
Share on other sites
lnr123bsr

lnr123bsr

Posted
  • Author
Posted

<h3>

<strong><span style="font-size: 12px">Here are the results.  Did I do it right?</span></strong></h3>

<p>File already analysed</p>

<div class="modal-body">

<p>This file was already analysed by VirusTotal on <strong><span id="last-analysis-date">2012-02-19 00:04:33</span></strong>.</p>

<p>Detection ratio: <strong><span id="detection-ratio">0/41</span></strong></p>

<p>You can take a look at the last analysis or analyse it again now.</p>

</div>

<div class="modal-footer"> </div>

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted
I also have tdsskiller on my desktop. Should I uninstall that?

You should manually delete it and DDS too.

One other question. I only ran tdsskiller in safe mode. Should I run it in normal mode?

No, you shouldn't. :)

Malware prevention tips for you:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing! :)

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.